Overview

URL rule34video.party/videos/3066961/lara-s-balls-of-steel/
IP104.21.32.169
ASNCLOUDFLARENET
Location
Report completed2022-10-01 06:24:46 UTC
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter  No alerts detected
mnemonic secure dns  No alerts detected
Quad9 DNS  No alerts detected


Files

No files detected



Passive DNS (27)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS push.services.mozilla.com (1) 2140 2015-09-03 10:29:36 UTC 2022-09-30 05:12:28 UTC 35.81.125.88
mnemonic passive DNS region1.google-analytics.com (1) 0 2022-03-17 11:26:33 UTC 2022-09-30 05:54:11 UTC 216.239.32.36 Domain (google-analytics.com) ranked at: 8401
mnemonic passive DNS e1.o.lencr.org (2) 6159 2021-08-20 07:36:30 UTC 2022-10-01 04:27:24 UTC 23.36.76.226
mnemonic passive DNS ads.juicyads.com (1) 243428 2012-05-21 13:14:29 UTC 2022-09-29 19:56:51 UTC 151.139.128.11
mnemonic passive DNS flixdot.com (1) 0 2020-07-22 06:38:38 UTC 2022-09-29 08:09:03 UTC 172.64.196.19 Unknown ranking
mnemonic passive DNS ocsp.pki.goog (2) 175 2017-06-14 07:23:31 UTC 2022-09-30 04:55:27 UTC 142.250.74.3
mnemonic passive DNS i.jads.co (3) 46788 2019-12-04 08:50:06 UTC 2022-09-30 23:24:18 UTC 69.16.175.42
mnemonic passive DNS js-agent.newrelic.com (1) 378 2017-01-30 05:00:15 UTC 2022-10-01 04:09:18 UTC 151.101.86.137
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-10-01 05:17:12 UTC 18.164.68.59
mnemonic passive DNS rule34video.party (1) 0 2021-10-15 09:24:38 UTC 2022-10-01 06:24:10 UTC 172.67.153.20 Unknown ranking
mnemonic passive DNS video.ktkjmp.com (1) 23778 2020-10-02 08:52:19 UTC 2022-09-30 21:01:01 UTC 172.64.145.216
mnemonic passive DNS go.xlrdr.com (1) 0 2021-07-02 10:40:48 UTC 2022-10-01 03:30:04 UTC 104.18.42.40 Unknown ranking
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-09-30 04:56:26 UTC 34.117.237.239
mnemonic passive DNS poweredby.jads.co (7) 30525 2019-12-04 10:34:12 UTC 2022-09-30 23:24:16 UTC 185.94.236.247
mnemonic passive DNS creative.xlrdr.com (2) 0 2021-07-02 10:51:24 UTC 2022-09-29 09:33:41 UTC 104.18.42.40 Unknown ranking
mnemonic passive DNS www.google-analytics.com (1) 40 2012-10-03 01:04:21 UTC 2022-09-30 23:06:25 UTC 142.250.74.174
mnemonic passive DNS bam.nr-data.net (2) 630 2015-02-10 00:06:27 UTC 2022-09-30 21:38:45 UTC 162.247.241.14
mnemonic passive DNS chaturbate.com (1) 6807 2012-05-22 23:11:36 UTC 2022-10-01 05:12:51 UTC 104.18.101.40
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2020-05-27 20:08:30 UTC 2022-10-01 05:49:58 UTC 18.164.68.8
mnemonic passive DNS img-getpocket.cdn.mozilla.net (6) 1631 2017-09-01 03:40:57 UTC 2022-10-01 04:22:38 UTC 34.120.237.76
mnemonic passive DNS r3.o.lencr.org (5) 344 2020-12-02 08:52:13 UTC 2022-09-30 04:55:29 UTC 23.36.76.226
mnemonic passive DNS www.googletagmanager.com (1) 75 2012-12-25 14:52:06 UTC 2022-09-30 04:55:45 UTC 142.250.74.72
mnemonic passive DNS ocsp.sectigo.com (1) 487 2018-12-17 11:31:55 UTC 2022-10-01 04:08:14 UTC 172.64.155.188
mnemonic passive DNS ocsp.digicert.com (2) 86 2012-05-21 07:02:23 UTC 2022-10-01 04:10:38 UTC 93.184.220.29
mnemonic passive DNS cdn.banhq.com (1) 287812 2022-09-29 08:30:19 UTC 2022-10-01 04:27:20 UTC 13.224.103.96
mnemonic passive DNS static-assets.highwebmedia.com (2) 16059 2021-01-19 21:46:26 UTC 2022-10-01 05:12:53 UTC 104.16.93.42
mnemonic passive DNS roomimg.stream.highwebmedia.com (2) 23037 2016-09-05 17:03:58 UTC 2022-10-01 05:12:53 UTC 104.19.241.83


Recent reports on same IP/ASN/Domain/Screenshot

Last 2 reports on IP: 104.21.32.169

Date UQ / IDS / BL URL IP
2022-11-06 08:26:24 +0000
0 - 0 - 1 nosecnet.com/ 104.21.32.169
2022-10-01 06:24:46 +0000
0 - 0 - 0 rule34video.party/videos/3066961/lara-s-balls (...) 104.21.32.169

Last 5 reports on ASN: CLOUDFLARENET

Date UQ / IDS / BL URL IP
2022-11-27 16:19:41 +0000
0 - 0 - 5 pdlotracking.com/cf/r/636c8ffc01e686001942c665 104.21.11.58
2022-11-27 16:18:51 +0000
0 - 0 - 2 findyourhalf.online/ 172.67.182.47
2022-11-27 16:17:54 +0000
0 - 0 - 2 luckyyousurvey.top/ 104.21.74.139
2022-11-27 16:17:45 +0000
0 - 0 - 1 nestverpotenpilad.ga/ 172.67.143.91
2022-11-27 16:16:35 +0000
0 - 0 - 4 a.topprizessurvey.top/ 104.21.51.196

Last 1 reports on domain: rule34video.party

Date UQ / IDS / BL URL IP
2022-10-01 06:24:46 +0000
0 - 0 - 0 rule34video.party/videos/3066961/lara-s-balls (...) 104.21.32.169

No other reports with similar screenshot



JavaScript

Executed Scripts (30)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (52)


Request Response
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         18.164.68.8
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Backoff, Content-Length, Retry-After
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sat, 01 Oct 2022 06:02:26 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 98b94706e2cced402e41a3fd1d296b74.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P4
X-Amz-Cf-Id: K_2eTZds2DfO0kSguZ5ho4KmPw7VtOKq4eWrNh1NG1EMEeFtr6_pBA==
Age: 1329


