Report - rule34.xxx/index.php?page=post&s=view&id=6541038

Report Overview

Submitted URL
rule34.xxx/index.php?page=post&s=view&id=6541038
IP
172.67.68.251
ASN
#13335 CLOUDFLARENET
Submitted
2023-02-08 03:20:56
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
2
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606 B	127 B	44.235.159.98
rule34.xxx	49641	2012-06-25T17:36:03Z	2023-03-12T22:00:13Z	477 B	8.5 kB	104.26.1.234
go.xlivrdr.com	unknown	2021-07-02T12:51:24Z	2023-03-13T05:10:21Z	1.7 kB	11 kB	104.18.51.106
simplewebanalysis.com	unknown	2022-02-25T05:06:25Z	2023-03-13T08:33:39Z	422 B	772 B	35.156.167.37
www.facebook.com	99	2012-05-21T02:23:41Z	2021-02-04T00:31:35Z	1.1 kB	1.0 kB	157.240.221.35
a.realsrv.com	10080	2019-07-03T18:12:14Z	2023-03-13T07:46:54Z	1.1 kB	1.5 kB	185.76.9.24
forgoodplay.com	unknown	2022-06-07T03:57:01Z	2023-03-10T09:14:16Z	512 B	2.7 kB	172.67.204.252
my.rtmark.net	9054	2015-02-04T10:54:57Z	2023-03-13T05:11:40Z	427 B	678 B	139.45.195.8
onegamespicshere.com	unknown	2023-01-24T12:45:57Z	2023-03-05T02:24:25Z	430 B	35 kB	104.21.63.123
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	4.1 kB	11 kB	95.101.11.115
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413 B	5.8 kB	34.160.144.191
alb.reddit.com	1521	2017-06-15T07:33:56Z	2023-03-13T05:12:21Z	654 B	276 B	151.101.193.140
flixdot.com	unknown	2020-07-22T08:38:38Z	2023-03-13T08:16:41Z	477 B	866 B	172.64.197.19
syndication.exoclick.com	22750	2012-05-21T10:27:02Z	2023-03-13T06:54:12Z	1.7 kB	1.7 kB	95.211.229.245
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-13T06:00:13Z	2.7 kB	5.2 kB	93.184.220.29
e1.o.lencr.org	6159	2021-08-20T09:36:30Z	2023-03-13T05:21:46Z	676 B	1.5 kB	23.33.119.27
ocsp.sca1b.amazontrust.com	1015	2017-03-03T16:20:51Z	2019-03-27T05:05:54Z	350 B	1.0 kB	54.230.245.110
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-13T05:09:47Z	1.8 kB	3.6 kB	142.250.74.131
tsyndicate.com	13042	2017-03-16T10:04:54Z	2023-03-13T06:54:15Z	860 B	1.3 kB	136.243.46.156
runative-syndicate.com	31587	2019-03-19T13:21:36Z	2023-03-13T08:06:57Z	876 B	1.3 kB	136.243.43.25
www.redditstatic.com	1440	2012-06-30T14:33:28Z	2023-03-13T05:12:21Z	368 B	8.2 kB	151.101.193.140
professionalswebcheck.com	unknown	2022-04-02T00:47:29Z	2023-03-12T16:47:15Z	605 B	508 B	35.156.167.37
syndication.traffichaus.com	53588	2016-11-06T04:07:53Z	2023-03-12T16:47:05Z	1.0 kB	1.4 kB	66.254.114.233
twistconcept.com	unknown	2020-08-23T16:56:06Z	2023-03-12T16:47:15Z	800 B	1.4 kB	104.21.86.46
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	782 B	2.4 kB	35.241.9.150
syndication.realsrv.com	9112	2019-07-03T23:39:52Z	2023-03-13T05:10:53Z	14 kB	21 kB	95.211.229.245
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	3.2 kB	65 kB	34.120.237.76
s3t3d2y8.afcdn.net	unknown	2022-08-09T00:22:56Z	2023-03-13T07:33:58Z	1.7 kB	42 kB	185.76.9.23
cdn.banhq.com	287812	2022-12-04T22:23:38Z	2023-03-13T12:47:23Z	1.2 kB	7.5 kB	54.230.111.56

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-02-08 03:21:37	high	Client IP	Internal IP	ET POLICY DNS Query For XXX Adult Site Top Level Domain
2023-02-08 03:21:37	high	Client IP	Internal IP	ET POLICY DNS Query For XXX Adult Site Top Level Domain

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-02-08	medium	tsyndicate.com/api/v1/retargeting/set/b5e023d7-d6ac-495d-8e3b-e65703a0f52a	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (35)

	URL	Size	First Seen	Last Seen
	rule34.xxx/script/application.js?14	32 kB	2023-03-13	2023-03-23
Pretty URL rule34.xxx/script/application.js?14 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 19:26:02 Last Seen2023-03-23 08:40:09 Times Seen1 Hash b98d93f847a11b7882e550acd09a2c0b bc05cf1838de7eb7611cb1e60ecf2795dfd50bb3 817fe0d96e96cccef7b6ec363fd8b7c83a8bc68f81eb12465bab0a6adf1d5953 Loading...

	rule34.xxx/script/fluidplayer/fluidplayer.js	207 kB	2023-03-13	2023-12-16
Pretty URL rule34.xxx/script/fluidplayer/fluidplayer.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 19:26:02 Last Seen2023-12-16 17:21:08 Times Seen3 Hash 2fd35d23db5057e5753caf199ef2e296 696c2d434033c8eb5772c93dd2056a4d64708b01 ef68e6639da398fdc23b2b5c65a41d2c58e43a69cfcd7b7b51b1493fcefe23d6 Loading...

	rule34.xxx/popunder.js	19 B	2023-03-13	2024-03-16
Pretty URL rule34.xxx/popunder.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 19:26:02 Last Seen2024-03-16 02:18:40 Times Seen11 Hash a85a4be31f36ab739b611dfad4f7b13a 69295a8ed948180c0dc98db7e1106058bc270f26 b56d089507ec0e38d1113f51a6921f73f0bf6a622705ae55c7a7738cef4d3430 Loading...

	rule34.xxx/index.php?page=post&s=view&id=6541038	758 B	2023-03-13	2023-03-13
Pretty URL rule34.xxx/index.php?page=post&s=view&id=6541038 IP 104.26.1.234 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 19:26:02 Last Seen2023-03-13 19:26:02 Times Seen1 Hash 02535129149af37e1eaab5cbedac43e9 e2732c337f696347b08224cf9ca3356826a933f7 d98f75e961c242d9bc32a9740c30e143131559fcde504a6b8c9aede60e598014 Loading...

	rule34.xxx/index.php?page=post&s=view&id=6541038	347 B	2023-03-13	2023-03-13
Pretty URL rule34.xxx/index.php?page=post&s=view&id=6541038 IP 104.26.1.234 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 19:26:02 Last Seen2023-03-13 19:26:02 Times Seen1 Hash 9dd3698a312cf6bdf0e6d523677c20f2 5ea0e4e9146bed057c279a153006847fd9e02fe5 f14b421a3e4e651760addb27ec60289401f19f48f0d40e9d692fdb337fc68f7b Loading...

	rule34.xxx/index.php?page=post&s=view&id=6541038	108 B	2023-03-13	2023-03-13
Pretty URL rule34.xxx/index.php?page=post&s=view&id=6541038 IP 104.26.1.234 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 19:26:02 Last Seen2023-03-13 19:26:02 Times Seen1 Hash fbd07e20da75c8a2328e06674df5dd8f dbd604cfe6828e30ee0ea7658bbd642883e2a90e 4a27e7aa2dda52d6b77270b23bd015ebd8735ea7d924eab1c652397550daa717 Loading...

	rule34.xxx/index.php?page=post&s=view&id=6541038	102 B	2023-03-13	2023-03-13
Pretty URL rule34.xxx/index.php?page=post&s=view&id=6541038 IP 104.26.1.234 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 19:26:02 Last Seen2023-03-13 19:26:02 Times Seen1 Hash 3528c365e2d0e4fe7049e0efcdadfdfc 3abcd3b93d6fe4d1353163cbd469536e72834e94 ba1dd5dfc8f44a38b7892484819074ef2f9a488dc18e177c61b58d5859a29a81 Loading...

	rule34.xxx/index.php?page=post&s=view&id=6541038	134 B	2023-03-07	2024-04-25
Pretty URL rule34.xxx/index.php?page=post&s=view&id=6541038 IP 104.26.1.234 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:10 Last Seen2024-04-25 14:38:44 Times Seen3446 Hash 41eece0da217398b6f4d4ee2f01b6245 72f2098b0520b07dd3c6874646c920a3d367a4e2 62bba8c2295a14bb2d007a3f7f8730fd10cef7348a6474f3f832c99ca6795d35 Loading...

	twistconcept.com/index.min.js?pk=e39a6a46f15b8ccd52813778a058820a	652 B	2023-03-08	2023-08-25
Pretty URL twistconcept.com/index.min.js?pk=e39a6a46f15b8ccd52813778a058820a IP 104.21.86.46 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:21:44 Last Seen2023-08-25 08:03:34 Times Seen61 Hash 01a127c75bfb3af3f7dadcfb76dea285 1574b0cc420485c73fa9262b11c18cc24c1105b3 dd4a94c7375b7ab6958904bdcb765f6900226be76e2068a68007bf5000968b13 Loading...

	forgoodplay.com/iframe/59f0b46754d?iframe&ag_custom_domain=rule34.xxx	375 B	2023-03-07	2023-03-29
Pretty URL forgoodplay.com/iframe/59f0b46754d?iframe&ag_custom_domain=rule34.xxx IP 172.67.204.252 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 17:56:11 Last Seen2023-03-29 22:14:37 Times Seen3 Hash 1ae8b96f47e316da437a30c8838a9c15 314d46ecce666d91cd281944f8a56d6af9d9bc68 aca37bcab247fc6adcf51528fa23bba7e492c6a7ce6521f2b2c015483fafdacb Loading...

	www.redditstatic.com/ads/pixel.js	23 kB	2023-03-13	2023-06-29
Pretty URL www.redditstatic.com/ads/pixel.js IP 151.101.193.140 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 06:44:04 Last Seen2023-06-29 12:58:50 Times Seen3944 Hash 2f8f8ed0aadaeea502f259bea040c3df 083c9973a5d73d2a72f0412ccce717250926ebe8 cda252dc01c656d59193d8d696f26c3e95f10b87711e2413e28362532bae984a Loading...

	unknown	0 B	2023-03-07	2024-04-25
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-25 19:44:27 Times Seen37071690 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	rule34.xxx/index.php?page=post&s=view&id=6541038	231 B	2023-03-13	2023-03-13
Pretty URL rule34.xxx/index.php?page=post&s=view&id=6541038 IP 104.26.1.234 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 19:26:02 Last Seen2023-03-13 19:26:02 Times Seen1 Hash 4a3ac4cf051c089f8060ef2d5e9ecf90 43384c557c58706312f8923281fc268a0bdc1d4e b251d221be934b52e0d12b729076517bde719850e4bd1eada4155792e714981a Loading...

	rule34.xxx/index.php?page=post&s=view&id=6541038	45 B	2023-03-13	2024-01-13
Pretty URL rule34.xxx/index.php?page=post&s=view&id=6541038 IP 104.26.1.234 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 19:26:02 Last Seen2024-01-13 22:00:22 Times Seen4 Hash bffd97adab2afc949a5f9d0431d968b1 1abc2fb9e1153cb94006893d1589aa0bb874d0fd d29813ad05989baef59794748e6463ef18d4ec593f33bec8359ee31bcdcf5193 Loading...

	rule34.xxx/index.php?page=post&s=view&id=6541038	1.1 kB	2023-03-13	2024-01-13
Pretty URL rule34.xxx/index.php?page=post&s=view&id=6541038 IP 104.26.1.234 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 19:26:02 Last Seen2024-01-13 22:00:22 Times Seen4 Hash dd94406320841da731cc64332df020cd 75fe4b767560e40944388059c7ac14cb7b91e158 770eeda1cfb2725345215a01e5f16a2eff7571912cd9aeb01dc9b9cef98f08fc Loading...

	rule34.xxx/index.php?page=post&s=view&id=6541038	431 B	2023-03-13	2023-03-13
Pretty URL rule34.xxx/index.php?page=post&s=view&id=6541038 IP 104.26.1.234 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 19:26:02 Last Seen2023-03-13 19:26:02 Times Seen1 Hash d93121cd825788c99fab3a51877d65a0 9b50ae58d13a18d452703bc5451f0a0a80476920 131978ba41e2b95af2a8630352c928ba74cd4cef2f4124b6ac31d17d847aa788 Loading...

	rule34.xxx/index.php?page=post&s=view&id=6541038	65 B	2023-03-13	2023-03-13
Pretty URL rule34.xxx/index.php?page=post&s=view&id=6541038 IP 104.26.1.234 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 19:26:02 Last Seen2023-03-13 19:26:02 Times Seen1 Hash 913d546c60b7933401158afdfd7e28c6 7cbc476d8052ef1cf5b0d5f7d021b12b682d71aa 77696547771712a3cc4affb721ee7649daf17b43672d480a254c6ed25457cdd7 Loading...

	rule34.xxx/index.php?page=post&s=view&id=6541038	59 B	2023-03-07	2024-04-25
Pretty URL rule34.xxx/index.php?page=post&s=view&id=6541038 IP 104.26.1.234 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:10 Last Seen2024-04-25 14:38:43 Times Seen3627 Hash de7507ad26c6c904109c87dd5dfac288 952cae1ce6ce1e74b010b31b4357424c12a5960c 09f81a5c463b570b389ce0b118a29bf489353d0ae7d47eefee9b9e7b703e0e02 Loading...

	http:blank	620 B	2023-03-13	2023-03-13
Pretty URL http:blank IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 19:26:02 Last Seen2023-03-13 19:26:02 Times Seen1 Hash 85b5492aebcd10565b897b39bc4f60ee 230831a3e564a779ee3c4ba8e3e83472c0a7c53b 59091a0a490a7a3bef4e344db0023aaabf5d2289e4ee778cf7b3e3cf6faa6081 Loading...

	rule34.xxx/index.php?page=post&s=view&id=6541038	315 B	2023-03-10	2024-03-16
Pretty URL rule34.xxx/index.php?page=post&s=view&id=6541038 IP 104.26.1.234 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 13:58:24 Last Seen2024-03-16 02:18:39 Times Seen7 Hash b37dd80ce9e543a6c8db94cce1a62c0e b46d037c45525a2d64e5419bf7c9b6fb638ae536 80987f3f1c30f05393565d331244ca3edc6cad4fee97a81e0fcee855bac1c215 Loading...

	a.realsrv.com/nativeads-v2.js	61 kB	2023-03-13	2023-05-03
Pretty URL a.realsrv.com/nativeads-v2.js IP 185.76.9.24 ASN #60068 Datacamp Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 19:10:59 Last Seen2023-05-03 15:56:34 Times Seen212 Hash 16ac675aca0eca4960f7f430fabef329 1e16d6ff16b145ea5560344a5069decb64cf8bf4 630128fd494a3f222996b1631f5e9b721629e9424deb98a2fb8678ecf3594279 Loading...

	rule34.xxx/index.php?page=post&s=view&id=6541038	183 B	2023-03-13	2023-03-13
Pretty URL rule34.xxx/index.php?page=post&s=view&id=6541038 IP 104.26.1.234 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 19:26:02 Last Seen2023-03-13 19:26:02 Times Seen1 Hash 6c3600fa895a3313434f238e751de5b1 4e0195e43540196d393b431c81909bada8f71e74 fd6a3cdaa22e0551a65d66b36151c26ba702e3d187653b78fe013e0ac4456694 Loading...

