r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash b7407cc102d62a5acd5e61f8a79bed36
c2f4890a62454e514962b55b7fc14228339c8e90
be282de92da261128a7c8471f3067466aa9930fd0ab2a2cdda8cd2d6ce2bbd74
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BE282DE92DA261128A7C8471F3067466AA9930FD0AB2A2CDDA8CD2D6CE2BBD74"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12929
Expires: Wed, 08 Feb 2023 06:56:14 GMT
Date: Wed, 08 Feb 2023 03:20:45 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 565c1bbc5c1c40be1988b3bf6fd9dc1a
cfdba5bc597130461dd67bf6cda53183be592493
60ceb36a8329c92fc49a3caf50daf511a38e01eac21a07d7a0a838166bea058d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "60CEB36A8329C92FC49A3CAF50DAF511A38E01EAC21A07D7A0A838166BEA058D"
Last-Modified: Mon, 06 Feb 2023 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16136
Expires: Wed, 08 Feb 2023 07:49:41 GMT
Date: Wed, 08 Feb 2023 03:20:45 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash a0ed7182dd859a4a439844e81832be64
2710c3f8b85ac1899392f04499f466ca4f5e8a0c
9b6f2279616ed47a0043f32f6805062dd3b0afaa776623e3fbab6058abd69318
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5243
Cache-Control: max-age=104467
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 03:20:45 GMT
Etag: "63e1f5a5-118"
Expires: Thu, 09 Feb 2023 08:21:52 GMT
Last-Modified: Tue, 07 Feb 2023 06:54:29 GMT
Server: ECS (amb/6B83)
X-Cache: HIT
Content-Length: 280
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Content-Type, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 08 Feb 2023 02:34:11 GMT
content-type: application/json
age: 2794
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash cc14b0d2f7c451f6431dc87ba54d1d60
bab8bfda6fa3e2f17125353f5147211787dc25d0
b58fe18a5cc8fe5aaf49ba7eadd0ef34692892e68e9c52eb5bb56ea27e1300ad
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B58FE18A5CC8FE5AAF49BA7EADD0EF34692892E68E9C52EB5BB56EA27E1300AD"
Last-Modified: Mon, 06 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4297
Expires: Wed, 08 Feb 2023 04:32:22 GMT
Date: Wed, 08 Feb 2023 03:20:45 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e76071a28ee566dababb3834f46d68ed
aebb4e68c1ba2de0f90025283e8ed8470944fde0
78b6df2627172e5b35476bc31020f02898cdc412aaf4337af2c3b049a60912b6
GET /chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 9AxGVvTiRZgQtT88PqPOBcxDT8UYbdiRWmVpRx5sdz977lwex0BHQ1tMs+jJXwbnt/vMRd3ghGQ=
x-amz-request-id: KKSZYC82EJMYEC3Y
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 08 Feb 2023 02:45:48 GMT
age: 2097
last-modified: Sun, 29 Jan 2023 18:44:47 GMT
etag: "e76071a28ee566dababb3834f46d68ed"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
rule34.xxx/index.php?page=post&s=view&id=6541038
104.26.1.234200 OK 7.8 kB URL HTTP/2 rule34.xxx/index.php?page=post&s=view&id=6541038
IP 104.26.1.234:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (1860)
Hash bffdf0a098c4fe7980d4f2eb3c2768c2
e6c8bf13948270d9c18f17acdba7ea6db110f3ef
6dd6ba16017a91d9b63b6ecace7b64240c780a14127d5207e5bd2c45b4984304
GET /index.php?page=post&s=view&id=6541038 HTTP/1.1
Host: rule34.xxx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Wed, 08 Feb 2023 03:20:45 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: store, cache
pragma: cache
strict-transport-security: max-age=3600
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Bv2mLQpjjT1XCPY9XFwh5w475EbTmqQx3P7gozTSMTHho206hzvAHluwz2HuWBXtPD%2FC5L4DRmZXeH1AlHhNXTYXnMdVY%2BC9i9Cuoh8IPrjc0bGiBelpC6tEiiM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79613b332942b4fd-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 03:20:45 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash d7a2174e9eb839cc9becafab77033aeb
dea29d6fd99e5cbc436ed03966985caba7ddde2c
1237c0a92e395ef5756811165b029958c8fc0a98a14ff019d8d67c952337b4b4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2037
Cache-Control: max-age=100550
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 03:20:45 GMT
Etag: "63e1f2de-116"
Expires: Thu, 09 Feb 2023 07:16:35 GMT
Last-Modified: Tue, 07 Feb 2023 06:42:38 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 278
syndication.realsrv.com/splash.php?idzone=4171012&cookieconsent=true&tags=null
95.211.229.245200 OK 2.6 kB URL HTTP/1.1 syndication.realsrv.com/splash.php?idzone=4171012&cookieconsent=true&tags=null
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
File type XML 1.0 document text\012- XML document, ASCII text, with very long lines (1522)
Hash 28426bd9c12243301e1b10d321d927f0
cb28de39ca58491d49c16b816268e5659e0746ad
85a6546a26bc05afb5161d115f5f16bed6233e4d1076978f0131e35f2f0fe393
GET /splash.php?idzone=4171012&cookieconsent=true&tags=null HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://rule34.xxx
Connection: keep-alive
Referer: https://rule34.xxx/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 03:20:45 GMT
Content-Type: text/xml;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263e3150dbae695.925939991388420783%22%3B%7D; expires=Fri, 07 Feb 2025 03:20:45 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-video%22%3A%22v3%7C%7CNOR%7C4171012%7C59504696%7C0%7C%7C110%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C%7C0%7Crule34.xxx%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Thu, 09 Feb 2023 03:20:45 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
Cache-Control: no-store
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: https://rule34.xxx
Access-Control-Allow-Credentials: true
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.realsrv.com/splash.php?native-settings=1&idzone=2899644&cookieconsent=true&&p=https%3A%2F%2Frule34.xxx%2Findex.php%3Fpage%3Dpost%26s%3Dview%26id%3D6541038
95.211.229.245200 OK 3.0 kB URL HTTP/1.1 syndication.realsrv.com/splash.php?native-settings=1&idzone=2899644&cookieconsent=true&&p=https%3A%2F%2Frule34.xxx%2Findex.php%3Fpage%3Dpost%26s%3Dview%26id%3D6541038
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (5852), with no line terminators
Hash e08965138450d6a58f73b5c0e16cdfb4
b8699a308968dba6832fb2688d1068215f3045eb
3d5ac980ee77e496ba7214b9dc3d60637d7f8b5a96b28fb8fbfa261cc8aa500c
GET /splash.php?native-settings=1&idzone=2899644&cookieconsent=true&&p=https%3A%2F%2Frule34.xxx%2Findex.php%3Fpage%3Dpost%26s%3Dview%26id%3D6541038 HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://rule34.xxx
Connection: keep-alive
Referer: https://rule34.xxx/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 03:20:45 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://rule34.xxx
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%2263e3150db54437.67507678321662306%22%3B%7D; expires=Fri, 07 Feb 2025 03:20:45 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
impressions=oslmrxbrnxgxamrrlbbcegeicxbmsbcenxgxamrbelsllgeimmccrbebnxgxamcbexxbmgeioslmrxbmnxgxamrroelrxgeicxbmsbocnxgxamrroelrxgeimmccrlaonxgxamrcremlrgeimmccrlacnxgxamcmlarclgeicxbmsboenxgxamrmlxslxgeioslmrxlrnxgxamslescrogeimmccrbxenxgxamrescroogeislsaroornxgxamccolacbgeioslmroemnxgxamrrobxcageioslmrxlsnxgxamraobrssgeicmmsxrbonxgxamsoeamlmgeimmccrlaenxgxamrsxxxmrgeimmccrbeanxgxamcssabxegeicaocmrmanxgxamolcrcergeimcclsxronxgxamsscrmclgeimcclsxmenxgxamrceerargeialbserebnxgxamccrrssogeimcclsxaonxgxamsxsxllxgeicxbmsbxcnxgxamrmrxesegeimrblxebenxgxamselmborgeimcclsxconxgxamrcraoxsgeirbabxabbnxgxamrescroogeimcclsxacnxgxamsscrmclgeicmmsxaeenxgxamcmrmsrmgeialbsereanxgxamsoeabscgeicaxsscmbnxgxamsosomemgeimcclosconxgxamrrlbbcegeimcclsoeonxgxamrcraoxsgeimcclsxlcnxgxamrrxsoaageimcclossbnxgxamcscxaesgeimcclsxscnxgxamsmoooeegeimcclsxlenxgxamcbrorxbgeimaecseaenxgxamrcremlrgeimaecsxcbnxgxamsmoooeegeimcclsxoanxgxamclrbcelgeimcclsxlbnxgxamcrbalrageimccloscanxgxamrrobxcageiclsmrbsonxgxamsmmrbmbgeiclsmarsenxgxamsmmrbmbgeiccmmllebnxgxamclarlmmgeimcclsxsbnxgxamrroelrxgeiclsmrbxonxgxamsbebceegeiclsmrbxcnxgxamsbebceegeiclsmarscnxgxamsbebceegeiccmmlmlcnxgxamsbebceegeiclsmarrenxgxamsbebceegeicaormbaonxgxamsbxxbsrgeicaormlrenxgxamcememscgeimcclsxlonxgxamcsmlmxcgeimrblelronxgxamsbremaegeimaecsxobnxgxamsbremaegeiclsmrbrcnxgxamsbroemmgeiclsmrraanxgxamclsslaegeiclsmrmxbnxgxamsbroemmgeimccloscenxgxamrcraoxsgeimcclsxxonxgxamslescrogeimrblelxbnxgxamslescrogeimcclsoeenxgxamclrbcelgeimrblelmonxgxamcxcrasxgeimrbleloenxgxamcxcrasxgeiclsmrrmanxgxamcxabcxbgeiclsmrbeonxgxamcxabcxbgeiclsmrrcenxgxamcxabcxbgeiclsmrmxanxgxamcxabcxbgeiclsmrbxenxgxamcxabcxbgeiclsmaroonxgxamcxabcxbgeialbserxenxgxamcosraregeimcclsxsenxgxamrcraoxsgeimcclsxlanxgxamcblrlbcgeiccmmlleanxgxamccrrssogeicaormlabnxgxamcrllsmageicaormlconxgxamcrllsmageiclsmarsonxgxamclsslaegeiclsmrmlbnxgxamclsslaegeiclsmrmocnxgxamclsslaegeiccmmllecnxgxamclsslaegeimcclsxcanxgxamrceerscgeimrblelcenxgxamclrbcelgeimaecsxrcnxgxamclrbcelgeialbserxonxgxamclarlmmgeimcclosscnxgxamrceerscgeimaecobronxgxamrescroogeimaecobeenxgxamrescroogeimcclosccnxgxamrmlxslxgeimaecoboonxgxamrescroogeimrblxelenxgxamrescroogeimaecsxccnxgxamrcremlrgeimlxbaxlonxgxamrcraoxsgeimlxbaxbanxgxamrmlxslxgeimlxbaxbonxgxamrbelsllgeimlxbaxlanxgxamrmaleclgeimlxbaxlcnxgxamraobrssgeimlxbaxbcnxgxamrrrsbaageimlxbaxlenxgxamrrlbbcegeimbclraronogxamrmcomragxcceimemlxmcbnxgxamrmcobrogxcceixbblrmlanxgxamrmcslrrgxcceimclsaoxbnsgxamrmcrebbgxcceixaoossalnxgxamrmcbxragxcceiraclralcnxgxamrmcbrcagxcceimaoobbebnxgxamrmcbbamgxcceixaoosscrnxgxamrmclcsmgxcceimeembecenxgxamrmclcsmgxcceimeembescnxgxamrmclcsmgxcceimxlbmosonxgxamrmrxesegxcceimcssmlrcnxgxamrmrxesegxcceimlxoblabnxgxamrmrxesegxcceialaroxrcnxgxamrmrxesmgxcceimmraexxanxgxamrmaeacegxcceimmraexoenxgxamrmaeacegxcceimeembesonxgxamrmaeacegxcceimloablcenxgxamrmaaeblgxcceimsacexoonxgxamrmaleclgxcceimxlbmxlcnsgxamrmaleclgxcceimxeoxsacnsgxamrmaleclgxcceimaxecolenogxamrmbsxcbgxcceimaooloranxgxamrmlcbregxcceimrxccoscnxgxamrmlcbregxcceimmlamcecnxgxamrbxsoblgxcceimaoolcoonxgxamrboxomrgxcceimbmmcllonxgxamrborslbgxcceimbmlsebbnxgxamrborslbgxcceimbroosxcnxgxamrboaccrgxcceimxlbmxlonxgxamrboaccrgxcceimboslabcnxgxamrboaccrgxcce; expires=Thu, 09 Feb 2023 03:20:45 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C2899644%7C78522314%7C100644%7C%7C110%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C348043c87b8c9041f32d0943d558def4%7C0%7Crule34.xxx%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Thu, 09 Feb 2023 03:20:45 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C2899644%7C71987192%7C100644%7C%7C110%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C348043c87b8c9041f32d0943d558def4%7C0%7Crule34.xxx%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Thu, 09 Feb 2023 03:20:45 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C2899644%7C78239684%7C0%7C%7C110%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C348043c87b8c9041f32d0943d558def4%7C0%7Crule34.xxx%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Thu, 09 Feb 2023 03:20:45 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.realsrv.com/v1/api.php