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    1b3053fa528e28810f8a2cc9284cc921
Sha1:   cca9eb471d941881a6b9a1793aecb6c281908f6a
Sha256: a2427848ba35575dda8a82cf88f104978234c05389deebc3fc8279d9075eff45
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "A382476D14B6AE14003333E7ACDFBBD9AE8775D4C1A7D5C31116F33987043CFF"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6972
Expires: Sat, 01 Oct 2022 08:20:47 GMT
Date: Sat, 01 Oct 2022 06:24:35 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         18.164.68.59
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sat, 01 Oct 2022 03:33:18 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 8671c9c28d4abb06df55e1091d0f124a.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P4
x-amz-cf-id: zrFiKOAb2DHIrf_j6dVYiFBN2vSuvEamUnDvD1OnQOXNUTR5cYhw-Q==
age: 10279
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    6113f8408c59aebe188d6af273b90743
Sha1:   7398873bf00f99944eaa77ad3ebc0d43c23dba6b
Sha256: b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Sat, 01 Oct 2022 06:24:35 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         18.164.68.8
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Expires, Backoff, ETag, Last-Modified, Pragma, Cache-Control, Content-Length, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Sat, 01 Oct 2022 05:32:53 GMT
Expires: Sat, 01 Oct 2022 06:21:02 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 86897b9f074001e33ff5cbec58c4bc02.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P4
X-Amz-Cf-Id: CKqutXMppVZDdPfhIN1fluGQ-0S-3sWNiPPl_lKsO9nUiUplHi2rAg==
Age: 3102


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3606
Cache-Control: max-age=96134
Date: Sat, 01 Oct 2022 06:24:36 GMT
Etag: "6336a394-1d7"
Expires: Sun, 02 Oct 2022 09:06:50 GMT
Last-Modified: Fri, 30 Sep 2022 08:06:44 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: gp6I6bHdDwsS6Xe+gAWIeA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         35.81.125.88
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: B1JamjmNq76QHSvBeXDjhg6xEvo=

                                        
                                            GET /videos/3066961/lara-s-balls-of-steel/ HTTP/1.1 
Host: rule34video.party
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                         
                                         172.67.153.20
HTTP/2 200 OK
content-type: text/html; charset=utf-8
                                        
date: Sat, 01 Oct 2022 06:24:37 GMT
x-frame-options: SAMEORIGIN
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
set-cookie: PHPSESSID=n4946f7rl54rahvabq6b625fpl; path=/; domain=.rule34video.party; secure; SameSite=None tag_ids=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0 kt_qparams=id%3D3066961%26dir%3Dlara-s-balls-of-steel; expires=Sun, 02-Oct-2022 06:24:37 GMT; Max-Age=86400; path=/; domain=.rule34video.party; secure; SameSite=None kt_ips=91.90.42.154; expires=Sun, 02-Oct-2022 06:24:37 GMT; Max-Age=86400; path=/; domain=.rule34video.party; secure; SameSite=None
strict-transport-security: max-age=15768000;
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iOewDHJX92zl59cREOOf%2F6Jan2ihPCZ84M4Kh1fE3NgBnvoiFCgpxCbF%2FvsmSu5WVos8EWjb2ANIxlXrbEFcp%2FZ8cdQARmCSFRGJC8kq4Dd4o0Ao0aZhMzjuQ7YyLW6QH8IB2g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75331dbcdb2bb524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (64341)
Size:   41318
Md5:    3629c4def91e25d799aefbe4cd1cc6aa
Sha1:   335a112739673c1ab2ff10d885d84224c5717d06
Sha256: 4c1c711cdbbf9010218d253423a90e08341f96cd96f0756835a7b4b47be0a7fb
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 01 Oct 2022 06:24:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /gtag/js?id=G-HX6FLJFDC3 HTTP/1.1 
Host: www.googletagmanager.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rule34video.party/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.72
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 01 Oct 2022 06:24:37 GMT
expires: Sat, 01 Oct 2022 06:24:37 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 75740
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (21348)
Size:   75740
Md5:    59904e13971e66e4eeef4a04925f6ece
Sha1:   ce2494f4e153f98e877401063baadfe8f3c42039
Sha256: c8c8a081b9159e573e6363f899c3fd6fb1ce333ae4fedf2c7a1616ad2cb7d3a7
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 01 Oct 2022 06:24:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "25F075EFFBD8ACDED8F38D69EA17F673DE3E197B635274D4C52411EF577FE8E7"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9333
Expires: Sat, 01 Oct 2022 09:00:10 GMT
Date: Sat, 01 Oct 2022 06:24:37 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   5650
Md5:    ba813c86ee6121fd59dca70f4b06cc9e
Sha1:   73613f24d96ad0c60cd724c2436594810eeea10f
Sha256: f169942ad37793c370343b788759cfd2657b592939420557b61ca2b67503ad28
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "25F075EFFBD8ACDED8F38D69EA17F673DE3E197B635274D4C52411EF577FE8E7"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9333
Expires: Sat, 01 Oct 2022 09:00:10 GMT
Date: Sat, 01 Oct 2022 06:24:37 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "25F075EFFBD8ACDED8F38D69EA17F673DE3E197B635274D4C52411EF577FE8E7"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9333
Expires: Sat, 01 Oct 2022 09:00:10 GMT
Date: Sat, 01 Oct 2022 06:24:37 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "25F075EFFBD8ACDED8F38D69EA17F673DE3E197B635274D4C52411EF577FE8E7"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9333
Expires: Sat, 01 Oct 2022 09:00:10 GMT
Date: Sat, 01 Oct 2022 06:24:37 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F03e4f558-3c34-42eb-aa43-9896f0e6ce87.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8269
x-amzn-requestid: 2ff31dda-d215-42fb-a439-de67799ebeb1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y8dqPFvQIAMFxlA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632e7641-2c2e3443499003525414587b;Sampled=0
x-amzn-remapped-date: Sat, 24 Sep 2022 03:15:13 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: btbI_vFcRysDsOGN3zHGO3PEnzCG8XZyV7E65PB1bwBab86rJM79ZQ==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 30 Sep 2022 22:16:06 GMT
age: 29311
etag: "74c20bb0c312988822deb9d46b20e4642357fbd7"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8269
Md5:    574cd0b975349cc445e798136863c8a0
Sha1:   74c20bb0c312988822deb9d46b20e4642357fbd7
Sha256: 62d6448a8da1ed783761e1e966c3f03f2d9b4351e04e13e71e330e4cce465fc4
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb90508fe-e6b6-4ad0-9afc-67b46e4d0aa4.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8734
x-amzn-requestid: abef68e4-c2c6-4551-babc-125c93c1506d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZSz0UECTIAMF3BA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63376681-5090c08a3349bb8715d3c579;Sampled=0
x-amzn-remapped-date: Fri, 30 Sep 2022 21:58:25 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: pAnOlf78Pu-hwBIKm002F4z1G8Q1pshDOPxwIQ81Yu6HzIT-0PJt1Q==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 d01e7742f82df0bbc1fb681d709ed69c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 30 Sep 2022 22:22:17 GMT
age: 28940
etag: "7eea9aa04c5a72c417a580ca45341a0b5adc72cf"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8734
Md5:    1c475b8cc11fdaabbda170c6605d1391
Sha1:   7eea9aa04c5a72c417a580ca45341a0b5adc72cf
Sha256: 888de88ddad429a0bdb565b1f069dab4bea55a3b8a662c4efd9b75fd261dee3b
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7a3fdfee-41fa-48e2-a92a-744050d16fbe.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 13384
x-amzn-requestid: c643d8db-041f-4e98-888d-63375dde9721
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZM65TEujIAMFpmw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63350b6e-232161f74a65138a122f7cf7;Sampled=0
x-amzn-remapped-date: Thu, 29 Sep 2022 03:05:18 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 0qGoRJUOZ5pSfaO1f7DWFB-oRI7zkyIFFfAcbOWNhy3p2EKCD1VdwA==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Oct 2022 03:52:25 GMT
age: 9132
etag: "8b72969c2c5cff7c8200e8c8a4b3d504565a97fd"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   15228
Md5:    94903237838ac9eb2c6506f8e285d79b
Sha1:   db2f91bfe7643dea51977b93b0e3ae9b48e180ea
Sha256: be000d28f06dbc114c02a9017ba677a66bd035f403ca4aa5f31b1c7efa9fc9bc
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc7a423b5-e320-4013-8cd9-2455b244e410.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 3069
x-amzn-requestid: 957bbcc7-0ce0-42b6-bec6-588f9e1c6369
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZSxLCH6DoAMFaHA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63376246-5a514967208e92343e0f3778;Sampled=0
x-amzn-remapped-date: Fri, 30 Sep 2022 21:40:22 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: tnGcmRZcp0_ckYfYvD37C_1Vswk5FoLIhno4dWw39OJ3fqmhIMss2Q==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 01147dcc35d57fc0238a3c1700c13f16.cloudfront.net (CloudFront), 1.1 google
date: Fri, 30 Sep 2022 22:15:59 GMT
age: 29318
etag: "069a451b50182aed754301cbc2eb776abe469a52"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   3069
Md5:    e22123802c6c1a89ff2b12b8ebb4478a
Sha1:   069a451b50182aed754301cbc2eb776abe469a52
Sha256: 4edccb57b366cf6460219d86ea13dd54cb0bcf3581604a5139859bf809df2b13
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff75296c6-86fa-46e7-b1f9-5afb645a7a08.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 11252
x-amzn-requestid: 53406cae-6d5f-4700-ac5a-c26bb7762252
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZPtTgEsHoAMF53w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633628e3-5a23515e02caea594e05e6a9;Sampled=0
x-amzn-remapped-date: Thu, 29 Sep 2022 23:23:15 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: sZ9hZoWRNQHI7VbLr5ygsJeXKr0OsnbSSas1v0O_vXKSEUK6canMKA==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 30 Sep 2022 16:23:58 GMT
age: 50439
etag: "feafba2465f9b352eef2a2dc57e7c52446ff2cc0"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   11252
Md5:    6d5dcd5bfb41659d9b347d19af17853b
Sha1:   feafba2465f9b352eef2a2dc57e7c52446ff2cc0
Sha256: 10904009b4b7b80c6931ea54981bc5ee51b5b71b5407da20e2d22962d9fab32e
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F180dee10-1cde-4fbe-8a74-62b7b3bdb1e2.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6315
x-amzn-requestid: f0791b53-3c5f-4d94-954d-992a529ebb60
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZPnunF35oAMFYbg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63361ff6-2adb303349153ced73ccecf6;Sampled=0
x-amzn-remapped-date: Thu, 29 Sep 2022 22:45:10 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: RGS_T9Cwl5Vjs_bxngHRomiYppE5fLe0SnH19VEfc5-PCT5tb5ku1A==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Oct 2022 04:40:52 GMT
age: 6225
etag: "58ff0bf8ce7528b303d28bab01a80ad721705569"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6315
Md5:    206fb65e75dbadf119512f71e0b78402
Sha1:   58ff0bf8ce7528b303d28bab01a80ad721705569
Sha256: 56c8d5f3b3060ee54bf81995269b86c070855d8c33bf437161339a45b309703f
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 01 Oct 2022 06:24:37 GMT
Content-Length: 472
Connection: keep-alive
Last-Modified: Fri, 30 Sep 2022 20:27:05 GMT
Expires: Fri, 07 Oct 2022 20:27:04 GMT
Etag: "66a44df59eb23973333a649b383b6bb9362ca71a"
Cache-Control: max-age=568346,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75331dc9ee72b509-OSL

