| mdakky.com/rpe?a=1&s=1&act=18&src=2&p=1000456&st=1180074&wd=519168&d=ryymie.com&tpl=88&rnd=0.5994793908726178&sbid=&sbid2=intent%3A%2F%2Fryymie.com%2Fvideo-15 |  185.162.85.14 | | 0 B |
URL mdakky.com/rpe?a=1&s=1&act=18&src=2&p=1000456&st=1180074&wd=519168&d=ryymie.com&tpl=88&rnd=0.5994793908726178&sbid=&sbid2=intent%3A%2F%2Fryymie.com%2Fvideo-15 IP185.162.85.14:0 ASN#39572 DataWeb Global Group B.V.
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /rpe?a=1&s=1&act=18&src=2&p=1000456&st=1180074&wd=519168&d=ryymie.com&tpl=88&rnd=0.5994793908726178&sbid=&sbid2=intent%3A%2F%2Fryymie.com%2Fvideo-15 HTTP/1.1
Host: mdakky.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ryymie.com
DNT: 1
Connection: keep-alive
Referer: https://ryymie.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.18.0
date: Tue, 05 Dec 2023 16:10:06 GMT
content-length: 0
accept-ch: Sec-CH-UA-Platform-Version
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| ecrwqu.com/cuclc?aid=12977042959834303090&t=1701792606&s=877656 | 185.162.85.3 | | 411 B |
URL ecrwqu.com/cuclc?aid=12977042959834303090&t=1701792606&s=877656 IP185.162.85.3:0 ASN#39572 DataWeb Global Group B.V.
File typeHTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (411), with no line terminators Hash5ba59db7e4d340dabfe495e4b296e710 43b4dd9d91a0674f918fa36ad493c79bfaef9d9f 32b08518fad5047449de3a532d6ec9240df4318c5456bf4639b60a145862a452
GET /cuclc?aid=12977042959834303090&t=1701792606&s=877656 HTTP/1.1
Host: ecrwqu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ryymie.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
server: nginx/1.18.0
date: Tue, 05 Dec 2023 16:10:07 GMT
content-type: text/html; charset=utf-8
content-length: 411
location: https://track.wbdpnz.com/34cb433c-770b-4be0-a140-affedeca6aad?source_id=a519168&campaign_id=877656&country=NO&browser=Firefox&zone_id=a519168&creative_id={CREATIVE_ID}&format=pops&os=Windows&partner_id=1000456&sub_period={sub_period}&cost=0.0001&click_id=a2_12977042959834303090_519168_2_0
X-Firefox-Spdy: h2
|
|
| track.wbdpnz.com/34cb433c-770b-4be0-a140-affedeca6aad?source_id=a519168&campaign_id=877656&country=NO&browser=Firefox&zone_id=a519168&creative_id={CREATIVE_ID}&format=pops&os=Windows&partner_id=1000456&sub_period={sub_period}&cost=0.0001&click_id=a2_12977042959834303090_519168_2_0 |  18.158.88.249 | | 0 B |
URL track.wbdpnz.com/34cb433c-770b-4be0-a140-affedeca6aad?source_id=a519168&campaign_id=877656&country=NO&browser=Firefox&zone_id=a519168&creative_id={CREATIVE_ID}&format=pops&os=Windows&partner_id=1000456&sub_period={sub_period}&cost=0.0001&click_id=a2_12977042959834303090_519168_2_0 IP18.158.88.249:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /34cb433c-770b-4be0-a140-affedeca6aad?source_id=a519168&campaign_id=877656&country=NO&browser=Firefox&zone_id=a519168&creative_id={CREATIVE_ID}&format=pops&os=Windows&partner_id=1000456&sub_period={sub_period}&cost=0.0001&click_id=a2_12977042959834303090_519168_2_0 HTTP/1.1
Host: track.wbdpnz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ryymie.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
server: nginx
date: Tue, 05 Dec 2023 16:10:07 GMT
content-length: 0
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://onekoh.com/play-2_1?h=waWQiOjExMjkwNTQsInNpZCI6MTE1MDY5MCwid2lkIjozNzg2MzAsInNyYyI6Mn0=eyJ&click_id=wpq3j8vfgqqfr0hti0p5kb3u&si1=a519168
pragma: no-cache
set-cookie: 34cb433c-770b-4be0-a140-affedeca6aad-v4=aM4egBQ0RMBQPdDPs1HlSQ6GvAEME2FDy4gsiwiI_5I; Max-Age=86400; Expires=Wed, 06-Dec-2023 16:10:07 GMT; Domain=track.wbdpnz.com; Path=/; Secure; HttpOnly;SameSite=None
cc-v4=VjEuWGiKJjTCBFf8oQ2bPVToDcdagtnmA87hjFB%2BfFLqPsJVWACFI6p9EGNFXqqFQOd%2BqYKmyHSWxsDl0xOqhP%2Bdl0YTL6uVfT4hu5zAqhBgALAE6pV%2BhOXCY14vt6sAfTIykNh2Ocluf4u0MGWOag%3D%3D; Max-Age=31536000; Expires=Wed, 04-Dec-2024 16:10:07 GMT; Domain=track.wbdpnz.com; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2
|
|
| onekoh.com/play-2_1?h=waWQiOjExMjkwNTQsInNpZCI6MTE1MDY5MCwid2lkIjozNzg2MzAsInNyYyI6Mn0=eyJ&click_id=wpq3j8vfgqqfr0hti0p5kb3u&si1=a519168 | 185.162.87.220 | | 16 kB |
URL onekoh.com/play-2_1?h=waWQiOjExMjkwNTQsInNpZCI6MTE1MDY5MCwid2lkIjozNzg2MzAsInNyYyI6Mn0=eyJ&click_id=wpq3j8vfgqqfr0hti0p5kb3u&si1=a519168 IP185.162.87.220:0 ASN#39572 DataWeb Global Group B.V.
File typegzip compressed data, from Unix\012- data Hash90323dc0550c3fdda966019a53de6a30 ff8d9978fec6b1fc0f7762e15beabd1f4a68c2da 93a53d4e01d920fc925886dd29a227a77dd0cbabecbb0f4225c5336d462f9450
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /play-2_1?h=waWQiOjExMjkwNTQsInNpZCI6MTE1MDY5MCwid2lkIjozNzg2MzAsInNyYyI6Mn0=eyJ&click_id=wpq3j8vfgqqfr0hti0p5kb3u&si1=a519168 HTTP/1.1
Host: onekoh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ryymie.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.25.0
date: Tue, 05 Dec 2023 16:10:08 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: truniq=1; expires=Wed, 06-Dec-2023 16:10:08 GMT; Max-Age=86400; path=/; domain=onekoh.com
x-zone: eu3
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| onekoh.com/images/play-2/icon2.png | 185.162.87.220 | | 4.6 kB |
URL onekoh.com/images/play-2/icon2.png IP185.162.87.220:0 ASN#39572 DataWeb Global Group B.V.
File typePNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced\012- data Hashc947d439eb93367f1af5b2a3d222f057 5b4c10820d39e624bc6df72a113679da80a8e44e aab564e67c47df65ddcb9c4eaa62cd798a51624a3fded9f9b3a1197b460a79c2
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /images/play-2/icon2.png HTTP/1.1
Host: onekoh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://onekoh.com/play-2_1?h=waWQiOjExMjkwNTQsInNpZCI6MTE1MDY5MCwid2lkIjozNzg2MzAsInNyYyI6Mn0=eyJ&click_id=wpq3j8vfgqqfr0hti0p5kb3u&si1=a519168
Cookie: truniq=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.25.0
date: Tue, 05 Dec 2023 16:10:08 GMT
content-type: image/png
content-length: 4576
last-modified: Thu, 16 Nov 2023 08:25:05 GMT
etag: "6555d1e1-11e0"
x-zone: eu4
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| onekoh.com/images/play-2/icon3.png | 185.162.87.220 | | 7.8 kB |
URL onekoh.com/images/play-2/icon3.png IP185.162.87.220:0 ASN#39572 DataWeb Global Group B.V.
File typePNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced\012- data Hash8f3cc830da0b1fdf66bda7d1d734747b 94588f041eec3a78a8780c8124c56a1434a89277 ea3698c32039a115b03c2528cbb29c3ff97bbd49ad1345d5095e98d1fd0ea8ba
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /images/play-2/icon3.png HTTP/1.1
Host: onekoh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://onekoh.com/play-2_1?h=waWQiOjExMjkwNTQsInNpZCI6MTE1MDY5MCwid2lkIjozNzg2MzAsInNyYyI6Mn0=eyJ&click_id=wpq3j8vfgqqfr0hti0p5kb3u&si1=a519168
Cookie: truniq=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.25.0
date: Tue, 05 Dec 2023 16:10:08 GMT
content-type: image/png
content-length: 7847
last-modified: Thu, 16 Nov 2023 08:25:05 GMT
etag: "6555d1e1-1ea7"
x-zone: eu4
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| ryymie.com/video-15?h=waWQiOjEwMDA0NTYsInNpZCI6MTE4MDA3NCwid2lkIjo1MTkxNjgsInNyYyI6Mn0=eyJ&si1=&si2=intent://ryymie.com/video-15?h=waWQiOjEwMDA0NTYsInNpZCI6MTE4MDA3NCwid2lkIjo1MTkxNjgsInNyYyI6Mn0=eyJ&si1=&si2=intent://ryymie.com/video-15?h=waWQiOjEwMDA0NTYsInNpZCI6MTE4MDA3NCwid2lkIjo1MTkxNjgsInNyYyI6Mn0=eyJ&si1=&si2=intent://ryymie.com/video-15?h=waWQiOjEwMDA0NTYsInNpZCI6MTE4MDA3NCwid2lkIjo1MTkxNjgsInNyYyI6Mn0=eyJ&si1=&si2=/intent://ryymie.com/video-15?h=waWQiOjEwMDA0NTYsInNpZCI6MTE4MDA3NCwid2lkIjo1MTkxNjgsInNyYyI6Mn0=eyJ&si1=&si2=intent://ryymie.com/video-15?h=waWQiOjEwMDA0NTYsInNpZCI6MTE4MDA3NCwid2lkIjo1MTkxNjgsInNyYyI6Mn0=eyJ&si1=&si2=intent://ryymie.com/video-15?h=waWQiOjEwMDA0NTYsInNpZCI6MTE4MDA3NCwid2lkIjo1MTkxNjgsInNyYyI6Mn0=eyJ&si1=&si2=intent://ryymie.com/video-15?h=waWQiOjEwMDA0NTYsInNpZCI6MTE4MDA3NCwid2lkIjo1MTkxNjgsInNyYyI6Mn0=eyJ&si1=&si2= | 185.162.87.220 | | 67 kB |
URL ryymie.com/video-15?h=waWQiOjEwMDA0NTYsInNpZCI6MTE4MDA3NCwid2lkIjo1MTkxNjgsInNyYyI6Mn0=eyJ&si1=&si2=intent://ryymie.com/video-15?h=waWQiOjEwMDA0NTYsInNpZCI6MTE4MDA3NCwid2lkIjo1MTkxNjgsInNyYyI6Mn0=eyJ&si1=&si2=intent://ryymie.com/video-15?h=waWQiOjEwMDA0NTYsInNpZCI6MTE4MDA3NCwid2lkIjo1MTkxNjgsInNyYyI6Mn0=eyJ&si1=&si2=intent://ryymie.com/video-15?h=waWQiOjEwMDA0NTYsInNpZCI6MTE4MDA3NCwid2lkIjo1MTkxNjgsInNyYyI6Mn0=eyJ&si1=&si2=/intent://ryymie.com/video-15?h=waWQiOjEwMDA0NTYsInNpZCI6MTE4MDA3NCwid2lkIjo1MTkxNjgsInNyYyI6Mn0=eyJ&si1=&si2=intent://ryymie.com/video-15?h=waWQiOjEwMDA0NTYsInNpZCI6MTE4MDA3NCwid2lkIjo1MTkxNjgsInNyYyI6Mn0=eyJ&si1=&si2=intent://ryymie.com/video-15?h=waWQiOjEwMDA0NTYsInNpZCI6MTE4MDA3NCwid2lkIjo1MTkxNjgsInNyYyI6Mn0=eyJ&si1=&si2=intent://ryymie.com/video-15?h=waWQiOjEwMDA0NTYsInNpZCI6MTE4MDA3NCwid2lkIjo1MTkxNjgsInNyYyI6Mn0=eyJ&si1=&si2= IP185.162.87.220:0 ASN#39572 DataWeb Global Group B.V.