95.211.229.245200 OK 7.3 kB URL HTTP/1.1 syndication.realsrv.com/v1/api.php
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash 440d91c11fc5a8de24ca33618dabc74d
ea2c794c42a165c2cd7d6b3a87d7bd2d65883ada
da0f5c0cbf78d8d9fc15ce7cbcf2ee9ab243d37065004a7a2f2e5301f5ec78cf
POST /v1/api.php HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 384
Origin: https://rule34.xxx
Connection: keep-alive
Referer: https://rule34.xxx/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 03:20:45 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://rule34.xxx
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263e3150db60a02.983133122975154393%22%3B%7D; expires=Fri, 07-Feb-2025 03:20:45 GMT; Max-Age=63072000; path=/; domain=realsrv.com; secure; SameSite=None
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 190dd976f4818ae55bd94f26e00ec88f
341505cba528c559f529ea980027e1a41cd9de28
b435b0146a41fcb99f974c201f5f867752a4552aa2209e8201daa02bfd8abfaa
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5935
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 03:20:46 GMT
Last-Modified: Wed, 08 Feb 2023 01:41:51 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 279
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Content-Type, Expires, Pragma, Retry-After, Last-Modified, ETag, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 08 Feb 2023 03:14:52 GMT
age: 354
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA01OS2oDUQy7Si+Qwd9nO+t220JKDtB5k6xKFy2BKejwfTOBEmth2ciShUQPJAeKJ5Gj0NEcxVPRZDKxG17fTjDG9+3zojat6wouFRakpymYM52GIqiqjZHAzcXEESURpQ1GUNCAuJptbCJqxm2IMvFyPuH8/jy2xSVgCJRolWHLezxCYIPTupmoJZn2jDl7kfFVZaEyXdxzuVx34eO7dMck1e7m9I8D720UYWcfP79fHXiQmDWN2Jjvpww22xoiFrPuMfI9e599Kc8WqXO29M5/mRzMgFoBAAA=
95.211.229.245200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA01OS2oDUQy7Si+Qwd9nO+t220JKDtB5k6xKFy2BKejwfTOBEmth2ciShUQPJAeKJ5Gj0NEcxVPRZDKxG17fTjDG9+3zojat6wouFRakpymYM52GIqiqjZHAzcXEESURpQ1GUNCAuJptbCJqxm2IMvFyPuH8/jy2xSVgCJRolWHLezxCYIPTupmoJZn2jDl7kfFVZaEyXdxzuVx34eO7dMck1e7m9I8D720UYWcfP79fHXiQmDWN2Jjvpww22xoiFrPuMfI9e599Kc8WqXO29M5/mRzMgFoBAAA=
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAA01OS2oDUQy7Si+Qwd9nO+t220JKDtB5k6xKFy2BKejwfTOBEmth2ciShUQPJAeKJ5Gj0NEcxVPRZDKxG17fTjDG9+3zojat6wouFRakpymYM52GIqiqjZHAzcXEESURpQ1GUNCAuJptbCJqxm2IMvFyPuH8/jy2xSVgCJRolWHLezxCYIPTupmoJZn2jDl7kfFVZaEyXdxzuVx34eO7dMck1e7m9I8D720UYWcfP79fHXiQmDWN2Jjvpww22xoiFrPuMfI9e599Kc8WqXO29M5/mRzMgFoBAAA= HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://rule34.xxx
Connection: keep-alive
Referer: https://rule34.xxx/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263e3150db60a02.983133122975154393%22%3B%7D; c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C2899644%7C78239684%7C0%7C%7C110%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C348043c87b8c9041f32d0943d558def4%7C0%7Crule34.xxx%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; impressions=oslmrxbrnxgxamrrlbbcegeicxbmsbcenxgxamrbelsllgeimmccrbebnxgxamcbexxbmgeioslmrxbmnxgxamrroelrxgeicxbmsbocnxgxamrroelrxgeimmccrlaonxgxamrcremlrgeimmccrlacnxgxamcmlarclgeicxbmsboenxgxamrmlxslxgeioslmrxlrnxgxamslescrogeimmccrbxenxgxamrescroogeislsaroornxgxamccolacbgeioslmroemnxgxamrrobxcageioslmrxlsnxgxamraobrssgeicmmsxrbonxgxamsoeamlmgeimmccrlaenxgxamrsxxxmrgeimmccrbeanxgxamcssabxegeicaocmrmanxgxamolcrcergeimcclsxronxgxamsscrmclgeimcclsxmenxgxamrceerargeialbserebnxgxamccrrssogeimcclsxaonxgxamsxsxllxgeicxbmsbxcnxgxamrmrxesegeimrblxebenxgxamselmborgeimcclsxconxgxamrcraoxsgeirbabxabbnxgxamrescroogeimcclsxacnxgxamsscrmclgeicmmsxaeenxgxamcmrmsrmgeialbsereanxgxamsoeabscgeicaxsscmbnxgxamsosomemgeimcclosconxgxamrrlbbcegeimcclsoeonxgxamrcraoxsgeimcclsxlcnxgxamrrxsoaageimcclossbnxgxamcscxaesgeimcclsxscnxgxamsmoooeegeimcclsxlenxgxamcbrorxbgeimaecseaenxgxamrcremlrgeimaecsxcbnxgxamsmoooeegeimcclsxoanxgxamclrbcelgeimcclsxlbnxgxamcrbalrageimccloscanxgxamrrobxcageiclsmrbsonxgxamsmmrbmbgeiclsmarsenxgxamsmmrbmbgeiccmmllebnxgxamclarlmmgeimcclsxsbnxgxamrroelrxgeiclsmrbxonxgxamsbebceegeiclsmrbxcnxgxamsbebceegeiclsmarscnxgxamsbebceegeiccmmlmlcnxgxamsbebceegeiclsmarrenxgxamsbebceegeicaormbaonxgxamsbxxbsrgeicaormlrenxgxamcememscgeimcclsxlonxgxamcsmlmxcgeimrblelronxgxamsbremaegeimaecsxobnxgxamsbremaegeiclsmrbrcnxgxamsbroemmgeiclsmrraanxgxamclsslaegeiclsmrmxbnxgxamsbroemmgeimccloscenxgxamrcraoxsgeimcclsxxonxgxamslescrogeimrblelxbnxgxamslescrogeimcclsoeenxgxamclrbcelgeimrblelmonxgxamcxcrasxgeimrbleloenxgxamcxcrasxgeiclsmrrmanxgxamcxabcxbgeiclsmrbeonxgxamcxabcxbgeiclsmrrcenxgxamcxabcxbgeiclsmrmxanxgxamcxabcxbgeiclsmrbxenxgxamcxabcxbgeiclsmaroonxgxamcxabcxbgeialbserxenxgxamcosraregeimcclsxsenxgxamrcraoxsgeimcclsxlanxgxamcblrlbcgeiccmmlleanxgxamccrrssogeicaormlabnxgxamcrllsmageicaormlconxgxamcrllsmageiclsmarsonxgxamclsslaegeiclsmrmlbnxgxamclsslaegeiclsmrmocnxgxamclsslaegeiccmmllecnxgxamclsslaegeimcclsxcanxgxamrceerscgeimrblelcenxgxamclrbcelgeimaecsxrcnxgxamclrbcelgeialbserxonxgxamclarlmmgeimcclosscnxgxamrceerscgeimaecobronxgxamrescroogeimaecobeenxgxamrescroogeimcclosccnxgxamrmlxslxgeimaecoboonxgxamrescroogeimrblxelenxgxamrescroogeimaecsxccnxgxamrcremlrgeimlxbaxlonxgxamrcraoxsgeimlxbaxbanxgxamrmlxslxgeimlxbaxbonxgxamrbelsllgeimlxbaxlanxgxamrmaleclgeimlxbaxlcnxgxamraobrssgeimlxbaxbcnxgxamrrrsbaageimlxbaxlenxgxamrrlbbcegeimbclraronogxamrmcomragxcceimemlxmcbnxgxamrmcobrogxcceixbblrmlanxgxamrmcslrrgxcceimclsaoxbnsgxamrmcrebbgxcceixaoossalnxgxamrmcbxragxcceiraclralcnxgxamrmcbrcagxcceimaoobbebnxgxamrmcbbamgxcceixaoosscrnxgxamrmclcsmgxcceimeembecenxgxamrmclcsmgxcceimeembescnxgxamrmclcsmgxcceimxlbmosonxgxamrmrxesegxcceimcssmlrcnxgxamrmrxesegxcceimlxoblabnxgxamrmrxesegxcceialaroxrcnxgxamrmrxesmgxcceimmraexxanxgxamrmaeacegxcceimmraexoenxgxamrmaeacegxcceimeembesonxgxamrmaeacegxcceimloablcenxgxamrmaaeblgxcceimsacexoonxgxamrmaleclgxcceimxlbmxlcnsgxamrmaleclgxcceimxeoxsacnsgxamrmaleclgxcceimaxecolenogxamrmbsxcbgxcceimaooloranxgxamrmlcbregxcceimrxccoscnxgxamrmlcbregxcceimmlamcecnxgxamrbxsoblgxcceimaoolcoonxgxamrboxomrgxcceimbmmcllonxgxamrborslbgxcceimbmlsebbnxgxamrborslbgxcceimbroosxcnxgxamrboaccrgxcceimxlbmxlonxgxamrboaccrgxcceimboslabcnxgxamrboaccrgxcce
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 03:20:46 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://rule34.xxx
Access-Control-Allow-Credentials: true
Set-Cookie: __upt=%7B%22v%22%3A1%2C%22id%22%3A%220%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22110.0199%22%7D; expires=Fri, 07 Feb 2025 03:20:46 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA01Oy0oEQQz8FX9gmsqju9N71qvCyn7APE/iQRFGqI+3Z4RlU4dUQlUlCrUBOqA+qV4UF89skhqSa5LsfH270oVfPx+redr3nYKqEowcbhSJyOiKita0j52HmoqzolZFKXTQiA7N5n6wBEhhBF9uV97en/umyWGn0oBde6Scp1mVxx77EWAecJujTjE3uGymC5rbknMs6+aH8PFV/COp53aG445BztYLPNn4/fs5kw+SA/luEnIr62S2lrUVxShYxs3Dkac2FluK/wEaRzTkTQEAAA==
95.211.229.245200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA01Oy0oEQQz8FX9gmsqju9N71qvCyn7APE/iQRFGqI+3Z4RlU4dUQlUlCrUBOqA+qV4UF89skhqSa5LsfH270oVfPx+redr3nYKqEowcbhSJyOiKita0j52HmoqzolZFKXTQiA7N5n6wBEhhBF9uV97en/umyWGn0oBde6Scp1mVxx77EWAecJujTjE3uGymC5rbknMs6+aH8PFV/COp53aG445BztYLPNn4/fs5kw+SA/luEnIr62S2lrUVxShYxs3Dkac2FluK/wEaRzTkTQEAAA==
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAA01Oy0oEQQz8FX9gmsqju9N71qvCyn7APE/iQRFGqI+3Z4RlU4dUQlUlCrUBOqA+qV4UF89skhqSa5LsfH270oVfPx+redr3nYKqEowcbhSJyOiKita0j52HmoqzolZFKXTQiA7N5n6wBEhhBF9uV97en/umyWGn0oBde6Scp1mVxx77EWAecJujTjE3uGymC5rbknMs6+aH8PFV/COp53aG445BztYLPNn4/fs5kw+SA/luEnIr62S2lrUVxShYxs3Dkac2FluK/wEaRzTkTQEAAA== HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://rule34.xxx
Connection: keep-alive