                                        
                                            GET /js/jads.js HTTP/1.1 
Host: poweredby.jads.co
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rule34video.party/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         185.94.236.247
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
                                        
Server: nginx
Date: Sat, 01 Oct 2022 06:24:37 GMT
Content-Length: 178
Connection: keep-alive
Location: jads2.js


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   178
Md5:    cd2e0e43980a00fb6a2742d3afd803b8
Sha1:   81ffbd1712afe8cdf138b570c0fc9934742c33c1
Sha256: bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
                                        
                                            GET /js/jads2.js HTTP/1.1 
Host: poweredby.jads.co
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rule34video.party/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         185.94.236.247
HTTP/1.1 200 OK
Content-Type: application/x-javascript
                                        
Server: nginx
Date: Sat, 01 Oct 2022 06:24:37 GMT
Last-Modified: Mon, 11 Jul 2022 00:36:11 GMT
Transfer-Encoding: chunked
Connection: close
ETag: W/"62cb707b-eae"
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (3758), with no line terminators
Size:   1719
Md5:    558e1b61fc513016183a3812938e79fb
Sha1:   5f72ea61a2aad8f7a0956321d3fd8524db70eddf
Sha256: a79f8c0aabfc2d1d45e4df2a86ca9172d292b08987f7a9d5c10bd10abf3aef54
                                        
                                            POST /g/collect?v=2&tid=G-HX6FLJFDC3&gtm=2oe9s0&_p=2034754981&cid=64218289.1664605475&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1664605474&sct=1&seg=0&dl=https%3A%2F%2Frule34video.party%2Fvideos%2F3066961%2Flara-s-balls-of-steel%2F&dt=Lara%27s%20balls%20of%20steel&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1 HTTP/1.1 
Host: region1.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://rule34video.party
Connection: keep-alive
Referer: https://rule34video.party/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

                                         
                                         216.239.32.36
HTTP/2 204 No Content
content-type: text/plain
                                        
access-control-allow-origin: https://rule34video.party
date: Sat, 01 Oct 2022 06:24:38 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

                                        
                                            GET /adshow.php?adzone=769858 HTTP/1.1 
Host: poweredby.jads.co
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rule34video.party/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         185.94.236.247
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Sat, 01 Oct 2022 06:24:38 GMT
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=150e94e22f18ea82a20c5fad091ad5df; expires=Sun, 01-Oct-2023 06:24:37 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co juicy_data_1=YTowOnt9; expires=Tue, 04-Oct-2022 06:24:37 GMT; Max-Age=259199; path=/; SameSite=None; Secure; domain=jads.co juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Tue, 04-Oct-2022 06:24:37 GMT; Max-Age=259199; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (367), with CRLF, LF line terminators
Size:   1623
Md5:    a204ec934c2a817e7e22899868b9684e
Sha1:   2876c64bfa17e39ebde9d047208b6599ad9b687c
Sha256: 456f8cc8f6d87f4476e040e5f16128e9557f0f7f9c7d4560b23c9e5630592490
                                        