File typegzip compressed data, from Unix\012- data Hash2af6f003cf03e2fcb4979d5349ae625a 3c8862b9b60aa4a7e674da1002f3a9a2df7911fb 20b2b21d175a43b63ea0aefd42c749a2169cd445ad9942f4dfbe89ec9f47e76c
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /video-15?h=waWQiOjEwMDA0NTYsInNpZCI6MTE4MDA3NCwid2lkIjo1MTkxNjgsInNyYyI6Mn0=eyJ&si1=&si2=intent://ryymie.com/video-15?h=waWQiOjEwMDA0NTYsInNpZCI6MTE4MDA3NCwid2lkIjo1MTkxNjgsInNyYyI6Mn0=eyJ&si1=&si2=intent://ryymie.com/video-15?h=waWQiOjEwMDA0NTYsInNpZCI6MTE4MDA3NCwid2lkIjo1MTkxNjgsInNyYyI6Mn0=eyJ&si1=&si2=intent://ryymie.com/video-15?h=waWQiOjEwMDA0NTYsInNpZCI6MTE4MDA3NCwid2lkIjo1MTkxNjgsInNyYyI6Mn0=eyJ&si1=&si2=/intent://ryymie.com/video-15?h=waWQiOjEwMDA0NTYsInNpZCI6MTE4MDA3NCwid2lkIjo1MTkxNjgsInNyYyI6Mn0=eyJ&si1=&si2=intent://ryymie.com/video-15?h=waWQiOjEwMDA0NTYsInNpZCI6MTE4MDA3NCwid2lkIjo1MTkxNjgsInNyYyI6Mn0=eyJ&si1=&si2=intent://ryymie.com/video-15?h=waWQiOjEwMDA0NTYsInNpZCI6MTE4MDA3NCwid2lkIjo1MTkxNjgsInNyYyI6Mn0=eyJ&si1=&si2=intent://ryymie.com/video-15?h=waWQiOjEwMDA0NTYsInNpZCI6MTE4MDA3NCwid2lkIjo1MTkxNjgsInNyYyI6Mn0=eyJ&si1=&si2= HTTP/1.1
Host: ryymie.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.25.0
date: Tue, 05 Dec 2023 16:10:05 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: truniq=1; expires=Wed, 06-Dec-2023 16:10:05 GMT; Max-Age=86400; path=/; domain=ryymie.com
x-zone: eu
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| onekoh.com/images/play-2/icon5.png | 185.162.87.220 | | 3.3 kB |
URL onekoh.com/images/play-2/icon5.png IP185.162.87.220:0 ASN#39572 DataWeb Global Group B.V.
File typePNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced\012- data Hash1e1a7582b5da63e10485d63f97abc9a0 ca3ee3067f96c732f455bc7c99ec5100194f13f6 196083352a09a19cf2d4364e3ad406606fedb562f2096c1bef373ff2c485b503
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /images/play-2/icon5.png HTTP/1.1
Host: onekoh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://onekoh.com/play-2_1?h=waWQiOjExMjkwNTQsInNpZCI6MTE1MDY5MCwid2lkIjozNzg2MzAsInNyYyI6Mn0=eyJ&click_id=wpq3j8vfgqqfr0hti0p5kb3u&si1=a519168
Cookie: truniq=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.25.0
date: Tue, 05 Dec 2023 16:10:08 GMT
content-type: image/png
content-length: 3264
last-modified: Thu, 16 Nov 2023 08:25:05 GMT
etag: "6555d1e1-cc0"
x-zone: eu
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| onekoh.com/images/play-2/icon7.png | 185.162.87.220 | | 3.3 kB |
URL onekoh.com/images/play-2/icon7.png IP185.162.87.220:0 ASN#39572 DataWeb Global Group B.V.
File typePNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced\012- data Hashb512735542cb07b3b2dcf153a7dfe456 93bde8875412ce266600e2af1c37123483a50376 e9c661cc8adbaa1b9cd4cf65f0ba93a1c24211cb5f94ed0950e0fbc973781718
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /images/play-2/icon7.png HTTP/1.1
Host: onekoh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://onekoh.com/play-2_1?h=waWQiOjExMjkwNTQsInNpZCI6MTE1MDY5MCwid2lkIjozNzg2MzAsInNyYyI6Mn0=eyJ&click_id=wpq3j8vfgqqfr0hti0p5kb3u&si1=a519168
Cookie: truniq=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.25.0
date: Tue, 05 Dec 2023 16:10:08 GMT
content-type: image/png
content-length: 3283
last-modified: Thu, 16 Nov 2023 08:25:05 GMT
etag: "6555d1e1-cd3"
x-zone: eu3
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| onekoh.com/images/play-2/icon8.png | 185.162.87.220 | | 4.1 kB |
URL onekoh.com/images/play-2/icon8.png IP185.162.87.220:0 ASN#39572 DataWeb Global Group B.V.
File typePNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced\012- data Hashf92d6474ebc6a3a0b576749cfb4afe98 0f4ce3dcf04873b8098c01d20c44967fb9fce0cc 3a7abff293d71fd8c5a58deacb964b50fe074a6f458575d37abbd367a3a930a1
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /images/play-2/icon8.png HTTP/1.1
Host: onekoh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://onekoh.com/play-2_1?h=waWQiOjExMjkwNTQsInNpZCI6MTE1MDY5MCwid2lkIjozNzg2MzAsInNyYyI6Mn0=eyJ&click_id=wpq3j8vfgqqfr0hti0p5kb3u&si1=a519168
Cookie: truniq=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.25.0
date: Tue, 05 Dec 2023 16:10:08 GMT
content-type: image/png
content-length: 4064
last-modified: Thu, 16 Nov 2023 08:25:05 GMT
etag: "6555d1e1-fe0"
x-zone: eu4
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| ecrwqu.com/cuclc?aid=15993781730881522897&t=1701792608&s=156 | 185.162.85.3 | | 1.3 kB |
URL ecrwqu.com/cuclc?aid=15993781730881522897&t=1701792608&s=156 IP185.162.85.3:0 ASN#39572 DataWeb Global Group B.V.
File typeHTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (1325), with no line terminators Hash3976a1815e70aac6fc9f181681f8a695 4ca712372b6d408b7a56846f45f43a33544ced7f 567d1bd6ab95152abc7482edcf1115009305c25d24f000eafff25a65621e6e91
GET /cuclc?aid=15993781730881522897&t=1701792608&s=156 HTTP/1.1
Host: ecrwqu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://onekoh.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx/1.18.0
date: Tue, 05 Dec 2023 16:10:09 GMT
content-type: text/html; charset=utf-8
content-length: 1325
location: https://twinrdsyn.com/Redirect.eng?MediaSegmentId=30077&dcid=3_ctx_052a1041-eb24-4151-ae8d-a0772f7642e2&vmId=00000000-0000-0000-0000-000000000000&abr=false&timeZoneOffset=&v=paDk5DzaJmimM8IAf7y8B0KelTtMo7FlPPsw1b-r_n-wETHZbB89362tfS8cl1QDEVEeZLEfoK_kugqpw-4395oBoSFEdcHC3ilKh6QwjpAOycBVlLWp3Jqjsm192y3FrtVXgh66r7mcFQlOd1HfjYeszhTbFnf-_wdS1lF_TsbiIKx1ruPUEiVVx9hIcRLrxXoEfW6BrorsRB-HF9U_fM2mvRA3DP-CDhQ9w229HcFTYPRMgbPBib_euAEH5288Dv3TgStZ357CYRt02RXuTBnThb2pvLnwCsASLiTaeLZuDJLuKSKXPRcm945xJccCpAuZTOoxBlXR7i-hETd8N0gQrzzRbA96_XdvpCvLxBvdm45nGsaAkOoVLI41IRFxNAOHAMauN-Jknv9YbbhGOPQO-vqSsPkVv2YHnhdUKJgtoWDjGI6ekAk3O7MgtIkQceDLdcC0XQi2-P7nYM7LjpNGfV5poJS7bKokOI2b0QJIrtx_FAtbQcpSTs78RhiXVc_2E1W32WzIZEmhOsURS80uWcRGT3GQM37xF7BfVGbAU6xF5v-oIUoHgnajgCX9L8CqR550quiVzc-kFHGpBA6_XPppfBuQPBnq0N6eQuPiUWprXKgdtMvjXyhyQphxt0ZcCUqJKxFUMMRu2dup1r-NmhTu5qrLIB8DwmoacV5vsa40IaSmd2n6TaAUFLTIIrvrTtGciW6lZ_9Y6IeluHVmBnE-rNxnNg7lZfAkvzbwIKBIDzGQrS3OlmFoysMHO4R5HuP3CS7B4LY8GXTPWUSh07OqbYZx7YN2aiSD4OQJbSUeTcSsl_XiiWYp2JTl65uF6k_Ozklh6YuzeaE1LirTFy6qu_Rgoi01-LgtU90x8cc9uofY7yJNM9857i25LJ-qmFo8uH6vt5HGhFnoES337OX32KdSr0u-Y5Jxe9PSozqS9kZhX0CVZR7IyN1T9lrm8EYyQAznVv2mktUhkDo2rDD_POB1mpn9lF5XVek1&kw=&mw=1024&mh=768&xml=1
X-Firefox-Spdy: h2
|
|
| twinrdsyn.com/Redirect.eng?MediaSegmentId=30077&dcid=3_ctx_052a1041-eb24-4151-ae8d-a0772f7642e2&vmId=00000000-0000-0000-0000-000000000000&abr=false&timeZoneOffset=&v=paDk5DzaJmimM8IAf7y8B0KelTtMo7FlPPsw1b-r_n-wETHZbB89362tfS8cl1QDEVEeZLEfoK_kugqpw-4395oBoSFEdcHC3ilKh6QwjpAOycBVlLWp3Jqjsm192y3FrtVXgh66r7mcFQlOd1HfjYeszhTbFnf-_wdS1lF_TsbiIKx1ruPUEiVVx9hIcRLrxXoEfW6BrorsRB-HF9U_fM2mvRA3DP-CDhQ9w229HcFTYPRMgbPBib_euAEH5288Dv3TgStZ357CYRt02RXuTBnThb2pvLnwCsASLiTaeLZuDJLuKSKXPRcm945xJccCpAuZTOoxBlXR7i-hETd8N0gQrzzRbA96_XdvpCvLxBvdm45nGsaAkOoVLI41IRFxNAOHAMauN-Jknv9YbbhGOPQO-vqSsPkVv2YHnhdUKJgtoWDjGI6ekAk3O7MgtIkQceDLdcC0XQi2-P7nYM7LjpNGfV5poJS7bKokOI2b0QJIrtx_FAtbQcpSTs78RhiXVc_2E1W32WzIZEmhOsURS80uWcRGT3GQM37xF7BfVGbAU6xF5v-oIUoHgnajgCX9L8CqR550quiVzc-kFHGpBA6_XPppfBuQPBnq0N6eQuPiUWprXKgdtMvjXyhyQphxt0ZcCUqJKxFUMMRu2dup1r-NmhTu5qrLIB8DwmoacV5vsa40IaSmd2n6TaAUFLTIIrvrTtGciW6lZ_9Y6IeluHVmBnE-rNxnNg7lZfAkvzbwIKBIDzGQrS3OlmFoysMHO4R5HuP3CS7B4LY8GXTPWUSh07OqbYZx7YN2aiSD4OQJbSUeTcSsl_XiiWYp2JTl65uF6k_Ozklh6YuzeaE1LirTFy6qu_Rgoi01-LgtU90x8cc9uofY7yJNM9857i25LJ-qmFo8uH6vt5HGhFnoES337OX32KdSr0u-Y5Jxe9PSozqS9kZhX0CVZR7IyN1T9lrm8EYyQAznVv2mktUhkDo2rDD_POB1mpn9lF5XVek1&kw=&mw=1024&mh=768&xml=1 |  104.18.34.70 | | 23 kB |
URL twinrdsyn.com/Redirect.eng?MediaSegmentId=30077&dcid=3_ctx_052a1041-eb24-4151-ae8d-a0772f7642e2&vmId=00000000-0000-0000-0000-000000000000&abr=false&timeZoneOffset=&v=paDk5DzaJmimM8IAf7y8B0KelTtMo7FlPPsw1b-r_n-wETHZbB89362tfS8cl1QDEVEeZLEfoK_kugqpw-4395oBoSFEdcHC3ilKh6QwjpAOycBVlLWp3Jqjsm192y3FrtVXgh66r7mcFQlOd1HfjYeszhTbFnf-_wdS1lF_TsbiIKx1ruPUEiVVx9hIcRLrxXoEfW6BrorsRB-HF9U_fM2mvRA3DP-CDhQ9w229HcFTYPRMgbPBib_euAEH5288Dv3TgStZ357CYRt02RXuTBnThb2pvLnwCsASLiTaeLZuDJLuKSKXPRcm945xJccCpAuZTOoxBlXR7i-hETd8N0gQrzzRbA96_XdvpCvLxBvdm45nGsaAkOoVLI41IRFxNAOHAMauN-Jknv9YbbhGOPQO-vqSsPkVv2YHnhdUKJgtoWDjGI6ekAk3O7MgtIkQceDLdcC0XQi2-P7nYM7LjpNGfV5poJS7bKokOI2b0QJIrtx_FAtbQcpSTs78RhiXVc_2E1W32WzIZEmhOsURS80uWcRGT3GQM37xF7BfVGbAU6xF5v-oIUoHgnajgCX9L8CqR550quiVzc-kFHGpBA6_XPppfBuQPBnq0N6eQuPiUWprXKgdtMvjXyhyQphxt0ZcCUqJKxFUMMRu2dup1r-NmhTu5qrLIB8DwmoacV5vsa40IaSmd2n6TaAUFLTIIrvrTtGciW6lZ_9Y6IeluHVmBnE-rNxnNg7lZfAkvzbwIKBIDzGQrS3OlmFoysMHO4R5HuP3CS7B4LY8GXTPWUSh07OqbYZx7YN2aiSD4OQJbSUeTcSsl_XiiWYp2JTl65uF6k_Ozklh6YuzeaE1LirTFy6qu_Rgoi01-LgtU90x8cc9uofY7yJNM9857i25LJ-qmFo8uH6vt5HGhFnoES337OX32KdSr0u-Y5Jxe9PSozqS9kZhX0CVZR7IyN1T9lrm8EYyQAznVv2mktUhkDo2rDD_POB1mpn9lF5XVek1&kw=&mw=1024&mh=768&xml=1 IP104.18.34.70:0
File typeHTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (54753), with CRLF, LF line terminators Hashbb3960d39356072adce1600af83a4d25 137514b57aafe999a935d8b6e442169c65613743 9cc697c68983d43da50c8a2b2a19ee7ebbf430d9f95c831eaec78741a059e7d1