Referer: https://rule34.xxx/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263e3150db60a02.983133122975154393%22%3B%7D; c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C2899644%7C78239684%7C0%7C%7C110%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C348043c87b8c9041f32d0943d558def4%7C0%7Crule34.xxx%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; impressions=oslmrxbrnxgxamrrlbbcegeicxbmsbcenxgxamrbelsllgeimmccrbebnxgxamcbexxbmgeioslmrxbmnxgxamrroelrxgeicxbmsbocnxgxamrroelrxgeimmccrlaonxgxamrcremlrgeimmccrlacnxgxamcmlarclgeicxbmsboenxgxamrmlxslxgeioslmrxlrnxgxamslescrogeimmccrbxenxgxamrescroogeislsaroornxgxamccolacbgeioslmroemnxgxamrrobxcageioslmrxlsnxgxamraobrssgeicmmsxrbonxgxamsoeamlmgeimmccrlaenxgxamrsxxxmrgeimmccrbeanxgxamcssabxegeicaocmrmanxgxamolcrcergeimcclsxronxgxamsscrmclgeimcclsxmenxgxamrceerargeialbserebnxgxamccrrssogeimcclsxaonxgxamsxsxllxgeicxbmsbxcnxgxamrmrxesegeimrblxebenxgxamselmborgeimcclsxconxgxamrcraoxsgeirbabxabbnxgxamrescroogeimcclsxacnxgxamsscrmclgeicmmsxaeenxgxamcmrmsrmgeialbsereanxgxamsoeabscgeicaxsscmbnxgxamsosomemgeimcclosconxgxamrrlbbcegeimcclsoeonxgxamrcraoxsgeimcclsxlcnxgxamrrxsoaageimcclossbnxgxamcscxaesgeimcclsxscnxgxamsmoooeegeimcclsxlenxgxamcbrorxbgeimaecseaenxgxamrcremlrgeimaecsxcbnxgxamsmoooeegeimcclsxoanxgxamclrbcelgeimcclsxlbnxgxamcrbalrageimccloscanxgxamrrobxcageiclsmrbsonxgxamsmmrbmbgeiclsmarsenxgxamsmmrbmbgeiccmmllebnxgxamclarlmmgeimcclsxsbnxgxamrroelrxgeiclsmrbxonxgxamsbebceegeiclsmrbxcnxgxamsbebceegeiclsmarscnxgxamsbebceegeiccmmlmlcnxgxamsbebceegeiclsmarrenxgxamsbebceegeicaormbaonxgxamsbxxbsrgeicaormlrenxgxamcememscgeimcclsxlonxgxamcsmlmxcgeimrblelronxgxamsbremaegeimaecsxobnxgxamsbremaegeiclsmrbrcnxgxamsbroemmgeiclsmrraanxgxamclsslaegeiclsmrmxbnxgxamsbroemmgeimccloscenxgxamrcraoxsgeimcclsxxonxgxamslescrogeimrblelxbnxgxamslescrogeimcclsoeenxgxamclrbcelgeimrblelmonxgxamcxcrasxgeimrbleloenxgxamcxcrasxgeiclsmrrmanxgxamcxabcxbgeiclsmrbeonxgxamcxabcxbgeiclsmrrcenxgxamcxabcxbgeiclsmrmxanxgxamcxabcxbgeiclsmrbxenxgxamcxabcxbgeiclsmaroonxgxamcxabcxbgeialbserxenxgxamcosraregeimcclsxsenxgxamrcraoxsgeimcclsxlanxgxamcblrlbcgeiccmmlleanxgxamccrrssogeicaormlabnxgxamcrllsmageicaormlconxgxamcrllsmageiclsmarsonxgxamclsslaegeiclsmrmlbnxgxamclsslaegeiclsmrmocnxgxamclsslaegeiccmmllecnxgxamclsslaegeimcclsxcanxgxamrceerscgeimrblelcenxgxamclrbcelgeimaecsxrcnxgxamclrbcelgeialbserxonxgxamclarlmmgeimcclosscnxgxamrceerscgeimaecobronxgxamrescroogeimaecobeenxgxamrescroogeimcclosccnxgxamrmlxslxgeimaecoboonxgxamrescroogeimrblxelenxgxamrescroogeimaecsxccnxgxamrcremlrgeimlxbaxlonxgxamrcraoxsgeimlxbaxbanxgxamrmlxslxgeimlxbaxbonxgxamrbelsllgeimlxbaxlanxgxamrmaleclgeimlxbaxlcnxgxamraobrssgeimlxbaxbcnxgxamrrrsbaageimlxbaxlenxgxamrrlbbcegeimbclraronogxamrmcomragxcceimemlxmcbnxgxamrmcobrogxcceixbblrmlanxgxamrmcslrrgxcceimclsaoxbnsgxamrmcrebbgxcceixaoossalnxgxamrmcbxragxcceiraclralcnxgxamrmcbrcagxcceimaoobbebnxgxamrmcbbamgxcceixaoosscrnxgxamrmclcsmgxcceimeembecenxgxamrmclcsmgxcceimeembescnxgxamrmclcsmgxcceimxlbmosonxgxamrmrxesegxcceimcssmlrcnxgxamrmrxesegxcceimlxoblabnxgxamrmrxesegxcceialaroxrcnxgxamrmrxesmgxcceimmraexxanxgxamrmaeacegxcceimmraexoenxgxamrmaeacegxcceimeembesonxgxamrmaeacegxcceimloablcenxgxamrmaaeblgxcceimsacexoonxgxamrmaleclgxcceimxlbmxlcnsgxamrmaleclgxcceimxeoxsacnsgxamrmaleclgxcceimaxecolenogxamrmbsxcbgxcceimaooloranxgxamrmlcbregxcceimrxccoscnxgxamrmlcbregxcceimmlamcecnxgxamrbxsoblgxcceimaoolcoonxgxamrboxomrgxcceimbmmcllonxgxamrborslbgxcceimbmlsebbnxgxamrborslbgxcceimbroosxcnxgxamrboaccrgxcceimxlbmxlonxgxamrboaccrgxcceimboslabcnxgxamrboaccrgxcce
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 03:20:46 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://rule34.xxx
Access-Control-Allow-Credentials: true
Set-Cookie: __upt=%7B%22v%22%3A1%2C%22id%22%3A%220%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22110.0199%22%7D; expires=Fri, 07 Feb 2025 03:20:46 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
go.xlivrdr.com/smartpop/165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&memberId=ooc4ASOpmsmlmndVdVLTXdW6VzpppXUzOodTK6V0rpXT1UU0uldK6V0zpXSuldK6Z0rpXTOc6VxD_b0UxqUpznSuldK6V0rpXSuldK4PsA--&sourceId=4171012&p1=4581850&skipOffset=00:00:05
104.18.51.106302 Found 8.4 kB URL HTTP/2 go.xlivrdr.com/smartpop/165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&memberId=ooc4ASOpmsmlmndVdVLTXdW6VzpppXUzOodTK6V0rpXT1UU0uldK6V0zpXSuldK6Z0rpXTOc6VxD_b0UxqUpznSuldK6V0rpXSuldK4PsA--&sourceId=4171012&p1=4581850&skipOffset=00:00:05
IP 104.18.51.106:0
Hash ea121fa698e07c77d5829cbe737c6eec
089a37d949d5a4ed59aef1c8464812ec08f7d3c4
8a14c1ce54e47a9d83c8fb8b5a5b021c39173944a926f75f1a330943ed367e11
GET /smartpop/165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&memberId=ooc4ASOpmsmlmndVdVLTXdW6VzpppXUzOodTK6V0rpXT1UU0uldK6V0zpXSuldK6Z0rpXTOc6VxD_b0UxqUpznSuldK6V0rpXSuldK4PsA--&sourceId=4171012&p1=4581850&skipOffset=00:00:05 HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://rule34.xxx
Connection: keep-alive
Referer: https://rule34.xxx/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Wed, 08 Feb 2023 03:20:46 GMT
content-length: 0
location: https://go.xlivrdr.com/api/models/vast?campaignId=165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af&campaignType=smartpop&creativeId=1aa4022af61bfad6ec7c637003dfb79b6edb7465c731eac0e6955245fc823c00&duration=00%3A00%3A30&endpoint=room&iterationId=397613&masterSmartpopId=2683&memberId=ooc4ASOpmsmlmndVdVLTXdW6VzpppXUzOodTK6V0rpXT1UU0uldK6V0zpXSuldK6Z0rpXTOc6VxD_b0UxqUpznSuldK6V0rpXSuldK4PsA--&p1=4581850&ruleId=157&skipOffset=00%3A00%3A05&smartpopId=3564&sourceId=4171012&tag=-girls%2Findian&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=30208&videosList=oil-show11
access-control-allow-origin: https://rule34.xxx
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: DYNAMIC
set-cookie: _var=7868025.30208; Path=/; HttpOnly; SameSite=Strict
__cflb=0H28uukSkGJRy5UBr1MAvzNuwf2BatGMq6kS2wkiyoa; SameSite=None; Secure; path=/; expires=Thu, 09-Feb-23 02:20:46 GMT; HttpOnly
server: cloudflare
cf-ray: 79613b37ab8bb511-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA02PS2oEMQxEr5ILjCn9bHnWyTaBCXOAnv6sQhYJAx3Q4SP3QIgF1pOpQmUGywl8QntiPjPOatGpdBTlQqbx+nYJpfi6f6yiZd/3qK223sPNVYLI3ZCKhu6eI8Ksasve3JglQRESyGIT1UEF6OyRhpfrJa7vz/nUqXNQMCLvsXWgJmMfXlGHyuzt5nOH0ia8oKssZr6s2yH8nzJzcBUEAXUsLcQ6RHwkedSJjpYHcdD0/fM5R/wJHmnDDlem0/wKRUyoMrEu2tauGQWgG63e1qSNbPoF3LtpZVUBAAA=
95.211.229.245200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA02PS2oEMQxEr5ILjCn9bHnWyTaBCXOAnv6sQhYJAx3Q4SP3QIgF1pOpQmUGywl8QntiPjPOatGpdBTlQqbx+nYJpfi6f6yiZd/3qK223sPNVYLI3ZCKhu6eI8Ksasve3JglQRESyGIT1UEF6OyRhpfrJa7vz/nUqXNQMCLvsXWgJmMfXlGHyuzt5nOH0ia8oKssZr6s2yH8nzJzcBUEAXUsLcQ6RHwkedSJjpYHcdD0/fM5R/wJHmnDDlem0/wKRUyoMrEu2tauGQWgG63e1qSNbPoF3LtpZVUBAAA=
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAA02PS2oEMQxEr5ILjCn9bHnWyTaBCXOAnv6sQhYJAx3Q4SP3QIgF1pOpQmUGywl8QntiPjPOatGpdBTlQqbx+nYJpfi6f6yiZd/3qK223sPNVYLI3ZCKhu6eI8Ksasve3JglQRESyGIT1UEF6OyRhpfrJa7vz/nUqXNQMCLvsXWgJmMfXlGHyuzt5nOH0ia8oKssZr6s2yH8nzJzcBUEAXUsLcQ6RHwkedSJjpYHcdD0/fM5R/wJHmnDDlem0/wKRUyoMrEu2tauGQWgG63e1qSNbPoF3LtpZVUBAAA= HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://rule34.xxx
Connection: keep-alive
Referer: https://rule34.xxx/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263e3150db60a02.983133122975154393%22%3B%7D; c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C2899644%7C78239684%7C0%7C%7C110%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C348043c87b8c9041f32d0943d558def4%7C0%7Crule34.xxx%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; impressions=oslmrxbrnxgxamrrlbbcegeicxbmsbcenxgxamrbelsllgeimmccrbebnxgxamcbexxbmgeioslmrxbmnxgxamrroelrxgeicxbmsbocnxgxamrroelrxgeimmccrlaonxgxamrcremlrgeimmccrlacnxgxamcmlarclgeicxbmsboenxgxamrmlxslxgeioslmrxlrnxgxamslescrogeimmccrbxenxgxamrescroogeislsaroornxgxamccolacbgeioslmroemnxgxamrrobxcageioslmrxlsnxgxamraobrssgeicmmsxrbonxgxamsoeamlmgeimmccrlaenxgxamrsxxxmrgeimmccrbeanxgxamcssabxegeicaocmrmanxgxamolcrcergeimcclsxronxgxamsscrmclgeimcclsxmenxgxamrceerargeialbserebnxgxamccrrssogeimcclsxaonxgxamsxsxllxgeicxbmsbxcnxgxamrmrxesegeimrblxebenxgxamselmborgeimcclsxconxgxamrcraoxsgeirbabxabbnxgxamrescroogeimcclsxacnxgxamsscrmclgeicmmsxaeenxgxamcmrmsrmgeialbsereanxgxamsoeabscgeicaxsscmbnxgxamsosomemgeimcclosconxgxamrrlbbcegeimcclsoeonxgxamrcraoxsgeimcclsxlcnxgxamrrxsoaageimcclossbnxgxamcscxaesgeimcclsxscnxgxamsmoooeegeimcclsxlenxgxamcbrorxbgeimaecseaenxgxamrcremlrgeimaecsxcbnxgxamsmoooeegeimcclsxoanxgxamclrbcelgeimcclsxlbnxgxamcrbalrageimccloscanxgxamrrobxcageiclsmrbsonxgxamsmmrbmbgeiclsmarsenxgxamsmmrbmbgeiccmmllebnxgxamclarlmmgeimcclsxsbnxgxamrroelrxgeiclsmrbxonxgxamsbebceegeiclsmrbxcnxgxamsbebceegeiclsmarscnxgxamsbebceegeiccmmlmlcnxgxamsbebceegeiclsmarrenxgxamsbebceegeicaormbaonxgxamsbxxbsrgeicaormlrenxgxamcememscgeimcclsxlonxgxamcsmlmxcgeimrblelronxgxamsbremaegeimaecsxobnxgxamsbremaegeiclsmrbrcnxgxamsbroemmgeiclsmrraanxgxamclsslaegeiclsmrmxbnxgxamsbroemmgeimccloscenxgxamrcraoxsgeimcclsxxonxgxamslescrogeimrblelxbnxgxamslescrogeimcclsoeenxgxamclrbcelgeimrblelmonxgxamcxcrasxgeimrbleloenxgxamcxcrasxgeiclsmrrmanxgxamcxabcxbgeiclsmrbeonxgxamcxabcxbgeiclsmrrcenxgxamcxabcxbgeiclsmrmxanxgxamcxabcxbgeiclsmrbxenxgxamcxabcxbgeiclsmaroonxgxamcxabcxbgeialbserxenxgxamcosraregeimcclsxsenxgxamrcraoxsgeimcclsxlanxgxamcblrlbcgeiccmmlleanxgxamccrrssogeicaormlabnxgxamcrllsmageicaormlconxgxamcrllsmageiclsmarsonxgxamclsslaegeiclsmrmlbnxgxamclsslaegeiclsmrmocnxgxamclsslaegeiccmmllecnxgxamclsslaegeimcclsxcanxgxamrceerscgeimrblelcenxgxamclrbcelgeimaecsxrcnxgxamclrbcelgeialbserxonxgxamclarlmmgeimcclosscnxgxamrceerscgeimaecobronxgxamrescroogeimaecobeenxgxamrescroogeimcclosccnxgxamrmlxslxgeimaecoboonxgxamrescroogeimrblxelenxgxamrescroogeimaecsxccnxgxamrcremlrgeimlxbaxlonxgxamrcraoxsgeimlxbaxbanxgxamrmlxslxgeimlxbaxbonxgxamrbelsllgeimlxbaxlanxgxamrmaleclgeimlxbaxlcnxgxamraobrssgeimlxbaxbcnxgxamrrrsbaageimlxbaxlenxgxamrrlbbcegeimbclraronogxamrmcomragxcceimemlxmcbnxgxamrmcobrogxcceixbblrmlanxgxamrmcslrrgxcceimclsaoxbnsgxamrmcrebbgxcceixaoossalnxgxamrmcbxragxcceiraclralcnxgxamrmcbrcagxcceimaoobbebnxgxamrmcbbamgxcceixaoosscrnxgxamrmclcsmgxcceimeembecenxgxamrmclcsmgxcceimeembescnxgxamrmclcsmgxcceimxlbmosonxgxamrmrxesegxcceimcssmlrcnxgxamrmrxesegxcceimlxoblabnxgxamrmrxesegxcceialaroxrcnxgxamrmrxesmgxcceimmraexxanxgxamrmaeacegxcceimmraexoenxgxamrmaeacegxcceimeembesonxgxamrmaeacegxcceimloablcenxgxamrmaaeblgxcceimsacexoonxgxamrmaleclgxcceimxlbmxlcnsgxamrmaleclgxcceimxeoxsacnsgxamrmaleclgxcceimaxecolenogxamrmbsxcbgxcceimaooloranxgxamrmlcbregxcceimrxccoscnxgxamrmlcbregxcceimmlamcecnxgxamrbxsoblgxcceimaoolcoonxgxamrboxomrgxcceimbmmcllonxgxamrborslbgxcceimbmlsebbnxgxamrborslbgxcceimbroosxcnxgxamrboaccrgxcceimxlbmxlonxgxamrboaccrgxcceimboslabcnxgxamrboaccrgxcce; __upt=%7B%22v%22%3A1%2C%22id%22%3A%220%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22110.0199%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 03:20:46 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://rule34.xxx
Access-Control-Allow-Credentials: true
Set-Cookie: __upt=%7B%22v%22%3A1%2C%22id%22%3A%220%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22110.029701%22%7D; expires=Fri, 07 Feb 2025 03:20:46 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 190dd976f4818ae55bd94f26e00ec88f