                                            GET /ads/user78455/ad1615644-1635949434.gif HTTP/1.1 
Host: i.jads.co
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://poweredby.jads.co/
Cookie: surferid=150e94e22f18ea82a20c5fad091ad5df; juicy_data_1=YTowOnt9; juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site

                                         
                                         69.16.175.42
HTTP/2 200 OK
content-type: image/gif
                                        
date: Sat, 01 Oct 2022 06:24:38 GMT
etag: "1635949434"
cache-control: max-age=2880027
content-length: 103539
last-modified: Wed, 03 Nov 2021 14:23:54 GMT
accept-ranges: bytes
x-hw: 1664605478.dop206.sk1.t,1664605478.cds252.sk1.hn,1664605478.cds010.sk1.c
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 728 x 90\012- data
Size:   103539
Md5:    93e94151198cd13d6a5ac3cfd8fa5118
Sha1:   23f5676bc1ec52f6e27a910b9bd7a5b2bc1434be
Sha256: 7f0761d8e270ce29cbc68bb21e64b006d6c0c21c30d1e8ecf680ec28bf40045e
                                        
                                            GET /adshow.php?adzone=782643 HTTP/1.1 
Host: poweredby.jads.co
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rule34video.party/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         185.94.236.247
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Sat, 01 Oct 2022 06:24:38 GMT
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=150e94e22f18ea82a20c5fad091ad5df; expires=Sun, 01-Oct-2023 06:24:37 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co juicy_data_1=YTowOnt9; expires=Tue, 04-Oct-2022 06:24:37 GMT; Max-Age=259199; path=/; SameSite=None; Secure; domain=jads.co juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Tue, 04-Oct-2022 06:24:37 GMT; Max-Age=259199; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (370), with CRLF, LF line terminators
Size:   1624
Md5:    b547e3c68ad76880f9a089e51d48d8e9
Sha1:   628571d7b8d29dceac4ddd57fbb0f7387e036caf
Sha256: 1403109f87edd987bcbcb01facbbe8e66d5adce891a79f4c8fbeea8f3b7346ef
                                        
                                            GET /ads/user159980/ad1634501-1660790910.gif HTTP/1.1 
Host: i.jads.co
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://poweredby.jads.co/
Cookie: surferid=150e94e22f18ea82a20c5fad091ad5df; juicy_data_1=YTowOnt9; juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers

                                         
                                         69.16.175.42
HTTP/2 200 OK
content-type: image/gif
                                        
date: Sat, 01 Oct 2022 06:24:38 GMT
etag: "1660790910"
cache-control: max-age=27721530
content-length: 284876
last-modified: Thu, 18 Aug 2022 02:48:30 GMT
accept-ranges: bytes
x-hw: 1664605478.dop206.sk1.t,1664605478.cds252.sk1.hn,1664605478.cds208.sk1.c
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 300 x 250\012- data
Size:   284876
Md5:    fa4ec9058934503bd33cef15c9aaa3ef
Sha1:   0165bb48b65c0870e5bb6874b3c869cdb66774a4
Sha256: e905544fceb6a12204cebb50051fd91df8814ccf57f1a2f55f62e04478a47d2b
                                        
                                            GET /adshow.php?adzone=782641 HTTP/1.1 
Host: poweredby.jads.co
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rule34video.party/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         185.94.236.247
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Sat, 01 Oct 2022 06:24:39 GMT
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=150e94e22f18ea82a20c5fad091ad5df; expires=Sun, 01-Oct-2023 06:24:37 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co juicy_data_1=YTowOnt9; expires=Tue, 04-Oct-2022 06:24:37 GMT; Max-Age=259199; path=/; SameSite=None; Secure; domain=jads.co juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Tue, 04-Oct-2022 06:24:37 GMT; Max-Age=259199; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip


--- Additional Info ---
Magic:  data
Size:   61705
Md5:    c56c17bd840ba21dde05bd9a230dbe7f
Sha1:   8c2587395d5bc3c47f51493ff5aae0307e6ada9e
Sha256: cc28b80ff3e407b6fdc4fe96630daa5dcbbf364b116688e3a891e89fcf61cfbd
                                        
                                            GET /1x1.gif HTTP/1.1 
Host: i.jads.co
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://poweredby.jads.co/
Cookie: surferid=150e94e22f18ea82a20c5fad091ad5df; juicy_data_1=YTowOnt9; juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers

                                         
                                         69.16.175.42
HTTP/2 200 OK
content-type: image/gif
                                        
date: Sat, 01 Oct 2022 06:24:39 GMT
etag: "1457030838"
cache-control: max-age=22619787
content-length: 43
last-modified: Thu, 03 Mar 2016 18:47:18 GMT
accept-ranges: bytes
x-hw: 1664605479.dop206.sk1.t,1664605479.cds252.sk1.hn,1664605479.cds217.sk1.c
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    9bb191c6827273aa978cab39a3587950
Sha1:   25d8043336eb799e52b1a0e15ff6b95e09c24e35
Sha256: 24e480e4659fbae818853a38f8a3036f529f539024dc3e772c0b594ce02ea9db
                                        
                                            GET /adshow.php?adzone=850538 HTTP/1.1 
Host: poweredby.jads.co
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rule34video.party/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         185.94.236.247
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Sat, 01 Oct 2022 06:24:39 GMT
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=150e94e22f18ea82a20c5fad091ad5df; expires=Sun, 01-Oct-2023 06:24:37 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co juicy_data_1=YTowOnt9; expires=Tue, 04-Oct-2022 06:24:37 GMT; Max-Age=259199; path=/; SameSite=None; Secure; domain=jads.co juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Tue, 04-Oct-2022 06:24:37 GMT; Max-Age=259199; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (1617), with CRLF, LF line terminators
Size:   1793
Md5:    765583f5fbd452199452725c7bbc905c
Sha1:   4bb5f1defe068167ff841032a98f104e01a39880
Sha256: fbaeb1802412af66465c3fc2aec553aba24d69946f22fd5eba1d026ff13ab5eb
                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 346
ETag: "C8E7B09B2710FE17D6520123BA2890F978F9AF76B7875F220346563AEE13111A"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6128
Expires: Sat, 01 Oct 2022 08:06:47 GMT
Date: Sat, 01 Oct 2022 06:24:39 GMT
Connection: keep-alive