GET /Redirect.eng?MediaSegmentId=30077&dcid=3_ctx_052a1041-eb24-4151-ae8d-a0772f7642e2&vmId=00000000-0000-0000-0000-000000000000&abr=false&timeZoneOffset=&v=paDk5DzaJmimM8IAf7y8B0KelTtMo7FlPPsw1b-r_n-wETHZbB89362tfS8cl1QDEVEeZLEfoK_kugqpw-4395oBoSFEdcHC3ilKh6QwjpAOycBVlLWp3Jqjsm192y3FrtVXgh66r7mcFQlOd1HfjYeszhTbFnf-_wdS1lF_TsbiIKx1ruPUEiVVx9hIcRLrxXoEfW6BrorsRB-HF9U_fM2mvRA3DP-CDhQ9w229HcFTYPRMgbPBib_euAEH5288Dv3TgStZ357CYRt02RXuTBnThb2pvLnwCsASLiTaeLZuDJLuKSKXPRcm945xJccCpAuZTOoxBlXR7i-hETd8N0gQrzzRbA96_XdvpCvLxBvdm45nGsaAkOoVLI41IRFxNAOHAMauN-Jknv9YbbhGOPQO-vqSsPkVv2YHnhdUKJgtoWDjGI6ekAk3O7MgtIkQceDLdcC0XQi2-P7nYM7LjpNGfV5poJS7bKokOI2b0QJIrtx_FAtbQcpSTs78RhiXVc_2E1W32WzIZEmhOsURS80uWcRGT3GQM37xF7BfVGbAU6xF5v-oIUoHgnajgCX9L8CqR550quiVzc-kFHGpBA6_XPppfBuQPBnq0N6eQuPiUWprXKgdtMvjXyhyQphxt0ZcCUqJKxFUMMRu2dup1r-NmhTu5qrLIB8DwmoacV5vsa40IaSmd2n6TaAUFLTIIrvrTtGciW6lZ_9Y6IeluHVmBnE-rNxnNg7lZfAkvzbwIKBIDzGQrS3OlmFoysMHO4R5HuP3CS7B4LY8GXTPWUSh07OqbYZx7YN2aiSD4OQJbSUeTcSsl_XiiWYp2JTl65uF6k_Ozklh6YuzeaE1LirTFy6qu_Rgoi01-LgtU90x8cc9uofY7yJNM9857i25LJ-qmFo8uH6vt5HGhFnoES337OX32KdSr0u-Y5Jxe9PSozqS9kZhX0CVZR7IyN1T9lrm8EYyQAznVv2mktUhkDo2rDD_POB1mpn9lF5XVek1&kw=&mw=1024&mh=768&xml=1 HTTP/1.1
Host: twinrdsyn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://onekoh.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:10:09 GMT
content-type: text/html; charset=utf-8
content-length: 23111
cache-control: private, no-transform
content-encoding: gzip
vary: Accept-Encoding
access-control-allow-origin: *
set-cookie: IKSR={}; path=/; SameSite=None; secure
INF_DFL8=false; path=/; SameSite=None; secure
IUID=8f8675ea-df8d-4cc4-8d56-4f107dfb4be2; expires=Mon, 05-Dec-2033 16:09:12 GMT; path=/; SameSite=None; secure
ISSH=6FC2A9; path=/; SameSite=None; secure
VMI=d72a7c65-90fc-4434-8856-19a77b49c760; path=/; SameSite=None; secure
IPLH=#{"35932":[{"SId":"6FC2A9","D":"23/12/5T8:9:12"}]}; expires=Mon, 05-Dec-2033 16:09:12 GMT; path=/; SameSite=None; secure; HttpOnly
IPLH_Q=#[35932]; expires=Mon, 05-Dec-2033 16:09:12 GMT; path=/; SameSite=None; secure; HttpOnly
CHN=#[]; expires=Mon, 05-Dec-2033 16:09:12 GMT; path=/; SameSite=None; secure; HttpOnly
MSSH=#{"30077":1}; expires=Mon, 05-Dec-2033 16:09:12 GMT; path=/; SameSite=None; secure; HttpOnly
MSRH=#{}; expires=Mon, 05-Dec-2033 16:09:12 GMT; path=/; SameSite=None; secure; HttpOnly
ILP=null; expires=Mon, 05-Dec-2033 16:09:12 GMT; path=/; SameSite=None; secure
ILPLU=#1/1/0001 12:00:00 AM; expires=Mon, 05-Dec-2033 16:09:12 GMT; path=/; SameSite=None; secure; HttpOnly
ILEALC=#1/1/0001 12:00:00 AM; expires=Mon, 05-Dec-2033 16:09:12 GMT; path=/; SameSite=None; secure; HttpOnly
ILMPF=#False; expires=Tue, 05-Dec-2023 20:09:12 GMT; path=/; SameSite=None; secure; HttpOnly
IPMPLU=#; expires=Mon, 05-Dec-2033 16:09:12 GMT; path=/; SameSite=None; secure; HttpOnly
IPMUID=#; expires=Mon, 05-Dec-2033 16:09:12 GMT; path=/; SameSite=None; secure; HttpOnly
BSWUID=#; expires=Mon, 05-Dec-2033 16:09:12 GMT; path=/; SameSite=None; secure; HttpOnly
IKSR={}; path=/; SameSite=None; secure
IBL=#[]; expires=Mon, 05-Dec-2033 16:09:12 GMT; path=/; SameSite=None; secure; HttpOnly
IPLSH=#{}; expires=Mon, 05-Dec-2033 16:09:12 GMT; path=/; SameSite=None; secure; HttpOnly
IPLSH_Q=#[]; expires=Mon, 05-Dec-2033 16:09:12 GMT; path=/; SameSite=None; secure; HttpOnly
IZH=#{"65462":[{"SId":"6FC2A9","D":"23/12/5T8:9:12"}]}; expires=Mon, 05-Dec-2033 16:09:12 GMT; path=/; SameSite=None; secure; HttpOnly
IZH_Q=#[65462]; expires=Mon, 05-Dec-2033 16:09:12 GMT; path=/; SameSite=None; secure; HttpOnly
IMCH=#{}; expires=Mon, 05-Dec-2033 16:09:12 GMT; path=/; SameSite=None; secure; HttpOnly
IMCH_Q=#[]; expires=Mon, 05-Dec-2033 16:09:12 GMT; path=/; SameSite=None; secure; HttpOnly
IMH=#{"51227":[{"SId":"6FC2A9","D":"23/12/5T8:9:12"}]}; expires=Mon, 05-Dec-2033 16:09:12 GMT; path=/; SameSite=None; secure; HttpOnly
IMH_Q=#[51227]; expires=Mon, 05-Dec-2033 16:09:12 GMT; path=/; SameSite=None; secure; HttpOnly
ISH=#{}; expires=Mon, 05-Dec-2033 16:09:12 GMT; path=/; SameSite=None; secure; HttpOnly
ISH_Q=#[]; expires=Mon, 05-Dec-2033 16:09:12 GMT; path=/; SameSite=None; secure; HttpOnly
ISPH=#{"15634":[{"SId":"6FC2A9","D":"23/12/5T8:9:12"}]}; expires=Mon, 05-Dec-2033 16:09:12 GMT; path=/; SameSite=None; secure; HttpOnly
ISPH_Q=#[15634]; expires=Mon, 05-Dec-2033 16:09:12 GMT; path=/; SameSite=None; secure; HttpOnly
ICH=#{"21882":[{"SId":"6FC2A9","D":"23/12/5T8:9:12"}]}; expires=Mon, 05-Dec-2033 16:09:12 GMT; path=/; SameSite=None; secure; HttpOnly
ICH_Q=#[21882]; expires=Mon, 05-Dec-2033 16:09:12 GMT; path=/; SameSite=None; secure; HttpOnly
p3p: CP="CAO PSA OUR IND"
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 830d8ebf7a761bfe-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| crmentjg.com/pu/?psid=ed_dprmntdtt1&utm_source=tr&ms_notrack=1&category=girl&site=jsm&target=rttr&utm_medium=network&subAffId=15634&sub_source=TwinRed%20Exchange%20Partner_ID%2015634 |  93.93.51.223 | 200 OK | 9.4 kB |
URL User Request GET HTTP/2crmentjg.com/pu/?psid=ed_dprmntdtt1&utm_source=tr&ms_notrack=1&category=girl&site=jsm&target=rttr&utm_medium=network&subAffId=15634&sub_source=TwinRed%20Exchange%20Partner_ID%2015634 IP93.93.51.223:443 ASN#34655 DuoDecad IT Services Luxembourg S.a r.l.
CertificateIssuerLet's Encrypt Subjectcrmentjg.com Fingerprint00:D7:49:69:04:52:E7:F7:99:60:F7:55:B6:14:68:59:E6:BD:BA:C9 ValidityTue, 10 Oct 2023 15:01:05 GMT - Mon, 08 Jan 2024 15:01:04 GMT
File typegzip compressed data, max speed, from Unix\012- data Hash7466fe4362bf035353e1ce84c7ef6168 28564cf1c0cfe62e8697fa9e1a54b3ca86e022b4 df35864163ede642009bc1bf72c15342774b988008ab5b1f7556e5ee48e6298f
GET /pu/?psid=ed_dprmntdtt1&utm_source=tr&ms_notrack=1&category=girl&site=jsm&target=rttr&utm_medium=network&subAffId=15634&sub_source=TwinRed%20Exchange%20Partner_ID%2015634 HTTP/1.1
Host: crmentjg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://twinrdsyn.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:10:10 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-target-pstool: 300_31
server: unknown
set-cookie: psui=a59f007fbf3384ccc33cc586d5d348f0; Path=/; Expires=Thu, 04-Jan-24 16:10:10 GMT; SameSite=None
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtm.js?id=GTM-MJ29FD7 |  142.250.74.168 | 200 OK | 95 kB |
URL GET HTTP/2www.googletagmanager.com/gtm.js?id=GTM-MJ29FD7 IP142.250.74.168:443
Requested byhttps://crmtt.livejasmin.com/pu/play?ms_rnd=1701792610.86465&pstool=300_31&psid=ed_dprmntdtt1&utm_source=tr&category=girl&site=jsm&utm_medium=network&subAffId=15634&sub_source=TwinRed+Exchange+Partner_ID+15634&origin=TwinRed+Exchange+Partner_ID+15634 CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34 ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT
File typeASCII text, with very long lines (62215) Hash22797e0247bdf4507c1cdebb43916c36 027b7697f5f926f66276a373e099655d76875f1c f0d80d6e654b841f428b3f910fb78798e2f39e1aa7217d718750aa0c678cf740
GET /gtm.js?id=GTM-MJ29FD7 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crmtt.livejasmin.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 05 Dec 2023 16:10:11 GMT
expires: Tue, 05 Dec 2023 16:10:11 GMT
cache-control: private, max-age=900
last-modified: Tue, 05 Dec 2023 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 94736
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| pt-static1.jsmsat.com/npe/_common/fonts/roboto_regular-webfont-v665990.woff | 93.93.51.201 | 200 OK | 89 kB |
URL GET HTTP/2pt-static1.jsmsat.com/npe/_common/fonts/roboto_regular-webfont-v665990.woff IP93.93.51.201:443 ASN#34655 DuoDecad IT Services Luxembourg S.a r.l.
Requested byhttps://crmtt.livejasmin.com/pu/play?ms_rnd=1701792610.86465&pstool=300_31&psid=ed_dprmntdtt1&utm_source=tr&category=girl&site=jsm&utm_medium=network&subAffId=15634&sub_source=TwinRed+Exchange+Partner_ID+15634&origin=TwinRed+Exchange+Partner_ID+15634 CertificateIssuerLet's Encrypt Subjectpt.awempt.com Fingerprint55:E1:D4:78:CF:7E:3E:2E:80:6A:51:70:29:FA:63:93:0E:F7:24:4A ValidityWed, 01 Nov 2023 08:01:05 GMT - Tue, 30 Jan 2024 08:01:04 GMT
File typeWeb Open Font Format, TrueType, length 89436, version 2.1101\012- data Hash27ebb57ca80d9efd1d7b2bb174af090f 527a35fa8eb34124d8bdc9bee973de676977637d 866c21d6cada368ff5a8049cb94a899b547fc763068036aacf94be7b24a2a40e
GET /npe/_common/fonts/roboto_regular-webfont-v665990.woff HTTP/1.1
Host: pt-static1.jsmsat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://crmtt.livejasmin.com
DNT: 1
Connection: keep-alive
Referer: https://pt-static1.jsmsat.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:10:11 GMT
content-type: application/font-woff
content-length: 89436
last-modified: Tue, 05 Dec 2023 08:58:54 GMT
etag: "656ee64e-15d5c"
access-control-allow-origin: *
server: unknown
x-cdn-node: sesto
x-cache-status: R-HIT
expires: Tue, 19 Dec 2023 16:10:11 GMT
cache-control: max-age=1209600
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| pt-static4.jsmsat.com/npe/pu/playvlp/script/pu.play.vlp-v665990.js | 93.93.51.201 | 200 OK | 176 kB |
URL GET HTTP/2pt-static4.jsmsat.com/npe/pu/playvlp/script/pu.play.vlp-v665990.js IP93.93.51.201:443 ASN#34655 DuoDecad IT Services Luxembourg S.a r.l.