341505cba528c559f529ea980027e1a41cd9de28
b435b0146a41fcb99f974c201f5f867752a4552aa2209e8201daa02bfd8abfaa
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5935
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 03:20:46 GMT
Last-Modified: Wed, 08 Feb 2023 01:41:51 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 279
s3t3d2y8.afcdn.net/library/676799/fa602a2216054018bd4434c66c1bf030bc073edb.webp
185.76.9.23200 OK 5.5 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/676799/fa602a2216054018bd4434c66c1bf030bc073edb.webp
IP 185.76.9.23:0
ASN #60068 Datacamp Limited
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 7d0e37fee71077478f428c65dd03223e
fa602a2216054018bd4434c66c1bf030bc073edb
ef3b154fc5d8f387a8442cb2466ec2ff5a170ef28106abced9ad42689a14e27d
GET /library/676799/fa602a2216054018bd4434c66c1bf030bc073edb.webp HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rule34.xxx/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 03:20:46 GMT
content-type: image/webp
content-length: 5540
last-modified: Fri, 03 Jun 2022 09:03:50 GMT
etag: "6299ce76-15a4"
expires: Tue, 24 Oct 2023 15:16:37 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-cache-op: HIT
x-accel-expires: @1701663245
server: CDN77-Turbo
x-77-nzt: AblMCRRromX/gfZWAA
x-77-nzt-ray: af585630b59bb79b0e15e363aa82de05
x-cache: HIT
x-age: 5699201
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/676799/8a4d4f582692b08fdac6bc9fa4ea71046b74426b.jpg
185.76.9.23200 OK 19 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/676799/8a4d4f582692b08fdac6bc9fa4ea71046b74426b.jpg
IP 185.76.9.23:0
ASN #60068 Datacamp Limited
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90", baseline, precision 8, 300x300, components 3\012- data
Hash 065005b090bdfe5142682acb978defc8
8a4d4f582692b08fdac6bc9fa4ea71046b74426b
fc84d38eae8e194a70a77f426dd696ac29178b333991174d54f450a6bb3edc70
GET /library/676799/8a4d4f582692b08fdac6bc9fa4ea71046b74426b.jpg HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rule34.xxx/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 03:20:46 GMT
content-type: image/jpeg
content-length: 18980
last-modified: Fri, 14 Oct 2022 13:01:24 GMT
etag: "63495da4-4a24"
expires: Tue, 16 Jan 2024 10:43:15 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-cache-op: HIT
x-accel-expires: @1705418800
server: CDN77-Turbo
x-77-nzt: AblMCRTC/z3/XqgdAA
x-77-nzt-ray: af585630b59bb79b0e15e3637d42e305
x-cache: HIT
x-age: 1943646
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/41682/b677d3a0ce722d533ff9f9ad3f810012a0b5a559.webp
185.76.9.23200 OK 8.2 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/41682/b677d3a0ce722d533ff9f9ad3f810012a0b5a559.webp
IP 185.76.9.23:0
ASN #60068 Datacamp Limited
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash d0c29ee362f348e16199a0b38560c413
b677d3a0ce722d533ff9f9ad3f810012a0b5a559
6447f8253a76e166bcba7d2fb27196d17c6d07b57680522df54b0210dc76ac71
GET /library/41682/b677d3a0ce722d533ff9f9ad3f810012a0b5a559.webp HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rule34.xxx/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 03:20:46 GMT
content-type: image/webp
content-length: 8246
last-modified: Thu, 05 Jan 2023 13:08:25 GMT
etag: "63b6cbc9-2036"
expires: Fri, 05 Jan 2024 13:13:49 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-cache-op: HIT
x-accel-expires: @1704461646
server: CDN77-Turbo
x-77-nzt: AblMCRR6pD//QEMsAA
x-77-nzt-ray: af585630b59bb79b0e15e363638b0006
x-cache: HIT
x-age: 2900800
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/676799/83568851106bf5f179aec8cb977edc832eabce1e.webp
185.76.9.23200 OK 7.2 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/676799/83568851106bf5f179aec8cb977edc832eabce1e.webp
IP 185.76.9.23:0
ASN #60068 Datacamp Limited
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 7aeed1edccf33acb12d6e3e4130d8a5e
83568851106bf5f179aec8cb977edc832eabce1e
0d5ada97bfd8648bddbd481667c118195bb1ec843d5eb5ba6f04b363df855832
GET /library/676799/83568851106bf5f179aec8cb977edc832eabce1e.webp HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rule34.xxx/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 03:20:46 GMT
content-type: image/webp
content-length: 7228
last-modified: Thu, 04 Nov 2021 11:52:34 GMT
etag: "6183c982-1c3c"
expires: Fri, 30 Jun 2023 11:19:55 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1688195394
server: CDN77-Turbo
x-robots-tag: noindex, follow
x-77-nzt: AblMCRRDaMn/THckAQ
x-77-nzt-ray: af585630b59bb79b0e15e363876a0e06
x-cache: HIT
x-age: 19167052
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 4b39eb95df25d95c3aaabbf897c5f4eb
1b80cda5dd2ee56df5f8577ffcf82642e473616d
699bb26b819a1a56e70d40d2a933fdac56339ffd32c791813853ca26b66d9992
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5508
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 03:20:46 GMT
Last-Modified: Wed, 08 Feb 2023 01:48:58 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 280
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 9b88bae61bca33aba8aa99f6128db8d9
a07b61fb2458917699613fcae68710941b595416
54915c2f79822732e06a592d027da421ad1e7a6458c545f98333db25612b3dea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "54915C2F79822732E06A592D027DA421AD1E7A6458C545F98333DB25612B3DEA"
Last-Modified: Mon, 06 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6818
Expires: Wed, 08 Feb 2023 05:14:24 GMT
Date: Wed, 08 Feb 2023 03:20:46 GMT
Connection: keep-alive
ocsp.pki.goog/s/gts1p5/VfKD8m_TkIc
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/VfKD8m_TkIc
IP 142.250.74.131:0
Hash e26fef9e466cc19bc0d0a4b5388e4e49
8ceca4a1eba5e4a4f33b780bcc1de239248ab7c9
8a2fde5b91c3436d842b394b1ce87edeca77f22b3c81dc514c05852b28de7e42
POST /s/gts1p5/VfKD8m_TkIc HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 03:20:46 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
forgoodplay.com/iframe/59f0b46754d?iframe&ag_custom_domain=rule34.xxx
172.67.204.252200 OK 1.7 kB URL HTTP/2 forgoodplay.com/iframe/59f0b46754d?iframe&ag_custom_domain=rule34.xxx
IP 172.67.204.252:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (3645)
Hash b5d4d8c8f24471cec94eba6659509be8
5e829265f21c7e1d09dacd0b1cde48964f8d3dbe
e89b8eae3cd1b30e9f45f59fc55175c5fac8168862367548f7fe5b6e35b7cd0e
GET /iframe/59f0b46754d?iframe&ag_custom_domain=rule34.xxx HTTP/1.1
Host: forgoodplay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rule34.xxx/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 03:20:46 GMT
content-type: text/html
set-cookie: showed_752_1251=[212822]; Expires=Thu, 09-Feb-23 03:20:46 GMT; Domain=forgoodplay.com; Path=/; Secure; SameSite=None
c_93c69a1c63efcd5e9c8cba18fb1371b3=1; Expires=Thu, 09-Feb-23 03:20:46 GMT; Domain=forgoodplay.com; Path=/; Secure; SameSite=None
z_7647bc26078c04f9a368d97dbce82640=1; Expires=Thu, 09-Feb-23 03:20:46 GMT; Domain=forgoodplay.com; Path=/; Secure; SameSite=None
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3V4By6CzJVdueWeurHkdxQux5isbDzeBhR85Broii48LSxAFCH8uQXTlg%2F9%2BSWhd5OrpLVxWc2Uj2Ksiw0gBFzQto1OeWw7z%2Bz95xJk%2FTxqOtPtpi%2BLPVm%2BsUTmLw%2FC4X9A%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79613b385bb7b4ff-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/VfKD8m_TkIc
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/VfKD8m_TkIc
IP 142.250.74.131:0
Hash e26fef9e466cc19bc0d0a4b5388e4e49
8ceca4a1eba5e4a4f33b780bcc1de239248ab7c9
8a2fde5b91c3436d842b394b1ce87edeca77f22b3c81dc514c05852b28de7e42
POST /s/gts1p5/VfKD8m_TkIc HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 03:20:46 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 6f5ab3bdbb5ebcebf9a163e0c85ab467
43f1c3de55e528c5be75895eb08b64840a0c8b95
d7c6e6ba9986867972fbc47f35dc823e3c78db46acf5292b6933e0f5760e47be
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D7C6E6BA9986867972FBC47F35DC823E3C78DB46ACF5292B6933E0F5760E47BE"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6728
Expires: Wed, 08 Feb 2023 05:12:54 GMT
Date: Wed, 08 Feb 2023 03:20:46 GMT
Connection: keep-alive
push.services.mozilla.com/
44.235.159.98101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 44.235.159.98:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 3xNuma60lE6DCFlymr65Xw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: GebU0ZVwFgcukUVGPhI/LOCLNbg=
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 6f5ab3bdbb5ebcebf9a163e0c85ab467
43f1c3de55e528c5be75895eb08b64840a0c8b95
d7c6e6ba9986867972fbc47f35dc823e3c78db46acf5292b6933e0f5760e47be
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D7C6E6BA9986867972FBC47F35DC823E3C78DB46ACF5292B6933E0F5760E47BE"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6728
Expires: Wed, 08 Feb 2023 05:12:54 GMT
Date: Wed, 08 Feb 2023 03:20:46 GMT
Connection: keep-alive
tsyndicate.com/api/v1/retargeting/set/0a1ebf4e-f1a4-4146-916d-6962c02eca57
136.243.46.156200 OK 35 B URL HTTP/2 tsyndicate.com/api/v1/retargeting/set/0a1ebf4e-f1a4-4146-916d-6962c02eca57
IP 136.243.46.156:0
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 1 x 1\012- data
Hash c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
GET /api/v1/retargeting/set/0a1ebf4e-f1a4-4146-916d-6962c02eca57 HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forgoodplay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 03:20:46 GMT
content-type: text/plain; charset=utf-8
content-length: 35
pragma: no-cache
expires: 0
vary: *
x-api-version: 1
x-request-id: 85f6ec48b2b75f6f
set-cookie: ts_rt_0a1ebf4e-f1a4-4146-916d-6962c02eca57=AAMC; expires=Thu, 08 Feb 2024 03:20:46 GMT; path=/; HttpOnly; secure; SameSite=None
cache-control: no-cache, no-store, no-transform, must-revalidate, no-transform
x-robots-tag: none, noindex, nofollow
report-to: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