                                        
                                            GET /adsbygoogle.js HTTP/1.1 
Host: video.ktkjmp.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.xlrdr.com/
Origin: https://creative.xlrdr.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         172.64.145.216
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Sat, 01 Oct 2022 06:24:39 GMT
content-length: 16
x-amz-id-2: JkCGjUrgnBgB5Ldx8o/A8ASqNLV5nPIAdv57lupABlhL2wyLLTncvB9KXBxRs01tDEzM0AFmFH4=
x-amz-request-id: 3YWDZBTT5KXYP4SY
last-modified: Thu, 10 Mar 2022 13:52:07 GMT
etag: "3d7f7a60216d40dea48e495fef6903c9"
x-amz-meta-s3cmd-attrs: atime:1646920284/ctime:1646920283/gid:20/gname:staff/md5:3d7f7a60216d40dea48e495fef6903c9/mode:33188/mtime:1646920283/uid:501/uname:mikhailchubar
x-amz-version-id: eIgLIBoMMcsEXtxOH6UDjWyfAquRpkIG
access-control-allow-origin: https://creative.xlrdr.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: HIT
age: 6913
expires: Sat, 01 Oct 2022 10:24:39 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 75331dd5bd13b51d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   16
Md5:    3d7f7a60216d40dea48e495fef6903c9
Sha1:   fecdb5184f55cf012563d78940eb97b10b9cc99b
Sha256: 96d83ac9f20fc0b88404f307f135e212642e02d6ea295c96b28aed0d771a224f
                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 346
ETag: "C8E7B09B2710FE17D6520123BA2890F978F9AF76B7875F220346563AEE13111A"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6128
Expires: Sat, 01 Oct 2022 08:06:47 GMT
Date: Sat, 01 Oct 2022 06:24:39 GMT
Connection: keep-alive

                                        
                                            GET /widgets/wrapper/index.ecdabea99929a39ae18f.js HTTP/1.1 
Host: creative.xlrdr.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xlrdr.com/widgets/wrapper?path=%2Fsignup%2Fuser&campaignId=22ru07le033400vi&userId=5e965a6943288af1e523bb0edf97d0df754e8e5ba421c8e11f44edbe77379f52&bb=b19e03f8.gif
Cookie: __cflb=0H28uukSkGJRy5UBr2St4i2aEH3UZ9YZooCVRiBvUMi
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.18.42.40
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Sat, 01 Oct 2022 06:24:39 GMT
last-modified: Mon, 26 Sep 2022 07:37:43 GMT
etag: W/"633156c7-28bd5"
expires: Sat, 01 Oct 2022 06:24:48 GMT
cache-control: max-age=10
pragma: public
cf-cache-status: HIT
vary: Accept-Encoding
server: cloudflare
cf-ray: 75331dd51a74b4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (38223), with LF, NEL line terminators
Size:   52108
Md5:    d4f4f317ccb7bd19e645f8b35d9d52f2
Sha1:   33ca261f6f3cde6067ec4344fd2e2b8ce50c36f4
Sha256: bedbfae75f3f5baa348923b211877c03fb4632ae05d0badf59be0a3a3005d2e8
                                        
                                            GET /png/8/b/8be6d9f70a10884ce51d2b74e4bbeae5.png HTTP/1.1 
Host: cdn.banhq.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.banhq.com/html/a/8/a86325d2020a6e1860b4a5c0d8557d85.html?clickdata=https%3A%2F%2Fflixdot.com%2Ftrack%2Fclick%2F37%2F25576%2F45979%2F288891%2F2600%3Faff%3D271091
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         13.224.103.96
HTTP/2 200 OK
content-type: image/png
                                        
content-length: 5751
date: Sun, 11 Sep 2022 08:09:15 GMT
last-modified: Tue, 20 Nov 2018 17:30:47 GMT
etag: "8be6d9f70a10884ce51d2b74e4bbeae5"
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 a70d280cd058ea89c08954ea0ad67198.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: g3ouSjJu3AR2mhIYm2J8XdYZREC7hgtVB6nGY-XchBjd24YWiEEZHQ==
age: 1721725
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced\012- data
Size:   5751
Md5:    8be6d9f70a10884ce51d2b74e4bbeae5
Sha1:   00efb8662dc8412fa0c82a697d3b9c8e5088171e
Sha256: 401ea963e88731bded01efc1c88b69fa96404b8f08b1f2c0b6943474be6cebd7
                                        
                                            GET /adshow.php?adzone=859494 HTTP/1.1 
Host: poweredby.jads.co
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rule34video.party/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         185.94.236.247
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Sat, 01 Oct 2022 06:24:39 GMT
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=150e94e22f18ea82a20c5fad091ad5df; expires=Sun, 01-Oct-2023 06:24:37 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co juicy_data_1=YTowOnt9; expires=Tue, 04-Oct-2022 06:24:37 GMT; Max-Age=259199; path=/; SameSite=None; Secure; domain=jads.co juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Tue, 04-Oct-2022 06:24:37 GMT; Max-Age=259199; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (1617), with CRLF, LF line terminators
Size:   1853
Md5:    8547e1ac044b44b98296805d61d24269
Sha1:   63baa7c6bfdf30f1fe298388048ab77227eff852
Sha256: 1934990d4da393da242f3befcd1c7777777c20ce3ca4d3165a4df364559ca1d0
                                        
                                            GET /ads/user57648/ad1712824-1588340503.gif HTTP/1.1 
Host: ads.juicyads.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://poweredby.jads.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         151.139.128.11
HTTP/2 200 OK
content-type: image/gif
                                        
date: Sat, 01 Oct 2022 06:24:39 GMT
cache-control: max-age=52329
content-length: 219628
last-modified: Fri, 01 May 2020 13:41:43 GMT
accept-ranges: bytes
server: nginx
etag: "5eac2717-359ec"
x-hw: 1664605479.cds204.sk1.hn,1664605479.cds069.sk1.c
access-control-allow-origin: *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 300 x 250\012- data
Size:   219628
Md5:    6ded32a25ab5b019510b8ffe36939057
Sha1:   163078facdf581540141b3b4ba74e40fba992cf9
Sha256: 132736c9bfc2dc1be5aff4baff73fbe938ce4244da309d70db773524fe1e9afc
                                        
                                            GET /riw/clara_chan.jpg?1664605470 HTTP/1.1 
Host: roomimg.stream.highwebmedia.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         104.19.241.83
HTTP/2 200 OK
content-type: image/jpeg
                                        
date: Sat, 01 Oct 2022 06:24:40 GMT
content-length: 10399
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: public, max-age=30
cf-bgj: imgq:100,h2pri
cf-polished: status=not_needed
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 17
last-modified: Sat, 01 Oct 2022 06:24:23 GMT
expires: Sat, 01 Oct 2022 06:25:10 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ki8cBLOfY8RshR1l4Cbl%2Bp%2Fs3aizhr2l3czDRZMTOoFpHlfBsanT4Wzg1IcHwpn%2FCGA4JZgxjQVI3MdwjKTJ%2FSw8O5fzIdhauxKE48ENAqEjx6pXPe67VOrhGKB%2Bzq%2Fz2q%2FM7KXuJsOK5zPywl6s%2FXY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=Y_rlwOu_xz9Dn4x_A88BJuG2XhXC3lchJOTVu.Z7axs-1664605480267-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 75331ddb99dcb523-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.02, aspect ratio, density 548x549, segment length 16, comment: "Lavc58.91.100", baseline, precision 8, 480x270, components 3\012- data
Size:   10399
Md5:    3b91c7ecc115f9e30ea384e8ab997aac
Sha1:   c200485891ba164e45f7223a57e1e067c5324aff
Sha256: 96e87d2ee2be24512975ef761ce2858200d4ded7b8576f28c0f4b12c681dee80
                                        