	rule34.xxx/index.php?page=post&s=view&id=6541038	542 B	2023-03-07	2023-10-14
Pretty URL rule34.xxx/index.php?page=post&s=view&id=6541038 IP 104.26.1.234 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:29 Last Seen2023-10-14 03:55:58 Times Seen182 Hash 4260fa3e21992d6c606cb1f1bf3d2ff8 1904901f13b59cff253ea6a73deb322b1994c7a3 4d3fa6a2f8132a2fa1cb9cbe462bf817a52d915d24103c06a277b5b394f011c7 Loading...

	a.realsrv.com/video-outstream.js	52 kB	2023-03-13	2023-04-11
Pretty URL a.realsrv.com/video-outstream.js IP 185.76.9.24 ASN #60068 Datacamp Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 14:16:13 Last Seen2023-04-11 12:54:12 Times Seen11 Hash 1684cd62e53be75c83ada928388f54be 0340be1298a1ece8c30f851e732f68efba174e5e bbc4daa2c2e30554ca54b0e589ebfcab51eb29333acf77361f2472058f399403 Loading...

	rule34.xxx/script/awesomplete.min.js?v14	14 kB	2023-03-10	2023-12-16
Pretty URL rule34.xxx/script/awesomplete.min.js?v14 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 13:58:24 Last Seen2023-12-16 17:21:08 Times Seen3 Hash 2fefdb6dcaf08b8c9c924a61fad97bdd 6cde1debf86e180bc2e60dc01ef3cbed645a7fa1 a25e0690fd03582ecd84bf63a8a71a491bb4a2a7ba5c14debd650732afed289e Loading...

	rule34.xxx/index.php?page=post&s=view&id=6541038	384 B	2023-03-13	2024-01-13
Pretty URL rule34.xxx/index.php?page=post&s=view&id=6541038 IP 104.26.1.234 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 19:26:02 Last Seen2024-01-13 22:00:22 Times Seen4 Hash 22b1c2b2302473b390492f33057c4ff5 99498fb7ede101ec3624a2d0f030018072159055 6b20c03ee00161323028e09b59283e9de41826d088107d91beb167424ac0449b Loading...

	rule34.xxx/index.php?page=post&s=view&id=6541038	108 B	2023-03-13	2023-03-13
Pretty URL rule34.xxx/index.php?page=post&s=view&id=6541038 IP 104.26.1.234 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 19:26:02 Last Seen2023-03-13 19:26:02 Times Seen1 Hash c826e48b913374639eec45cf67969464 59071e37b074b74d2152fd253c416d359cc463da 2cf6b5bb746cad82941dc1f4ef27260dbf8df888a2bb908de1d84e05d6022157 Loading...

	rule34.xxx/index.php?page=post&s=view&id=6541038	1.5 kB	2023-03-13	2023-03-13
Pretty URL rule34.xxx/index.php?page=post&s=view&id=6541038 IP 104.26.1.234 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 19:26:02 Last Seen2023-03-13 19:26:02 Times Seen1 Hash fdad091d9b1e5347d45774144d0da633 563d76239f36611ad6e194fab049703cc087e186 d7f407d76b6ac4766cbdaeb2b182cd1209e833d0e3737176298d1e83fb3b3563 Loading...

	rule34.xxx/index.php?page=post&s=view&id=6541038	64 B	2023-03-10	2024-03-16
Pretty URL rule34.xxx/index.php?page=post&s=view&id=6541038 IP 104.26.1.234 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 13:58:24 Last Seen2024-03-16 02:18:39 Times Seen6 Hash 7c2e42cbfa306879b9a2f23c8aadeefe e78aa1651045257d661ddf1116f17b0523a5ec24 feb6f2074b2d719a69915387ee5e4262576cd53a0d4ba293e1dd72aa637565a9 Loading...

	rule34.xxx/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js	1.2 kB	2023-03-07	2024-04-25
Pretty URL rule34.xxx/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-04-25 19:35:30 Times Seen54961 Hash 9e8f56e8e1806253ba01a95cfc3d392c a8af90d7482e1e99d03de6bf88fed2315c5dd728 2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8 Loading...

	rule34.xxx/index.php?page=post&s=view&id=6541038	178 B	2023-03-13	2024-01-13
Pretty URL rule34.xxx/index.php?page=post&s=view&id=6541038 IP 104.26.1.234 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 19:26:02 Last Seen2024-01-13 22:00:22 Times Seen3 Hash 0b80ef8b7da35a4a04dd9fefac136dbf ad2ad0efd56f30bbf9baac3034c3ba046fb01319 77521e9a066d7cc893fc1685f4d17a096e7927de49993f0798465438bf9d9560 Loading...

	rule34.xxx/index.php?page=post&s=view&id=6541038	104 B	2023-03-13	2023-03-13
Pretty URL rule34.xxx/index.php?page=post&s=view&id=6541038 IP 104.26.1.234 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 19:26:02 Last Seen2023-03-13 19:26:02 Times Seen1 Hash 24fb5ab42552732d886a0eeee57fabf2 270384a2fadc06f77d1cfba463e36ec5714e9ae4 5cea29be126de551b70aada6043b24a06f67df62014b7d05976d9f5eed39626e Loading...

	static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993	17 kB	2023-03-08	2024-02-28
Pretty URL static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:25:00 Last Seen2024-02-28 12:44:37 Times Seen1362 Hash 33100f2355611b2375f05486299abf05 0b2d1b75f6695e67b884bee2eb72165d6e881a26 0f48c5678ce459a596423b0e55344e7ad8eb3d3b1b27c54cd76a9d4cee7dd6c3 Loading...

		Size	First Seen	Last Seen
	#1 Write - 29818e20a44ab80ab074de4480af9e87	202 B	2023-03-13	2023-03-13
Pretty Observations First Seen2023-03-13 19:26:02 Last Seen2023-03-13 19:26:02 Times Seen1 Hash 29818e20a44ab80ab074de4480af9e87 fa8efad4361db0bf1dc5920e4bd884b282129159 01518bbe4ff7fdea0445bcbc80971d43969027fef3b89cd2970aebe2bd0ab0a7 Loading...

	#2 Write - 1dbc80f2ca81b94dcbb8f7417e2e748e	310 B	2023-03-13	2023-03-13
Pretty Observations First Seen2023-03-13 19:26:02 Last Seen2023-03-13 19:26:02 Times Seen1 Hash 1dbc80f2ca81b94dcbb8f7417e2e748e 66e95c580e5b2f21955b9347591503d269011e34 d7c5a7cc813131ea382c9dffb078d2906e5d15d34e2f70985b033b869bc676dd Loading...

HTTP Transactions (80)

URL IP Response Size

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b7407cc102d62a5acd5e61f8a79bed36
c2f4890a62454e514962b55b7fc14228339c8e90
be282de92da261128a7c8471f3067466aa9930fd0ab2a2cdda8cd2d6ce2bbd74

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BE282DE92DA261128A7C8471F3067466AA9930FD0AB2A2CDDA8CD2D6CE2BBD74"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12929
Expires: Wed, 08 Feb 2023 06:56:14 GMT
Date: Wed, 08 Feb 2023 03:20:45 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
565c1bbc5c1c40be1988b3bf6fd9dc1a
cfdba5bc597130461dd67bf6cda53183be592493
60ceb36a8329c92fc49a3caf50daf511a38e01eac21a07d7a0a838166bea058d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "60CEB36A8329C92FC49A3CAF50DAF511A38E01EAC21A07D7A0A838166BEA058D"
Last-Modified: Mon, 06 Feb 2023 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16136
Expires: Wed, 08 Feb 2023 07:49:41 GMT
Date: Wed, 08 Feb 2023 03:20:45 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
a0ed7182dd859a4a439844e81832be64
2710c3f8b85ac1899392f04499f466ca4f5e8a0c
9b6f2279616ed47a0043f32f6805062dd3b0afaa776623e3fbab6058abd69318

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5243
Cache-Control: max-age=104467
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 03:20:45 GMT
Etag: "63e1f5a5-118"
Expires: Thu, 09 Feb 2023 08:21:52 GMT
Last-Modified: Tue, 07 Feb 2023 06:54:29 GMT
Server: ECS (amb/6B83)
X-Cache: HIT
Content-Length: 280

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Content-Type, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 08 Feb 2023 02:34:11 GMT
content-type: application/json
age: 2794
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
cc14b0d2f7c451f6431dc87ba54d1d60
bab8bfda6fa3e2f17125353f5147211787dc25d0
b58fe18a5cc8fe5aaf49ba7eadd0ef34692892e68e9c52eb5bb56ea27e1300ad

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B58FE18A5CC8FE5AAF49BA7EADD0EF34692892E68E9C52EB5BB56EA27E1300AD"
Last-Modified: Mon, 06 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4297
Expires: Wed, 08 Feb 2023 04:32:22 GMT
Date: Wed, 08 Feb 2023 03:20:45 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
e76071a28ee566dababb3834f46d68ed
aebb4e68c1ba2de0f90025283e8ed8470944fde0
78b6df2627172e5b35476bc31020f02898cdc412aaf4337af2c3b049a60912b6

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: 9AxGVvTiRZgQtT88PqPOBcxDT8UYbdiRWmVpRx5sdz977lwex0BHQ1tMs+jJXwbnt/vMRd3ghGQ=
x-amz-request-id: KKSZYC82EJMYEC3Y
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 08 Feb 2023 02:45:48 GMT
age: 2097
last-modified: Sun, 29 Jan 2023 18:44:47 GMT
etag: "e76071a28ee566dababb3834f46d68ed"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

rule34.xxx/index.php?page=post&s=view&id=6541038

104.26.1.234

200 OK

7.8 kB

URL HTTP/2
rule34.xxx/index.php?page=post&s=view&id=6541038
IP
104.26.1.234:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (1860)
Size
7.8 kB (7802 bytes)
Hash
bffdf0a098c4fe7980d4f2eb3c2768c2
e6c8bf13948270d9c18f17acdba7ea6db110f3ef
6dd6ba16017a91d9b63b6ecace7b64240c780a14127d5207e5bd2c45b4984304

HTTP Headers

GET /index.php?page=post&s=view&id=6541038 HTTP/1.1
Host: rule34.xxx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
date: Wed, 08 Feb 2023 03:20:45 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: store, cache
pragma: cache
strict-transport-security: max-age=3600
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Bv2mLQpjjT1XCPY9XFwh5w475EbTmqQx3P7gozTSMTHho206hzvAHluwz2HuWBXtPD%2FC5L4DRmZXeH1AlHhNXTYXnMdVY%2BC9i9Cuoh8IPrjc0bGiBelpC6tEiiM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79613b332942b4fd-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 03:20:45 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

278 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
278 B (278 bytes)
Hash
d7a2174e9eb839cc9becafab77033aeb
dea29d6fd99e5cbc436ed03966985caba7ddde2c
1237c0a92e395ef5756811165b029958c8fc0a98a14ff019d8d67c952337b4b4

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2037
Cache-Control: max-age=100550
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 03:20:45 GMT
Etag: "63e1f2de-116"
Expires: Thu, 09 Feb 2023 07:16:35 GMT
Last-Modified: Tue, 07 Feb 2023 06:42:38 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 278

syndication.realsrv.com/splash.php?idzone=4171012&cookieconsent=true&tags=null

95.211.229.245

200 OK

2.6 kB

URL HTTP/1.1
syndication.realsrv.com/splash.php?idzone=4171012&cookieconsent=true&tags=null
IP
95.211.229.245:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
XML 1.0 document text\012- XML document, ASCII text, with very long lines (1522)
Size
2.6 kB (2562 bytes)
Hash
28426bd9c12243301e1b10d321d927f0
cb28de39ca58491d49c16b816268e5659e0746ad
85a6546a26bc05afb5161d115f5f16bed6233e4d1076978f0131e35f2f0fe393

HTTP Headers

GET /splash.php?idzone=4171012&cookieconsent=true&tags=null HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://rule34.xxx
Connection: keep-alive
Referer: https://rule34.xxx/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 03:20:45 GMT
Content-Type: text/xml;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263e3150dbae695.925939991388420783%22%3B%7D; expires=Fri, 07 Feb 2025 03:20:45 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-video%22%3A%22v3%7C%7CNOR%7C4171012%7C59504696%7C0%7C%7C110%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C%7C0%7Crule34.xxx%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Thu, 09 Feb 2023 03:20:45 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
Cache-Control: no-store
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: https://rule34.xxx
Access-Control-Allow-Credentials: true
X-Robots-Tag: noindex, follow
Content-Encoding: gzip

syndication.realsrv.com/splash.php?native-settings=1&idzone=2899644&cookieconsent=true&&p=https%3A%2F%2Frule34.xxx%2Findex.php%3Fpage%3Dpost%26s%3Dview%26id%3D6541038

95.211.229.245

200 OK

3.0 kB

URL HTTP/1.1
syndication.realsrv.com/splash.php?native-settings=1&idzone=2899644&cookieconsent=true&&p=https%3A%2F%2Frule34.xxx%2Findex.php%3Fpage%3Dpost%26s%3Dview%26id%3D6541038
IP
95.211.229.245:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
JSON data\012- , ASCII text, with very long lines (5852), with no line terminators
Size
3.0 kB (3034 bytes)
Hash
e08965138450d6a58f73b5c0e16cdfb4
b8699a308968dba6832fb2688d1068215f3045eb
3d5ac980ee77e496ba7214b9dc3d60637d7f8b5a96b28fb8fbfa261cc8aa500c