Requested byhttps://crmtt.livejasmin.com/pu/play?ms_rnd=1701792610.86465&pstool=300_31&psid=ed_dprmntdtt1&utm_source=tr&category=girl&site=jsm&utm_medium=network&subAffId=15634&sub_source=TwinRed+Exchange+Partner_ID+15634&origin=TwinRed+Exchange+Partner_ID+15634 CertificateIssuerLet's Encrypt Subjectpt-static3.jsmsat.com FingerprintB5:B9:AF:A1:51:6D:94:9A:6E:8A:86:D5:9D:DA:A4:EE:94:05:2A:32 ValidityTue, 31 Oct 2023 20:01:04 GMT - Mon, 29 Jan 2024 20:01:03 GMT
File typegzip compressed data, max speed, from Unix\012- data Size176 kB (176062 bytes) Hashe7f0f58707e10426d0933c80b72879da e874b99b543556115c4708b3c996b2f87cc0d401 e79bd3b5f96159ad31a235d9781a2c57ea7dac6ab4b73224de873ba22cbe9de9
GET /npe/pu/playvlp/script/pu.play.vlp-v665990.js HTTP/1.1
Host: pt-static4.jsmsat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crmtt.livejasmin.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:10:11 GMT
content-type: application/javascript
last-modified: Tue, 05 Dec 2023 08:58:55 GMT
vary: Accept-Encoding, Accept-Encoding
etag: W/"656ee64f-3f0f5"
access-control-allow-origin: *
server: unknown
x-cdn-node: sesto
x-cache-status: R-HIT
expires: Tue, 19 Dec 2023 16:10:11 GMT
cache-control: max-age=1209600
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| pt-static1.jsmsat.com/npe/pu/playvlp/css/play.vlp-v665990.css | 93.93.51.201 | 200 OK | 85 kB |
URL GET HTTP/2pt-static1.jsmsat.com/npe/pu/playvlp/css/play.vlp-v665990.css IP93.93.51.201:443 ASN#34655 DuoDecad IT Services Luxembourg S.a r.l.
Requested byhttps://crmtt.livejasmin.com/pu/play?ms_rnd=1701792610.86465&pstool=300_31&psid=ed_dprmntdtt1&utm_source=tr&category=girl&site=jsm&utm_medium=network&subAffId=15634&sub_source=TwinRed+Exchange+Partner_ID+15634&origin=TwinRed+Exchange+Partner_ID+15634 CertificateIssuerLet's Encrypt Subjectpt.awempt.com Fingerprint55:E1:D4:78:CF:7E:3E:2E:80:6A:51:70:29:FA:63:93:0E:F7:24:4A ValidityWed, 01 Nov 2023 08:01:05 GMT - Tue, 30 Jan 2024 08:01:04 GMT
File typegzip compressed data, max speed, from Unix\012- data Hash21075800645dc7bedb307156cc956c87 cc5f7e63c7c7d396873d0fcf4d7a71c5911fa01f 4999888ba40305dc4597b041c7bc778d092363dd4a39fe49f2c4d5b1eda85377
GET /npe/pu/playvlp/css/play.vlp-v665990.css HTTP/1.1
Host: pt-static1.jsmsat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crmtt.livejasmin.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:10:11 GMT
content-type: text/css
last-modified: Tue, 05 Dec 2023 08:58:55 GMT
vary: Accept-Encoding, Accept-Encoding
etag: W/"656ee64f-11cca"
access-control-allow-origin: *
server: unknown
x-cdn-node: sesto
x-cache-status: R-HIT
expires: Tue, 19 Dec 2023 16:10:11 GMT
cache-control: max-age=1209600
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| pt-static1.jsmsat.com/npe/_common/fonts/oswald-bold-webfont-v665990.woff | 93.93.51.201 | 200 OK | 60 kB |
URL GET HTTP/2pt-static1.jsmsat.com/npe/_common/fonts/oswald-bold-webfont-v665990.woff IP93.93.51.201:443 ASN#34655 DuoDecad IT Services Luxembourg S.a r.l.
Requested byhttps://crmtt.livejasmin.com/pu/play?ms_rnd=1701792610.86465&pstool=300_31&psid=ed_dprmntdtt1&utm_source=tr&category=girl&site=jsm&utm_medium=network&subAffId=15634&sub_source=TwinRed+Exchange+Partner_ID+15634&origin=TwinRed+Exchange+Partner_ID+15634 CertificateIssuerLet's Encrypt Subjectpt.awempt.com Fingerprint55:E1:D4:78:CF:7E:3E:2E:80:6A:51:70:29:FA:63:93:0E:F7:24:4A ValidityWed, 01 Nov 2023 08:01:05 GMT - Tue, 30 Jan 2024 08:01:04 GMT
File typeWeb Open Font Format, TrueType, length 60252, version 1.0\012- data Hash32e83b35ba2644f4307eff171d132a59 33c926293da5233bf23b983adddee7c60d123029 47f5891f562e379f8824e0dfabfb3502336ae3d158e29268725c9d04ac1bfa5f
GET /npe/_common/fonts/oswald-bold-webfont-v665990.woff HTTP/1.1
Host: pt-static1.jsmsat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://crmtt.livejasmin.com
DNT: 1
Connection: keep-alive
Referer: https://pt-static1.jsmsat.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:10:11 GMT
content-type: application/font-woff
content-length: 60252
last-modified: Tue, 05 Dec 2023 08:58:54 GMT
etag: "656ee64e-eb5c"
access-control-allow-origin: *
server: unknown
x-cdn-node: sesto
x-cache-status: R-HIT
expires: Tue, 19 Dec 2023 16:10:11 GMT
cache-control: max-age=1209600
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| pt-static1.jsmsat.com/npe/_common/fonts/pt-icons-v665990.woff | 93.93.51.201 | 200 OK | 22 kB |
URL GET HTTP/2pt-static1.jsmsat.com/npe/_common/fonts/pt-icons-v665990.woff IP93.93.51.201:443 ASN#34655 DuoDecad IT Services Luxembourg S.a r.l.
Requested byhttps://crmtt.livejasmin.com/pu/play?ms_rnd=1701792610.86465&pstool=300_31&psid=ed_dprmntdtt1&utm_source=tr&category=girl&site=jsm&utm_medium=network&subAffId=15634&sub_source=TwinRed+Exchange+Partner_ID+15634&origin=TwinRed+Exchange+Partner_ID+15634 CertificateIssuerLet's Encrypt Subjectpt.awempt.com Fingerprint55:E1:D4:78:CF:7E:3E:2E:80:6A:51:70:29:FA:63:93:0E:F7:24:4A ValidityWed, 01 Nov 2023 08:01:05 GMT - Tue, 30 Jan 2024 08:01:04 GMT
File typeWeb Open Font Format, TrueType, length 22336, version 1.0\012- data Hash68d6c2571b31b2aec684df15d90a7d12 81b540636375d8648d30839a810f73907923d1db 33e3503ef3a7dc205b9a36025f8ec534daad28ae8773c930c245d463d250f472
GET /npe/_common/fonts/pt-icons-v665990.woff HTTP/1.1
Host: pt-static1.jsmsat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://crmtt.livejasmin.com
DNT: 1
Connection: keep-alive
Referer: https://pt-static1.jsmsat.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:10:11 GMT
content-type: application/font-woff
content-length: 22336
last-modified: Tue, 05 Dec 2023 08:58:54 GMT
etag: "656ee64e-5740"
access-control-allow-origin: *
server: unknown
x-cdn-node: sesto
x-cache-status: R-HIT
expires: Tue, 19 Dec 2023 16:10:11 GMT
cache-control: max-age=1209600
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| pt-static3.jsmsat.com/npe/image/jsm/favicon-v665990.ico | 93.93.51.201 | 200 OK | 392 B |
URL GET HTTP/2pt-static3.jsmsat.com/npe/image/jsm/favicon-v665990.ico IP93.93.51.201:443 ASN#34655 DuoDecad IT Services Luxembourg S.a r.l.
Requested byhttps://crmtt.livejasmin.com/pu/play?ms_rnd=1701792610.86465&pstool=300_31&psid=ed_dprmntdtt1&utm_source=tr&category=girl&site=jsm&utm_medium=network&subAffId=15634&sub_source=TwinRed+Exchange+Partner_ID+15634&origin=TwinRed+Exchange+Partner_ID+15634 CertificateIssuerLet's Encrypt Subjectpt-static3.jsmsat.com FingerprintB5:B9:AF:A1:51:6D:94:9A:6E:8A:86:D5:9D:DA:A4:EE:94:05:2A:32 ValidityTue, 31 Oct 2023 20:01:04 GMT - Mon, 29 Jan 2024 20:01:03 GMT
File typePNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data Hashf56e924ea4f68fe44ee8838ac0b8e7c3 d7468113aa5fb5ba21e3aa3def804444f8a56e0e 7a50956463e19c120d3dc96067e46425223fee02d230233b14ed5dda3685f9ae
GET /npe/image/jsm/favicon-v665990.ico HTTP/1.1
Host: pt-static3.jsmsat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crmtt.livejasmin.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:10:11 GMT
content-type: image/x-icon
content-length: 392
last-modified: Tue, 05 Dec 2023 08:58:54 GMT
etag: "656ee64e-188"
access-control-allow-origin: *
server: unknown
x-cdn-node: sesto
x-cache-status: R-HIT
expires: Tue, 19 Dec 2023 16:10:11 GMT
cache-control: max-age=1209600
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtag/js?id=G-H7LMNP6Q9N&l=dataLayer&cx=c | 142.250.74.168 | 200 OK | 83 kB |
URL GET HTTP/3www.googletagmanager.com/gtag/js?id=G-H7LMNP6Q9N&l=dataLayer&cx=c IP142.250.74.168:443
Requested byhttps://crmtt.livejasmin.com/pu/play?ms_rnd=1701792610.86465&pstool=300_31&psid=ed_dprmntdtt1&utm_source=tr&category=girl&site=jsm&utm_medium=network&subAffId=15634&sub_source=TwinRed+Exchange+Partner_ID+15634&origin=TwinRed+Exchange+Partner_ID+15634 CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34 ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT
File typeASCII text, with very long lines (7711) Hashc789f4c8539945656bc32829ae30b7b8 58902188e80738f7459e5e33a93046f1b7e4262b e9864dd5bd932dab5ead76db83418cd425fb7cdd9c3f78651d4519d91c221731
GET /gtag/js?id=G-H7LMNP6Q9N&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crmtt.livejasmin.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 05 Dec 2023 16:10:12 GMT
expires: Tue, 05 Dec 2023 16:10:12 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 83281
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| pt-static1.jsmsat.com/npe/image/bonus_badge/hh90_cd-v665990.png | 93.93.51.201 | 200 OK | 44 kB |
URL GET HTTP/2pt-static1.jsmsat.com/npe/image/bonus_badge/hh90_cd-v665990.png IP93.93.51.201:443 ASN#34655 DuoDecad IT Services Luxembourg S.a r.l.
Requested byhttps://crmtt.livejasmin.com/pu/play?ms_rnd=1701792610.86465&pstool=300_31&psid=ed_dprmntdtt1&utm_source=tr&category=girl&site=jsm&utm_medium=network&subAffId=15634&sub_source=TwinRed+Exchange+Partner_ID+15634&origin=TwinRed+Exchange+Partner_ID+15634 CertificateIssuerLet's Encrypt Subjectpt.awempt.com Fingerprint55:E1:D4:78:CF:7E:3E:2E:80:6A:51:70:29:FA:63:93:0E:F7:24:4A ValidityWed, 01 Nov 2023 08:01:05 GMT - Tue, 30 Jan 2024 08:01:04 GMT
File typePNG image data, 2732 x 144, 8-bit colormap, non-interlaced\012- data Hash703d66b80a4aa54d811b370456103e06 4e08db275979df9006e7ffaa5a408134d4ef3c0f 876063b10afa8a33036aba868bc25248cb3af2cb1806fc410ffb6d2b155a0873
GET /npe/image/bonus_badge/hh90_cd-v665990.png HTTP/1.1
Host: pt-static1.jsmsat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crmtt.livejasmin.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:10:12 GMT
content-type: image/png
content-length: 44490
last-modified: Tue, 05 Dec 2023 08:58:54 GMT
etag: "656ee64e-adca"
access-control-allow-origin: *
server: unknown
x-cdn-node: sesto
x-cache-status: R-HIT
expires: Tue, 19 Dec 2023 16:10:12 GMT
cache-control: max-age=1209600
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| crmtt.livejasmin.com/7qZ2a/IQj.gif?ms_rnd=1701792610.86465&pstool=300_31&psid=ed_dprmntdtt1&utm_source=tr&site=jsm&utm_medium=network&subAffId=15634&sub_source=TwinRed+Exchange+Partner_ID+15634&origin=TwinRed&categoryName=girl | 93.93.51.191 | 200 OK | 43 B |
URL GET HTTP/2crmtt.livejasmin.com/7qZ2a/IQj.gif?ms_rnd=1701792610.86465&pstool=300_31&psid=ed_dprmntdtt1&utm_source=tr&site=jsm&utm_medium=network&subAffId=15634&sub_source=TwinRed+Exchange+Partner_ID+15634&origin=TwinRed&categoryName=girl IP93.93.51.191:443 ASN#34655 DuoDecad IT Services Luxembourg S.a r.l.