X-Firefox-Spdy: h2
cdn.banhq.com/html/7/0/70b3f8f00c910a4d4927c9e42c57f734.html?clickdata=https%3A%2F%2Fflixdot.com%2Ftrack%2Fclick%2F37%2F23643%2F49141%2F310839%2F2698%3Faff%3D271091
54.230.111.56200 OK 1.2 kB URL HTTP/2 cdn.banhq.com/html/7/0/70b3f8f00c910a4d4927c9e42c57f734.html?clickdata=https%3A%2F%2Fflixdot.com%2Ftrack%2Fclick%2F37%2F23643%2F49141%2F310839%2F2698%3Faff%3D271091
IP 54.230.111.56:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (521)
Hash 70b3f8f00c910a4d4927c9e42c57f734
8275711a623b66be61106d981cd755ea4ddfdcb3
fd2a29392d0006c44d95d0d761f5abe86fe8cb4b1274a4eac233587700bd4661
GET /html/7/0/70b3f8f00c910a4d4927c9e42c57f734.html?clickdata=https%3A%2F%2Fflixdot.com%2Ftrack%2Fclick%2F37%2F23643%2F49141%2F310839%2F2698%3Faff%3D271091 HTTP/1.1
Host: cdn.banhq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://flixdot.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 1177
date: Wed, 01 Feb 2023 19:39:00 GMT
last-modified: Thu, 26 Jan 2023 19:45:32 GMT
etag: "70b3f8f00c910a4d4927c9e42c57f734"
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: XMdz6WgeGjsObosvWBhzQeYViKJ3HAwi2vIZVC1VFXtx-xx2SFJ8ug==
age: 546107
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/B4-YctRJ5lw
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/B4-YctRJ5lw
IP 142.250.74.131:0
Hash 53c0f9949015243b262f6873d251eb0c
bed90704bb853bbfb99d1a7b9784f52ae428edaa
8e8d8c1cf4fe3ad35b2ecb21e3919a923afe1ac702a42d23e2bca70b328e0708
POST /s/gts1p5/B4-YctRJ5lw HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 03:20:46 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
runative-syndicate.com/api/v1/retargeting/set/a56bbc85-b77d-4219-bfc4-e832384180bb
136.243.43.25200 OK 35 B URL HTTP/2 runative-syndicate.com/api/v1/retargeting/set/a56bbc85-b77d-4219-bfc4-e832384180bb
IP 136.243.43.25:0
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 1 x 1\012- data
Hash c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
GET /api/v1/retargeting/set/a56bbc85-b77d-4219-bfc4-e832384180bb HTTP/1.1
Host: runative-syndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forgoodplay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 03:20:46 GMT
content-type: text/plain; charset=utf-8
content-length: 35
pragma: no-cache
expires: 0
vary: *
x-api-version: 1
x-request-id: ac55a71c6b61477e
set-cookie: ts_rt_a56bbc85-b77d-4219-bfc4-e832384180bb=AAMC; expires=Thu, 08 Feb 2024 03:20:46 GMT; path=/; HttpOnly; secure; SameSite=None
cache-control: no-cache, no-store, no-transform, must-revalidate, no-transform
x-robots-tag: none, noindex, nofollow
report-to: { "url": "https://pxl.runative-syndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
X-Firefox-Spdy: h2
tsyndicate.com/api/v1/retargeting/set/b5e023d7-d6ac-495d-8e3b-e65703a0f52a
136.243.46.156200 OK 35 B URL HTTP/2 tsyndicate.com/api/v1/retargeting/set/b5e023d7-d6ac-495d-8e3b-e65703a0f52a
IP 136.243.46.156:0
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 1 x 1\012- data
Hash c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Analyzer Verdict Alert fortinet Malware
GET /api/v1/retargeting/set/b5e023d7-d6ac-495d-8e3b-e65703a0f52a HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forgoodplay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 03:20:46 GMT
content-type: text/plain; charset=utf-8
content-length: 35
pragma: no-cache
expires: 0
vary: *
x-api-version: 1
x-request-id: b68d216b62e33dd8
set-cookie: ts_rt_b5e023d7-d6ac-495d-8e3b-e65703a0f52a=AAMC; expires=Thu, 08 Feb 2024 03:20:46 GMT; path=/; HttpOnly; secure; SameSite=None
cache-control: no-cache, no-store, no-transform, must-revalidate, no-transform
x-robots-tag: none, noindex, nofollow
report-to: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
X-Firefox-Spdy: h2
runative-syndicate.com/api/v1/retargeting/set/1a59e97d-a1c2-4718-89ea-5a19b9d400ea
136.243.43.25200 OK 35 B URL HTTP/2 runative-syndicate.com/api/v1/retargeting/set/1a59e97d-a1c2-4718-89ea-5a19b9d400ea
IP 136.243.43.25:0
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 1 x 1\012- data
Hash c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
GET /api/v1/retargeting/set/1a59e97d-a1c2-4718-89ea-5a19b9d400ea HTTP/1.1
Host: runative-syndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forgoodplay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 03:20:46 GMT
content-type: text/plain; charset=utf-8
content-length: 35
pragma: no-cache
expires: 0
vary: *
x-api-version: 1
x-request-id: 5a408bb7d4234ad2
set-cookie: ts_rt_1a59e97d-a1c2-4718-89ea-5a19b9d400ea=AAMC; expires=Thu, 08 Feb 2024 03:20:46 GMT; path=/; HttpOnly; secure; SameSite=None
cache-control: no-cache, no-store, no-transform, must-revalidate, no-transform
x-robots-tag: none, noindex, nofollow
report-to: { "url": "https://pxl.runative-syndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/B4-YctRJ5lw
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/B4-YctRJ5lw
IP 142.250.74.131:0
Hash 53c0f9949015243b262f6873d251eb0c
bed90704bb853bbfb99d1a7b9784f52ae428edaa
8e8d8c1cf4fe3ad35b2ecb21e3919a923afe1ac702a42d23e2bca70b328e0708
POST /s/gts1p5/B4-YctRJ5lw HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 03:20:46 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.banhq.com/png/a/1/a124ddcaeee3fb8f53863f4859ddcc48.png
54.230.111.56200 OK 5.5 kB URL HTTP/2 cdn.banhq.com/png/a/1/a124ddcaeee3fb8f53863f4859ddcc48.png
IP 54.230.111.56:0
File type PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced\012- data
Hash a124ddcaeee3fb8f53863f4859ddcc48
16ed6b5bf818a5427897593c334e3832ce1f9912
e252b7ba7fbf97500bb297276f589ef64b9f0f84b313c0ea8103d46cc0e36a97
GET /png/a/1/a124ddcaeee3fb8f53863f4859ddcc48.png HTTP/1.1
Host: cdn.banhq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.banhq.com/html/7/0/70b3f8f00c910a4d4927c9e42c57f734.html?clickdata=https%3A%2F%2Fflixdot.com%2Ftrack%2Fclick%2F37%2F23643%2F49141%2F310839%2F2698%3Faff%3D271091
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 5475
date: Thu, 19 Jan 2023 02:07:25 GMT
last-modified: Tue, 20 Nov 2018 17:30:47 GMT
etag: "a124ddcaeee3fb8f53863f4859ddcc48"
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Qj2xWnGpHJulpuiZQN-yLR2Y-bfhpRvHNV_7TW76_jiTLBf1a05WHg==
age: 1732402
X-Firefox-Spdy: h2
my.rtmark.net/img.gif?f=sync&lr=1&partner=231cd49a7855e5ab09961d63fb71270a509dc35327a759c7694c3f89594943d0
139.45.195.8200 OK 43 B URL HTTP/2 my.rtmark.net/img.gif?f=sync&lr=1&partner=231cd49a7855e5ab09961d63fb71270a509dc35327a759c7694c3f89594943d0
IP 139.45.195.8:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /img.gif?f=sync&lr=1&partner=231cd49a7855e5ab09961d63fb71270a509dc35327a759c7694c3f89594943d0 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 03:20:46 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=e14a5c0537da40fcb75c26c4f9753950; expires=Thu, 08 Feb 2024 03:20:46 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
go.xlivrdr.com/api/models/vast?campaignId=165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af&campaignType=smartpop&creativeId=1aa4022af61bfad6ec7c637003dfb79b6edb7465c731eac0e6955245fc823c00&duration=00%3A00%3A30&endpoint=room&iterationId=397613&masterSmartpopId=2683&memberId=ooc4ASOpmsmlmndVdVLTXdW6VzpppXUzOodTK6V0rpXT1UU0uldK6V0zpXSuldK6Z0rpXTOc6VxD_b0UxqUpznSuldK6V0rpXSuldK4PsA--&p1=4581850&ruleId=157&skipOffset=00%3A00%3A05&smartpopId=3564&sourceId=4171012&tag=-girls%2Findian&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=30208&videosList=oil-show11
104.18.51.106200 OK 897 B URL HTTP/2 go.xlivrdr.com/api/models/vast?campaignId=165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af&campaignType=smartpop&creativeId=1aa4022af61bfad6ec7c637003dfb79b6edb7465c731eac0e6955245fc823c00&duration=00%3A00%3A30&endpoint=room&iterationId=397613&masterSmartpopId=2683&memberId=ooc4ASOpmsmlmndVdVLTXdW6VzpppXUzOodTK6V0rpXT1UU0uldK6V0zpXSuldK6Z0rpXTOc6VxD_b0UxqUpznSuldK6V0rpXSuldK4PsA--&p1=4581850&ruleId=157&skipOffset=00%3A00%3A05&smartpopId=3564&sourceId=4171012&tag=-girls%2Findian&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=30208&videosList=oil-show11
IP 104.18.51.106:0
File type XML 1.0 document text\012- XML document, ASCII text, with very long lines (2062), with no line terminators
Hash 10220786a0a8263681e07d1cbc2ba9c8
d350f83b7cd20586d388775cd63202f25764499b
7da9532fa1e7d7f9303760c50e77f8ac050369b38a57f87b94a6f0f8e0f4ca96
GET /api/models/vast?campaignId=165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af&campaignType=smartpop&creativeId=1aa4022af61bfad6ec7c637003dfb79b6edb7465c731eac0e6955245fc823c00&duration=00%3A00%3A30&endpoint=room&iterationId=397613&masterSmartpopId=2683&memberId=ooc4ASOpmsmlmndVdVLTXdW6VzpppXUzOodTK6V0rpXT1UU0uldK6V0zpXSuldK6Z0rpXTOc6VxD_b0UxqUpznSuldK6V0rpXSuldK4PsA--&p1=4581850&ruleId=157&skipOffset=00%3A00%3A05&smartpopId=3564&sourceId=4171012&tag=-girls%2Findian&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=30208&videosList=oil-show11 HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://rule34.xxx
Referer: https://rule34.xxx/
Connection: keep-alive
Cookie: __cflb=0H28uukSkGJRy5UBr1MAvzNuwf2BatGMq6kS2wkiyoa
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 03:20:46 GMT
content-type: text/xml; charset=utf-8
access-control-allow-origin: https://rule34.xxx
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 79613b380babb511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.redditstatic.com/ads/pixel.js
151.101.193.140200 OK 7.4 kB URL HTTP/2 www.redditstatic.com/ads/pixel.js
IP 151.101.193.140:0
File type ASCII text, with very long lines (23347)
Hash 03d5db9dfd00a5719bb4c9261e6fa1bb
be9899225f59b4d3ef6fefcf0e66b72568353a94
e90f19642062e4311b58ede732592e8f29b7799661086a0bbfc68e259fd81398
GET /ads/pixel.js HTTP/1.1
Host: www.redditstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forgoodplay.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Mon, 23 Jan 2023 21:56:14 GMT