HTTP Headers

GET /splash.php?native-settings=1&idzone=2899644&cookieconsent=true&&p=https%3A%2F%2Frule34.xxx%2Findex.php%3Fpage%3Dpost%26s%3Dview%26id%3D6541038 HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://rule34.xxx
Connection: keep-alive
Referer: https://rule34.xxx/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 03:20:45 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://rule34.xxx
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%2263e3150db54437.67507678321662306%22%3B%7D; expires=Fri, 07 Feb 2025 03:20:45 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
impressions=oslmrxbrnxgxamrrlbbcegeicxbmsbcenxgxamrbelsllgeimmccrbebnxgxamcbexxbmgeioslmrxbmnxgxamrroelrxgeicxbmsbocnxgxamrroelrxgeimmccrlaonxgxamrcremlrgeimmccrlacnxgxamcmlarclgeicxbmsboenxgxamrmlxslxgeioslmrxlrnxgxamslescrogeimmccrbxenxgxamrescroogeislsaroornxgxamccolacbgeioslmroemnxgxamrrobxcageioslmrxlsnxgxamraobrssgeicmmsxrbonxgxamsoeamlmgeimmccrlaenxgxamrsxxxmrgeimmccrbeanxgxamcssabxegeicaocmrmanxgxamolcrcergeimcclsxronxgxamsscrmclgeimcclsxmenxgxamrceerargeialbserebnxgxamccrrssogeimcclsxaonxgxamsxsxllxgeicxbmsbxcnxgxamrmrxesegeimrblxebenxgxamselmborgeimcclsxconxgxamrcraoxsgeirbabxabbnxgxamrescroogeimcclsxacnxgxamsscrmclgeicmmsxaeenxgxamcmrmsrmgeialbsereanxgxamsoeabscgeicaxsscmbnxgxamsosomemgeimcclosconxgxamrrlbbcegeimcclsoeonxgxamrcraoxsgeimcclsxlcnxgxamrrxsoaageimcclossbnxgxamcscxaesgeimcclsxscnxgxamsmoooeegeimcclsxlenxgxamcbrorxbgeimaecseaenxgxamrcremlrgeimaecsxcbnxgxamsmoooeegeimcclsxoanxgxamclrbcelgeimcclsxlbnxgxamcrbalrageimccloscanxgxamrrobxcageiclsmrbsonxgxamsmmrbmbgeiclsmarsenxgxamsmmrbmbgeiccmmllebnxgxamclarlmmgeimcclsxsbnxgxamrroelrxgeiclsmrbxonxgxamsbebceegeiclsmrbxcnxgxamsbebceegeiclsmarscnxgxamsbebceegeiccmmlmlcnxgxamsbebceegeiclsmarrenxgxamsbebceegeicaormbaonxgxamsbxxbsrgeicaormlrenxgxamcememscgeimcclsxlonxgxamcsmlmxcgeimrblelronxgxamsbremaegeimaecsxobnxgxamsbremaegeiclsmrbrcnxgxamsbroemmgeiclsmrraanxgxamclsslaegeiclsmrmxbnxgxamsbroemmgeimccloscenxgxamrcraoxsgeimcclsxxonxgxamslescrogeimrblelxbnxgxamslescrogeimcclsoeenxgxamclrbcelgeimrblelmonxgxamcxcrasxgeimrbleloenxgxamcxcrasxgeiclsmrrmanxgxamcxabcxbgeiclsmrbeonxgxamcxabcxbgeiclsmrrcenxgxamcxabcxbgeiclsmrmxanxgxamcxabcxbgeiclsmrbxenxgxamcxabcxbgeiclsmaroonxgxamcxabcxbgeialbserxenxgxamcosraregeimcclsxsenxgxamrcraoxsgeimcclsxlanxgxamcblrlbcgeiccmmlleanxgxamccrrssogeicaormlabnxgxamcrllsmageicaormlconxgxamcrllsmageiclsmarsonxgxamclsslaegeiclsmrmlbnxgxamclsslaegeiclsmrmocnxgxamclsslaegeiccmmllecnxgxamclsslaegeimcclsxcanxgxamrceerscgeimrblelcenxgxamclrbcelgeimaecsxrcnxgxamclrbcelgeialbserxonxgxamclarlmmgeimcclosscnxgxamrceerscgeimaecobronxgxamrescroogeimaecobeenxgxamrescroogeimcclosccnxgxamrmlxslxgeimaecoboonxgxamrescroogeimrblxelenxgxamrescroogeimaecsxccnxgxamrcremlrgeimlxbaxlonxgxamrcraoxsgeimlxbaxbanxgxamrmlxslxgeimlxbaxbonxgxamrbelsllgeimlxbaxlanxgxamrmaleclgeimlxbaxlcnxgxamraobrssgeimlxbaxbcnxgxamrrrsbaageimlxbaxlenxgxamrrlbbcegeimbclraronogxamrmcomragxcceimemlxmcbnxgxamrmcobrogxcceixbblrmlanxgxamrmcslrrgxcceimclsaoxbnsgxamrmcrebbgxcceixaoossalnxgxamrmcbxragxcceiraclralcnxgxamrmcbrcagxcceimaoobbebnxgxamrmcbbamgxcceixaoosscrnxgxamrmclcsmgxcceimeembecenxgxamrmclcsmgxcceimeembescnxgxamrmclcsmgxcceimxlbmosonxgxamrmrxesegxcceimcssmlrcnxgxamrmrxesegxcceimlxoblabnxgxamrmrxesegxcceialaroxrcnxgxamrmrxesmgxcceimmraexxanxgxamrmaeacegxcceimmraexoenxgxamrmaeacegxcceimeembesonxgxamrmaeacegxcceimloablcenxgxamrmaaeblgxcceimsacexoonxgxamrmaleclgxcceimxlbmxlcnsgxamrmaleclgxcceimxeoxsacnsgxamrmaleclgxcceimaxecolenogxamrmbsxcbgxcceimaooloranxgxamrmlcbregxcceimrxccoscnxgxamrmlcbregxcceimmlamcecnxgxamrbxsoblgxcceimaoolcoonxgxamrboxomrgxcceimbmmcllonxgxamrborslbgxcceimbmlsebbnxgxamrborslbgxcceimbroosxcnxgxamrboaccrgxcceimxlbmxlonxgxamrboaccrgxcceimboslabcnxgxamrboaccrgxcce; expires=Thu, 09 Feb 2023 03:20:45 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C2899644%7C78522314%7C100644%7C%7C110%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C348043c87b8c9041f32d0943d558def4%7C0%7Crule34.xxx%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Thu, 09 Feb 2023 03:20:45 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C2899644%7C71987192%7C100644%7C%7C110%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C348043c87b8c9041f32d0943d558def4%7C0%7Crule34.xxx%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Thu, 09 Feb 2023 03:20:45 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C2899644%7C78239684%7C0%7C%7C110%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C348043c87b8c9041f32d0943d558def4%7C0%7Crule34.xxx%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Thu, 09 Feb 2023 03:20:45 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip

syndication.realsrv.com/v1/api.php

95.211.229.245

200 OK

7.3 kB

URL HTTP/1.1
syndication.realsrv.com/v1/api.php
IP
95.211.229.245:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
data
Size
7.3 kB (7310 bytes)
Hash
440d91c11fc5a8de24ca33618dabc74d
ea2c794c42a165c2cd7d6b3a87d7bd2d65883ada
da0f5c0cbf78d8d9fc15ce7cbcf2ee9ab243d37065004a7a2f2e5301f5ec78cf

HTTP Headers

POST /v1/api.php HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 384
Origin: https://rule34.xxx
Connection: keep-alive
Referer: https://rule34.xxx/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 03:20:45 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://rule34.xxx
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263e3150db60a02.983133122975154393%22%3B%7D; expires=Fri, 07-Feb-2025 03:20:45 GMT; Max-Age=63072000; path=/; domain=realsrv.com; secure; SameSite=None
X-Robots-Tag: noindex, follow
Content-Encoding: gzip

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
190dd976f4818ae55bd94f26e00ec88f
341505cba528c559f529ea980027e1a41cd9de28
b435b0146a41fcb99f974c201f5f867752a4552aa2209e8201daa02bfd8abfaa

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5935
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 03:20:46 GMT
Last-Modified: Wed, 08 Feb 2023 01:41:51 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 279

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Content-Type, Expires, Pragma, Retry-After, Last-Modified, ETag, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 08 Feb 2023 03:14:52 GMT
age: 354
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA01OS2oDUQy7Si+Qwd9nO+t220JKDtB5k6xKFy2BKejwfTOBEmth2ciShUQPJAeKJ5Gj0NEcxVPRZDKxG17fTjDG9+3zojat6wouFRakpymYM52GIqiqjZHAzcXEESURpQ1GUNCAuJptbCJqxm2IMvFyPuH8/jy2xSVgCJRolWHLezxCYIPTupmoJZn2jDl7kfFVZaEyXdxzuVx34eO7dMck1e7m9I8D720UYWcfP79fHXiQmDWN2Jjvpww22xoiFrPuMfI9e599Kc8WqXO29M5/mRzMgFoBAAA=

95.211.229.245

200 OK

20 B

URL HTTP/1.1
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA01OS2oDUQy7Si+Qwd9nO+t220JKDtB5k6xKFy2BKejwfTOBEmth2ciShUQPJAeKJ5Gj0NEcxVPRZDKxG17fTjDG9+3zojat6wouFRakpymYM52GIqiqjZHAzcXEESURpQ1GUNCAuJptbCJqxm2IMvFyPuH8/jy2xSVgCJRolWHLezxCYIPTupmoJZn2jDl7kfFVZaEyXdxzuVx34eO7dMck1e7m9I8D720UYWcfP79fHXiQmDWN2Jjvpww22xoiFrPuMfI9e599Kc8WqXO29M5/mRzMgFoBAAA=
IP
95.211.229.245:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
data
Size
20 B (20 bytes)
Hash
a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf

HTTP Headers

GET /cimp.php?t=api&data=H4sIAAAAAAAAA01OS2oDUQy7Si+Qwd9nO+t220JKDtB5k6xKFy2BKejwfTOBEmth2ciShUQPJAeKJ5Gj0NEcxVPRZDKxG17fTjDG9+3zojat6wouFRakpymYM52GIqiqjZHAzcXEESURpQ1GUNCAuJptbCJqxm2IMvFyPuH8/jy2xSVgCJRolWHLezxCYIPTupmoJZn2jDl7kfFVZaEyXdxzuVx34eO7dMck1e7m9I8D720UYWcfP79fHXiQmDWN2Jjvpww22xoiFrPuMfI9e599Kc8WqXO29M5/mRzMgFoBAAA= HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://rule34.xxx
Connection: keep-alive
Referer: https://rule34.xxx/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263e3150db60a02.983133122975154393%22%3B%7D; c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C2899644%7C78239684%7C0%7C%7C110%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C348043c87b8c9041f32d0943d558def4%7C0%7Crule34.xxx%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; impressions=oslmrxbrnxgxamrrlbbcegeicxbmsbcenxgxamrbelsllgeimmccrbebnxgxamcbexxbmgeioslmrxbmnxgxamrroelrxgeicxbmsbocnxgxamrroelrxgeimmccrlaonxgxamrcremlrgeimmccrlacnxgxamcmlarclgeicxbmsboenxgxamrmlxslxgeioslmrxlrnxgxamslescrogeimmccrbxenxgxamrescroogeislsaroornxgxamccolacbgeioslmroemnxgxamrrobxcageioslmrxlsnxgxamraobrssgeicmmsxrbonxgxamsoeamlmgeimmccrlaenxgxamrsxxxmrgeimmccrbeanxgxamcssabxegeicaocmrmanxgxamolcrcergeimcclsxronxgxamsscrmclgeimcclsxmenxgxamrceerargeialbserebnxgxamccrrssogeimcclsxaonxgxamsxsxllxgeicxbmsbxcnxgxamrmrxesegeimrblxebenxgxamselmborgeimcclsxconxgxamrcraoxsgeirbabxabbnxgxamrescroogeimcclsxacnxgxamsscrmclgeicmmsxaeenxgxamcmrmsrmgeialbsereanxgxamsoeabscgeicaxsscmbnxgxamsosomemgeimcclosconxgxamrrlbbcegeimcclsoeonxgxamrcraoxsgeimcclsxlcnxgxamrrxsoaageimcclossbnxgxamcscxaesgeimcclsxscnxgxamsmoooeegeimcclsxlenxgxamcbrorxbgeimaecseaenxgxamrcremlrgeimaecsxcbnxgxamsmoooeegeimcclsxoanxgxamclrbcelgeimcclsxlbnxgxamcrbalrageimccloscanxgxamrrobxcageiclsmrbsonxgxamsmmrbmbgeiclsmarsenxgxamsmmrbmbgeiccmmllebnxgxamclarlmmgeimcclsxsbnxgxamrroelrxgeiclsmrbxonxgxamsbebceegeiclsmrbxcnxgxamsbebceegeiclsmarscnxgxamsbebceegeiccmmlmlcnxgxamsbebceegeiclsmarrenxgxamsbebceegeicaormbaonxgxamsbxxbsrgeicaormlrenxgxamcememscgeimcclsxlonxgxamcsmlmxcgeimrblelronxgxamsbremaegeimaecsxobnxgxamsbremaegeiclsmrbrcnxgxamsbroemmgeiclsmrraanxgxamclsslaegeiclsmrmxbnxgxamsbroemmgeimccloscenxgxamrcraoxsgeimcclsxxonxgxamslescrogeimrblelxbnxgxamslescrogeimcclsoeenxgxamclrbcelgeimrblelmonxgxamcxcrasxgeimrbleloenxgxamcxcrasxgeiclsmrrmanxgxamcxabcxbgeiclsmrbeonxgxamcxabcxbgeiclsmrrcenxgxamcxabcxbgeiclsmrmxanxgxamcxabcxbgeiclsmrbxenxgxamcxabcxbgeiclsmaroonxgxamcxabcxbgeialbserxenxgxamcosraregeimcclsxsenxgxamrcraoxsgeimcclsxlanxgxamcblrlbcgeiccmmlleanxgxamccrrssogeicaormlabnxgxamcrllsmageicaormlconxgxamcrllsmageiclsmarsonxgxamclsslaegeiclsmrmlbnxgxamclsslaegeiclsmrmocnxgxamclsslaegeiccmmllecnxgxamclsslaegeimcclsxcanxgxamrceerscgeimrblelcenxgxamclrbcelgeimaecsxrcnxgxamclrbcelgeialbserxonxgxamclarlmmgeimcclosscnxgxamrceerscgeimaecobronxgxamrescroogeimaecobeenxgxamrescroogeimcclosccnxgxamrmlxslxgeimaecoboonxgxamrescroogeimrblxelenxgxamrescroogeimaecsxccnxgxamrcremlrgeimlxbaxlonxgxamrcraoxsgeimlxbaxbanxgxamrmlxslxgeimlxbaxbonxgxamrbelsllgeimlxbaxlanxgxamrmaleclgeimlxbaxlcnxgxamraobrssgeimlxbaxbcnxgxamrrrsbaageimlxbaxlenxgxamrrlbbcegeimbclraronogxamrmcomragxcceimemlxmcbnxgxamrmcobrogxcceixbblrmlanxgxamrmcslrrgxcceimclsaoxbnsgxamrmcrebbgxcceixaoossalnxgxamrmcbxragxcceiraclralcnxgxamrmcbrcagxcceimaoobbebnxgxamrmcbbamgxcceixaoosscrnxgxamrmclcsmgxcceimeembecenxgxamrmclcsmgxcceimeembescnxgxamrmclcsmgxcceimxlbmosonxgxamrmrxesegxcceimcssmlrcnxgxamrmrxesegxcceimlxoblabnxgxamrmrxesegxcceialaroxrcnxgxamrmrxesmgxcceimmraexxanxgxamrmaeacegxcceimmraexoenxgxamrmaeacegxcceimeembesonxgxamrmaeacegxcceimloablcenxgxamrmaaeblgxcceimsacexoonxgxamrmaleclgxcceimxlbmxlcnsgxamrmaleclgxcceimxeoxsacnsgxamrmaleclgxcceimaxecolenogxamrmbsxcbgxcceimaooloranxgxamrmlcbregxcceimrxccoscnxgxamrmlcbregxcceimmlamcecnxgxamrbxsoblgxcceimaoolcoonxgxamrboxomrgxcceimbmmcllonxgxamrborslbgxcceimbmlsebbnxgxamrborslbgxcceimbroosxcnxgxamrboaccrgxcceimxlbmxlonxgxamrboaccrgxcceimboslabcnxgxamrboaccrgxcce
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 03:20:46 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://rule34.xxx
Access-Control-Allow-Credentials: true
Set-Cookie: __upt=%7B%22v%22%3A1%2C%22id%22%3A%220%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22110.0199%22%7D; expires=Fri, 07 Feb 2025 03:20:46 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip

syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA01Oy0oEQQz8FX9gmsqju9N71qvCyn7APE/iQRFGqI+3Z4RlU4dUQlUlCrUBOqA+qV4UF89skhqSa5LsfH270oVfPx+redr3nYKqEowcbhSJyOiKita0j52HmoqzolZFKXTQiA7N5n6wBEhhBF9uV97en/umyWGn0oBde6Scp1mVxx77EWAecJujTjE3uGymC5rbknMs6+aH8PFV/COp53aG445BztYLPNn4/fs5kw+SA/luEnIr62S2lrUVxShYxs3Dkac2FluK/wEaRzTkTQEAAA==