                                            GET /riw/kaileeshy.jpg?1664605470 HTTP/1.1 
Host: roomimg.stream.highwebmedia.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         104.19.241.83
HTTP/2 200 OK
content-type: image/jpeg
                                        
date: Sat, 01 Oct 2022 06:24:40 GMT
content-length: 16191
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: public, max-age=30
cf-bgj: imgq:100,h2pri
cf-polished: origSize=16224
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 20
last-modified: Sat, 01 Oct 2022 06:24:20 GMT
expires: Sat, 01 Oct 2022 06:25:10 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yyVGu7BRYCejATK%2B9fZOObN8yn9q0Nwkx2N0b1oYoQ4UtIkna4wpxgjDbYelGWhV2nqjlqlkjdAAlhd0%2B1KVi27p%2B05%2BlQyWPSJlow%2BD9eYhQyVYsmvr9TZm7SiMDuDgVijkvNSoNZdynhocSX9Ew5Y%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=ikTpzA8uXc39q1R_zwjmmZyuRcanYncy6ii8wMLLAOg-1664605480270-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 75331ddb99dfb523-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.02, aspect ratio, density 548x549, segment length 16, progressive, precision 8, 480x270, components 3\012- data
Size:   16191
Md5:    2b5b6b809cb91f9c8cc69420c40b41a1
Sha1:   af06e226f202e8c9e030d387f74a3ef4e57dc37e
Sha256: fe2a1b6194a7a97e262dd199e71b0ad333c414a85c2b8202d190c5c44f52e2e8
                                        
                                            GET /CACHE/css/output.5c1e955e3832.css HTTP/1.1 
Host: static-assets.highwebmedia.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         104.16.93.42
HTTP/2 200 OK
content-type: text/css
                                        
date: Sat, 01 Oct 2022 06:24:40 GMT
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=63849
etag: W/"03c072147fa475d9bd57bcc9b73d3260"
last-modified: Thu, 22 Sep 2022 16:22:00 GMT
x-amz-id-2: src6WemkBrmxeGDZVP+4ipre01PPVsPb7jxfzfVQ0ssDy7l2IzQ439zT3Wf7YWS5u4ixFo+mPb4=
x-amz-meta-s3cmd-attrs: md5:03c072147fa475d9bd57bcc9b73d3260
x-amz-request-id: 12Q62S61BDK4RBY8
cf-cache-status: HIT
age: 741580
expires: Mon, 31 Oct 2022 06:24:40 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hcO4sm2jpq5HdcETo%2FhB30hZV%2BSM0mMg0HVVcPqAuZeb5saG1V8yWMZp3E%2FTSmnGn8abLEvk6dpo%2BrtLZKqtuH%2BJf8I2IfnB2giEokDR1kG2Fo271SMgSnNyjVmYfiGnxCvzXGrD6mMs7Sddi7wGbQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=QeTFD9GYypi8O8ItK9h0aImNLL_y7isLguLkIJs8u.E-1664605480259-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 75331ddb8c83fab8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (4097)
Size:   80327
Md5:    16a45154c27811ebcd194e2a2c5a3f26
Sha1:   de27563b626d8c9e1082db5b3de2233cfbde7c2f
Sha256: 70624d71ff7fb02dc651accc62eed407b9fd73e3a4c0c87c27f2eba03f812b57
                                        
                                            GET /analytics.js HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.174
HTTP/2 200 OK
content-type: text/javascript
                                        
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 19826
date: Sat, 01 Oct 2022 04:41:09 GMT
expires: Sat, 01 Oct 2022 06:41:09 GMT
cache-control: public, max-age=7200
age: 6211
last-modified: Sun, 11 Sep 2022 13:50:09 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1325)
Size:   19826
Md5:    cae538dcce82598fbe43c0bf443e62dd
Sha1:   cc68ac6be9c5e0087a0000e5735b83270ace30f5
Sha256: 954b9e9d9744e1319c51760780a35de2dec353afffac705c2cca6d836a5e056d
                                        
                                            GET /nr-spa-1216.min.js HTTP/1.1 
Host: js-agent.newrelic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         151.101.86.137
HTTP/2 200 OK
content-type: application/javascript
                                        