etag: "03d5db9dfd00a5719bb4c9261e6fa1bb"
cache-control: public, max-age=60
content-encoding: gzip
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 08 Feb 2023 03:20:46 GMT
vary: Accept-Encoding,Origin
server: snooserv
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
content-length: 7356
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.33.119.27200 OK 345 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash ba19e1f14fa3d37fa75dd4483cc8191c
99f4faee3fb411f242ec2f6452900c3880b61ca0
6de2d42999583d28d678339b4043a1e68bcb4bd3cff5ff27ef1bb7443cea5680
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "6DE2D42999583D28D678339B4043A1E68BCB4BD3CFF5FF27EF1BB7443CEA5680"
Last-Modified: Sun, 05 Feb 2023 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8129
Expires: Wed, 08 Feb 2023 05:36:15 GMT
Date: Wed, 08 Feb 2023 03:20:46 GMT
Connection: keep-alive
ocsp.pki.goog/s/gts1p5/B4-YctRJ5lw
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/B4-YctRJ5lw
IP 142.250.74.131:0
Hash 53c0f9949015243b262f6873d251eb0c
bed90704bb853bbfb99d1a7b9784f52ae428edaa
8e8d8c1cf4fe3ad35b2ecb21e3919a923afe1ac702a42d23e2bca70b328e0708
POST /s/gts1p5/B4-YctRJ5lw HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 03:20:46 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
onegamespicshere.com/bnr/4/e86/af318a/e86af318a58789367560fdd7d8444058.jpg
104.21.63.123200 OK 34 kB URL HTTP/2 onegamespicshere.com/bnr/4/e86/af318a/e86af318a58789367560fdd7d8444058.jpg
IP 104.21.63.123:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 300x250, components 3\012- data
Hash e86af318a58789367560fdd7d8444058
e103dd7eab294144bab3f3795a8b166bdbfc6272
9818f2720d3169b3140fb8b5c6ed855841aa7c13212527f876721665aa7f229d
GET /bnr/4/e86/af318a/e86af318a58789367560fdd7d8444058.jpg HTTP/1.1
Host: onegamespicshere.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forgoodplay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 03:20:46 GMT
content-type: image/jpeg
content-length: 34009
last-modified: Sun, 18 Aug 2019 21:59:57 GMT
etag: "5d59ca5d-84d9"
expires: Sun, 05 Feb 2023 08:57:12 GMT
cache-control: max-age=86400
cf-cache-status: HIT
age: 325414
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Be8%2BfDNTq6U%2B9zoy5rp4rHCGALDnLDV0zXjNRXpdSzmxA6HERqQ%2BooGUlJea%2BICCEk4nt9L%2BnHB9CDhU8ZifsPGPpGb%2FEFIp1VdZzrAeY29K67Ukio0zX4nc%2BJdhMdas%2BMhRt9xaCQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79613b3bddc0b4f4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.33.119.27200 OK 345 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash ba19e1f14fa3d37fa75dd4483cc8191c
99f4faee3fb411f242ec2f6452900c3880b61ca0
6de2d42999583d28d678339b4043a1e68bcb4bd3cff5ff27ef1bb7443cea5680
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "6DE2D42999583D28D678339B4043A1E68BCB4BD3CFF5FF27EF1BB7443CEA5680"
Last-Modified: Sun, 05 Feb 2023 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8129
Expires: Wed, 08 Feb 2023 05:36:15 GMT
Date: Wed, 08 Feb 2023 03:20:46 GMT
Connection: keep-alive
ocsp.sca1b.amazontrust.com/
54.230.245.110200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.110:0
Hash 162cf16c04c5e61dc5ded18807e1686d
82297027d3933d4324dbdcfadc09521c66d9e6b1
b2d018f4c0c6f21ef882829859ba49af6ccf5cc15f9cf3d13407905f301a0759
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=128470
Date: Wed, 08 Feb 2023 03:20:46 GMT
Etag: "63e25293-1d7"
Expires: Thu, 09 Feb 2023 15:01:56 GMT
Last-Modified: Tue, 07 Feb 2023 13:30:59 GMT
Server: ECS (nyb/1D07)
X-Cache: Miss from cloudfront
Via: 1.1 b2b04ca80b95df6bc86478a1bf96b7cc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: _2cEvP48cl2V9oNmA_HYnmwzhZjKP9c85CGQdydwSC4BYseW_SzpMA==
Age: 5457
simplewebanalysis.com/px.gif?akey=e39a6a46f15b8ccd52813778a058820a
35.156.167.37307 Temporary Redirect 0 B URL HTTP/2 simplewebanalysis.com/px.gif?akey=e39a6a46f15b8ccd52813778a058820a
IP 35.156.167.37:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /px.gif?akey=e39a6a46f15b8ccd52813778a058820a HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forgoodplay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
date: Wed, 08 Feb 2023 03:20:46 GMT
content-type: image/gif
content-length: 0
location: https://professionalswebcheck.com/dbs?uuid=ea406be2-b2b2-40ab-9afa-73ad9d2ffecd&j=eyJhbGciOiJIUzI1NiJ9.eyJhY2FuIjoxLCJhY3VzIjoxLCJhY2kiOnsgIjIzIjoxNjc1ODI2NDQ2fSwiYWNjbCI6eyAiMjAsMSI6MTY3NTgyNjQ0Nn19.X18R8lT1iHDI30cxjKmtcgvxFtbKroiULVLXd5g1ahY
server: nginx/1.17.6
set-cookie: uid_id2=ea406be2-b2b2-40ab-9afa-73ad9d2ffecd:1:1; expires=Sat, 05 Feb 2033 03:20:46 GMT; secure; SameSite=None
ak=23,1675826446; expires=Tue, 09 May 2023 03:20:46 GMT; secure; SameSite=None
acl=20,1,1675826446; expires=Tue, 09 May 2023 03:20:46 GMT; secure; SameSite=None
expires: Wed, 08 Feb 2023 03:20:46 GMT
cache-control: max-age=0, : no-cache
X-Firefox-Spdy: h2
professionalswebcheck.com/dbs?uuid=ea406be2-b2b2-40ab-9afa-73ad9d2ffecd&j=eyJhbGciOiJIUzI1NiJ9.eyJhY2FuIjoxLCJhY3VzIjoxLCJhY2kiOnsgIjIzIjoxNjc1ODI2NDQ2fSwiYWNjbCI6eyAiMjAsMSI6MTY3NTgyNjQ0Nn19.X18R8lT1iHDI30cxjKmtcgvxFtbKroiULVLXd5g1ahY
35.156.167.37200 OK 7 B URL HTTP/2 professionalswebcheck.com/dbs?uuid=ea406be2-b2b2-40ab-9afa-73ad9d2ffecd&j=eyJhbGciOiJIUzI1NiJ9.eyJhY2FuIjoxLCJhY3VzIjoxLCJhY2kiOnsgIjIzIjoxNjc1ODI2NDQ2fSwiYWNjbCI6eyAiMjAsMSI6MTY3NTgyNjQ0Nn19.X18R8lT1iHDI30cxjKmtcgvxFtbKroiULVLXd5g1ahY
IP 35.156.167.37:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
GET /dbs?uuid=ea406be2-b2b2-40ab-9afa-73ad9d2ffecd&j=eyJhbGciOiJIUzI1NiJ9.eyJhY2FuIjoxLCJhY3VzIjoxLCJhY2kiOnsgIjIzIjoxNjc1ODI2NDQ2fSwiYWNjbCI6eyAiMjAsMSI6MTY3NTgyNjQ0Nn19.X18R8lT1iHDI30cxjKmtcgvxFtbKroiULVLXd5g1ahY HTTP/1.1
Host: professionalswebcheck.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://forgoodplay.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 03:20:47 GMT
content-type: image/gif
content-length: 7
server: nginx/1.17.6
set-cookie: uid_id2=ea406be2-b2b2-40ab-9afa-73ad9d2ffecd:1:1; expires=Sat, 05 Feb 2033 03:20:47 GMT; secure; SameSite=None
ak=23,1675826446; expires=Tue, 09 May 2023 03:20:47 GMT; secure; SameSite=None
acl=20,1,1675826446; expires=Tue, 09 May 2023 03:20:47 GMT; secure; SameSite=None
expires: Wed, 08 Feb 2023 03:20:47 GMT
cache-control: max-age=0, : no-cache
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash c0251492cae08969a77cc1f8b4fa25e5
110161e230f81ac3a954dc1d5114c7401c1ecd93
6483e465b117e6af3950e659d8692acc4bb38f60c7dc312ec8c6824ac5f000ba
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4650
Cache-Control: max-age=130872
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 03:20:47 GMT
Etag: "63e25f1d-1d7"
Expires: Thu, 09 Feb 2023 15:41:59 GMT
Last-Modified: Tue, 07 Feb 2023 14:24:29 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash c0251492cae08969a77cc1f8b4fa25e5
110161e230f81ac3a954dc1d5114c7401c1ecd93
6483e465b117e6af3950e659d8692acc4bb38f60c7dc312ec8c6824ac5f000ba
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4650
Cache-Control: max-age=130872
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 03:20:47 GMT
Etag: "63e25f1d-1d7"
Expires: Thu, 09 Feb 2023 15:41:59 GMT
Last-Modified: Tue, 07 Feb 2023 14:24:29 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 4eeb373026320351a8cb6050b33264ae
1d8dfba5ed99b18f571bfd891010dac9e6d2121d
8e63122351ea16d979a30c686a9a12e8ef9bc8683d7f844b1f0dbe39002addb6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8E63122351EA16D979A30C686A9A12E8EF9BC8683D7F844B1F0DBE39002ADDB6"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3594
Expires: Wed, 08 Feb 2023 04:20:41 GMT
Date: Wed, 08 Feb 2023 03:20:47 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 4eeb373026320351a8cb6050b33264ae
1d8dfba5ed99b18f571bfd891010dac9e6d2121d
8e63122351ea16d979a30c686a9a12e8ef9bc8683d7f844b1f0dbe39002addb6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8E63122351EA16D979A30C686A9A12E8EF9BC8683D7F844B1F0DBE39002ADDB6"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3594
Expires: Wed, 08 Feb 2023 04:20:41 GMT
Date: Wed, 08 Feb 2023 03:20:47 GMT
Connection: keep-alive
www.facebook.com/tr?id=1414481212224503&ev=PageView&noscript=1
157.240.221.35200 OK 0 B URL HTTP/2 www.facebook.com/tr?id=1414481212224503&ev=PageView&noscript=1
IP 157.240.221.35:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tr?id=1414481212224503&ev=PageView&noscript=1 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Wed, 08 Feb 2023 03:20:47 GMT
X-Firefox-Spdy: h2
syndication.exoclick.com/tag.php?goal=f84a30695485b0b005f7984d20b6af81
95.211.229.245200 OK 20 B URL HTTP/1.1 syndication.exoclick.com/tag.php?goal=f84a30695485b0b005f7984d20b6af81
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /tag.php?goal=f84a30695485b0b005f7984d20b6af81 HTTP/1.1
Host: syndication.exoclick.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forgoodplay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 03:20:47 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: goals=a%3A1%3A%7Bi%3A83749%3Ba%3A1%3A%7Bs%3A4%3A%22date%22%3Bs%3A10%3A%222023-02-07%22%3B%7D%7D; expires=Thu, 08 Feb 2024 03:20:47 GMT; path=/; domain=.exoclick.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
www.facebook.com/tr?id=794325588036871&ev=PageView&noscript=1
157.240.221.35200 OK 0 B URL HTTP/2 www.facebook.com/tr?id=794325588036871&ev=PageView&noscript=1
IP 157.240.221.35:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tr?id=794325588036871&ev=PageView&noscript=1 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Wed, 08 Feb 2023 03:20:47 GMT
X-Firefox-Spdy: h2
syndication.exoclick.com/tag.php?goal=47dd92b1071a4ea3bd1564629f4b030c
95.211.229.245200 OK 20 B URL HTTP/1.1 syndication.exoclick.com/tag.php?goal=47dd92b1071a4ea3bd1564629f4b030c
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /tag.php?goal=47dd92b1071a4ea3bd1564629f4b030c HTTP/1.1