95.211.229.245

200 OK

20 B

URL HTTP/1.1
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA01Oy0oEQQz8FX9gmsqju9N71qvCyn7APE/iQRFGqI+3Z4RlU4dUQlUlCrUBOqA+qV4UF89skhqSa5LsfH270oVfPx+redr3nYKqEowcbhSJyOiKita0j52HmoqzolZFKXTQiA7N5n6wBEhhBF9uV97en/umyWGn0oBde6Scp1mVxx77EWAecJujTjE3uGymC5rbknMs6+aH8PFV/COp53aG445BztYLPNn4/fs5kw+SA/luEnIr62S2lrUVxShYxs3Dkac2FluK/wEaRzTkTQEAAA==
IP
95.211.229.245:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
data
Size
20 B (20 bytes)
Hash
a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf

HTTP Headers

GET /cimp.php?t=api&data=H4sIAAAAAAAAA01Oy0oEQQz8FX9gmsqju9N71qvCyn7APE/iQRFGqI+3Z4RlU4dUQlUlCrUBOqA+qV4UF89skhqSa5LsfH270oVfPx+redr3nYKqEowcbhSJyOiKita0j52HmoqzolZFKXTQiA7N5n6wBEhhBF9uV97en/umyWGn0oBde6Scp1mVxx77EWAecJujTjE3uGymC5rbknMs6+aH8PFV/COp53aG445BztYLPNn4/fs5kw+SA/luEnIr62S2lrUVxShYxs3Dkac2FluK/wEaRzTkTQEAAA== HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://rule34.xxx
Connection: keep-alive
Referer: https://rule34.xxx/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263e3150db60a02.983133122975154393%22%3B%7D; c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C2899644%7C78239684%7C0%7C%7C110%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C348043c87b8c9041f32d0943d558def4%7C0%7Crule34.xxx%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; impressions=oslmrxbrnxgxamrrlbbcegeicxbmsbcenxgxamrbelsllgeimmccrbebnxgxamcbexxbmgeioslmrxbmnxgxamrroelrxgeicxbmsbocnxgxamrroelrxgeimmccrlaonxgxamrcremlrgeimmccrlacnxgxamcmlarclgeicxbmsboenxgxamrmlxslxgeioslmrxlrnxgxamslescrogeimmccrbxenxgxamrescroogeislsaroornxgxamccolacbgeioslmroemnxgxamrrobxcageioslmrxlsnxgxamraobrssgeicmmsxrbonxgxamsoeamlmgeimmccrlaenxgxamrsxxxmrgeimmccrbeanxgxamcssabxegeicaocmrmanxgxamolcrcergeimcclsxronxgxamsscrmclgeimcclsxmenxgxamrceerargeialbserebnxgxamccrrssogeimcclsxaonxgxamsxsxllxgeicxbmsbxcnxgxamrmrxesegeimrblxebenxgxamselmborgeimcclsxconxgxamrcraoxsgeirbabxabbnxgxamrescroogeimcclsxacnxgxamsscrmclgeicmmsxaeenxgxamcmrmsrmgeialbsereanxgxamsoeabscgeicaxsscmbnxgxamsosomemgeimcclosconxgxamrrlbbcegeimcclsoeonxgxamrcraoxsgeimcclsxlcnxgxamrrxsoaageimcclossbnxgxamcscxaesgeimcclsxscnxgxamsmoooeegeimcclsxlenxgxamcbrorxbgeimaecseaenxgxamrcremlrgeimaecsxcbnxgxamsmoooeegeimcclsxoanxgxamclrbcelgeimcclsxlbnxgxamcrbalrageimccloscanxgxamrrobxcageiclsmrbsonxgxamsmmrbmbgeiclsmarsenxgxamsmmrbmbgeiccmmllebnxgxamclarlmmgeimcclsxsbnxgxamrroelrxgeiclsmrbxonxgxamsbebceegeiclsmrbxcnxgxamsbebceegeiclsmarscnxgxamsbebceegeiccmmlmlcnxgxamsbebceegeiclsmarrenxgxamsbebceegeicaormbaonxgxamsbxxbsrgeicaormlrenxgxamcememscgeimcclsxlonxgxamcsmlmxcgeimrblelronxgxamsbremaegeimaecsxobnxgxamsbremaegeiclsmrbrcnxgxamsbroemmgeiclsmrraanxgxamclsslaegeiclsmrmxbnxgxamsbroemmgeimccloscenxgxamrcraoxsgeimcclsxxonxgxamslescrogeimrblelxbnxgxamslescrogeimcclsoeenxgxamclrbcelgeimrblelmonxgxamcxcrasxgeimrbleloenxgxamcxcrasxgeiclsmrrmanxgxamcxabcxbgeiclsmrbeonxgxamcxabcxbgeiclsmrrcenxgxamcxabcxbgeiclsmrmxanxgxamcxabcxbgeiclsmrbxenxgxamcxabcxbgeiclsmaroonxgxamcxabcxbgeialbserxenxgxamcosraregeimcclsxsenxgxamrcraoxsgeimcclsxlanxgxamcblrlbcgeiccmmlleanxgxamccrrssogeicaormlabnxgxamcrllsmageicaormlconxgxamcrllsmageiclsmarsonxgxamclsslaegeiclsmrmlbnxgxamclsslaegeiclsmrmocnxgxamclsslaegeiccmmllecnxgxamclsslaegeimcclsxcanxgxamrceerscgeimrblelcenxgxamclrbcelgeimaecsxrcnxgxamclrbcelgeialbserxonxgxamclarlmmgeimcclosscnxgxamrceerscgeimaecobronxgxamrescroogeimaecobeenxgxamrescroogeimcclosccnxgxamrmlxslxgeimaecoboonxgxamrescroogeimrblxelenxgxamrescroogeimaecsxccnxgxamrcremlrgeimlxbaxlonxgxamrcraoxsgeimlxbaxbanxgxamrmlxslxgeimlxbaxbonxgxamrbelsllgeimlxbaxlanxgxamrmaleclgeimlxbaxlcnxgxamraobrssgeimlxbaxbcnxgxamrrrsbaageimlxbaxlenxgxamrrlbbcegeimbclraronogxamrmcomragxcceimemlxmcbnxgxamrmcobrogxcceixbblrmlanxgxamrmcslrrgxcceimclsaoxbnsgxamrmcrebbgxcceixaoossalnxgxamrmcbxragxcceiraclralcnxgxamrmcbrcagxcceimaoobbebnxgxamrmcbbamgxcceixaoosscrnxgxamrmclcsmgxcceimeembecenxgxamrmclcsmgxcceimeembescnxgxamrmclcsmgxcceimxlbmosonxgxamrmrxesegxcceimcssmlrcnxgxamrmrxesegxcceimlxoblabnxgxamrmrxesegxcceialaroxrcnxgxamrmrxesmgxcceimmraexxanxgxamrmaeacegxcceimmraexoenxgxamrmaeacegxcceimeembesonxgxamrmaeacegxcceimloablcenxgxamrmaaeblgxcceimsacexoonxgxamrmaleclgxcceimxlbmxlcnsgxamrmaleclgxcceimxeoxsacnsgxamrmaleclgxcceimaxecolenogxamrmbsxcbgxcceimaooloranxgxamrmlcbregxcceimrxccoscnxgxamrmlcbregxcceimmlamcecnxgxamrbxsoblgxcceimaoolcoonxgxamrboxomrgxcceimbmmcllonxgxamrborslbgxcceimbmlsebbnxgxamrborslbgxcceimbroosxcnxgxamrboaccrgxcceimxlbmxlonxgxamrboaccrgxcceimboslabcnxgxamrboaccrgxcce
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 03:20:46 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://rule34.xxx
Access-Control-Allow-Credentials: true
Set-Cookie: __upt=%7B%22v%22%3A1%2C%22id%22%3A%220%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22110.0199%22%7D; expires=Fri, 07 Feb 2025 03:20:46 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip

go.xlivrdr.com/smartpop/165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&memberId=ooc4ASOpmsmlmndVdVLTXdW6VzpppXUzOodTK6V0rpXT1UU0uldK6V0zpXSuldK6Z0rpXTOc6VxD_b0UxqUpznSuldK6V0rpXSuldK4PsA--&sourceId=4171012&p1=4581850&skipOffset=00:00:05

104.18.51.106

302 Found

8.4 kB

URL HTTP/2
go.xlivrdr.com/smartpop/165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&memberId=ooc4ASOpmsmlmndVdVLTXdW6VzpppXUzOodTK6V0rpXT1UU0uldK6V0zpXSuldK6Z0rpXTOc6VxD_b0UxqUpznSuldK6V0rpXSuldK4PsA--&sourceId=4171012&p1=4581850&skipOffset=00:00:05
IP
104.18.51.106:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
8.4 kB (8418 bytes)
Hash
ea121fa698e07c77d5829cbe737c6eec
089a37d949d5a4ed59aef1c8464812ec08f7d3c4
8a14c1ce54e47a9d83c8fb8b5a5b021c39173944a926f75f1a330943ed367e11

HTTP Headers

GET /smartpop/165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&memberId=ooc4ASOpmsmlmndVdVLTXdW6VzpppXUzOodTK6V0rpXT1UU0uldK6V0zpXSuldK6Z0rpXTOc6VxD_b0UxqUpznSuldK6V0rpXSuldK4PsA--&sourceId=4171012&p1=4581850&skipOffset=00:00:05 HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://rule34.xxx
Connection: keep-alive
Referer: https://rule34.xxx/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
date: Wed, 08 Feb 2023 03:20:46 GMT
content-length: 0
location: https://go.xlivrdr.com/api/models/vast?campaignId=165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af&campaignType=smartpop&creativeId=1aa4022af61bfad6ec7c637003dfb79b6edb7465c731eac0e6955245fc823c00&duration=00%3A00%3A30&endpoint=room&iterationId=397613&masterSmartpopId=2683&memberId=ooc4ASOpmsmlmndVdVLTXdW6VzpppXUzOodTK6V0rpXT1UU0uldK6V0zpXSuldK6Z0rpXTOc6VxD_b0UxqUpznSuldK6V0rpXSuldK4PsA--&p1=4581850&ruleId=157&skipOffset=00%3A00%3A05&smartpopId=3564&sourceId=4171012&tag=-girls%2Findian&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=30208&videosList=oil-show11
access-control-allow-origin: https://rule34.xxx
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: DYNAMIC
set-cookie: _var=7868025.30208; Path=/; HttpOnly; SameSite=Strict
__cflb=0H28uukSkGJRy5UBr1MAvzNuwf2BatGMq6kS2wkiyoa; SameSite=None; Secure; path=/; expires=Thu, 09-Feb-23 02:20:46 GMT; HttpOnly
server: cloudflare
cf-ray: 79613b37ab8bb511-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA02PS2oEMQxEr5ILjCn9bHnWyTaBCXOAnv6sQhYJAx3Q4SP3QIgF1pOpQmUGywl8QntiPjPOatGpdBTlQqbx+nYJpfi6f6yiZd/3qK223sPNVYLI3ZCKhu6eI8Ksasve3JglQRESyGIT1UEF6OyRhpfrJa7vz/nUqXNQMCLvsXWgJmMfXlGHyuzt5nOH0ia8oKssZr6s2yH8nzJzcBUEAXUsLcQ6RHwkedSJjpYHcdD0/fM5R/wJHmnDDlem0/wKRUyoMrEu2tauGQWgG63e1qSNbPoF3LtpZVUBAAA=

95.211.229.245

200 OK

20 B

URL HTTP/1.1
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA02PS2oEMQxEr5ILjCn9bHnWyTaBCXOAnv6sQhYJAx3Q4SP3QIgF1pOpQmUGywl8QntiPjPOatGpdBTlQqbx+nYJpfi6f6yiZd/3qK223sPNVYLI3ZCKhu6eI8Ksasve3JglQRESyGIT1UEF6OyRhpfrJa7vz/nUqXNQMCLvsXWgJmMfXlGHyuzt5nOH0ia8oKssZr6s2yH8nzJzcBUEAXUsLcQ6RHwkedSJjpYHcdD0/fM5R/wJHmnDDlem0/wKRUyoMrEu2tauGQWgG63e1qSNbPoF3LtpZVUBAAA=
IP
95.211.229.245:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
data
Size
20 B (20 bytes)
Hash
a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf

HTTP Headers

GET /cimp.php?t=api&data=H4sIAAAAAAAAA02PS2oEMQxEr5ILjCn9bHnWyTaBCXOAnv6sQhYJAx3Q4SP3QIgF1pOpQmUGywl8QntiPjPOatGpdBTlQqbx+nYJpfi6f6yiZd/3qK223sPNVYLI3ZCKhu6eI8Ksasve3JglQRESyGIT1UEF6OyRhpfrJa7vz/nUqXNQMCLvsXWgJmMfXlGHyuzt5nOH0ia8oKssZr6s2yH8nzJzcBUEAXUsLcQ6RHwkedSJjpYHcdD0/fM5R/wJHmnDDlem0/wKRUyoMrEu2tauGQWgG63e1qSNbPoF3LtpZVUBAAA= HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://rule34.xxx
Connection: keep-alive
Referer: https://rule34.xxx/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263e3150db60a02.983133122975154393%22%3B%7D; c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C2899644%7C78239684%7C0%7C%7C110%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C348043c87b8c9041f32d0943d558def4%7C0%7Crule34.xxx%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; impressions=oslmrxbrnxgxamrrlbbcegeicxbmsbcenxgxamrbelsllgeimmccrbebnxgxamcbexxbmgeioslmrxbmnxgxamrroelrxgeicxbmsbocnxgxamrroelrxgeimmccrlaonxgxamrcremlrgeimmccrlacnxgxamcmlarclgeicxbmsboenxgxamrmlxslxgeioslmrxlrnxgxamslescrogeimmccrbxenxgxamrescroogeislsaroornxgxamccolacbgeioslmroemnxgxamrrobxcageioslmrxlsnxgxamraobrssgeicmmsxrbonxgxamsoeamlmgeimmccrlaenxgxamrsxxxmrgeimmccrbeanxgxamcssabxegeicaocmrmanxgxamolcrcergeimcclsxronxgxamsscrmclgeimcclsxmenxgxamrceerargeialbserebnxgxamccrrssogeimcclsxaonxgxamsxsxllxgeicxbmsbxcnxgxamrmrxesegeimrblxebenxgxamselmborgeimcclsxconxgxamrcraoxsgeirbabxabbnxgxamrescroogeimcclsxacnxgxamsscrmclgeicmmsxaeenxgxamcmrmsrmgeialbsereanxgxamsoeabscgeicaxsscmbnxgxamsosomemgeimcclosconxgxamrrlbbcegeimcclsoeonxgxamrcraoxsgeimcclsxlcnxgxamrrxsoaageimcclossbnxgxamcscxaesgeimcclsxscnxgxamsmoooeegeimcclsxlenxgxamcbrorxbgeimaecseaenxgxamrcremlrgeimaecsxcbnxgxamsmoooeegeimcclsxoanxgxamclrbcelgeimcclsxlbnxgxamcrbalrageimccloscanxgxamrrobxcageiclsmrbsonxgxamsmmrbmbgeiclsmarsenxgxamsmmrbmbgeiccmmllebnxgxamclarlmmgeimcclsxsbnxgxamrroelrxgeiclsmrbxonxgxamsbebceegeiclsmrbxcnxgxamsbebceegeiclsmarscnxgxamsbebceegeiccmmlmlcnxgxamsbebceegeiclsmarrenxgxamsbebceegeicaormbaonxgxamsbxxbsrgeicaormlrenxgxamcememscgeimcclsxlonxgxamcsmlmxcgeimrblelronxgxamsbremaegeimaecsxobnxgxamsbremaegeiclsmrbrcnxgxamsbroemmgeiclsmrraanxgxamclsslaegeiclsmrmxbnxgxamsbroemmgeimccloscenxgxamrcraoxsgeimcclsxxonxgxamslescrogeimrblelxbnxgxamslescrogeimcclsoeenxgxamclrbcelgeimrblelmonxgxamcxcrasxgeimrbleloenxgxamcxcrasxgeiclsmrrmanxgxamcxabcxbgeiclsmrbeonxgxamcxabcxbgeiclsmrrcenxgxamcxabcxbgeiclsmrmxanxgxamcxabcxbgeiclsmrbxenxgxamcxabcxbgeiclsmaroonxgxamcxabcxbgeialbserxenxgxamcosraregeimcclsxsenxgxamrcraoxsgeimcclsxlanxgxamcblrlbcgeiccmmlleanxgxamccrrssogeicaormlabnxgxamcrllsmageicaormlconxgxamcrllsmageiclsmarsonxgxamclsslaegeiclsmrmlbnxgxamclsslaegeiclsmrmocnxgxamclsslaegeiccmmllecnxgxamclsslaegeimcclsxcanxgxamrceerscgeimrblelcenxgxamclrbcelgeimaecsxrcnxgxamclrbcelgeialbserxonxgxamclarlmmgeimcclosscnxgxamrceerscgeimaecobronxgxamrescroogeimaecobeenxgxamrescroogeimcclosccnxgxamrmlxslxgeimaecoboonxgxamrescroogeimrblxelenxgxamrescroogeimaecsxccnxgxamrcremlrgeimlxbaxlonxgxamrcraoxsgeimlxbaxbanxgxamrmlxslxgeimlxbaxbonxgxamrbelsllgeimlxbaxlanxgxamrmaleclgeimlxbaxlcnxgxamraobrssgeimlxbaxbcnxgxamrrrsbaageimlxbaxlenxgxamrrlbbcegeimbclraronogxamrmcomragxcceimemlxmcbnxgxamrmcobrogxcceixbblrmlanxgxamrmcslrrgxcceimclsaoxbnsgxamrmcrebbgxcceixaoossalnxgxamrmcbxragxcceiraclralcnxgxamrmcbrcagxcceimaoobbebnxgxamrmcbbamgxcceixaoosscrnxgxamrmclcsmgxcceimeembecenxgxamrmclcsmgxcceimeembescnxgxamrmclcsmgxcceimxlbmosonxgxamrmrxesegxcceimcssmlrcnxgxamrmrxesegxcceimlxoblabnxgxamrmrxesegxcceialaroxrcnxgxamrmrxesmgxcceimmraexxanxgxamrmaeacegxcceimmraexoenxgxamrmaeacegxcceimeembesonxgxamrmaeacegxcceimloablcenxgxamrmaaeblgxcceimsacexoonxgxamrmaleclgxcceimxlbmxlcnsgxamrmaleclgxcceimxeoxsacnsgxamrmaleclgxcceimaxecolenogxamrmbsxcbgxcceimaooloranxgxamrmlcbregxcceimrxccoscnxgxamrmlcbregxcceimmlamcecnxgxamrbxsoblgxcceimaoolcoonxgxamrboxomrgxcceimbmmcllonxgxamrborslbgxcceimbmlsebbnxgxamrborslbgxcceimbroosxcnxgxamrboaccrgxcceimxlbmxlonxgxamrboaccrgxcceimboslabcnxgxamrboaccrgxcce; __upt=%7B%22v%22%3A1%2C%22id%22%3A%220%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22110.0199%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 03:20:46 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://rule34.xxx
Access-Control-Allow-Credentials: true
Set-Cookie: __upt=%7B%22v%22%3A1%2C%22id%22%3A%220%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22110.029701%22%7D; expires=Fri, 07 Feb 2025 03:20:46 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
190dd976f4818ae55bd94f26e00ec88f
341505cba528c559f529ea980027e1a41cd9de28
b435b0146a41fcb99f974c201f5f867752a4552aa2209e8201daa02bfd8abfaa

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5935
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 03:20:46 GMT
Last-Modified: Wed, 08 Feb 2023 01:41:51 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 279

s3t3d2y8.afcdn.net/library/676799/fa602a2216054018bd4434c66c1bf030bc073edb.webp

185.76.9.23

200 OK

5.5 kB

URL HTTP/2
s3t3d2y8.afcdn.net/library/676799/fa602a2216054018bd4434c66c1bf030bc073edb.webp
IP
185.76.9.23:0
ASN
#60068 Datacamp Limited

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
5.5 kB (5540 bytes)
Hash
7d0e37fee71077478f428c65dd03223e
fa602a2216054018bd4434c66c1bf030bc073edb
ef3b154fc5d8f387a8442cb2466ec2ff5a170ef28106abced9ad42689a14e27d

HTTP Headers

GET /library/676799/fa602a2216054018bd4434c66c1bf030bc073edb.webp HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rule34.xxx/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 08 Feb 2023 03:20:46 GMT
content-type: image/webp
content-length: 5540
last-modified: Fri, 03 Jun 2022 09:03:50 GMT
etag: "6299ce76-15a4"
expires: Tue, 24 Oct 2023 15:16:37 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-cache-op: HIT
x-accel-expires: @1701663245
server: CDN77-Turbo
x-77-nzt: AblMCRRromX/gfZWAA
x-77-nzt-ray: af585630b59bb79b0e15e363aa82de05
x-cache: HIT
x-age: 5699201
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

s3t3d2y8.afcdn.net/library/676799/8a4d4f582692b08fdac6bc9fa4ea71046b74426b.jpg

185.76.9.23

200 OK

19 kB

URL HTTP/2
s3t3d2y8.afcdn.net/library/676799/8a4d4f582692b08fdac6bc9fa4ea71046b74426b.jpg
IP
185.76.9.23:0
ASN
#60068 Datacamp Limited

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90", baseline, precision 8, 300x300, components 3\012- data
Size
19 kB (18980 bytes)
Hash
065005b090bdfe5142682acb978defc8
8a4d4f582692b08fdac6bc9fa4ea71046b74426b
fc84d38eae8e194a70a77f426dd696ac29178b333991174d54f450a6bb3edc70

HTTP Headers

GET /library/676799/8a4d4f582692b08fdac6bc9fa4ea71046b74426b.jpg HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rule34.xxx/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Wed, 08 Feb 2023 03:20:46 GMT
content-type: image/jpeg
content-length: 18980
last-modified: Fri, 14 Oct 2022 13:01:24 GMT
etag: "63495da4-4a24"
expires: Tue, 16 Jan 2024 10:43:15 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-cache-op: HIT
x-accel-expires: @1705418800
server: CDN77-Turbo
x-77-nzt: AblMCRTC/z3/XqgdAA
x-77-nzt-ray: af585630b59bb79b0e15e3637d42e305
x-cache: HIT
x-age: 1943646
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

s3t3d2y8.afcdn.net/library/41682/b677d3a0ce722d533ff9f9ad3f810012a0b5a559.webp

185.76.9.23

200 OK

8.2 kB

URL HTTP/2
s3t3d2y8.afcdn.net/library/41682/b677d3a0ce722d533ff9f9ad3f810012a0b5a559.webp
IP
185.76.9.23:0
ASN
#60068 Datacamp Limited

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
8.2 kB (8246 bytes)
Hash
d0c29ee362f348e16199a0b38560c413
b677d3a0ce722d533ff9f9ad3f810012a0b5a559
6447f8253a76e166bcba7d2fb27196d17c6d07b57680522df54b0210dc76ac71

HTTP Headers

GET /library/41682/b677d3a0ce722d533ff9f9ad3f810012a0b5a559.webp HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rule34.xxx/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 08 Feb 2023 03:20:46 GMT
content-type: image/webp
content-length: 8246
last-modified: Thu, 05 Jan 2023 13:08:25 GMT
etag: "63b6cbc9-2036"
expires: Fri, 05 Jan 2024 13:13:49 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-cache-op: HIT
x-accel-expires: @1704461646
server: CDN77-Turbo
x-77-nzt: AblMCRR6pD//QEMsAA
x-77-nzt-ray: af585630b59bb79b0e15e363638b0006
x-cache: HIT
x-age: 2900800
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

s3t3d2y8.afcdn.net/library/676799/83568851106bf5f179aec8cb977edc832eabce1e.webp

185.76.9.23

200 OK

7.2 kB

URL HTTP/2
s3t3d2y8.afcdn.net/library/676799/83568851106bf5f179aec8cb977edc832eabce1e.webp
IP
185.76.9.23:0
ASN
#60068 Datacamp Limited

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
7.2 kB (7228 bytes)
Hash
7aeed1edccf33acb12d6e3e4130d8a5e
83568851106bf5f179aec8cb977edc832eabce1e
0d5ada97bfd8648bddbd481667c118195bb1ec843d5eb5ba6f04b363df855832

HTTP Headers

GET /library/676799/83568851106bf5f179aec8cb977edc832eabce1e.webp HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rule34.xxx/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 08 Feb 2023 03:20:46 GMT
content-type: image/webp
content-length: 7228
last-modified: Thu, 04 Nov 2021 11:52:34 GMT
etag: "6183c982-1c3c"
expires: Fri, 30 Jun 2023 11:19:55 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1688195394
server: CDN77-Turbo
x-robots-tag: noindex, follow
x-77-nzt: AblMCRRDaMn/THckAQ
x-77-nzt-ray: af585630b59bb79b0e15e363876a0e06
x-cache: HIT
x-age: 19167052
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
4b39eb95df25d95c3aaabbf897c5f4eb
1b80cda5dd2ee56df5f8577ffcf82642e473616d
699bb26b819a1a56e70d40d2a933fdac56339ffd32c791813853ca26b66d9992

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5508
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 03:20:46 GMT
Last-Modified: Wed, 08 Feb 2023 01:48:58 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 280

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
9b88bae61bca33aba8aa99f6128db8d9
a07b61fb2458917699613fcae68710941b595416
54915c2f79822732e06a592d027da421ad1e7a6458c545f98333db25612b3dea

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "54915C2F79822732E06A592D027DA421AD1E7A6458C545F98333DB25612B3DEA"
Last-Modified: Mon, 06 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6818
Expires: Wed, 08 Feb 2023 05:14:24 GMT
Date: Wed, 08 Feb 2023 03:20:46 GMT
Connection: keep-alive

ocsp.pki.goog/s/gts1p5/VfKD8m_TkIc

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1p5/VfKD8m_TkIc
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
e26fef9e466cc19bc0d0a4b5388e4e49
8ceca4a1eba5e4a4f33b780bcc1de239248ab7c9
8a2fde5b91c3436d842b394b1ce87edeca77f22b3c81dc514c05852b28de7e42

HTTP Headers

POST /s/gts1p5/VfKD8m_TkIc HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 03:20:46 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

forgoodplay.com/iframe/59f0b46754d?iframe&ag_custom_domain=rule34.xxx

172.67.204.252

200 OK

1.7 kB

URL HTTP/2
forgoodplay.com/iframe/59f0b46754d?iframe&ag_custom_domain=rule34.xxx
IP
172.67.204.252:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (3645)
Size
1.7 kB (1716 bytes)
Hash
b5d4d8c8f24471cec94eba6659509be8
5e829265f21c7e1d09dacd0b1cde48964f8d3dbe
e89b8eae3cd1b30e9f45f59fc55175c5fac8168862367548f7fe5b6e35b7cd0e

HTTP Headers

GET /iframe/59f0b46754d?iframe&ag_custom_domain=rule34.xxx HTTP/1.1
Host: forgoodplay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rule34.xxx/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 08 Feb 2023 03:20:46 GMT
content-type: text/html
set-cookie: showed_752_1251=[212822]; Expires=Thu, 09-Feb-23 03:20:46 GMT; Domain=forgoodplay.com; Path=/; Secure; SameSite=None
c_93c69a1c63efcd5e9c8cba18fb1371b3=1; Expires=Thu, 09-Feb-23 03:20:46 GMT; Domain=forgoodplay.com; Path=/; Secure; SameSite=None
z_7647bc26078c04f9a368d97dbce82640=1; Expires=Thu, 09-Feb-23 03:20:46 GMT; Domain=forgoodplay.com; Path=/; Secure; SameSite=None
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3V4By6CzJVdueWeurHkdxQux5isbDzeBhR85Broii48LSxAFCH8uQXTlg%2F9%2BSWhd5OrpLVxWc2Uj2Ksiw0gBFzQto1OeWw7z%2Bz95xJk%2FTxqOtPtpi%2BLPVm%2BsUTmLw%2FC4X9A%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79613b385bb7b4ff-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.pki.goog/s/gts1p5/VfKD8m_TkIc

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1p5/VfKD8m_TkIc
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
e26fef9e466cc19bc0d0a4b5388e4e49
8ceca4a1eba5e4a4f33b780bcc1de239248ab7c9
8a2fde5b91c3436d842b394b1ce87edeca77f22b3c81dc514c05852b28de7e42

HTTP Headers

POST /s/gts1p5/VfKD8m_TkIc HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 03:20:46 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
6f5ab3bdbb5ebcebf9a163e0c85ab467
43f1c3de55e528c5be75895eb08b64840a0c8b95
d7c6e6ba9986867972fbc47f35dc823e3c78db46acf5292b6933e0f5760e47be

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D7C6E6BA9986867972FBC47F35DC823E3C78DB46ACF5292B6933E0F5760E47BE"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6728
Expires: Wed, 08 Feb 2023 05:12:54 GMT
Date: Wed, 08 Feb 2023 03:20:46 GMT
Connection: keep-alive

push.services.mozilla.com/

44.235.159.98

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
44.235.159.98:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 3xNuma60lE6DCFlymr65Xw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: GebU0ZVwFgcukUVGPhI/LOCLNbg=

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
6f5ab3bdbb5ebcebf9a163e0c85ab467
43f1c3de55e528c5be75895eb08b64840a0c8b95
d7c6e6ba9986867972fbc47f35dc823e3c78db46acf5292b6933e0f5760e47be

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D7C6E6BA9986867972FBC47F35DC823E3C78DB46ACF5292B6933E0F5760E47BE"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6728
Expires: Wed, 08 Feb 2023 05:12:54 GMT
Date: Wed, 08 Feb 2023 03:20:46 GMT
Connection: keep-alive

tsyndicate.com/api/v1/retargeting/set/0a1ebf4e-f1a4-4146-916d-6962c02eca57

136.243.46.156

200 OK

35 B

URL HTTP/2
tsyndicate.com/api/v1/retargeting/set/0a1ebf4e-f1a4-4146-916d-6962c02eca57
IP
136.243.46.156:0
ASN
#24940 Hetzner Online GmbH

File type
GIF image data, version 89a, 1 x 1\012- data
Size
35 B (35 bytes)
Hash
c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

HTTP Headers

GET /api/v1/retargeting/set/0a1ebf4e-f1a4-4146-916d-6962c02eca57 HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forgoodplay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 03:20:46 GMT
content-type: text/plain; charset=utf-8
content-length: 35
pragma: no-cache
expires: 0
vary: *
x-api-version: 1
x-request-id: 85f6ec48b2b75f6f
set-cookie: ts_rt_0a1ebf4e-f1a4-4146-916d-6962c02eca57=AAMC; expires=Thu, 08 Feb 2024 03:20:46 GMT; path=/; HttpOnly; secure; SameSite=None
cache-control: no-cache, no-store, no-transform, must-revalidate, no-transform
x-robots-tag: none, noindex, nofollow
report-to: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
X-Firefox-Spdy: h2

cdn.banhq.com/html/7/0/70b3f8f00c910a4d4927c9e42c57f734.html?clickdata=https%3A%2F%2Fflixdot.com%2Ftrack%2Fclick%2F37%2F23643%2F49141%2F310839%2F2698%3Faff%3D271091