Requested byhttps://crmtt.livejasmin.com/pu/play?ms_rnd=1701792610.86465&pstool=300_31&psid=ed_dprmntdtt1&utm_source=tr&category=girl&site=jsm&utm_medium=network&subAffId=15634&sub_source=TwinRed+Exchange+Partner_ID+15634&origin=TwinRed+Exchange+Partner_ID+15634 CertificateIssuerLet's Encrypt Subjectcrmtt.livejasmin.com Fingerprint48:F7:48:98:71:E9:CF:65:C0:D5:30:5B:4E:29:8E:B2:97:96:75:03 ValidityWed, 15 Nov 2023 12:01:03 GMT - Tue, 13 Feb 2024 12:01:02 GMT
File typeGIF image data, version 89a, 1 x 1\012- data Hashad4b0f606e0f8465bc4c4c170b37e1a3 50b30fd5f87c85fe5cba2635cb83316ca71250d7 cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /7qZ2a/IQj.gif?ms_rnd=1701792610.86465&pstool=300_31&psid=ed_dprmntdtt1&utm_source=tr&site=jsm&utm_medium=network&subAffId=15634&sub_source=TwinRed+Exchange+Partner_ID+15634&origin=TwinRed&categoryName=girl HTTP/1.1
Host: crmtt.livejasmin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crmtt.livejasmin.com/pu/play?ms_rnd=1701792610.86465&pstool=300_31&psid=ed_dprmntdtt1&utm_source=tr&category=girl&site=jsm&utm_medium=network&subAffId=15634&sub_source=TwinRed+Exchange+Partner_ID+15634&origin=TwinRed+Exchange+Partner_ID+15634
Cookie: psui=a59f007fbf3384ccc33cc586d5d348f0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:10:12 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
server: unknown
set-cookie: psui=a59f007fbf3384ccc33cc586d5d348f0; Path=/; Expires=Thu, 04-Jan-24 16:10:12 GMT; SameSite=None; Secure
expires: Tue, 05 Dec 2023 16:10:11 GMT
cache-control: no-cache
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| pt-static4.jsmsat.com/npe/image/more_models_jsm-v665990.png | 93.93.51.201 | 200 OK | 31 kB |
URL GET HTTP/2pt-static4.jsmsat.com/npe/image/more_models_jsm-v665990.png IP93.93.51.201:443 ASN#34655 DuoDecad IT Services Luxembourg S.a r.l.
Requested byhttps://crmtt.livejasmin.com/pu/play?ms_rnd=1701792610.86465&pstool=300_31&psid=ed_dprmntdtt1&utm_source=tr&category=girl&site=jsm&utm_medium=network&subAffId=15634&sub_source=TwinRed+Exchange+Partner_ID+15634&origin=TwinRed+Exchange+Partner_ID+15634 CertificateIssuerLet's Encrypt Subjectpt-static3.jsmsat.com FingerprintB5:B9:AF:A1:51:6D:94:9A:6E:8A:86:D5:9D:DA:A4:EE:94:05:2A:32 ValidityTue, 31 Oct 2023 20:01:04 GMT - Mon, 29 Jan 2024 20:01:03 GMT
File typePNG image data, 180 x 101, 8-bit/color RGBA, non-interlaced\012- data Hash4eaea38e52a7403de85f0b183fb2b972 712a0f0d0009ab7bbe36110c15ec30a7f2df1711 551007f217235bc96a341ca01ce1eecb98dc509ae5fbc47e5013c7ac6ac8a9d2
GET /npe/image/more_models_jsm-v665990.png HTTP/1.1
Host: pt-static4.jsmsat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crmtt.livejasmin.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:10:12 GMT
content-type: image/png
content-length: 30562
last-modified: Tue, 05 Dec 2023 08:58:54 GMT
etag: "656ee64e-7762"
access-control-allow-origin: *
server: unknown
x-cdn-node: sesto
x-cache-status: R-HIT
expires: Tue, 19 Dec 2023 16:10:12 GMT
cache-control: max-age=1209600
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| galleryn2.vcmdiawe.com/ff268cab8d9fbae1ed7506f97496274f19/9ef8ff3eac371a32e1a37de362dc0fac_glamour_215x121.jpg?cno=b644 | 93.93.51.190 | 200 OK | 6.9 kB |
URL GET HTTP/2galleryn2.vcmdiawe.com/ff268cab8d9fbae1ed7506f97496274f19/9ef8ff3eac371a32e1a37de362dc0fac_glamour_215x121.jpg?cno=b644 IP93.93.51.190:443 ASN#34655 DuoDecad IT Services Luxembourg S.a r.l.
Requested byhttps://crmtt.livejasmin.com/pu/play?ms_rnd=1701792610.86465&pstool=300_31&psid=ed_dprmntdtt1&utm_source=tr&category=girl&site=jsm&utm_medium=network&subAffId=15634&sub_source=TwinRed+Exchange+Partner_ID+15634&origin=TwinRed+Exchange+Partner_ID+15634 CertificateIssuerSectigo Limited Subject*.vcmdiawe.com FingerprintAA:C6:B9:40:26:EC:8E:97:8B:70:D4:4A:8A:19:9C:C6:19:5D:07:EE ValidityTue, 02 May 2023 00:00:00 GMT - Thu, 02 May 2024 23:59:59 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 215x121, components 3\012- data Hashee62de90b4f3250904d3d7eb13756e4a 1667169bbc35d4753eadf34301a5a9fd01c6b397 0869f44ef26537ad1f3e5ecdbfeaa8a59f5f94bce7473983568849762a578f70
GET /ff268cab8d9fbae1ed7506f97496274f19/9ef8ff3eac371a32e1a37de362dc0fac_glamour_215x121.jpg?cno=b644 HTTP/1.1
Host: galleryn2.vcmdiawe.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crmtt.livejasmin.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:10:12 GMT
content-type: image/jpeg
content-length: 6871
last-modified: Wed, 20 Sep 2023 21:11:55 GMT
x-rgw-object-type: Normal
etag: "ee62de90b4f3250904d3d7eb13756e4a"
access-control-allow-origin: *
x-content-type-options: nosniff
x-cache-source: Origin
x-cache-status: R-HIT
expires: Tue, 19 Dec 2023 16:10:12 GMT
server: unknown
x-cdn-node: sesto
cache-control: max-age=1209600
x-real-source: -
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| pt-static4.jsmsat.com/npe/image/pt_di-v665990.png | 93.93.51.201 | 200 OK | 20 kB |
URL GET HTTP/2pt-static4.jsmsat.com/npe/image/pt_di-v665990.png IP93.93.51.201:443 ASN#34655 DuoDecad IT Services Luxembourg S.a r.l.
Requested byhttps://crmtt.livejasmin.com/pu/play?ms_rnd=1701792610.86465&pstool=300_31&psid=ed_dprmntdtt1&utm_source=tr&category=girl&site=jsm&utm_medium=network&subAffId=15634&sub_source=TwinRed+Exchange+Partner_ID+15634&origin=TwinRed+Exchange+Partner_ID+15634 CertificateIssuerLet's Encrypt Subjectpt-static3.jsmsat.com FingerprintB5:B9:AF:A1:51:6D:94:9A:6E:8A:86:D5:9D:DA:A4:EE:94:05:2A:32 ValidityTue, 31 Oct 2023 20:01:04 GMT - Mon, 29 Jan 2024 20:01:03 GMT
File typePNG image data, 320 x 180, 8-bit/color RGBA, non-interlaced\012- data Hash2a39f133a8af87dc3b845832ff6d30cb e67bba16969705430f54e65ad0a241ff987aa273 0d4451ade7ff63c59585c3637be283849dedd52d49886c6a7e73ec1364337ad4
GET /npe/image/pt_di-v665990.png HTTP/1.1
Host: pt-static4.jsmsat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crmtt.livejasmin.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:10:12 GMT
content-type: image/png
content-length: 20381
last-modified: Tue, 05 Dec 2023 08:58:54 GMT
etag: "656ee64e-4f9d"
access-control-allow-origin: *
server: unknown
x-cdn-node: sesto
x-cache-status: R-HIT
expires: Tue, 19 Dec 2023 16:10:12 GMT
cache-control: max-age=1209600
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| galleryn2.vcmdiawe.com/ff268cab8d9fbae1ed7506f97496274f18/8b351b259ec327b7ece5bc80b0359342_glamour_215x121.jpg?cno=6202 | 93.93.51.190 | 200 OK | 10 kB |
URL GET HTTP/2galleryn2.vcmdiawe.com/ff268cab8d9fbae1ed7506f97496274f18/8b351b259ec327b7ece5bc80b0359342_glamour_215x121.jpg?cno=6202 IP93.93.51.190:443 ASN#34655 DuoDecad IT Services Luxembourg S.a r.l.
Requested byhttps://crmtt.livejasmin.com/pu/play?ms_rnd=1701792610.86465&pstool=300_31&psid=ed_dprmntdtt1&utm_source=tr&category=girl&site=jsm&utm_medium=network&subAffId=15634&sub_source=TwinRed+Exchange+Partner_ID+15634&origin=TwinRed+Exchange+Partner_ID+15634 CertificateIssuerSectigo Limited Subject*.vcmdiawe.com FingerprintAA:C6:B9:40:26:EC:8E:97:8B:70:D4:4A:8A:19:9C:C6:19:5D:07:EE ValidityTue, 02 May 2023 00:00:00 GMT - Thu, 02 May 2024 23:59:59 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, progressive, precision 8, 215x121, components 3\012- data Hash9c56a72aa03c9809c84922e77a72b6e7 9d5bd55307620c3a6fc0ce3cccd9589522526503 e00c2c16f6ba34a9fd5c90c996940f402fab2fd766c4832e7cfe4704f928b17f
GET /ff268cab8d9fbae1ed7506f97496274f18/8b351b259ec327b7ece5bc80b0359342_glamour_215x121.jpg?cno=6202 HTTP/1.1
Host: galleryn2.vcmdiawe.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crmtt.livejasmin.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:10:12 GMT
content-type: image/jpeg
content-length: 9995
last-modified: Sat, 02 Dec 2023 18:12:38 GMT
x-rgw-object-type: Normal
etag: "9c56a72aa03c9809c84922e77a72b6e7"
access-control-allow-origin: *
x-content-type-options: nosniff
x-cache-source: Origin
x-cache-status: R-HIT
expires: Tue, 19 Dec 2023 16:10:12 GMT
server: unknown
x-cdn-node: sesto
cache-control: max-age=1209600
x-real-source: -
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| galleryn2.vcmdiawe.com/ff268cab8d9fbae1ed7506f97496274f1f/f4406d268c963270dd579d3bc582d54c_glamour_215x121.jpg?cno=d443 | 93.93.51.190 | 200 OK | 8.8 kB |
URL GET HTTP/2galleryn2.vcmdiawe.com/ff268cab8d9fbae1ed7506f97496274f1f/f4406d268c963270dd579d3bc582d54c_glamour_215x121.jpg?cno=d443 IP93.93.51.190:443 ASN#34655 DuoDecad IT Services Luxembourg S.a r.l.
Requested byhttps://crmtt.livejasmin.com/pu/play?ms_rnd=1701792610.86465&pstool=300_31&psid=ed_dprmntdtt1&utm_source=tr&category=girl&site=jsm&utm_medium=network&subAffId=15634&sub_source=TwinRed+Exchange+Partner_ID+15634&origin=TwinRed+Exchange+Partner_ID+15634 CertificateIssuerSectigo Limited Subject*.vcmdiawe.com FingerprintAA:C6:B9:40:26:EC:8E:97:8B:70:D4:4A:8A:19:9C:C6:19:5D:07:EE ValidityTue, 02 May 2023 00:00:00 GMT - Thu, 02 May 2024 23:59:59 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 215x121, components 3\012- data Hashf2fda708ceeab4bd358b8416eb2fc4df d9266dbb96d74014a3aeeae614408e74abf139fb a10cf648d62f6823920934b9abd5a5b8115fefcb723965862a7d200941c48d70
GET /ff268cab8d9fbae1ed7506f97496274f1f/f4406d268c963270dd579d3bc582d54c_glamour_215x121.jpg?cno=d443 HTTP/1.1
Host: galleryn2.vcmdiawe.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crmtt.livejasmin.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:10:12 GMT
content-type: image/jpeg
content-length: 8837
last-modified: Fri, 07 Oct 2022 16:48:22 GMT
x-rgw-object-type: Normal
etag: "f2fda708ceeab4bd358b8416eb2fc4df"
access-control-allow-origin: *
x-content-type-options: nosniff
x-cache-source: Origin
x-cache-status: R-HIT
expires: Tue, 19 Dec 2023 16:10:12 GMT
server: unknown
x-cdn-node: sesto
cache-control: max-age=1209600
x-real-source: -
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| galleryn3.vcmdiawe.com/ff268cab8d9fbae1ed7506f97496274f1d/d2396ecf3e499924acd4dd9b60ea5706_glamour_215x121.jpg?cno=3e0c | 93.93.51.190 | 200 OK | 6.5 kB |
URL GET HTTP/2galleryn3.vcmdiawe.com/ff268cab8d9fbae1ed7506f97496274f1d/d2396ecf3e499924acd4dd9b60ea5706_glamour_215x121.jpg?cno=3e0c IP93.93.51.190:443 ASN#34655 DuoDecad IT Services Luxembourg S.a r.l.
Requested byhttps://crmtt.livejasmin.com/pu/play?ms_rnd=1701792610.86465&pstool=300_31&psid=ed_dprmntdtt1&utm_source=tr&category=girl&site=jsm&utm_medium=network&subAffId=15634&sub_source=TwinRed+Exchange+Partner_ID+15634&origin=TwinRed+Exchange+Partner_ID+15634 CertificateIssuerSectigo Limited Subject*.vcmdiawe.com FingerprintAA:C6:B9:40:26:EC:8E:97:8B:70:D4:4A:8A:19:9C:C6:19:5D:07:EE ValidityTue, 02 May 2023 00:00:00 GMT - Thu, 02 May 2024 23:59:59 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 215x121, components 3\012- data Hash7c1112d807719545ac51c3055bbee2c1 d5c8b603f891c00c8a444e1ee0e0d0cd8135d5d7 375cc17dbc26123f408619e0becca1c7e13aaf24d389141ed5f741aad0c553ef
GET /ff268cab8d9fbae1ed7506f97496274f1d/d2396ecf3e499924acd4dd9b60ea5706_glamour_215x121.jpg?cno=3e0c HTTP/1.1
Host: galleryn3.vcmdiawe.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crmtt.livejasmin.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:10:12 GMT
content-type: image/jpeg
content-length: 6528
last-modified: Tue, 03 Oct 2023 18:29:55 GMT
x-rgw-object-type: Normal
etag: "7c1112d807719545ac51c3055bbee2c1"
access-control-allow-origin: *
x-content-type-options: nosniff
x-cache-source: Origin
x-cache-status: R-HIT
expires: Tue, 19 Dec 2023 16:10:12 GMT
server: unknown
x-cdn-node: sesto
cache-control: max-age=1209600
x-real-source: -
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| galleryn1.vcmdiawe.com/ff268cab8d9fbae1ed7506f97496274f1a/acbd70b0362203a9ff84ec7a0712a1bb_glamour_215x121.jpg?cno=26ef | 93.93.51.190 | 200 OK | 5.9 kB |
URL GET HTTP/2galleryn1.vcmdiawe.com/ff268cab8d9fbae1ed7506f97496274f1a/acbd70b0362203a9ff84ec7a0712a1bb_glamour_215x121.jpg?cno=26ef IP93.93.51.190:443 ASN#34655 DuoDecad IT Services Luxembourg S.a r.l.
Requested byhttps://crmtt.livejasmin.com/pu/play?ms_rnd=1701792610.86465&pstool=300_31&psid=ed_dprmntdtt1&utm_source=tr&category=girl&site=jsm&utm_medium=network&subAffId=15634&sub_source=TwinRed+Exchange+Partner_ID+15634&origin=TwinRed+Exchange+Partner_ID+15634 CertificateIssuerSectigo Limited Subject*.vcmdiawe.com FingerprintAA:C6:B9:40:26:EC:8E:97:8B:70:D4:4A:8A:19:9C:C6:19:5D:07:EE ValidityTue, 02 May 2023 00:00:00 GMT - Thu, 02 May 2024 23:59:59 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 215x121, components 3\012- data Hash272dfbd19282b1c9af43aabb0fbf3338 920ac5a44ab38cd4e847b19ece8e42e7e2ae97be 4e9d89532fb6f702b0055d20ee15c396ef6f0c631da5fe2f4e9090ddfa898913
GET /ff268cab8d9fbae1ed7506f97496274f1a/acbd70b0362203a9ff84ec7a0712a1bb_glamour_215x121.jpg?cno=26ef HTTP/1.1
Host: galleryn1.vcmdiawe.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crmtt.livejasmin.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:10:12 GMT
content-type: image/jpeg
content-length: 5864
last-modified: Wed, 06 Sep 2023 10:01:46 GMT
x-rgw-object-type: Normal
etag: "272dfbd19282b1c9af43aabb0fbf3338"
access-control-allow-origin: *
x-content-type-options: nosniff
x-cache-source: Origin
x-cache-status: R-MISS
expires: Tue, 19 Dec 2023 16:10:12 GMT
server: unknown
x-cdn-node: sesto
cache-control: max-age=1209600
x-real-source: -
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| galleryn1.vcmdiawe.com/ff268cab8d9fbae1ed7506f97496274f1a/acbd70b0362203a9ff84ec7a0712a1bb_glamour_896x504.jpg?cno=26ef | 93.93.51.190 | 200 OK | 54 kB |
URL GET HTTP/2galleryn1.vcmdiawe.com/ff268cab8d9fbae1ed7506f97496274f1a/acbd70b0362203a9ff84ec7a0712a1bb_glamour_896x504.jpg?cno=26ef IP93.93.51.190:443 ASN#34655 DuoDecad IT Services Luxembourg S.a r.l.
Requested byhttps://crmtt.livejasmin.com/pu/play?ms_rnd=1701792610.86465&pstool=300_31&psid=ed_dprmntdtt1&utm_source=tr&category=girl&site=jsm&utm_medium=network&subAffId=15634&sub_source=TwinRed+Exchange+Partner_ID+15634&origin=TwinRed+Exchange+Partner_ID+15634 CertificateIssuerSectigo Limited Subject*.vcmdiawe.com FingerprintAA:C6:B9:40:26:EC:8E:97:8B:70:D4:4A:8A:19:9C:C6:19:5D:07:EE ValidityTue, 02 May 2023 00:00:00 GMT - Thu, 02 May 2024 23:59:59 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 896x504, components 3\012- data Hash194c7d83d7c2196bc61beaf97f9067d8 9815f4867570a0b431ebd9f84c7fa4a9e65f1232 46ebf1b3d851c98a623ef3ce8f9dd29f003b04b4d4d4f08eaf1d1c01d7b7968f
GET /ff268cab8d9fbae1ed7506f97496274f1a/acbd70b0362203a9ff84ec7a0712a1bb_glamour_896x504.jpg?cno=26ef HTTP/1.1
Host: galleryn1.vcmdiawe.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crmtt.livejasmin.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:10:12 GMT
content-type: image/jpeg
content-length: 54008
last-modified: Wed, 06 Sep 2023 10:01:46 GMT
x-rgw-object-type: Normal
etag: "194c7d83d7c2196bc61beaf97f9067d8"
access-control-allow-origin: *
x-content-type-options: nosniff
x-cache-source: Origin
x-cache-status: R-MISS
expires: Tue, 19 Dec 2023 16:10:12 GMT
server: unknown
x-cdn-node: sesto
cache-control: max-age=1209600
x-real-source: -
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| galleryn0.vcmdiawe.com/f8d2e11bd6c43618af00d6f28c91232a1a/668cfdb260e41b1afbfef9caff5ed57c.mp4?pstool=300_31&psid=ed_dprmntdtt1 | 93.93.51.190 | 206 Partial Content | 2.7 MB |
URL GET HTTP/2galleryn0.vcmdiawe.com/f8d2e11bd6c43618af00d6f28c91232a1a/668cfdb260e41b1afbfef9caff5ed57c.mp4?pstool=300_31&psid=ed_dprmntdtt1 IP93.93.51.190:443 ASN#34655 DuoDecad IT Services Luxembourg S.a r.l.
Requested byhttps://crmtt.livejasmin.com/pu/play?ms_rnd=1701792610.86465&pstool=300_31&psid=ed_dprmntdtt1&utm_source=tr&category=girl&site=jsm&utm_medium=network&subAffId=15634&sub_source=TwinRed+Exchange+Partner_ID+15634&origin=TwinRed+Exchange+Partner_ID+15634 CertificateIssuerSectigo Limited Subject*.vcmdiawe.com FingerprintAA:C6:B9:40:26:EC:8E:97:8B:70:D4:4A:8A:19:9C:C6:19:5D:07:EE ValidityTue, 02 May 2023 00:00:00 GMT - Thu, 02 May 2024 23:59:59 GMT
File typeISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data Size2.7 MB (2717914 bytes) Hash3b8b00be0d29ec40b66cd8c136468281 93152342bf275db4f81661d18ea4cdcfb8e72fc7 9e3910c2ca9e44e7d4dd53805e103c44bab066bfa3a08c6a2aaa4bec4b1cf8b3
GET /f8d2e11bd6c43618af00d6f28c91232a1a/668cfdb260e41b1afbfef9caff5ed57c.mp4?pstool=300_31&psid=ed_dprmntdtt1 HTTP/1.1
Host: galleryn0.vcmdiawe.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://crmtt.livejasmin.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 206 Partial Content
date: Tue, 05 Dec 2023 16:10:12 GMT
content-type: video/mp4
content-length: 2717914
last-modified: Mon, 26 Jun 2023 06:52:44 GMT
x-rgw-object-type: Normal
etag: "3b8b00be0d29ec40b66cd8c136468281"
access-control-allow-origin: *
x-content-type-options: nosniff
x-cache-source: Origin
x-cache-status: R-HIT
expires: Tue, 19 Dec 2023 16:10:12 GMT
server: unknown
x-cdn-node: sesto
cache-control: max-age=1209600
x-real-source: -
content-range: bytes 0-2717913/2717914
X-Firefox-Spdy: h2
|
|
| galleryn3.vcmdiawe.com/ff268cab8d9fbae1ed7506f97496274f19/9ef8ff3eac371a32e1a37de362dc0fac_glamour_896x504.jpg?cno=b644 | 93.93.51.190 | 200 OK | 66 kB |
URL GET HTTP/2galleryn3.vcmdiawe.com/ff268cab8d9fbae1ed7506f97496274f19/9ef8ff3eac371a32e1a37de362dc0fac_glamour_896x504.jpg?cno=b644 IP93.93.51.190:443 ASN#34655 DuoDecad IT Services Luxembourg S.a r.l.
Requested byhttps://crmtt.livejasmin.com/pu/play?ms_rnd=1701792610.86465&pstool=300_31&psid=ed_dprmntdtt1&utm_source=tr&category=girl&site=jsm&utm_medium=network&subAffId=15634&sub_source=TwinRed+Exchange+Partner_ID+15634&origin=TwinRed+Exchange+Partner_ID+15634 CertificateIssuerSectigo Limited Subject*.vcmdiawe.com FingerprintAA:C6:B9:40:26:EC:8E:97:8B:70:D4:4A:8A:19:9C:C6:19:5D:07:EE ValidityTue, 02 May 2023 00:00:00 GMT - Thu, 02 May 2024 23:59:59 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 896x504, components 3\012- data Hashe03125c3915b745805d57f4277ef997a 5509b168c99675785179d3a2aee815ce5701f1de 347be05d3e55d6e4e82fcd985376c2ee51420e055d9659ae84a26482cfaf6bc6
GET /ff268cab8d9fbae1ed7506f97496274f19/9ef8ff3eac371a32e1a37de362dc0fac_glamour_896x504.jpg?cno=b644 HTTP/1.1
Host: galleryn3.vcmdiawe.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crmtt.livejasmin.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:10:12 GMT
content-type: image/jpeg
content-length: 65712
last-modified: Wed, 20 Sep 2023 21:11:55 GMT
x-rgw-object-type: Normal
etag: "e03125c3915b745805d57f4277ef997a"
access-control-allow-origin: *
x-content-type-options: nosniff
x-cache-source: Origin
x-cache-status: R-HIT
expires: Tue, 19 Dec 2023 16:10:12 GMT
server: unknown
x-cdn-node: sesto
cache-control: max-age=1209600
x-real-source: -
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| galleryn2.vcmdiawe.com/f8d2e11bd6c43618af00d6f28c91232a11/42884d08023507dd493820572dbc4f0f.mp4?pstool=300_31&psid=ed_dprmntdtt1 | 93.93.51.190 | 206 Partial Content | 441 kB |
URL GET HTTP/2galleryn2.vcmdiawe.com/f8d2e11bd6c43618af00d6f28c91232a11/42884d08023507dd493820572dbc4f0f.mp4?pstool=300_31&psid=ed_dprmntdtt1 IP93.93.51.190:443 ASN#34655 DuoDecad IT Services Luxembourg S.a r.l.