Host: syndication.exoclick.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forgoodplay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 03:20:47 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: goals=a%3A1%3A%7Bi%3A22614%3Ba%3A1%3A%7Bs%3A4%3A%22date%22%3Bs%3A10%3A%222023-02-07%22%3B%7D%7D; expires=Thu, 08 Feb 2024 03:20:47 GMT; path=/; domain=.exoclick.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.exoclick.com/tag.php?goal=ecd938f748969c750709ba2e8deeba23
95.211.229.245200 OK 20 B URL HTTP/1.1 syndication.exoclick.com/tag.php?goal=ecd938f748969c750709ba2e8deeba23
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /tag.php?goal=ecd938f748969c750709ba2e8deeba23 HTTP/1.1
Host: syndication.exoclick.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forgoodplay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 03:20:47 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: goals=a%3A1%3A%7Bi%3A83751%3Ba%3A1%3A%7Bs%3A4%3A%22date%22%3Bs%3A10%3A%222023-02-07%22%3B%7D%7D; expires=Thu, 08 Feb 2024 03:20:47 GMT; path=/; domain=.exoclick.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
www.facebook.com/tr?id=501600588008038&ev=PageView&noscript=1
157.240.221.35200 OK 0 B URL HTTP/2 www.facebook.com/tr?id=501600588008038&ev=PageView&noscript=1
IP 157.240.221.35:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tr?id=501600588008038&ev=PageView&noscript=1 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Wed, 08 Feb 2023 03:20:47 GMT
X-Firefox-Spdy: h2
syndication.exoclick.com/tag.php?goal=05f747f9753a0b4172a8faf1128a78e1
95.211.229.245200 OK 20 B URL HTTP/1.1 syndication.exoclick.com/tag.php?goal=05f747f9753a0b4172a8faf1128a78e1
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /tag.php?goal=05f747f9753a0b4172a8faf1128a78e1 HTTP/1.1
Host: syndication.exoclick.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forgoodplay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 03:20:47 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: goals=a%3A1%3A%7Bi%3A43686%3Ba%3A1%3A%7Bs%3A4%3A%22date%22%3Bs%3A10%3A%222023-02-07%22%3B%7D%7D; expires=Thu, 08 Feb 2024 03:20:47 GMT; path=/; domain=.exoclick.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash c0251492cae08969a77cc1f8b4fa25e5
110161e230f81ac3a954dc1d5114c7401c1ecd93
6483e465b117e6af3950e659d8692acc4bb38f60c7dc312ec8c6824ac5f000ba
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4650
Cache-Control: max-age=130872
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 03:20:47 GMT
Etag: "63e25f1d-1d7"
Expires: Thu, 09 Feb 2023 15:41:59 GMT
Last-Modified: Tue, 07 Feb 2023 14:24:29 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471
alb.reddit.com/rp.gif?ts=1675826499241&id=t2_a7co1m6o&event=PageVisit&m.itemCount=&m.value=&m.valueDecimal=&m.currency=&m.transactionId=&m.customEventName=&m.products=&uuid=f04b97cb-e0c1-4caf-ac60-7f5e05cd85d2&aaid=&em=&external_id=&idfa=&integration=reddit&opt_out=0&sh=1280&sw=1024&v=rdt_65e23bc4
151.101.193.140200 OK 42 B URL HTTP/2 alb.reddit.com/rp.gif?ts=1675826499241&id=t2_a7co1m6o&event=PageVisit&m.itemCount=&m.value=&m.valueDecimal=&m.currency=&m.transactionId=&m.customEventName=&m.products=&uuid=f04b97cb-e0c1-4caf-ac60-7f5e05cd85d2&aaid=&em=&external_id=&idfa=&integration=reddit&opt_out=0&sh=1280&sw=1024&v=rdt_65e23bc4
IP 151.101.193.140:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /rp.gif?ts=1675826499241&id=t2_a7co1m6o&event=PageVisit&m.itemCount=&m.value=&m.valueDecimal=&m.currency=&m.transactionId=&m.customEventName=&m.products=&uuid=f04b97cb-e0c1-4caf-ac60-7f5e05cd85d2&aaid=&em=&external_id=&idfa=&integration=reddit&opt_out=0&sh=1280&sw=1024&v=rdt_65e23bc4 HTTP/1.1
Host: alb.reddit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forgoodplay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Varnish
retry-after: 0
cross-origin-resource-policy: cross-origin
content-type: image/gif
accept-ranges: bytes
date: Wed, 08 Feb 2023 03:20:47 GMT
via: 1.1 varnish
content-length: 42
X-Firefox-Spdy: h2
syndication.traffichaus.com/adserve/r.php?k=HAT&adv_id=94511&exp=25920000&dh=969205b0247754250d921d8da45875fa&bh=48c011d2648afe0455d203967aa130a5&dom=&cb=1606322079002
66.254.114.233200 OK 95 B URL HTTP/1.1 syndication.traffichaus.com/adserve/r.php?k=HAT&adv_id=94511&exp=25920000&dh=969205b0247754250d921d8da45875fa&bh=48c011d2648afe0455d203967aa130a5&dom=&cb=1606322079002
IP 66.254.114.233:0
File type PNG image data, 1 x 1, 1-bit colormap, non-interlaced\012- data
Hash 71a50dbba44c78128b221b7df7bb51f1
0ec63b140374ba704a58fa0c743cb357683313dd
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
GET /adserve/r.php?k=HAT&adv_id=94511&exp=25920000&dh=969205b0247754250d921d8da45875fa&bh=48c011d2648afe0455d203967aa130a5&dom=&cb=1606322079002 HTTP/1.1
Host: syndication.traffichaus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forgoodplay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
server: nginx
date: Wed, 08 Feb 2023 03:20:47 GMT
content-type: image/png
transfer-encoding: chunked
set-cookie: re_94511_SEFU=eyJ0IjoiSEFUIiwiYSI6Ijk0NTExIiwiZCI6IiIsImRoIjoiOTY5MjA1YjAyNDc3NTQyNTBkOTIxZDhkYTQ1ODc1ZmEiLCJiaCI6IjQ4YzAxMWQyNjQ4YWZlMDQ1NWQyMDM5NjdhYTEzMGE1IiwiaXAiOiI5MS45MC40Mi4xNTQiLCJlIjoxNzAxNzQ2NDQ3fQ%3D%3D; expires=Tue, 05-Dec-2023 03:20:47 GMT; Max-Age=25920000; path=/
RNLBSERVERID=ded5931; path=/
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
x-request-id: 63E3150F-42FE72E901BB09DA-6E003AE
syndication.traffichaus.com/adserve/r.php?k=CAT&adv_id=94511&exp=25920000&dh=969205b0247754250d921d8da45875fa&bh=48c011d2648afe0455d203967aa130a5&dom=&cb=1606322780791
66.254.114.233200 OK 95 B URL HTTP/1.1 syndication.traffichaus.com/adserve/r.php?k=CAT&adv_id=94511&exp=25920000&dh=969205b0247754250d921d8da45875fa&bh=48c011d2648afe0455d203967aa130a5&dom=&cb=1606322780791
IP 66.254.114.233:0
File type PNG image data, 1 x 1, 1-bit colormap, non-interlaced\012- data
Hash 71a50dbba44c78128b221b7df7bb51f1
0ec63b140374ba704a58fa0c743cb357683313dd
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
GET /adserve/r.php?k=CAT&adv_id=94511&exp=25920000&dh=969205b0247754250d921d8da45875fa&bh=48c011d2648afe0455d203967aa130a5&dom=&cb=1606322780791 HTTP/1.1
Host: syndication.traffichaus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forgoodplay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
server: nginx
date: Wed, 08 Feb 2023 03:20:47 GMT
content-type: image/png
transfer-encoding: chunked
set-cookie: re_94511_Q0FU=eyJ0IjoiQ0FUIiwiYSI6Ijk0NTExIiwiZCI6IiIsImRoIjoiOTY5MjA1YjAyNDc3NTQyNTBkOTIxZDhkYTQ1ODc1ZmEiLCJiaCI6IjQ4YzAxMWQyNjQ4YWZlMDQ1NWQyMDM5NjdhYTEzMGE1IiwiaXAiOiI5MS45MC40Mi4xNTQiLCJlIjoxNzAxNzQ2NDQ3fQ%3D%3D; expires=Tue, 05-Dec-2023 03:20:47 GMT; Max-Age=25920000; path=/
RNLBSERVERID=ded5931; path=/
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
x-request-id: 63E3150F-42FE72E901BBA633-718A9E0
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 68273225f74fbf7493f395610d7a73fc
5a8779ef5656aeeba23b365aad60b7901c5dd7fc
c83f285a1f3df0f7ac758a68ee95cc3d2671f80264c2e143cc0561cc574e3f19
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C83F285A1F3DF0F7AC758A68EE95CC3D2671F80264C2E143CC0561CC574E3F19"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6801
Expires: Wed, 08 Feb 2023 05:14:08 GMT
Date: Wed, 08 Feb 2023 03:20:47 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 68273225f74fbf7493f395610d7a73fc
5a8779ef5656aeeba23b365aad60b7901c5dd7fc
c83f285a1f3df0f7ac758a68ee95cc3d2671f80264c2e143cc0561cc574e3f19
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C83F285A1F3DF0F7AC758A68EE95CC3D2671F80264C2E143CC0561CC574E3F19"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6801
Expires: Wed, 08 Feb 2023 05:14:08 GMT
Date: Wed, 08 Feb 2023 03:20:47 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 68273225f74fbf7493f395610d7a73fc
5a8779ef5656aeeba23b365aad60b7901c5dd7fc
c83f285a1f3df0f7ac758a68ee95cc3d2671f80264c2e143cc0561cc574e3f19
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C83F285A1F3DF0F7AC758A68EE95CC3D2671F80264C2E143CC0561CC574E3F19"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6801
Expires: Wed, 08 Feb 2023 05:14:08 GMT
Date: Wed, 08 Feb 2023 03:20:47 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 68273225f74fbf7493f395610d7a73fc
5a8779ef5656aeeba23b365aad60b7901c5dd7fc
c83f285a1f3df0f7ac758a68ee95cc3d2671f80264c2e143cc0561cc574e3f19
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C83F285A1F3DF0F7AC758A68EE95CC3D2671F80264C2E143CC0561CC574E3F19"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6801
Expires: Wed, 08 Feb 2023 05:14:08 GMT
Date: Wed, 08 Feb 2023 03:20:47 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6ac124e-27b8-4818-9240-77708d007004.jpeg
34.120.237.76200 OK 4.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6ac124e-27b8-4818-9240-77708d007004.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 845e4e4051f1162b20d3df5f208e8d3e
076462f67531c60b31ec768a275c96317292306d
40996d8929ab92f342328fc018518d6131c6222b0ec23051775eda276a602026
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6ac124e-27b8-4818-9240-77708d007004.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4168
x-amzn-requestid: 24814225-0063-49fb-86ff-e78869538b3c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_OjQFS_IAMFtLQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c47b-67307c42182089b3096e98b5;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:36:59 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: qLuHdYthPTS7qoVjS783M1Q-RtOluQpKozCi-zABez133FyvgBsBog==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 21:43:37 GMT
age: 20230
etag: "076462f67531c60b31ec768a275c96317292306d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc93fe33d-3033-473c-8315-95eb00ba319e.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc93fe33d-3033-473c-8315-95eb00ba319e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ed10868ea9554510e43f77dfb8c43877