54.230.111.56

200 OK

1.2 kB

URL HTTP/2
cdn.banhq.com/html/7/0/70b3f8f00c910a4d4927c9e42c57f734.html?clickdata=https%3A%2F%2Fflixdot.com%2Ftrack%2Fclick%2F37%2F23643%2F49141%2F310839%2F2698%3Faff%3D271091
IP
54.230.111.56:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (521)
Size
1.2 kB (1177 bytes)
Hash
70b3f8f00c910a4d4927c9e42c57f734
8275711a623b66be61106d981cd755ea4ddfdcb3
fd2a29392d0006c44d95d0d761f5abe86fe8cb4b1274a4eac233587700bd4661

HTTP Headers

GET /html/7/0/70b3f8f00c910a4d4927c9e42c57f734.html?clickdata=https%3A%2F%2Fflixdot.com%2Ftrack%2Fclick%2F37%2F23643%2F49141%2F310839%2F2698%3Faff%3D271091 HTTP/1.1
Host: cdn.banhq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://flixdot.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-length: 1177
date: Wed, 01 Feb 2023 19:39:00 GMT
last-modified: Thu, 26 Jan 2023 19:45:32 GMT
etag: "70b3f8f00c910a4d4927c9e42c57f734"
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: XMdz6WgeGjsObosvWBhzQeYViKJ3HAwi2vIZVC1VFXtx-xx2SFJ8ug==
age: 546107
X-Firefox-Spdy: h2

ocsp.pki.goog/s/gts1p5/B4-YctRJ5lw

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1p5/B4-YctRJ5lw
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
53c0f9949015243b262f6873d251eb0c
bed90704bb853bbfb99d1a7b9784f52ae428edaa
8e8d8c1cf4fe3ad35b2ecb21e3919a923afe1ac702a42d23e2bca70b328e0708

HTTP Headers

POST /s/gts1p5/B4-YctRJ5lw HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 03:20:46 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

runative-syndicate.com/api/v1/retargeting/set/a56bbc85-b77d-4219-bfc4-e832384180bb

136.243.43.25

200 OK

35 B

URL HTTP/2
runative-syndicate.com/api/v1/retargeting/set/a56bbc85-b77d-4219-bfc4-e832384180bb
IP
136.243.43.25:0
ASN
#24940 Hetzner Online GmbH

File type
GIF image data, version 89a, 1 x 1\012- data
Size
35 B (35 bytes)
Hash
c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

HTTP Headers

GET /api/v1/retargeting/set/a56bbc85-b77d-4219-bfc4-e832384180bb HTTP/1.1
Host: runative-syndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forgoodplay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 03:20:46 GMT
content-type: text/plain; charset=utf-8
content-length: 35
pragma: no-cache
expires: 0
vary: *
x-api-version: 1
x-request-id: ac55a71c6b61477e
set-cookie: ts_rt_a56bbc85-b77d-4219-bfc4-e832384180bb=AAMC; expires=Thu, 08 Feb 2024 03:20:46 GMT; path=/; HttpOnly; secure; SameSite=None
cache-control: no-cache, no-store, no-transform, must-revalidate, no-transform
x-robots-tag: none, noindex, nofollow
report-to: { "url": "https://pxl.runative-syndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
X-Firefox-Spdy: h2

tsyndicate.com/api/v1/retargeting/set/b5e023d7-d6ac-495d-8e3b-e65703a0f52a

136.243.46.156

200 OK

35 B

URL HTTP/2
tsyndicate.com/api/v1/retargeting/set/b5e023d7-d6ac-495d-8e3b-e65703a0f52a
IP
136.243.46.156:0
ASN
#24940 Hetzner Online GmbH

File type
GIF image data, version 89a, 1 x 1\012- data
Size
35 B (35 bytes)
Hash
c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /api/v1/retargeting/set/b5e023d7-d6ac-495d-8e3b-e65703a0f52a HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forgoodplay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 03:20:46 GMT
content-type: text/plain; charset=utf-8
content-length: 35
pragma: no-cache
expires: 0
vary: *
x-api-version: 1
x-request-id: b68d216b62e33dd8
set-cookie: ts_rt_b5e023d7-d6ac-495d-8e3b-e65703a0f52a=AAMC; expires=Thu, 08 Feb 2024 03:20:46 GMT; path=/; HttpOnly; secure; SameSite=None
cache-control: no-cache, no-store, no-transform, must-revalidate, no-transform
x-robots-tag: none, noindex, nofollow
report-to: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
X-Firefox-Spdy: h2

runative-syndicate.com/api/v1/retargeting/set/1a59e97d-a1c2-4718-89ea-5a19b9d400ea

136.243.43.25

200 OK

35 B

URL HTTP/2
runative-syndicate.com/api/v1/retargeting/set/1a59e97d-a1c2-4718-89ea-5a19b9d400ea
IP
136.243.43.25:0
ASN
#24940 Hetzner Online GmbH

File type
GIF image data, version 89a, 1 x 1\012- data
Size
35 B (35 bytes)
Hash
c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

HTTP Headers

GET /api/v1/retargeting/set/1a59e97d-a1c2-4718-89ea-5a19b9d400ea HTTP/1.1
Host: runative-syndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forgoodplay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 03:20:46 GMT
content-type: text/plain; charset=utf-8
content-length: 35
pragma: no-cache
expires: 0
vary: *
x-api-version: 1
x-request-id: 5a408bb7d4234ad2
set-cookie: ts_rt_1a59e97d-a1c2-4718-89ea-5a19b9d400ea=AAMC; expires=Thu, 08 Feb 2024 03:20:46 GMT; path=/; HttpOnly; secure; SameSite=None
cache-control: no-cache, no-store, no-transform, must-revalidate, no-transform
x-robots-tag: none, noindex, nofollow
report-to: { "url": "https://pxl.runative-syndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
X-Firefox-Spdy: h2

ocsp.pki.goog/s/gts1p5/B4-YctRJ5lw

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1p5/B4-YctRJ5lw
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
53c0f9949015243b262f6873d251eb0c
bed90704bb853bbfb99d1a7b9784f52ae428edaa
8e8d8c1cf4fe3ad35b2ecb21e3919a923afe1ac702a42d23e2bca70b328e0708

HTTP Headers

POST /s/gts1p5/B4-YctRJ5lw HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 03:20:46 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

cdn.banhq.com/png/a/1/a124ddcaeee3fb8f53863f4859ddcc48.png

54.230.111.56

200 OK

5.5 kB

URL HTTP/2
cdn.banhq.com/png/a/1/a124ddcaeee3fb8f53863f4859ddcc48.png
IP
54.230.111.56:0
ASN
#16509 AMAZON-02

File type
PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced\012- data
Size
5.5 kB (5475 bytes)
Hash
a124ddcaeee3fb8f53863f4859ddcc48
16ed6b5bf818a5427897593c334e3832ce1f9912
e252b7ba7fbf97500bb297276f589ef64b9f0f84b313c0ea8103d46cc0e36a97

HTTP Headers

GET /png/a/1/a124ddcaeee3fb8f53863f4859ddcc48.png HTTP/1.1
Host: cdn.banhq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.banhq.com/html/7/0/70b3f8f00c910a4d4927c9e42c57f734.html?clickdata=https%3A%2F%2Fflixdot.com%2Ftrack%2Fclick%2F37%2F23643%2F49141%2F310839%2F2698%3Faff%3D271091
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: image/png
content-length: 5475
date: Thu, 19 Jan 2023 02:07:25 GMT
last-modified: Tue, 20 Nov 2018 17:30:47 GMT
etag: "a124ddcaeee3fb8f53863f4859ddcc48"
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Qj2xWnGpHJulpuiZQN-yLR2Y-bfhpRvHNV_7TW76_jiTLBf1a05WHg==
age: 1732402
X-Firefox-Spdy: h2

my.rtmark.net/img.gif?f=sync&lr=1&partner=231cd49a7855e5ab09961d63fb71270a509dc35327a759c7694c3f89594943d0

139.45.195.8

200 OK

43 B

URL HTTP/2
my.rtmark.net/img.gif?f=sync&lr=1&partner=231cd49a7855e5ab09961d63fb71270a509dc35327a759c7694c3f89594943d0
IP
139.45.195.8:0
ASN
#9002 RETN Limited

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

HTTP Headers

GET /img.gif?f=sync&lr=1&partner=231cd49a7855e5ab09961d63fb71270a509dc35327a759c7694c3f89594943d0 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 03:20:46 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=e14a5c0537da40fcb75c26c4f9753950; expires=Thu, 08 Feb 2024 03:20:46 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

go.xlivrdr.com/api/models/vast?campaignId=165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af&campaignType=smartpop&creativeId=1aa4022af61bfad6ec7c637003dfb79b6edb7465c731eac0e6955245fc823c00&duration=00%3A00%3A30&endpoint=room&iterationId=397613&masterSmartpopId=2683&memberId=ooc4ASOpmsmlmndVdVLTXdW6VzpppXUzOodTK6V0rpXT1UU0uldK6V0zpXSuldK6Z0rpXTOc6VxD_b0UxqUpznSuldK6V0rpXSuldK4PsA--&p1=4581850&ruleId=157&skipOffset=00%3A00%3A05&smartpopId=3564&sourceId=4171012&tag=-girls%2Findian&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=30208&videosList=oil-show11

104.18.51.106

200 OK

897 B

URL HTTP/2
go.xlivrdr.com/api/models/vast?campaignId=165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af&campaignType=smartpop&creativeId=1aa4022af61bfad6ec7c637003dfb79b6edb7465c731eac0e6955245fc823c00&duration=00%3A00%3A30&endpoint=room&iterationId=397613&masterSmartpopId=2683&memberId=ooc4ASOpmsmlmndVdVLTXdW6VzpppXUzOodTK6V0rpXT1UU0uldK6V0zpXSuldK6Z0rpXTOc6VxD_b0UxqUpznSuldK6V0rpXSuldK4PsA--&p1=4581850&ruleId=157&skipOffset=00%3A00%3A05&smartpopId=3564&sourceId=4171012&tag=-girls%2Findian&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=30208&videosList=oil-show11
IP
104.18.51.106:0
ASN
#13335 CLOUDFLARENET

File type
XML 1.0 document text\012- XML document, ASCII text, with very long lines (2062), with no line terminators
Size
897 B (897 bytes)
Hash
10220786a0a8263681e07d1cbc2ba9c8
d350f83b7cd20586d388775cd63202f25764499b
7da9532fa1e7d7f9303760c50e77f8ac050369b38a57f87b94a6f0f8e0f4ca96

HTTP Headers

GET /api/models/vast?campaignId=165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af&campaignType=smartpop&creativeId=1aa4022af61bfad6ec7c637003dfb79b6edb7465c731eac0e6955245fc823c00&duration=00%3A00%3A30&endpoint=room&iterationId=397613&masterSmartpopId=2683&memberId=ooc4ASOpmsmlmndVdVLTXdW6VzpppXUzOodTK6V0rpXT1UU0uldK6V0zpXSuldK6Z0rpXTOc6VxD_b0UxqUpznSuldK6V0rpXSuldK4PsA--&p1=4581850&ruleId=157&skipOffset=00%3A00%3A05&smartpopId=3564&sourceId=4171012&tag=-girls%2Findian&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=30208&videosList=oil-show11 HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://rule34.xxx
Referer: https://rule34.xxx/
Connection: keep-alive
Cookie: __cflb=0H28uukSkGJRy5UBr1MAvzNuwf2BatGMq6kS2wkiyoa
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Wed, 08 Feb 2023 03:20:46 GMT
content-type: text/xml; charset=utf-8
access-control-allow-origin: https://rule34.xxx
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 79613b380babb511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

www.redditstatic.com/ads/pixel.js

151.101.193.140

200 OK

7.4 kB

URL HTTP/2
www.redditstatic.com/ads/pixel.js
IP
151.101.193.140:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (23347)
Size
7.4 kB (7356 bytes)
Hash
03d5db9dfd00a5719bb4c9261e6fa1bb
be9899225f59b4d3ef6fefcf0e66b72568353a94
e90f19642062e4311b58ede732592e8f29b7799661086a0bbfc68e259fd81398

HTTP Headers

GET /ads/pixel.js HTTP/1.1
Host: www.redditstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forgoodplay.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
last-modified: Mon, 23 Jan 2023 21:56:14 GMT
etag: "03d5db9dfd00a5719bb4c9261e6fa1bb"
cache-control: public, max-age=60
content-encoding: gzip
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 08 Feb 2023 03:20:46 GMT
vary: Accept-Encoding,Origin
server: snooserv
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true,  "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
content-length: 7356
X-Firefox-Spdy: h2

e1.o.lencr.org/

23.33.119.27

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
ba19e1f14fa3d37fa75dd4483cc8191c
99f4faee3fb411f242ec2f6452900c3880b61ca0
6de2d42999583d28d678339b4043a1e68bcb4bd3cff5ff27ef1bb7443cea5680

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "6DE2D42999583D28D678339B4043A1E68BCB4BD3CFF5FF27EF1BB7443CEA5680"
Last-Modified: Sun, 05 Feb 2023 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8129
Expires: Wed, 08 Feb 2023 05:36:15 GMT
Date: Wed, 08 Feb 2023 03:20:46 GMT
Connection: keep-alive

ocsp.pki.goog/s/gts1p5/B4-YctRJ5lw

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1p5/B4-YctRJ5lw
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
53c0f9949015243b262f6873d251eb0c
bed90704bb853bbfb99d1a7b9784f52ae428edaa
8e8d8c1cf4fe3ad35b2ecb21e3919a923afe1ac702a42d23e2bca70b328e0708

HTTP Headers

POST /s/gts1p5/B4-YctRJ5lw HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 03:20:46 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

onegamespicshere.com/bnr/4/e86/af318a/e86af318a58789367560fdd7d8444058.jpg

104.21.63.123

200 OK

34 kB

URL HTTP/2
onegamespicshere.com/bnr/4/e86/af318a/e86af318a58789367560fdd7d8444058.jpg
IP
104.21.63.123:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 300x250, components 3\012- data
Size
34 kB (34009 bytes)
Hash
e86af318a58789367560fdd7d8444058
e103dd7eab294144bab3f3795a8b166bdbfc6272
9818f2720d3169b3140fb8b5c6ed855841aa7c13212527f876721665aa7f229d

HTTP Headers

GET /bnr/4/e86/af318a/e86af318a58789367560fdd7d8444058.jpg HTTP/1.1
Host: onegamespicshere.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forgoodplay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 08 Feb 2023 03:20:46 GMT
content-type: image/jpeg
content-length: 34009
last-modified: Sun, 18 Aug 2019 21:59:57 GMT
etag: "5d59ca5d-84d9"
expires: Sun, 05 Feb 2023 08:57:12 GMT
cache-control: max-age=86400
cf-cache-status: HIT
age: 325414
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Be8%2BfDNTq6U%2B9zoy5rp4rHCGALDnLDV0zXjNRXpdSzmxA6HERqQ%2BooGUlJea%2BICCEk4nt9L%2BnHB9CDhU8ZifsPGPpGb%2FEFIp1VdZzrAeY29K67Ukio0zX4nc%2BJdhMdas%2BMhRt9xaCQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79613b3bddc0b4f4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

e1.o.lencr.org/

23.33.119.27

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
ba19e1f14fa3d37fa75dd4483cc8191c
99f4faee3fb411f242ec2f6452900c3880b61ca0
6de2d42999583d28d678339b4043a1e68bcb4bd3cff5ff27ef1bb7443cea5680