x-amz-id-2: TAwVDFAylU9PwNPPW/eXC4UyIMC8EQ1d6JNW9Q+uXGnPmL1fuimq9M3lAe733gCMeKNDiCQX1YM=
x-amz-request-id: SYTECJR5CMD8NJ8E
last-modified: Thu, 14 Apr 2022 16:45:57 GMT
etag: "63e2df852d15ab21d7ff8fc4363222e8"
x-amz-version-id: UU.F5jvoumAjQChriwTQHbisCFw_OInU
server: AmazonS3
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Sat, 01 Oct 2022 06:24:40 GMT
via: 1.1 varnish
x-served-by: cache-bma1624-BMA
x-cache: HIT
x-cache-hits: 1717
x-timer: S1664605480.452414,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 18216
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (32010)
Size:   18216
Md5:    6561a2403142205f966207d61576f1a6
Sha1:   1310e72f494e12ab63a4280fc1600a2c89dc9bb8
Sha256: 0e496fcab0b9120938373e271fa6631b7da17adf33f8a490637467c170a3e37a
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4559
Cache-Control: 'max-age=158059'
Date: Sat, 01 Oct 2022 06:24:40 GMT
Last-Modified: Sat, 01 Oct 2022 05:08:41 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=824&ck=1&ref=https://chaturbate.com/tours/3/&ap=30&be=568&fe=737&dc=650&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1664605476214,%22n%22:0,%22r%22:1,%22re%22:360,%22f%22:360,%22dn%22:360,%22dne%22:360,%22c%22:360,%22s%22:360,%22ce%22:360,%22rq%22:362,%22rp%22:552,%22rpe%22:554,%22dl%22:557,%22di%22:645,%22ds%22:649,%22de%22:654,%22dc%22:736,%22l%22:737,%22le%22:738%7D,%22navigation%22:%7B%22rc%22:2%7D%7D&at=H0ETGw9CExRCXBM9CgBBXAkZG0QSVEsPAw4BQVwbamZQD15XPj1BSEEVUFJXRBFuXQAWBkZZVhUXenc%2BY1gYQFlGVFMKBghVBVAIBAZWBlcADhh4Yy8TFUMhJTshCU0XAwlWHRsiJDwmDBJ8TU1DABMDQwQCCBADFVNYXRJUG01AEQECCmZcSRNbEwBQTFpUTVILGwgEVRMVQwMNCw05X1lYVhITA0NAT0YBA0pBZlYUVEoSPQoUQVwbDAgfWAEXVVBNVVZSGxkbUwRCTT4FFgEQFWZSXF5DCxsvLUFIQQ9JalpeFF9NExtBXkEodhcVEwhBZgINFgoXFEBqWl4PV1AFBw0HBkQDFwwBQx0bCBI8CgYSTlpLWkMLGwMOChxNBVZYGx1DWEk%2BDREDAghQT1hFCF5XQ1hBJg8PQRVqXg1ETQgNDRdBShtcSW4IQklDWEEmDw9BFWpeDURNCA0NF0FKG1xJbgBCV0NYVlRQVg0ZG1gRblgSDDwLEQEbDxtzDVhBQTEMCBYSUFpXQkFwakNOQQ0TOVpaV18EUk0IDQ07Fx9JUBsLQ3JYAw4GSyc1dRcVEwhBZhQRBhY8EkBFXBNbE0sEEQoABghNXFhdQx0bEwcSEQYVTWpJUBVZG1tATBAME0tGFgJOExVDFQ87CwlKQRsLQ1JRABYWFgEHTVAXUg5cG01AEA0XA2ZcXRNbABVDEQoQBjldWlRQCF8bW0AADAISTEdbUBVUFwINDkZPREtQSEQEQk0%2BCgwXF0QDF1pZAEVMEwACEAZIWlpUE00TWxMNFBcGFGZcXRNbEwhUAwcHUVEJGA9TAlMUVVtSXU5fCwIAHFAJCFNWBVUABV0HWxNNE0sEBAYWBhQbDxtZFUVJElhMSxMJTlBLVAVTQE8IAgAQSFpaFhNNE0sEExYBEBJmWFxFCV5dQ1hBIyYyGxkbQRhFUQ4MPBIGFEpcVl9DCxtSTFRGT0RMVGZVBEdQAgc8AgILUFlAE1sTdhUKBhZBShtAWG4FVE8IAQY7Fx9JUBsLQ1VcEgkXCxNEFRdMUD5eSj4EAgkKCkAXAxMtWFcUGkFIQRNYalZCPkdcExEKCw1EAxcbHUNEWD4AEQsUFVxHZlcAXFANG0FeQSBQR1xXDkkbTUAWBTwES1pOQgRDZhcHERcKCVcXAxNYBxdRQE9GFgdmRk1DCF9eQ1hBKQwcUFlVUE4EF1FCSzxSVwIVdVgPREFBGltSPFANDhlDFwsAV0xTTUMhXFZSXk4DCVBSU1VTVxlzUEMEV1YZTVpSTVYbGRtWCEVmAg0OCQoSGw8bUFdQCVRQAQVXUQ5RGx1DQVgTAw4XQVwbTmUTFV5MEz5BXkM6G00IYwVtG01CP0YAB1RFWFgGX2VDWEM4QS5pZw5jPRMVQT5BBz9EAxVlE1NtG01CP0YTOhsPGW1DAWVDTkM4QQxWXFduDkdcEw4CHT9EAxVlE1BtG01CP0YHD0pUW10EbkoOFw0AP0QDFWUTUW0bHEBPRgYKUFJQUw1UZhISDw0XOU1QSkUSEwNDQicXABBLdwgRJUJaFxAhVkMiSlZPQyMCGSURABIRJA0VGx1DVFUIBQoGDwNmRkldCEVmFQcQEBA5V0YbC0MRXQgRAAsVA0tMZkEAVlxBQE9GAgVNXE9UPkJJDQsXOxcDSkFKE1sTGSURABIRJAgVGx1DUFoVCxUBPBVJWVBFPkVcEhYQOw0VGw8bEQVYSgINFQERH2ZFWFYEERscHw%3D%3D&jsonp=NREUM.setToken HTTP/1.1 
Host: bam.nr-data.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         162.247.241.14
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Date: Sat, 01 Oct 2022 06:24:40 GMT
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 75331ddd5ceefac0-OSL
Access-Control-Allow-Origin: *
Set-Cookie: JSESSIONID=3d5a1aab8af5d67d; Path=/; Domain=.nr-data.net; Secure; SameSite=None
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
Server: cloudflare
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   72
Md5:    107d93e382e2c9b00fbf9fb0edc65d86
Sha1:   77e750e3ebf9706f4f6dd253785602d70be17c6c
Sha256: a1ee50b689ea433a0acdccbf4ee4629e9ea3f9c4bcdd21effb334359a2f9e937
                                        
                                            POST /events/1/6f524845d1?a=24279235&v=1216.487a282&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1046&ck=1&ref=https://chaturbate.com/tours/3/ HTTP/1.1 
Host: bam.nr-data.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
content-type: text/plain
Content-Length: 1917
Origin: https://chaturbate.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         162.247.241.14
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Date: Sat, 01 Oct 2022 06:24:40 GMT
Content-Length: 24
Connection: keep-alive
CF-Ray: 75331dde6d5efac0-OSL
Access-Control-Allow-Origin: https://chaturbate.com
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Vary: Accept-Encoding
Server: cloudflare


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   24
Md5:    bc32ed98d624acb4008f986349a20d26
Sha1:   2d3df8c11d2168ce2c27e0937421d11d85016361
Sha256: 0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
                                        
                                            GET /config?url=https%3A%2F%2Fcreative.xlrdr.com%2Fwidgets%2Fwrapper%3Fpath%3D%252Fsignup%252Fuser%26campaignId%3D22ru07le033400vi%26userId%3D5e965a6943288af1e523bb0edf97d0df754e8e5ba421c8e11f44edbe77379f52%26bb%3Db19e03f8.gif HTTP/1.1 
Host: go.xlrdr.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.xlrdr.com/
Origin: https://creative.xlrdr.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site