Requested byhttps://crmtt.livejasmin.com/pu/play?ms_rnd=1701792610.86465&pstool=300_31&psid=ed_dprmntdtt1&utm_source=tr&category=girl&site=jsm&utm_medium=network&subAffId=15634&sub_source=TwinRed+Exchange+Partner_ID+15634&origin=TwinRed+Exchange+Partner_ID+15634 CertificateIssuerSectigo Limited Subject*.vcmdiawe.com FingerprintAA:C6:B9:40:26:EC:8E:97:8B:70:D4:4A:8A:19:9C:C6:19:5D:07:EE ValidityTue, 02 May 2023 00:00:00 GMT - Thu, 02 May 2024 23:59:59 GMT
File typeISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data Size441 kB (441409 bytes) Hash08effc9b220f54cb712995333ad0c7f3 e8273f302da7a1743884bcaa4a57acfbb5c08fc9 8dcec8de6caf7217113cafd9bc2181b9a377395c0ff324a629c655b9e40919a3
GET /f8d2e11bd6c43618af00d6f28c91232a11/42884d08023507dd493820572dbc4f0f.mp4?pstool=300_31&psid=ed_dprmntdtt1 HTTP/1.1
Host: galleryn2.vcmdiawe.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://crmtt.livejasmin.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 206 Partial Content
date: Tue, 05 Dec 2023 16:10:12 GMT
content-type: video/mp4
content-length: 2678799
last-modified: Thu, 01 Jun 2023 20:29:03 GMT
x-rgw-object-type: Normal
etag: "5667cd0770b12e03c691070ccba13893"
access-control-allow-origin: *
x-content-type-options: nosniff
x-cache-source: Origin
x-cache-status: R-HIT
expires: Tue, 19 Dec 2023 16:10:12 GMT
server: unknown
x-cdn-node: sesto
cache-control: max-age=1209600
x-real-source: -
content-range: bytes 0-2678798/2678799
X-Firefox-Spdy: h2
|
|
| galleryn2.vcmdiawe.com/ff268cab8d9fbae1ed7506f97496274f1f/f4406d268c963270dd579d3bc582d54c_glamour_896x504.jpg?cno=d443 | 93.93.51.190 | 200 OK | 114 kB |
URL GET HTTP/2galleryn2.vcmdiawe.com/ff268cab8d9fbae1ed7506f97496274f1f/f4406d268c963270dd579d3bc582d54c_glamour_896x504.jpg?cno=d443 IP93.93.51.190:443 ASN#34655 DuoDecad IT Services Luxembourg S.a r.l.
Requested byhttps://crmtt.livejasmin.com/pu/play?ms_rnd=1701792610.86465&pstool=300_31&psid=ed_dprmntdtt1&utm_source=tr&category=girl&site=jsm&utm_medium=network&subAffId=15634&sub_source=TwinRed+Exchange+Partner_ID+15634&origin=TwinRed+Exchange+Partner_ID+15634 CertificateIssuerSectigo Limited Subject*.vcmdiawe.com FingerprintAA:C6:B9:40:26:EC:8E:97:8B:70:D4:4A:8A:19:9C:C6:19:5D:07:EE ValidityTue, 02 May 2023 00:00:00 GMT - Thu, 02 May 2024 23:59:59 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 896x504, components 3\012- data Size114 kB (114213 bytes) Hasha2791d65e1e99bdc86aa9ee1a05e4355 e6a50f0d853305ff7a87099f3393742f699f0400 a974c676d78b7dbf3d4a4dc8cf569e8faee59c44af2bc9227590acfa8475b320
GET /ff268cab8d9fbae1ed7506f97496274f1f/f4406d268c963270dd579d3bc582d54c_glamour_896x504.jpg?cno=d443 HTTP/1.1
Host: galleryn2.vcmdiawe.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crmtt.livejasmin.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:10:13 GMT
content-type: image/jpeg
content-length: 114213
last-modified: Fri, 07 Oct 2022 16:48:22 GMT
x-rgw-object-type: Normal
etag: "a2791d65e1e99bdc86aa9ee1a05e4355"
access-control-allow-origin: *
x-content-type-options: nosniff
x-cache-source: Origin
x-cache-status: R-HIT
expires: Tue, 19 Dec 2023 16:10:13 GMT
server: unknown
x-cdn-node: sesto
cache-control: max-age=1209600
x-real-source: -
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| galleryn3.vcmdiawe.com/f8d2e11bd6c43618af00d6f28c91232a1a/f7dced62863190d3057d260e1a3b98e2.mp4?pstool=300_31&psid=ed_dprmntdtt1 | 93.93.51.190 | 206 Partial Content | 2.7 MB |
URL GET HTTP/2galleryn3.vcmdiawe.com/f8d2e11bd6c43618af00d6f28c91232a1a/f7dced62863190d3057d260e1a3b98e2.mp4?pstool=300_31&psid=ed_dprmntdtt1 IP93.93.51.190:443 ASN#34655 DuoDecad IT Services Luxembourg S.a r.l.
Requested byhttps://crmtt.livejasmin.com/pu/play?ms_rnd=1701792610.86465&pstool=300_31&psid=ed_dprmntdtt1&utm_source=tr&category=girl&site=jsm&utm_medium=network&subAffId=15634&sub_source=TwinRed+Exchange+Partner_ID+15634&origin=TwinRed+Exchange+Partner_ID+15634 CertificateIssuerSectigo Limited Subject*.vcmdiawe.com FingerprintAA:C6:B9:40:26:EC:8E:97:8B:70:D4:4A:8A:19:9C:C6:19:5D:07:EE ValidityTue, 02 May 2023 00:00:00 GMT - Thu, 02 May 2024 23:59:59 GMT
File typeISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data Size2.7 MB (2735185 bytes) Hash9228b2d532cf381278ec51abdf390ef5 1612a0959427592769d58336b6733a88dd5c793d 44e051de940dd5472018ca85e1eac884081f71303bb794311d8deea0549fe211
GET /f8d2e11bd6c43618af00d6f28c91232a1a/f7dced62863190d3057d260e1a3b98e2.mp4?pstool=300_31&psid=ed_dprmntdtt1 HTTP/1.1
Host: galleryn3.vcmdiawe.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://crmtt.livejasmin.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 206 Partial Content
date: Tue, 05 Dec 2023 16:10:13 GMT
content-type: video/mp4
content-length: 2735185
last-modified: Tue, 07 Feb 2023 15:43:32 GMT
x-rgw-object-type: Normal
etag: "9228b2d532cf381278ec51abdf390ef5"
access-control-allow-origin: *
x-content-type-options: nosniff
x-cache-source: Origin
x-cache-status: R-HIT
expires: Tue, 19 Dec 2023 16:10:13 GMT
server: unknown
x-cdn-node: sesto
cache-control: max-age=1209600
x-real-source: -
content-range: bytes 0-2735184/2735185
X-Firefox-Spdy: h2
|
|
| galleryn3.vcmdiawe.com/ff268cab8d9fbae1ed7506f97496274f18/8b351b259ec327b7ece5bc80b0359342_glamour_896x504.jpg?cno=6202 | 93.93.51.190 | 200 OK | 103 kB |
URL GET HTTP/2galleryn3.vcmdiawe.com/ff268cab8d9fbae1ed7506f97496274f18/8b351b259ec327b7ece5bc80b0359342_glamour_896x504.jpg?cno=6202 IP93.93.51.190:443 ASN#34655 DuoDecad IT Services Luxembourg S.a r.l.
Requested byhttps://crmtt.livejasmin.com/pu/play?ms_rnd=1701792610.86465&pstool=300_31&psid=ed_dprmntdtt1&utm_source=tr&category=girl&site=jsm&utm_medium=network&subAffId=15634&sub_source=TwinRed+Exchange+Partner_ID+15634&origin=TwinRed+Exchange+Partner_ID+15634 CertificateIssuerSectigo Limited Subject*.vcmdiawe.com FingerprintAA:C6:B9:40:26:EC:8E:97:8B:70:D4:4A:8A:19:9C:C6:19:5D:07:EE ValidityTue, 02 May 2023 00:00:00 GMT - Thu, 02 May 2024 23:59:59 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, progressive, precision 8, 896x504, components 3\012- data Size103 kB (102890 bytes) Hashbf27a098fc1f253fb552e7ee1f1cd6a1 679dbfa7fae66c0c3184700f530f0716102cf249 4e8d772f149a503a56631ecbdb093b2000644413fad646118db5b1cb907f2676
GET /ff268cab8d9fbae1ed7506f97496274f18/8b351b259ec327b7ece5bc80b0359342_glamour_896x504.jpg?cno=6202 HTTP/1.1
Host: galleryn3.vcmdiawe.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crmtt.livejasmin.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:10:13 GMT
content-type: image/jpeg
content-length: 102890
last-modified: Sat, 02 Dec 2023 18:12:39 GMT
x-rgw-object-type: Normal
etag: "bf27a098fc1f253fb552e7ee1f1cd6a1"
access-control-allow-origin: *
x-content-type-options: nosniff
x-cache-source: Origin
x-cache-status: R-HIT
expires: Tue, 19 Dec 2023 16:10:13 GMT
server: unknown
x-cdn-node: sesto
cache-control: max-age=1209600
x-real-source: -
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| ccs.livejasmin.com/ccs.php?ccs=1&psid=ed_dprmntdtt1&subAffId=15634&psref=TwinRed&pstool=300_31 | 93.93.51.225 | 200 OK | 69 B |
URL GET HTTP/2ccs.livejasmin.com/ccs.php?ccs=1&psid=ed_dprmntdtt1&subAffId=15634&psref=TwinRed&pstool=300_31 IP93.93.51.225:443 ASN#34655 DuoDecad IT Services Luxembourg S.a r.l.
Requested byhttps://crmtt.livejasmin.com/pu/play?ms_rnd=1701792610.86465&pstool=300_31&psid=ed_dprmntdtt1&utm_source=tr&category=girl&site=jsm&utm_medium=network&subAffId=15634&sub_source=TwinRed+Exchange+Partner_ID+15634&origin=TwinRed+Exchange+Partner_ID+15634 CertificateIssuerLet's Encrypt Subjectccs.livejasmin.com FingerprintA4:D6:F2:B2:1A:30:76:1E:7B:25:4B:09:EC:8C:DE:70:F2:0C:45:4A ValiditySat, 04 Nov 2023 08:01:05 GMT - Fri, 02 Feb 2024 08:01:04 GMT
File typePNG image data, 1 x 1, 8-bit/color RGB, non-interlaced\012- data Hashdf15c61986fc44f0000081374bdcd6fb da69991e3d456f15f1b9ac2f11d6c79a5240541d 126a629b1a5b11de957e290957f73e9bf7abf7cf63eb0ddb7eb5db95edfdff2a
GET /ccs.php?ccs=1&psid=ed_dprmntdtt1&subAffId=15634&psref=TwinRed&pstool=300_31 HTTP/1.1
Host: ccs.livejasmin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crmtt.livejasmin.com/
Cookie: _ga_H7LMNP6Q9N=GS1.1.1701792618.1.0.1701792618.0.0.0; _ga=GA1.1.1636827203.1701792618
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:10:16 GMT
content-type: image/png
content-length: 69
set-cookie: macctid=ed_dprmntdtt1; expires=Tue, 19-Dec-2023 16:10:16 GMT; Max-Age=1209600; path=/; domain=.livejasmin.com; secure; SameSite=None
ccs=YToxMDp7czo0OiJwc2lkIjtzOjEzOiJlZF9kcHJtbnRkdHQxIjtzOjU6InBzcmVmIjtzOjc6IlR3aW5SZWQiO3M6NjoicHN0b3VyIjtzOjI6InQxIjtzOjk6InBzcHJvZ3JhbSI7czo0OiJSRVZTIjtzOjY6InBzdG9vbCI7czo2OiIzMDBfMzEiO3M6MTE6ImNhbXBhaWduX2lkIjtpOjA7czoxMzoicHNwZXJmb3JtZXJpZCI7czowOiIiO3M6OToicHNodHRwcmVmIjtzOjM3OiJodHRwcyUzQSUyRiUyRmNybXR0LmxpdmVqYXNtaW4uY29tJTJGIjtzOjEwOiJjcmVhdGVkX2F0IjtpOjE3MDE3OTI2MTY7czo5OiJhZmZwYXJhbXMiO3M6Mjg6ImV5SnpkV0pCWm1aSlpDSTZJakUxTmpNMEluMD0iO30%3D; expires=Tue, 19-Dec-2023 16:10:16 GMT; Max-Age=1209600; path=/; domain=.livejasmin.com; secure; SameSite=None
server: unknown
X-Firefox-Spdy: h2
|
|
| galleryn0.vcmdiawe.com/f8d2e11bd6c43618af00d6f28c91232a13/01e527a65680b7c3866d199230f7dcee.mp4?pstool=300_31&psid=ed_dprmntdtt1 | 93.93.51.190 | 206 Partial Content | 885 kB |
URL GET HTTP/2galleryn0.vcmdiawe.com/f8d2e11bd6c43618af00d6f28c91232a13/01e527a65680b7c3866d199230f7dcee.mp4?pstool=300_31&psid=ed_dprmntdtt1 IP93.93.51.190:443 ASN#34655 DuoDecad IT Services Luxembourg S.a r.l.
Requested byhttps://crmtt.livejasmin.com/pu/play?ms_rnd=1701792610.86465&pstool=300_31&psid=ed_dprmntdtt1&utm_source=tr&category=girl&site=jsm&utm_medium=network&subAffId=15634&sub_source=TwinRed+Exchange+Partner_ID+15634&origin=TwinRed+Exchange+Partner_ID+15634 CertificateIssuerSectigo Limited Subject*.vcmdiawe.com FingerprintAA:C6:B9:40:26:EC:8E:97:8B:70:D4:4A:8A:19:9C:C6:19:5D:07:EE ValidityTue, 02 May 2023 00:00:00 GMT - Thu, 02 May 2024 23:59:59 GMT
File typeISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data Size885 kB (884700 bytes) Hashfca91b48b8f808a595489160634be249 7b1c0ab1bf876b2938ef3f9b928955a5eeb147bb 916ce0c563e28b410a40520d1ccad7fff0b4b87f7249214a12f8e64b8de7b4dc
GET /f8d2e11bd6c43618af00d6f28c91232a13/01e527a65680b7c3866d199230f7dcee.mp4?pstool=300_31&psid=ed_dprmntdtt1 HTTP/1.1
Host: galleryn0.vcmdiawe.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://crmtt.livejasmin.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 206 Partial Content
date: Tue, 05 Dec 2023 16:10:13 GMT
content-type: video/mp4
content-length: 2670576
last-modified: Sun, 26 Nov 2023 20:27:43 GMT
x-rgw-object-type: Normal
etag: "c5e583d140ff48ec49fe47831a487636"
access-control-allow-origin: *
x-content-type-options: nosniff
x-cache-source: Origin
x-cache-status: R-HIT
expires: Tue, 19 Dec 2023 16:10:13 GMT
server: unknown
x-cdn-node: sesto
cache-control: max-age=1209600
x-real-source: -
content-range: bytes 0-2670575/2670576
X-Firefox-Spdy: h2
|
|
| galleryn1.vcmdiawe.com/f8d2e11bd6c43618af00d6f28c91232a12/f0a3701732daf318d6b8968c89f97d57.mp4?pstool=300_31&psid=ed_dprmntdtt1 | 93.93.51.190 | 206 Partial Content | 934 kB |
URL GET HTTP/2galleryn1.vcmdiawe.com/f8d2e11bd6c43618af00d6f28c91232a12/f0a3701732daf318d6b8968c89f97d57.mp4?pstool=300_31&psid=ed_dprmntdtt1 IP93.93.51.190:443 ASN#34655 DuoDecad IT Services Luxembourg S.a r.l.
Requested byhttps://crmtt.livejasmin.com/pu/play?ms_rnd=1701792610.86465&pstool=300_31&psid=ed_dprmntdtt1&utm_source=tr&category=girl&site=jsm&utm_medium=network&subAffId=15634&sub_source=TwinRed+Exchange+Partner_ID+15634&origin=TwinRed+Exchange+Partner_ID+15634 CertificateIssuerSectigo Limited Subject*.vcmdiawe.com FingerprintAA:C6:B9:40:26:EC:8E:97:8B:70:D4:4A:8A:19:9C:C6:19:5D:07:EE ValidityTue, 02 May 2023 00:00:00 GMT - Thu, 02 May 2024 23:59:59 GMT
File typeISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data Size934 kB (933888 bytes) Hashffd1a9b0a2e9214239b99b804d3f476f 5a92b87e9efb29b9ae22c62dbcb3a513169495ea 40214500326b6b082686848cb1b01996f3c8ee1afca41bf220902f722ec389e2
GET /f8d2e11bd6c43618af00d6f28c91232a12/f0a3701732daf318d6b8968c89f97d57.mp4?pstool=300_31&psid=ed_dprmntdtt1 HTTP/1.1
Host: galleryn1.vcmdiawe.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://crmtt.livejasmin.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 206 Partial Content
date: Tue, 05 Dec 2023 16:10:13 GMT
content-type: video/mp4
content-length: 4050765
last-modified: Thu, 30 Jun 2022 08:54:02 GMT
x-rgw-object-type: Normal
etag: "f560b9f3ccfd5617cfec33d2f543e648"
access-control-allow-origin: *
x-content-type-options: nosniff
x-cache-source: Origin
x-cache-status: R-HIT
expires: Tue, 19 Dec 2023 16:10:13 GMT
server: unknown
x-cdn-node: sesto
cache-control: max-age=1209600
x-real-source: -
content-range: bytes 0-4050764/4050765
X-Firefox-Spdy: h2
|
|
| pt-static1.jsmsat.com/npe/_common/fonts/roboto_bold-webfont-v665990.woff | 93.93.51.201 | 200 OK | 90 kB |
URL GET HTTP/2pt-static1.jsmsat.com/npe/_common/fonts/roboto_bold-webfont-v665990.woff IP93.93.51.201:443 ASN#34655 DuoDecad IT Services Luxembourg S.a r.l.
Requested byhttps://crmtt.livejasmin.com/pu/play?ms_rnd=1701792610.86465&pstool=300_31&psid=ed_dprmntdtt1&utm_source=tr&category=girl&site=jsm&utm_medium=network&subAffId=15634&sub_source=TwinRed+Exchange+Partner_ID+15634&origin=TwinRed+Exchange+Partner_ID+15634 CertificateIssuerLet's Encrypt Subjectpt.awempt.com Fingerprint55:E1:D4:78:CF:7E:3E:2E:80:6A:51:70:29:FA:63:93:0E:F7:24:4A ValidityWed, 01 Nov 2023 08:01:05 GMT - Tue, 30 Jan 2024 08:01:04 GMT
File typeWeb Open Font Format, TrueType, length 89584, version 2.1150\012- data Hash5da9ea748f871afd777b452f15c71f2f 65603d39f5473276cbff6bf6f23e984240ec4f68 e485cf8605b5490285c439b818a7123f5855c6a3e831b01046c6dc62718bac88
GET /npe/_common/fonts/roboto_bold-webfont-v665990.woff HTTP/1.1
Host: pt-static1.jsmsat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://crmtt.livejasmin.com
DNT: 1
Connection: keep-alive
Referer: https://pt-static1.jsmsat.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:10:11 GMT
content-type: application/font-woff
content-length: 89584
last-modified: Tue, 05 Dec 2023 08:58:54 GMT
etag: "656ee64e-15df0"
access-control-allow-origin: *
server: unknown
x-cdn-node: sesto
x-cache-status: R-HIT
expires: Tue, 19 Dec 2023 16:10:11 GMT
cache-control: max-age=1209600
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| pt-static1.jsmsat.com/npe/_common/fonts/roboto_medium-webfont-v665990.woff | 93.93.51.201 | 200 OK | 70 kB |
URL GET HTTP/2pt-static1.jsmsat.com/npe/_common/fonts/roboto_medium-webfont-v665990.woff IP93.93.51.201:443 ASN#34655 DuoDecad IT Services Luxembourg S.a r.l.
Requested byhttps://crmtt.livejasmin.com/pu/play?ms_rnd=1701792610.86465&pstool=300_31&psid=ed_dprmntdtt1&utm_source=tr&category=girl&site=jsm&utm_medium=network&subAffId=15634&sub_source=TwinRed+Exchange+Partner_ID+15634&origin=TwinRed+Exchange+Partner_ID+15634 CertificateIssuerLet's Encrypt Subjectpt.awempt.com Fingerprint55:E1:D4:78:CF:7E:3E:2E:80:6A:51:70:29:FA:63:93:0E:F7:24:4A ValidityWed, 01 Nov 2023 08:01:05 GMT - Tue, 30 Jan 2024 08:01:04 GMT
File typeWeb Open Font Format, TrueType, length 70184, version 1.0\012- data Hashae0a4265d4db4667a8994b313ca54458 b15d253899a66998907b2c60cc9781f24204122b bbd509f42e1a66e91e73bb195a7a837284c1ace0d35eddae02a52877ea20f149
GET /npe/_common/fonts/roboto_medium-webfont-v665990.woff HTTP/1.1
Host: pt-static1.jsmsat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://crmtt.livejasmin.com
DNT: 1
Connection: keep-alive
Referer: https://pt-static1.jsmsat.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:10:11 GMT
content-type: application/font-woff
content-length: 70184
last-modified: Tue, 05 Dec 2023 08:58:54 GMT
etag: "656ee64e-11228"
access-control-allow-origin: *
server: unknown
x-cdn-node: sesto
x-cache-status: R-HIT
expires: Tue, 19 Dec 2023 16:10:11 GMT
cache-control: max-age=1209600
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| pt-static1.jsmsat.com/npe/_common/script/adblock/advertisement-v665990.js | 93.93.51.201 | 200 OK | 21 B |
URL GET HTTP/2pt-static1.jsmsat.com/npe/_common/script/adblock/advertisement-v665990.js IP93.93.51.201:443 ASN#34655 DuoDecad IT Services Luxembourg S.a r.l.
Requested byhttps://crmtt.livejasmin.com/pu/play?ms_rnd=1701792610.86465&pstool=300_31&psid=ed_dprmntdtt1&utm_source=tr&category=girl&site=jsm&utm_medium=network&subAffId=15634&sub_source=TwinRed+Exchange+Partner_ID+15634&origin=TwinRed+Exchange+Partner_ID+15634 CertificateIssuerLet's Encrypt Subjectpt.awempt.com Fingerprint55:E1:D4:78:CF:7E:3E:2E:80:6A:51:70:29:FA:63:93:0E:F7:24:4A ValidityWed, 01 Nov 2023 08:01:05 GMT - Tue, 30 Jan 2024 08:01:04 GMT
File typeASCII text, with no line terminators Hash01c6e7ecb819ef28b0c9b962513a1596 1a49f493db7b91ed34a7040d36732352b9a5dc39 e97a9988dce8067f81f57557b349dd481e0335e75175179b6b01322be2ff13a5
GET /npe/_common/script/adblock/advertisement-v665990.js HTTP/1.1
Host: pt-static1.jsmsat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crmtt.livejasmin.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:10:11 GMT
content-type: application/javascript
content-length: 21
last-modified: Tue, 05 Dec 2023 08:58:54 GMT
etag: "656ee64e-15"
access-control-allow-origin: *
server: unknown
x-cdn-node: sesto
x-cache-status: R-HIT
expires: Tue, 19 Dec 2023 16:10:11 GMT
cache-control: max-age=1209600
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| crmtt.livejasmin.com/pu/play?ms_rnd=1701792610.86465&pstool=300_31&psid=ed_dprmntdtt1&utm_source=tr&category=girl&site=jsm&utm_medium=network&subAffId=15634&sub_source=TwinRed+Exchange+Partner_ID+15634&origin=TwinRed+Exchange+Partner_ID+15634 | 93.93.51.191 | 200 OK | 48 kB |
URL User Request GET HTTP/2crmtt.livejasmin.com/pu/play?ms_rnd=1701792610.86465&pstool=300_31&psid=ed_dprmntdtt1&utm_source=tr&category=girl&site=jsm&utm_medium=network&subAffId=15634&sub_source=TwinRed+Exchange+Partner_ID+15634&origin=TwinRed+Exchange+Partner_ID+15634 IP93.93.51.191:443 ASN#34655 DuoDecad IT Services Luxembourg S.a r.l.
CertificateIssuerLet's Encrypt Subjectcrmtt.livejasmin.com Fingerprint48:F7:48:98:71:E9:CF:65:C0:D5:30:5B:4E:29:8E:B2:97:96:75:03 ValidityWed, 15 Nov 2023 12:01:03 GMT - Tue, 13 Feb 2024 12:01:02 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pu/play?ms_rnd=1701792610.86465&pstool=300_31&psid=ed_dprmntdtt1&utm_source=tr&category=girl&site=jsm&utm_medium=network&subAffId=15634&sub_source=TwinRed+Exchange+Partner_ID+15634&origin=TwinRed+Exchange+Partner_ID+15634 HTTP/1.1
Host: crmtt.livejasmin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crmentjg.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-ud-id: 7qZ2a/IQj
cache-control: no-cache
date: Tue, 05 Dec 2023 16:10:10 GMT
server: unknown
x-cache-status: R-MISS
set-cookie: psui=a59f007fbf3384ccc33cc586d5d348f0; Path=/; Expires=Thu, 04-Jan-24 16:10:10 GMT; SameSite=None; Secure
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| galleryn2.vcmdiawe.com/ff268cab8d9fbae1ed7506f97496274f1d/d2396ecf3e499924acd4dd9b60ea5706_glamour_896x504.jpg?cno=3e0c | 93.93.51.190 | 200 OK | 65 kB |
URL GET HTTP/2galleryn2.vcmdiawe.com/ff268cab8d9fbae1ed7506f97496274f1d/d2396ecf3e499924acd4dd9b60ea5706_glamour_896x504.jpg?cno=3e0c IP93.93.51.190:443 ASN#34655 DuoDecad IT Services Luxembourg S.a r.l.
Requested byhttps://crmtt.livejasmin.com/pu/play?ms_rnd=1701792610.86465&pstool=300_31&psid=ed_dprmntdtt1&utm_source=tr&category=girl&site=jsm&utm_medium=network&subAffId=15634&sub_source=TwinRed+Exchange+Partner_ID+15634&origin=TwinRed+Exchange+Partner_ID+15634 CertificateIssuerSectigo Limited Subject*.vcmdiawe.com FingerprintAA:C6:B9:40:26:EC:8E:97:8B:70:D4:4A:8A:19:9C:C6:19:5D:07:EE ValidityTue, 02 May 2023 00:00:00 GMT - Thu, 02 May 2024 23:59:59 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 896x504, components 3\012- data Hash715870b81e4a848be45f7615550162be 6038a3053d7e1287e6e30cdd5dc756f2ce63a410 d3aafd0f6ffb0356cbe6243598114b7fe7b980fe66a860182576e5d89e2dce38
GET /ff268cab8d9fbae1ed7506f97496274f1d/d2396ecf3e499924acd4dd9b60ea5706_glamour_896x504.jpg?cno=3e0c HTTP/1.1
Host: galleryn2.vcmdiawe.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crmtt.livejasmin.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:10:13 GMT
content-type: image/jpeg
content-length: 64631
last-modified: Tue, 03 Oct 2023 18:29:54 GMT
x-rgw-object-type: Normal
etag: "715870b81e4a848be45f7615550162be"
access-control-allow-origin: *
x-content-type-options: nosniff
x-cache-source: Origin
x-cache-status: R-HIT
expires: Tue, 19 Dec 2023 16:10:13 GMT
server: unknown
x-cdn-node: sesto
cache-control: max-age=1209600
x-real-source: -
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
0.0.0.0