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "6DE2D42999583D28D678339B4043A1E68BCB4BD3CFF5FF27EF1BB7443CEA5680"
Last-Modified: Sun, 05 Feb 2023 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8129
Expires: Wed, 08 Feb 2023 05:36:15 GMT
Date: Wed, 08 Feb 2023 03:20:46 GMT
Connection: keep-alive

ocsp.sca1b.amazontrust.com/

54.230.245.110

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
54.230.245.110:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
162cf16c04c5e61dc5ded18807e1686d
82297027d3933d4324dbdcfadc09521c66d9e6b1
b2d018f4c0c6f21ef882829859ba49af6ccf5cc15f9cf3d13407905f301a0759

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=128470
Date: Wed, 08 Feb 2023 03:20:46 GMT
Etag: "63e25293-1d7"
Expires: Thu, 09 Feb 2023 15:01:56 GMT
Last-Modified: Tue, 07 Feb 2023 13:30:59 GMT
Server: ECS (nyb/1D07)
X-Cache: Miss from cloudfront
Via: 1.1 b2b04ca80b95df6bc86478a1bf96b7cc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: _2cEvP48cl2V9oNmA_HYnmwzhZjKP9c85CGQdydwSC4BYseW_SzpMA==
Age: 5457

simplewebanalysis.com/px.gif?akey=e39a6a46f15b8ccd52813778a058820a

35.156.167.37

307 Temporary Redirect

0 B

URL HTTP/2
simplewebanalysis.com/px.gif?akey=e39a6a46f15b8ccd52813778a058820a
IP
35.156.167.37:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /px.gif?akey=e39a6a46f15b8ccd52813778a058820a HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forgoodplay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 307 Temporary Redirect
date: Wed, 08 Feb 2023 03:20:46 GMT
content-type: image/gif
content-length: 0
location: https://professionalswebcheck.com/dbs?uuid=ea406be2-b2b2-40ab-9afa-73ad9d2ffecd&j=eyJhbGciOiJIUzI1NiJ9.eyJhY2FuIjoxLCJhY3VzIjoxLCJhY2kiOnsgIjIzIjoxNjc1ODI2NDQ2fSwiYWNjbCI6eyAiMjAsMSI6MTY3NTgyNjQ0Nn19.X18R8lT1iHDI30cxjKmtcgvxFtbKroiULVLXd5g1ahY
server: nginx/1.17.6
set-cookie: uid_id2=ea406be2-b2b2-40ab-9afa-73ad9d2ffecd:1:1; expires=Sat, 05 Feb 2033 03:20:46 GMT; secure; SameSite=None
ak=23,1675826446; expires=Tue, 09 May 2023 03:20:46 GMT; secure; SameSite=None
acl=20,1,1675826446; expires=Tue, 09 May 2023 03:20:46 GMT; secure; SameSite=None
expires: Wed, 08 Feb 2023 03:20:46 GMT
cache-control: max-age=0, : no-cache
X-Firefox-Spdy: h2

professionalswebcheck.com/dbs?uuid=ea406be2-b2b2-40ab-9afa-73ad9d2ffecd&j=eyJhbGciOiJIUzI1NiJ9.eyJhY2FuIjoxLCJhY3VzIjoxLCJhY2kiOnsgIjIzIjoxNjc1ODI2NDQ2fSwiYWNjbCI6eyAiMjAsMSI6MTY3NTgyNjQ0Nn19.X18R8lT1iHDI30cxjKmtcgvxFtbKroiULVLXd5g1ahY

35.156.167.37

200 OK

7 B

URL HTTP/2
professionalswebcheck.com/dbs?uuid=ea406be2-b2b2-40ab-9afa-73ad9d2ffecd&j=eyJhbGciOiJIUzI1NiJ9.eyJhY2FuIjoxLCJhY3VzIjoxLCJhY2kiOnsgIjIzIjoxNjc1ODI2NDQ2fSwiYWNjbCI6eyAiMjAsMSI6MTY3NTgyNjQ0Nn19.X18R8lT1iHDI30cxjKmtcgvxFtbKroiULVLXd5g1ahY
IP
35.156.167.37:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

HTTP Headers

GET /dbs?uuid=ea406be2-b2b2-40ab-9afa-73ad9d2ffecd&j=eyJhbGciOiJIUzI1NiJ9.eyJhY2FuIjoxLCJhY3VzIjoxLCJhY2kiOnsgIjIzIjoxNjc1ODI2NDQ2fSwiYWNjbCI6eyAiMjAsMSI6MTY3NTgyNjQ0Nn19.X18R8lT1iHDI30cxjKmtcgvxFtbKroiULVLXd5g1ahY HTTP/1.1
Host: professionalswebcheck.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://forgoodplay.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Wed, 08 Feb 2023 03:20:47 GMT
content-type: image/gif
content-length: 7
server: nginx/1.17.6
set-cookie: uid_id2=ea406be2-b2b2-40ab-9afa-73ad9d2ffecd:1:1; expires=Sat, 05 Feb 2033 03:20:47 GMT; secure; SameSite=None
ak=23,1675826446; expires=Tue, 09 May 2023 03:20:47 GMT; secure; SameSite=None
acl=20,1,1675826446; expires=Tue, 09 May 2023 03:20:47 GMT; secure; SameSite=None
expires: Wed, 08 Feb 2023 03:20:47 GMT
cache-control: max-age=0, : no-cache
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
c0251492cae08969a77cc1f8b4fa25e5
110161e230f81ac3a954dc1d5114c7401c1ecd93
6483e465b117e6af3950e659d8692acc4bb38f60c7dc312ec8c6824ac5f000ba

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4650
Cache-Control: max-age=130872
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 03:20:47 GMT
Etag: "63e25f1d-1d7"
Expires: Thu, 09 Feb 2023 15:41:59 GMT
Last-Modified: Tue, 07 Feb 2023 14:24:29 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
c0251492cae08969a77cc1f8b4fa25e5
110161e230f81ac3a954dc1d5114c7401c1ecd93
6483e465b117e6af3950e659d8692acc4bb38f60c7dc312ec8c6824ac5f000ba

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4650
Cache-Control: max-age=130872
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 03:20:47 GMT
Etag: "63e25f1d-1d7"
Expires: Thu, 09 Feb 2023 15:41:59 GMT
Last-Modified: Tue, 07 Feb 2023 14:24:29 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
4eeb373026320351a8cb6050b33264ae
1d8dfba5ed99b18f571bfd891010dac9e6d2121d
8e63122351ea16d979a30c686a9a12e8ef9bc8683d7f844b1f0dbe39002addb6

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8E63122351EA16D979A30C686A9A12E8EF9BC8683D7F844B1F0DBE39002ADDB6"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3594
Expires: Wed, 08 Feb 2023 04:20:41 GMT
Date: Wed, 08 Feb 2023 03:20:47 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
4eeb373026320351a8cb6050b33264ae
1d8dfba5ed99b18f571bfd891010dac9e6d2121d
8e63122351ea16d979a30c686a9a12e8ef9bc8683d7f844b1f0dbe39002addb6

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8E63122351EA16D979A30C686A9A12E8EF9BC8683D7F844B1F0DBE39002ADDB6"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3594
Expires: Wed, 08 Feb 2023 04:20:41 GMT
Date: Wed, 08 Feb 2023 03:20:47 GMT
Connection: keep-alive

www.facebook.com/tr?id=1414481212224503&ev=PageView&noscript=1

157.240.221.35

200 OK

0 B

URL HTTP/2
www.facebook.com/tr?id=1414481212224503&ev=PageView&noscript=1
IP
157.240.221.35:0
ASN
#32934 FACEBOOK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /tr?id=1414481212224503&ev=PageView&noscript=1 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin: 
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Wed, 08 Feb 2023 03:20:47 GMT
X-Firefox-Spdy: h2

syndication.exoclick.com/tag.php?goal=f84a30695485b0b005f7984d20b6af81

95.211.229.245

200 OK

20 B

URL HTTP/1.1
syndication.exoclick.com/tag.php?goal=f84a30695485b0b005f7984d20b6af81
IP
95.211.229.245:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
data
Size
20 B (20 bytes)
Hash
a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf

HTTP Headers

GET /tag.php?goal=f84a30695485b0b005f7984d20b6af81 HTTP/1.1
Host: syndication.exoclick.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forgoodplay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 03:20:47 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: goals=a%3A1%3A%7Bi%3A83749%3Ba%3A1%3A%7Bs%3A4%3A%22date%22%3Bs%3A10%3A%222023-02-07%22%3B%7D%7D; expires=Thu, 08 Feb 2024 03:20:47 GMT; path=/; domain=.exoclick.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip

www.facebook.com/tr?id=794325588036871&ev=PageView&noscript=1

157.240.221.35

200 OK

0 B

URL HTTP/2
www.facebook.com/tr?id=794325588036871&ev=PageView&noscript=1
IP
157.240.221.35:0
ASN
#32934 FACEBOOK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /tr?id=794325588036871&ev=PageView&noscript=1 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin: 
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Wed, 08 Feb 2023 03:20:47 GMT
X-Firefox-Spdy: h2

syndication.exoclick.com/tag.php?goal=47dd92b1071a4ea3bd1564629f4b030c

95.211.229.245

200 OK

20 B

URL HTTP/1.1
syndication.exoclick.com/tag.php?goal=47dd92b1071a4ea3bd1564629f4b030c
IP
95.211.229.245:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
data
Size
20 B (20 bytes)
Hash
a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf

HTTP Headers

GET /tag.php?goal=47dd92b1071a4ea3bd1564629f4b030c HTTP/1.1
Host: syndication.exoclick.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forgoodplay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 03:20:47 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: goals=a%3A1%3A%7Bi%3A22614%3Ba%3A1%3A%7Bs%3A4%3A%22date%22%3Bs%3A10%3A%222023-02-07%22%3B%7D%7D; expires=Thu, 08 Feb 2024 03:20:47 GMT; path=/; domain=.exoclick.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip

syndication.exoclick.com/tag.php?goal=ecd938f748969c750709ba2e8deeba23

95.211.229.245

200 OK

20 B

URL HTTP/1.1
syndication.exoclick.com/tag.php?goal=ecd938f748969c750709ba2e8deeba23
IP
95.211.229.245:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
data
Size
20 B (20 bytes)
Hash
a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf

HTTP Headers

GET /tag.php?goal=ecd938f748969c750709ba2e8deeba23 HTTP/1.1
Host: syndication.exoclick.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forgoodplay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 03:20:47 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: goals=a%3A1%3A%7Bi%3A83751%3Ba%3A1%3A%7Bs%3A4%3A%22date%22%3Bs%3A10%3A%222023-02-07%22%3B%7D%7D; expires=Thu, 08 Feb 2024 03:20:47 GMT; path=/; domain=.exoclick.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip

www.facebook.com/tr?id=501600588008038&ev=PageView&noscript=1

157.240.221.35

200 OK

0 B

URL HTTP/2
www.facebook.com/tr?id=501600588008038&ev=PageView&noscript=1
IP
157.240.221.35:0
ASN
#32934 FACEBOOK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /tr?id=501600588008038&ev=PageView&noscript=1 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin: 
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Wed, 08 Feb 2023 03:20:47 GMT
X-Firefox-Spdy: h2

syndication.exoclick.com/tag.php?goal=05f747f9753a0b4172a8faf1128a78e1

95.211.229.245

200 OK

20 B

URL HTTP/1.1
syndication.exoclick.com/tag.php?goal=05f747f9753a0b4172a8faf1128a78e1
IP
95.211.229.245:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
data
Size
20 B (20 bytes)
Hash
a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf

HTTP Headers

GET /tag.php?goal=05f747f9753a0b4172a8faf1128a78e1 HTTP/1.1
Host: syndication.exoclick.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forgoodplay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 03:20:47 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: goals=a%3A1%3A%7Bi%3A43686%3Ba%3A1%3A%7Bs%3A4%3A%22date%22%3Bs%3A10%3A%222023-02-07%22%3B%7D%7D; expires=Thu, 08 Feb 2024 03:20:47 GMT; path=/; domain=.exoclick.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
c0251492cae08969a77cc1f8b4fa25e5
110161e230f81ac3a954dc1d5114c7401c1ecd93
6483e465b117e6af3950e659d8692acc4bb38f60c7dc312ec8c6824ac5f000ba

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4650
Cache-Control: max-age=130872
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 03:20:47 GMT
Etag: "63e25f1d-1d7"
Expires: Thu, 09 Feb 2023 15:41:59 GMT
Last-Modified: Tue, 07 Feb 2023 14:24:29 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471

alb.reddit.com/rp.gif?ts=1675826499241&id=t2_a7co1m6o&event=PageVisit&m.itemCount=&m.value=&m.valueDecimal=&m.currency=&m.transactionId=&m.customEventName=&m.products=&uuid=f04b97cb-e0c1-4caf-ac60-7f5e05cd85d2&aaid=&em=&external_id=&idfa=&integration=reddit&opt_out=0&sh=1280&sw=1024&v=rdt_65e23bc4

151.101.193.140

200 OK

42 B

URL HTTP/2
alb.reddit.com/rp.gif?ts=1675826499241&id=t2_a7co1m6o&event=PageVisit&m.itemCount=&m.value=&m.valueDecimal=&m.currency=&m.transactionId=&m.customEventName=&m.products=&uuid=f04b97cb-e0c1-4caf-ac60-7f5e05cd85d2&aaid=&em=&external_id=&idfa=&integration=reddit&opt_out=0&sh=1280&sw=1024&v=rdt_65e23bc4
IP
151.101.193.140:0
ASN
#54113 FASTLY

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /rp.gif?ts=1675826499241&id=t2_a7co1m6o&event=PageVisit&m.itemCount=&m.value=&m.valueDecimal=&m.currency=&m.transactionId=&m.customEventName=&m.products=&uuid=f04b97cb-e0c1-4caf-ac60-7f5e05cd85d2&aaid=&em=&external_id=&idfa=&integration=reddit&opt_out=0&sh=1280&sw=1024&v=rdt_65e23bc4 HTTP/1.1
Host: alb.reddit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forgoodplay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: Varnish
retry-after: 0
cross-origin-resource-policy: cross-origin
content-type: image/gif
accept-ranges: bytes
date: Wed, 08 Feb 2023 03:20:47 GMT
via: 1.1 varnish
content-length: 42
X-Firefox-Spdy: h2

syndication.traffichaus.com/adserve/r.php?k=HAT&adv_id=94511&exp=25920000&dh=969205b0247754250d921d8da45875fa&bh=48c011d2648afe0455d203967aa130a5&dom=&cb=1606322079002

66.254.114.233

200 OK

95 B

URL HTTP/1.1
syndication.traffichaus.com/adserve/r.php?k=HAT&adv_id=94511&exp=25920000&dh=969205b0247754250d921d8da45875fa&bh=48c011d2648afe0455d203967aa130a5&dom=&cb=1606322079002
IP
66.254.114.233:0
ASN
#29789 REFLECTED

File type
PNG image data, 1 x 1, 1-bit colormap, non-interlaced\012- data
Size
95 B (95 bytes)
Hash
71a50dbba44c78128b221b7df7bb51f1
0ec63b140374ba704a58fa0c743cb357683313dd
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