                                         
                                         104.18.42.40
HTTP/2 200 OK
content-type: application/json
                                        
date: Sat, 01 Oct 2022 06:24:39 GMT
access-control-allow-origin: *
last-modified: Sat, 01 Oct 2022 06:13:43 GMT
cf-cache-status: HIT
age: 16
vary: Accept-Encoding
server: cloudflare
cf-ray: 75331dd5cb9d0afa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /CACHE/js/output.6f6724a00cb8.js HTTP/1.1 
Host: static-assets.highwebmedia.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         104.16.93.42
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Sat, 01 Oct 2022 06:24:40 GMT
cache-control: public, max-age=2592000
cf-bgj: minify
etag: W/"a708027bfbbde438a72a93082d4bc4b5"
last-modified: Thu, 24 Jun 2021 21:24:05 GMT
x-amz-id-2: JSy2VAlm3gAahvlCm5/iqNOQuasckcIrq13CGup8iDmNjJ/I2mSXsAw6q4OzSeK3RH88h3oFZ3U=
x-amz-meta-s3cmd-attrs: md5:a708027bfbbde438a72a93082d4bc4b5
x-amz-request-id: 2D5V5B3Y2TWH6PZC
cf-cache-status: HIT
age: 1155439
expires: Mon, 31 Oct 2022 06:24:40 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EnGiiaJbNgqvp0vqHPe1RDGHXpKJ5euJIl8vO4NcxulDKrgqkk8CiYZedPXqcUibxc6tBfBHe2qNlMr%2FNZaNJ1C7NX%2FfNjB8tK1kSw5hpCBfPMhQyWvHsQQvedLb2HDsGEfSZpU45i0ecPiPmA%2FO%2BA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=OETzH3n3YNTK7xf.KxCUk7z_oZauCm8fkZeqjPPq1qc-1664605480264-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 75331ddb9c86fab8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /widgets/wrapper?path=%2Fsignup%2Fuser&campaignId=22ru07le033400vi&userId=5e965a6943288af1e523bb0edf97d0df754e8e5ba421c8e11f44edbe77379f52&bb=b19e03f8.gif HTTP/1.1 
Host: creative.xlrdr.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://poweredby.jads.co/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         104.18.42.40
HTTP/2 200 OK
content-type: text/html
                                        
date: Sat, 01 Oct 2022 06:24:39 GMT
last-modified: Mon, 26 Sep 2022 07:27:58 GMT
expires: Sat, 01 Oct 2022 06:24:40 GMT
cache-control: max-age=10
strict-transport-security: max-age=15768000
pragma: public
report-to: { "endpoints":[{ "url": "https://go.stripchat.com/report" }], "group": "default", "max_age": 1048576 }
cf-cache-status: HIT
set-cookie: __cflb=0H28uukSkGJRy5UBr2St4i2aEH3UZ9YZooCVRiBvUMi; SameSite=None; Secure; path=/; expires=Sun, 02-Oct-22 05:24:39 GMT; HttpOnly
vary: Accept-Encoding
server: cloudflare
cf-ray: 75331dd4da38b4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /affiliates/in/?track=laro4rul3viode&tour=x1Rd&campaign=HPR7R&c=2&p=0&join_overlay=1 HTTP/1.1 
Host: chaturbate.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://poweredby.jads.co/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         104.18.101.40
HTTP/2 301 Moved Permanently
content-type: text/html; charset=utf-8
                                        
date: Sat, 01 Oct 2022 06:24:39 GMT
location: /in/?track=laro4rul3viode&tour=x1Rd&campaign=HPR7R&c=2&p=0&join_overlay=1
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
vary: Accept-Language, Cookie
content-language: en
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://ajax.googleapis.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.google.com/cv/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/cv/ https://www.gstatic.com/eureka/ https://www.gstatic.com/cast/ https://*.nr-data.net https://certify-js.alexametrics.com https://player.vimeo.com/api/player.js http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com ; style-src 'self' data: 'unsafe-inline' https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.googleapis.com ; img-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://*.stream.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://cdnjs.cloudflare.com https://www.gstatic.com https://*.nr-data.net https://certify.alexametrics.com https://stats.g.doubleclick.net https://cbgames.s3.amazonaws.com https://player.vimeo.com https://script.hotjar.com http://script.hotjar.com ; font-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com ; connect-src 'self' blob: blob https://*.mmcdn.com wss://*.mmcdn.com wss://*.mmcdn.com:8443 https://*.highwebmedia.com wss://*.highwebmedia.com wss://*.highwebmedia.com:8443 https://*.nr-data.net https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://cbvideoupload.s3-accelerate.amazonaws.com https://stats.g.doubleclick.net https://internet-up.ably-realtime.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://tls-use1.fpapi.io http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com ; media-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com mediasource: blob: data: https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com; object-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://download.macromedia.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ; frame-src 'self' https://*.mmcdn.com https://*.chaturbate.com https://chaturbate.com https://*.highwebmedia.com https://adserver.exoticads.com https://www.google.com/recaptcha/ https://*.wnu.com https://wnu.com https://checkout.2000charge.com https://www.sofort.com https://*.girogate.de https://player.vimeo.com https://vars.hotjar.com ; child-src 'self' blob: blob ; worker-src 'self' blob: blob ; form-action 'self' https://*.chaturbate.com https://chaturbate.com https://*.stream.highwebmedia.com https://www.coinpayments.net https://*.wnu.com https://wnu.com https://devportal.cb.dev https://*.web.amer-1.jumio.ai https://smartpay.coinsmart.com ; manifest-src 'self' https://*.mmcdn.com https://*.highwebmedia.com ; report-uri https://report-uri.mmcdn.com/r/t/csp/enforce;
report-to: {"group":"default","max_age":2592000,"endpoints":[{"url":"https://report-uri.mmcdn.com/a/t/g"}],"include_subdomains":true}
nel: {"report_to":"default","max_age":2592000,"include_subdomains":true}
x-frame-options: DENY
cache-control: no-cache
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=https://report-uri.highwebmedia.com/r/t/xss/enforce
referrer-policy: strict-origin-when-cross-origin
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
set-cookie: stcki="pOtSwZ=0\054FqPd9a=0\0546pduSG=1\054aDBbcK=0"; expires=Mon, 31-Oct-2022 06:24:39 GMT; Max-Age=2592000; Path=/ affkey="eJyrVipSslJQyigpKSi20tcvyC9PLUpNSarUy0pMKdZLztdXqgUA0FML6A=="; Domain=.chaturbate.com; expires=Mon, 31-Oct-2022 06:24:39 GMT; Max-Age=2592000; Path=/ sbr=sec:sbrd477d7b4-7db8-44b7-8490-f0b30738edf7:1oeVvT:lfEIHW3f4FGcEfg8egJW4hIt42Q; Domain=.chaturbate.com; expires=Thu, 26-Jun-2025 06:24:39 GMT; HttpOnly; Max-Age=86313600; Path=/; Secure __cf_bm=RdLD5j5lTxBvX8WYAf9Qq8un7E0GPm7p8yURlsXKidM-1664605479-0-AZdigQ98qX4mX654dtGsS7JtdzNuAVicGxo+dUIwjNV3gex8KYi2VhbqAPedaCOAyVcH+4UezRHrNxXml9jqOuc=; path=/; expires=Sat, 01-Oct-22 06:54:39 GMT; domain=.chaturbate.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 75331dd7e921b529-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /zone/25576/?aff=271091 HTTP/1.1 
Host: flixdot.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://poweredby.jads.co/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         172.64.196.19
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
date: Sat, 01 Oct 2022 06:24:39 GMT
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-origin: *
access-control-expose-headers: Cache-Control,Content-Language,Content-Type,Expires,Last-Modified,Pragma
cache-control: no-cache, private
vary: Origin, Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qPMzEWUzVyNWa2ke9xFd3Sm75rFbN0fpcGrjb%2F6gFfR9MLlx07VEidW5fkLu%2FkG0N3VWZH6rzVd5L3w8YkmmMqzBGpn4m0hA%2BSCg9vsWGDlEcDzB3LGNfLoHtEfYwg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75331dd4d87274f5-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---