df0d86c2c53bdec7b8935912e42dc7f82f87aa61
751e95e7dd20802cc4e0b6f208bf5559b0b73efd3ca22a9abafd86cf83ab6420
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc93fe33d-3033-473c-8315-95eb00ba319e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12401
x-amzn-requestid: 7bfa8a84-c348-4f55-8e8e-befcdd24f026
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_OjPG-eIAMFccA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c47a-06eedb3c7396825f77360755;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:36:58 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: i1abBvjQY4dXbxTHyy0Wxxn9PCvTO0YkAO8PS8kKA9Zl5TeiUEtErw==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 21:49:59 GMT
age: 19848
etag: "df0d86c2c53bdec7b8935912e42dc7f82f87aa61"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdcf61053-67f6-4767-ad44-fa802c5ef5b4.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdcf61053-67f6-4767-ad44-fa802c5ef5b4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a9c2a9eee923b84d4e06438a8b2acaff
520b122e3ce52220af153fee26bb7067283f9075
9ff4236fdcd05210a9c8bb48ea68179e142b1b05c8b19dd66282590dff69fa22
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdcf61053-67f6-4767-ad44-fa802c5ef5b4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10058
x-amzn-requestid: 94374454-1e89-4c43-895b-0a90f39b851d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_O5vEgcoAMFctg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c50a-0bf11cad4b0818c36188ba91;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:39:22 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: qYXu_I4vL00EOopA1nQcxCTMKf4nObKFk9XQozhw6FezKsfTDem3Mw==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 22:06:35 GMT
etag: "520b122e3ce52220af153fee26bb7067283f9075"
content-type: image/jpeg
age: 18852
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff6de3153-62d2-494b-8acf-6d3ac8adba7d.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff6de3153-62d2-494b-8acf-6d3ac8adba7d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 003fc35e140a75a12b7795c3986426ec
da002b22e2a01f48a545b369d4403eabb17a10d5
bb0754411aa7d0a5036b86b282d0e93d13227765ca9ccaf3a34e8e486cb413d1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff6de3153-62d2-494b-8acf-6d3ac8adba7d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13160
x-amzn-requestid: 34aa6dfe-7f14-48d0-89b2-90548621be79
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fzVxSHh7IAMFjAg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63de033b-49587fff75aebe96136137be;Sampled=0
x-amzn-remapped-date: Sat, 04 Feb 2023 07:03:23 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 81DTnHIh40lNEi6l5hC87Vo9R8k4w79Fr71zibyvGP0iJm4kmhWITA==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 07:45:27 GMT
age: 70520
etag: "da002b22e2a01f48a545b369d4403eabb17a10d5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffcee4072-2c9e-4db4-b200-065a1ef67ace.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffcee4072-2c9e-4db4-b200-065a1ef67ace.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f175de8eebe398f5de2829cd551b3f04
e6da63e9b03289bfded190d999a20da78232437c
b5d1ee4bd6186cbac1e4ac037766c9e453e166b0cfb2e08004cb11b8bb7daa88
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffcee4072-2c9e-4db4-b200-065a1ef67ace.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10202
x-amzn-requestid: 15e6c7ee-acef-4638-9a15-a01864ac74f6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_PEYFZOoAMFzEA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c54f-3681217a71e5b9472b9cdb8a;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:40:31 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: PyOVGtKFSYIU2don5C7_L_pTUxdP_VEAhLZUhtBWo2PZ4kvPqaTg9g==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 21:55:22 GMT
etag: "e6da63e9b03289bfded190d999a20da78232437c"
content-type: image/jpeg
age: 19525
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F06b5f2a3-c53c-4690-b548-2c3d0f556f73.jpeg
34.120.237.76200 OK 8.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F06b5f2a3-c53c-4690-b548-2c3d0f556f73.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 02fde25be5ded120af759d19d8304f73
8d2a4d9ab5947113ce0737d4d4bed3e30a971026
7cdf26668cca22f28eee047d3fcf30cea8d97b1d8804fe2132728f26cd11558d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F06b5f2a3-c53c-4690-b548-2c3d0f556f73.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8629
x-amzn-requestid: cc20d28e-3937-4826-97ef-100fb5dd2645
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_O7LFn3oAMF61A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c514-6e764236604212fa26dab38a;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:39:32 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 0sEMzqETD-gbgXOXb_CJmLjYQmNGMN4-_ggiB7ifbifltHJYsTRRsQ==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 21:52:22 GMT
age: 19705
etag: "8d2a4d9ab5947113ce0737d4d4bed3e30a971026"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
twistconcept.com/index.min.js?pk=e39a6a46f15b8ccd52813778a058820a
104.21.86.46200 OK 0 B URL HTTP/2 twistconcept.com/index.min.js?pk=e39a6a46f15b8ccd52813778a058820a
IP 104.21.86.46:0
GET /index.min.js?pk=e39a6a46f15b8ccd52813778a058820a HTTP/1.1
Host: twistconcept.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forgoodplay.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 03:20:46 GMT
content-type: application/javascript
last-modified: Thu, 07 Apr 2022 08:49:08 GMT
etag: W/"624ea584-28c"
cache-control: max-age=14400
cf-cache-status: HIT
age: 7179
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jcOuFpKE9H3pK3l%2FnWf99BAM3rLkTbZ60DwlCNiRw5He4n1cFjBaisXwkeW9%2BLc4j%2FGs9HY0xacnDyBsG5CrzVNAZmq9T%2BgVIeSajUEX8I9%2BM0n9RyvjevB%2BN0I12sYsgoTL"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79613b3b0a1bb50f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.realsrv.com/video-outstream.js
185.76.9.24200 OK 0 B URL HTTP/2 a.realsrv.com/video-outstream.js
IP 185.76.9.24:0
ASN #60068 Datacamp Limited
GET /video-outstream.js HTTP/1.1
Host: a.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rule34.xxx/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 03:20:45 GMT
content-type: application/javascript
etag: W/"0340be1298a1ece8c30f851e732"
expires: Tue, 07 Feb 2023 14:27:10 GMT
cache-control: max-age=10800
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1675834228
server: CDN77-Turbo
x-77-nzt: AblMCRTVoiT/yQsAAA
x-77-nzt-ray: af5856301cad149a0d15e36344865523
x-cache: HIT
x-age: 3017
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
a.realsrv.com/ad-provider.js
185.76.9.24200 OK 0 B URL HTTP/2 a.realsrv.com/ad-provider.js
IP 185.76.9.24:0
ASN #60068 Datacamp Limited
GET /ad-provider.js HTTP/1.1
Host: a.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rule34.xxx/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 03:20:45 GMT
content-type: application/javascript
etag: W/"399103e4fd49f2a2ded14428d20"
expires: Tue, 07 Feb 2023 14:27:07 GMT
cache-control: max-age=10800
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1675834221
server: CDN77-Turbo
x-77-nzt: AblMCRRYyWj/0AsAAA
x-77-nzt-ray: af5856301cad149a0d15e36394687823
x-cache: HIT
x-age: 3024
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
a.realsrv.com/nativeads-v2.js
185.76.9.24200 OK 0 B URL HTTP/2 a.realsrv.com/nativeads-v2.js
IP 185.76.9.24:0
ASN #60068 Datacamp Limited
GET /nativeads-v2.js HTTP/1.1
Host: a.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rule34.xxx/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 03:20:45 GMT
content-type: application/javascript
etag: W/"1e16d6ff16b145ea5560344a506"
expires: Tue, 07 Feb 2023 14:27:11 GMT
cache-control: max-age=10800
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1675834221
server: CDN77-Turbo
x-77-nzt: AblMCRSEwUb/0AsAAA
x-77-nzt-ray: af5856301cad149a0d15e36390599f23
x-cache: HIT
x-age: 3024
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
twistconcept.com/index.min.js?pk=0f6c6b0d2533be0a124411ed43310cc0
104.21.86.46200 OK 0 B URL HTTP/2 twistconcept.com/index.min.js?pk=0f6c6b0d2533be0a124411ed43310cc0
IP 104.21.86.46:0
GET /index.min.js?pk=0f6c6b0d2533be0a124411ed43310cc0 HTTP/1.1
Host: twistconcept.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forgoodplay.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 03:20:46 GMT
content-type: application/javascript
last-modified: Thu, 07 Apr 2022 08:49:08 GMT
etag: W/"624ea584-28c"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4231
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xm0i9IoiwkBgIJdS4ngDaV%2FUgDB8PAp07EaobCBOvfvrEqAZ%2BLOfRJQ%2FxTQl%2FuvNRi73rSKZSN1MA%2BXtuK1P%2F20rBXfzJdqfpm1mUz7U97XRfEx7jpDJD23jhLFfDJ4GjEoy"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79613b3b0a18b50f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
flixdot.com/zone/23643/?aff=271091
172.64.197.19200 OK 0 B URL HTTP/2 flixdot.com/zone/23643/?aff=271091
IP 172.64.197.19:0
GET /zone/23643/?aff=271091 HTTP/1.1
Host: flixdot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rule34.xxx/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 03:20:46 GMT
content-type: text/html; charset=UTF-8
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-origin: *
access-control-expose-headers: Cache-Control,Content-Language,Content-Type,Expires,Last-Modified,Pragma
cache-control: no-cache, private
vary: Origin, Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EiYWxxnaR6bKR1IIMFwcBngux8BmI9XaUP9viwBcUnxF7hIt2ZbQKC9L8nl88kfc9mzqeM5phWJ0MjotVE8M0oD%2Bm19qvXv1obJp8c3AuFdCAOf%2FGrqv%2BpKw%2B%2FnUEg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79613b38db747731-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2