HTTP Headers

GET /adserve/r.php?k=HAT&adv_id=94511&exp=25920000&dh=969205b0247754250d921d8da45875fa&bh=48c011d2648afe0455d203967aa130a5&dom=&cb=1606322079002 HTTP/1.1
Host: syndication.traffichaus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forgoodplay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
server: nginx
date: Wed, 08 Feb 2023 03:20:47 GMT
content-type: image/png
transfer-encoding: chunked
set-cookie: re_94511_SEFU=eyJ0IjoiSEFUIiwiYSI6Ijk0NTExIiwiZCI6IiIsImRoIjoiOTY5MjA1YjAyNDc3NTQyNTBkOTIxZDhkYTQ1ODc1ZmEiLCJiaCI6IjQ4YzAxMWQyNjQ4YWZlMDQ1NWQyMDM5NjdhYTEzMGE1IiwiaXAiOiI5MS45MC40Mi4xNTQiLCJlIjoxNzAxNzQ2NDQ3fQ%3D%3D; expires=Tue, 05-Dec-2023 03:20:47 GMT; Max-Age=25920000; path=/
RNLBSERVERID=ded5931; path=/
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
x-request-id: 63E3150F-42FE72E901BB09DA-6E003AE

syndication.traffichaus.com/adserve/r.php?k=CAT&adv_id=94511&exp=25920000&dh=969205b0247754250d921d8da45875fa&bh=48c011d2648afe0455d203967aa130a5&dom=&cb=1606322780791

66.254.114.233

200 OK

95 B

URL HTTP/1.1
syndication.traffichaus.com/adserve/r.php?k=CAT&adv_id=94511&exp=25920000&dh=969205b0247754250d921d8da45875fa&bh=48c011d2648afe0455d203967aa130a5&dom=&cb=1606322780791
IP
66.254.114.233:0
ASN
#29789 REFLECTED

File type
PNG image data, 1 x 1, 1-bit colormap, non-interlaced\012- data
Size
95 B (95 bytes)
Hash
71a50dbba44c78128b221b7df7bb51f1
0ec63b140374ba704a58fa0c743cb357683313dd
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

HTTP Headers

GET /adserve/r.php?k=CAT&adv_id=94511&exp=25920000&dh=969205b0247754250d921d8da45875fa&bh=48c011d2648afe0455d203967aa130a5&dom=&cb=1606322780791 HTTP/1.1
Host: syndication.traffichaus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forgoodplay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
server: nginx
date: Wed, 08 Feb 2023 03:20:47 GMT
content-type: image/png
transfer-encoding: chunked
set-cookie: re_94511_Q0FU=eyJ0IjoiQ0FUIiwiYSI6Ijk0NTExIiwiZCI6IiIsImRoIjoiOTY5MjA1YjAyNDc3NTQyNTBkOTIxZDhkYTQ1ODc1ZmEiLCJiaCI6IjQ4YzAxMWQyNjQ4YWZlMDQ1NWQyMDM5NjdhYTEzMGE1IiwiaXAiOiI5MS45MC40Mi4xNTQiLCJlIjoxNzAxNzQ2NDQ3fQ%3D%3D; expires=Tue, 05-Dec-2023 03:20:47 GMT; Max-Age=25920000; path=/
RNLBSERVERID=ded5931; path=/
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
x-request-id: 63E3150F-42FE72E901BBA633-718A9E0

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
68273225f74fbf7493f395610d7a73fc
5a8779ef5656aeeba23b365aad60b7901c5dd7fc
c83f285a1f3df0f7ac758a68ee95cc3d2671f80264c2e143cc0561cc574e3f19

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C83F285A1F3DF0F7AC758A68EE95CC3D2671F80264C2E143CC0561CC574E3F19"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6801
Expires: Wed, 08 Feb 2023 05:14:08 GMT
Date: Wed, 08 Feb 2023 03:20:47 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
68273225f74fbf7493f395610d7a73fc
5a8779ef5656aeeba23b365aad60b7901c5dd7fc
c83f285a1f3df0f7ac758a68ee95cc3d2671f80264c2e143cc0561cc574e3f19

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C83F285A1F3DF0F7AC758A68EE95CC3D2671F80264C2E143CC0561CC574E3F19"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6801
Expires: Wed, 08 Feb 2023 05:14:08 GMT
Date: Wed, 08 Feb 2023 03:20:47 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
68273225f74fbf7493f395610d7a73fc
5a8779ef5656aeeba23b365aad60b7901c5dd7fc
c83f285a1f3df0f7ac758a68ee95cc3d2671f80264c2e143cc0561cc574e3f19

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C83F285A1F3DF0F7AC758A68EE95CC3D2671F80264C2E143CC0561CC574E3F19"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6801
Expires: Wed, 08 Feb 2023 05:14:08 GMT
Date: Wed, 08 Feb 2023 03:20:47 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
68273225f74fbf7493f395610d7a73fc
5a8779ef5656aeeba23b365aad60b7901c5dd7fc
c83f285a1f3df0f7ac758a68ee95cc3d2671f80264c2e143cc0561cc574e3f19

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C83F285A1F3DF0F7AC758A68EE95CC3D2671F80264C2E143CC0561CC574E3F19"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6801
Expires: Wed, 08 Feb 2023 05:14:08 GMT
Date: Wed, 08 Feb 2023 03:20:47 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6ac124e-27b8-4818-9240-77708d007004.jpeg

34.120.237.76

200 OK

4.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6ac124e-27b8-4818-9240-77708d007004.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.2 kB (4168 bytes)
Hash
845e4e4051f1162b20d3df5f208e8d3e
076462f67531c60b31ec768a275c96317292306d
40996d8929ab92f342328fc018518d6131c6222b0ec23051775eda276a602026

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6ac124e-27b8-4818-9240-77708d007004.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4168
x-amzn-requestid: 24814225-0063-49fb-86ff-e78869538b3c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_OjQFS_IAMFtLQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c47b-67307c42182089b3096e98b5;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:36:59 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: qLuHdYthPTS7qoVjS783M1Q-RtOluQpKozCi-zABez133FyvgBsBog==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 21:43:37 GMT
age: 20230
etag: "076462f67531c60b31ec768a275c96317292306d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc93fe33d-3033-473c-8315-95eb00ba319e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (12401 bytes)
Hash
ed10868ea9554510e43f77dfb8c43877
df0d86c2c53bdec7b8935912e42dc7f82f87aa61
751e95e7dd20802cc4e0b6f208bf5559b0b73efd3ca22a9abafd86cf83ab6420

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc93fe33d-3033-473c-8315-95eb00ba319e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12401
x-amzn-requestid: 7bfa8a84-c348-4f55-8e8e-befcdd24f026
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_OjPG-eIAMFccA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c47a-06eedb3c7396825f77360755;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:36:58 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: i1abBvjQY4dXbxTHyy0Wxxn9PCvTO0YkAO8PS8kKA9Zl5TeiUEtErw==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 21:49:59 GMT
age: 19848
etag: "df0d86c2c53bdec7b8935912e42dc7f82f87aa61"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdcf61053-67f6-4767-ad44-fa802c5ef5b4.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10058 bytes)
Hash
a9c2a9eee923b84d4e06438a8b2acaff
520b122e3ce52220af153fee26bb7067283f9075
9ff4236fdcd05210a9c8bb48ea68179e142b1b05c8b19dd66282590dff69fa22

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdcf61053-67f6-4767-ad44-fa802c5ef5b4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10058
x-amzn-requestid: 94374454-1e89-4c43-895b-0a90f39b851d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_O5vEgcoAMFctg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c50a-0bf11cad4b0818c36188ba91;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:39:22 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: qYXu_I4vL00EOopA1nQcxCTMKf4nObKFk9XQozhw6FezKsfTDem3Mw==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 22:06:35 GMT
etag: "520b122e3ce52220af153fee26bb7067283f9075"
content-type: image/jpeg
age: 18852
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

13 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff6de3153-62d2-494b-8acf-6d3ac8adba7d.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
13 kB (13160 bytes)
Hash
003fc35e140a75a12b7795c3986426ec
da002b22e2a01f48a545b369d4403eabb17a10d5
bb0754411aa7d0a5036b86b282d0e93d13227765ca9ccaf3a34e8e486cb413d1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff6de3153-62d2-494b-8acf-6d3ac8adba7d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 13160
x-amzn-requestid: 34aa6dfe-7f14-48d0-89b2-90548621be79
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fzVxSHh7IAMFjAg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63de033b-49587fff75aebe96136137be;Sampled=0
x-amzn-remapped-date: Sat, 04 Feb 2023 07:03:23 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 81DTnHIh40lNEi6l5hC87Vo9R8k4w79Fr71zibyvGP0iJm4kmhWITA==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 07:45:27 GMT
age: 70520
etag: "da002b22e2a01f48a545b369d4403eabb17a10d5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffcee4072-2c9e-4db4-b200-065a1ef67ace.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10202 bytes)
Hash
f175de8eebe398f5de2829cd551b3f04
e6da63e9b03289bfded190d999a20da78232437c
b5d1ee4bd6186cbac1e4ac037766c9e453e166b0cfb2e08004cb11b8bb7daa88

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffcee4072-2c9e-4db4-b200-065a1ef67ace.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10202
x-amzn-requestid: 15e6c7ee-acef-4638-9a15-a01864ac74f6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_PEYFZOoAMFzEA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c54f-3681217a71e5b9472b9cdb8a;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:40:31 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: PyOVGtKFSYIU2don5C7_L_pTUxdP_VEAhLZUhtBWo2PZ4kvPqaTg9g==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 21:55:22 GMT
etag: "e6da63e9b03289bfded190d999a20da78232437c"
content-type: image/jpeg
age: 19525
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F06b5f2a3-c53c-4690-b548-2c3d0f556f73.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.6 kB (8629 bytes)
Hash
02fde25be5ded120af759d19d8304f73
8d2a4d9ab5947113ce0737d4d4bed3e30a971026
7cdf26668cca22f28eee047d3fcf30cea8d97b1d8804fe2132728f26cd11558d

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F06b5f2a3-c53c-4690-b548-2c3d0f556f73.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8629
x-amzn-requestid: cc20d28e-3937-4826-97ef-100fb5dd2645
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_O7LFn3oAMF61A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c514-6e764236604212fa26dab38a;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:39:32 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 0sEMzqETD-gbgXOXb_CJmLjYQmNGMN4-_ggiB7ifbifltHJYsTRRsQ==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 21:52:22 GMT
age: 19705
etag: "8d2a4d9ab5947113ce0737d4d4bed3e30a971026"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

twistconcept.com/index.min.js?pk=e39a6a46f15b8ccd52813778a058820a

104.21.86.46

200 OK

0 B

URL HTTP/2
twistconcept.com/index.min.js?pk=e39a6a46f15b8ccd52813778a058820a
IP
104.21.86.46:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /index.min.js?pk=e39a6a46f15b8ccd52813778a058820a HTTP/1.1
Host: twistconcept.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forgoodplay.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 08 Feb 2023 03:20:46 GMT
content-type: application/javascript
last-modified: Thu, 07 Apr 2022 08:49:08 GMT
etag: W/"624ea584-28c"
cache-control: max-age=14400
cf-cache-status: HIT
age: 7179
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jcOuFpKE9H3pK3l%2FnWf99BAM3rLkTbZ60DwlCNiRw5He4n1cFjBaisXwkeW9%2BLc4j%2FGs9HY0xacnDyBsG5CrzVNAZmq9T%2BgVIeSajUEX8I9%2BM0n9RyvjevB%2BN0I12sYsgoTL"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79613b3b0a1bb50f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

a.realsrv.com/video-outstream.js

185.76.9.24

200 OK

0 B

URL HTTP/2
a.realsrv.com/video-outstream.js
IP
185.76.9.24:0
ASN
#60068 Datacamp Limited

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /video-outstream.js HTTP/1.1
Host: a.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rule34.xxx/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 08 Feb 2023 03:20:45 GMT
content-type: application/javascript
etag: W/"0340be1298a1ece8c30f851e732"
expires: Tue, 07 Feb 2023 14:27:10 GMT
cache-control: max-age=10800
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1675834228
server: CDN77-Turbo
x-77-nzt: AblMCRTVoiT/yQsAAA
x-77-nzt-ray: af5856301cad149a0d15e36344865523
x-cache: HIT
x-age: 3017
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2

a.realsrv.com/ad-provider.js

185.76.9.24

200 OK

0 B

URL HTTP/2
a.realsrv.com/ad-provider.js
IP
185.76.9.24:0
ASN
#60068 Datacamp Limited

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /ad-provider.js HTTP/1.1
Host: a.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rule34.xxx/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 08 Feb 2023 03:20:45 GMT
content-type: application/javascript
etag: W/"399103e4fd49f2a2ded14428d20"
expires: Tue, 07 Feb 2023 14:27:07 GMT
cache-control: max-age=10800
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1675834221
server: CDN77-Turbo
x-77-nzt: AblMCRRYyWj/0AsAAA
x-77-nzt-ray: af5856301cad149a0d15e36394687823
x-cache: HIT
x-age: 3024
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2

a.realsrv.com/nativeads-v2.js

185.76.9.24

200 OK

0 B

URL HTTP/2
a.realsrv.com/nativeads-v2.js
IP
185.76.9.24:0
ASN
#60068 Datacamp Limited

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /nativeads-v2.js HTTP/1.1
Host: a.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rule34.xxx/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 08 Feb 2023 03:20:45 GMT
content-type: application/javascript
etag: W/"1e16d6ff16b145ea5560344a506"
expires: Tue, 07 Feb 2023 14:27:11 GMT
cache-control: max-age=10800
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1675834221
server: CDN77-Turbo
x-77-nzt: AblMCRSEwUb/0AsAAA
x-77-nzt-ray: af5856301cad149a0d15e36390599f23
x-cache: HIT
x-age: 3024
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2

twistconcept.com/index.min.js?pk=0f6c6b0d2533be0a124411ed43310cc0

104.21.86.46

200 OK

0 B

URL HTTP/2
twistconcept.com/index.min.js?pk=0f6c6b0d2533be0a124411ed43310cc0
IP
104.21.86.46:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /index.min.js?pk=0f6c6b0d2533be0a124411ed43310cc0 HTTP/1.1
Host: twistconcept.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forgoodplay.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 08 Feb 2023 03:20:46 GMT
content-type: application/javascript
last-modified: Thu, 07 Apr 2022 08:49:08 GMT
etag: W/"624ea584-28c"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4231
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xm0i9IoiwkBgIJdS4ngDaV%2FUgDB8PAp07EaobCBOvfvrEqAZ%2BLOfRJQ%2FxTQl%2FuvNRi73rSKZSN1MA%2BXtuK1P%2F20rBXfzJdqfpm1mUz7U97XRfEx7jpDJD23jhLFfDJ4GjEoy"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79613b3b0a18b50f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

flixdot.com/zone/23643/?aff=271091

172.64.197.19

200 OK

0 B

URL HTTP/2
flixdot.com/zone/23643/?aff=271091
IP
172.64.197.19:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /zone/23643/?aff=271091 HTTP/1.1
Host: flixdot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rule34.xxx/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 08 Feb 2023 03:20:46 GMT
content-type: text/html; charset=UTF-8
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-origin: *
access-control-expose-headers: Cache-Control,Content-Language,Content-Type,Expires,Last-Modified,Pragma
cache-control: no-cache, private
vary: Origin, Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EiYWxxnaR6bKR1IIMFwcBngux8BmI9XaUP9viwBcUnxF7hIt2ZbQKC9L8nl88kfc9mzqeM5phWJ0MjotVE8M0oD%2Bm19qvXv1obJp8c3AuFdCAOf%2FGrqv%2BpKw%2B%2FnUEg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79613b38db747731-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (35)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML