ak.hetaruvg.com/4/5710373?var=ag_error
11 kB URL ak.hetaruvg.com/4/5710373?var=ag_error
IP
ASN #20940 Akamai International B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (17913)
Hash a94155c9c6e418e4f85f9f52124e7963
3dc87d71f54a4b38a63a89ae889d89baf54823c4
046077b7dce64d62202781132b8c4f41ecc8ff58442c83c80214a16ab295db02
GET /4/5710373?var=ag_error HTTP/1.1
Host: ak.hetaruvg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html; charset=utf8
x-trace-id: 1aef8c584f173f3ffb12601762884927
link: <https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch"
access-control-allow-credentials: true
access-control-max-age: 86400
timing-allow-origin: *
access-control-allow-origin: *, *
access-control-allow-methods: GET, POST, OPTIONS, POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, Accept, Content-Type, Content-Length, Accept-Encoding
content-encoding: gzip
expires: Sat, 03 Jun 2023 19:46:30 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Sat, 03 Jun 2023 19:46:30 GMT
content-length: 11415
vary: Accept-Encoding
set-cookie: OAID=467a99e5980740dbaaaf75c5264b78ba; expires=Sun, 02 Jun 2024 19:46:30 GMT; path=/; secure; SameSite=None
oaidts=1685821590; expires=Sun, 02 Jun 2024 19:46:30 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
X-Firefox-Spdy: h2
ak.hetaruvg.com/favicon.ico
0 B URL ak.hetaruvg.com/favicon.ico
IP
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: ak.hetaruvg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ak.hetaruvg.com/4/5710373?var=ag_error
Cookie: OAID=467a99e5980740dbaaaf75c5264b78ba; oaidts=1685821590
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
expires: Sat, 03 Jun 2023 19:46:31 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Sat, 03 Jun 2023 19:46:31 GMT
X-Firefox-Spdy: h2
my.rtmark.net/img.gif?f=merge&userId=467a99e5980740dbaaaf75c5264b78ba
43 B URL my.rtmark.net/img.gif?f=merge&userId=467a99e5980740dbaaaf75c5264b78ba
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /img.gif?f=merge&userId=467a99e5980740dbaaaf75c5264b78ba HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ak.hetaruvg.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 03 Jun 2023 19:46:31 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=467a99e5980740dbaaaf75c5264b78ba; expires=Sun, 02 Jun 2024 19:46:31 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
ak.hetaruvg.com/?z=5710373&syncedCookie=true&rhd=false
0 B URL ak.hetaruvg.com/?z=5710373&syncedCookie=true&rhd=false
IP
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /?z=5710373&syncedCookie=true&rhd=false HTTP/1.1
Host: ak.hetaruvg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 460
Origin: https://ak.hetaruvg.com
DNT: 1
Connection: keep-alive
Referer: https://ak.hetaruvg.com/afu.php?zoneid=5710373&var=5710373&rid=uZkGuFtJfk-T2gq_XdzZSg%3D%3D&rhd=false
Cookie: OAID=467a99e5980740dbaaaf75c5264b78ba; oaidts=1685821590
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
content-length: 0
x-trace-id: 3f925b9c4f7f318c5805b284ac8a0700
link: <https://bit.ly>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://xobr219pa.com>; rel="preconnect dns-prefetch"
referrer-policy: no-referrer
location: https://bit.ly/3oI9CEY
access-control-allow-origin: https://ak.hetaruvg.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
expires: Sat, 03 Jun 2023 19:46:31 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Sat, 03 Jun 2023 19:46:31 GMT
set-cookie: OAID=467a99e5980740dbaaaf75c5264b78ba; expires=Sun, 02 Jun 2024 19:46:31 GMT; path=/; secure; SameSite=None
oaidts=1685821590; expires=Sun, 02 Jun 2024 19:46:31 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Sat, 10 Jun 2023 19:46:31 GMT; path=/; secure; SameSite=None
X-Firefox-Spdy: h2
bit.ly/3oI9CEY
429 B IP
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (380)
Hash 5411fd5bfb7508f11e5030f72e15c1b0
b725868e553d64ba02d6199672c5b08fbbae4408
59593a4c14a5f369cf61d12fed567957c295d7047684305faeeb5750052a6324
GET /3oI9CEY HTTP/1.1
Host: bit.ly
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 301 Moved Permanently
server: nginx
date: Sat, 03 Jun 2023 19:46:31 GMT
content-type: text/html; charset=utf-8
content-length: 429
cache-control: private, max-age=90
content-security-policy: referrer always;
location: https://tracking-647905d3f2124.plat-clicks.com/go/1ee0204a-53bb-6b04-b334-c232bdf7f4d4?visitor_id=${SUBID}&cost={cost}&zoneid={zoneid}&bannerid={bannerid}&browser={browser}&os={os}&device={device}®ion={region}&isp={isp}&useragent={useragent}&language={language}&connection_type={connection.type}
referrer-policy: unsafe-url
set-cookie: _bit=n53jKv-3f87d23e81927eafef-00F; Domain=bit.ly; Expires=Thu, 30 Nov 2023 19:46:31 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
471 B IP
Hash 55bca43f09e258c7913f004f9c367928
7187e09c3707b3d58587c7f9ad51b5442ded29d3
4aeb02eaa23b5e5d56e9aea8e8d968e6573ee87a1fec3ee24538fd34e9c28143
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Jun 2023 19:46:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
master1013.blogspot.com/
1.5 kB IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (364)
Hash 860a8009c1fead3d7619a0b943d6c4be
8cf95b4031f2f8fcab0419b8ac8d78f401a9d654
251f412b8651bfdf99efc013cc7db306e79f10f355333f841001811fa0b26357
GET / HTTP/1.1
Host: master1013.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
expires: Sat, 03 Jun 2023 19:46:32 GMT
date: Sat, 03 Jun 2023 19:46:32 GMT
cache-control: private, max-age=0
last-modified: Sat, 03 Jun 2023 13:52:18 GMT
etag: W/"f88538540bf830a11c518639d8eb4c994c826b740d9e9416833b114101756a86"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 1463
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
redirect-647905d3f2124.plat-clicks.com/refresh?url=https://master1013.blogspot.com
1.1 kB URL redirect-647905d3f2124.plat-clicks.com/refresh?url=https://master1013.blogspot.com
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hash ae4caaa1b14a6eb4fe0e835149fba53b
91099c25a2994e9ef3962fcaaea5556a35cbbf8f
816cc349c50904efd705ea75424b8918ee612ac8597ecff91a40b900d94403aa
GET /refresh?url=https://master1013.blogspot.com HTTP/1.1
Host: redirect-647905d3f2124.plat-clicks.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Jun 2023 19:46:32 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/8.1.8
cache-control: no-cache, private
strict-transport-security: max-age=15724800; includeSubDomains
X-Firefox-Spdy: h2
popcash.net/world/go/459911/692032/
162 B URL popcash.net/world/go/459911/692032/
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /world/go/459911/692032/ HTTP/1.1
Host: popcash.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://master1013.blogspot.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 301 Moved Permanently
date: Sat, 03 Jun 2023 19:46:33 GMT
content-type: text/html
content-length: 162
location: http://ps.popcash.net/go/459911/692032/
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jttr29YheRmjg8yARVjolefqzPbvqRksCTN5MhThzDrmn9FLIPZ0aJLQ5XpsUffigiGvRqU7IdR2CrcAmvmP%2Bndquzqpr8pu%2FGXrnM%2FWGlbfKxq%2BzED5NT5JcRd7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d1a715c5c2db518-OSL
X-Firefox-Spdy: h2
telesuperstar.site/kz/bx/kcell/
1.4 kB URL telesuperstar.site/kz/bx/kcell/
IP
ASN #212531 UAB Interneto vizija
Hash dde412e06cc074374fe285a1d0d92d70
9bdd5977fe7a08267a2b0e3d6126a3f9556f6399
77b5be08bdf9f26f9ba553564c77c3015b5d3e1240a208f5025a9e3ac7aa6039
GET /kz/bx/kcell/ HTTP/1.1
Host: telesuperstar.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Sat, 03 Jun 2023 19:46:30 GMT
server: Apache
location: https://ak.hetaruvg.com/4/5710373?var=ag_error
content-type: text/html
X-Firefox-Spdy: h2
ps.popcash.net/ad/ad?p=459911&w=692032&t=76be6ad7ed168acc&r=&vw=1280&vh=0
0 B URL ps.popcash.net/ad/ad?p=459911&w=692032&t=76be6ad7ed168acc&r=&vw=1280&vh=0
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ad/ad?p=459911&w=692032&t=76be6ad7ed168acc&r=&vw=1280&vh=0 HTTP/1.1
Host: ps.popcash.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ps.popcash.net/go/459911/692032/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 303 See Other
server: nginx
date: Sat, 03 Jun 2023 19:46:33 GMT
content-length: 0
location: http://xml.poprtb.pro/click?i=3YTvpUXvne4_0#pc224399
x-frame-options: DENY
x-content-type-options: nosniff
X-Firefox-Spdy: h2
xml.poprtb.pro/click?i=3YTvpUXvne4_0
0 B URL xml.poprtb.pro/click?i=3YTvpUXvne4_0
IP
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?i=3YTvpUXvne4_0 HTTP/1.1
Host: xml.poprtb.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Sat, 03 Jun 2023 19:46:34 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Set-Cookie: x3331467=3347779; Domain=.poprtb.pro
Location: https://filter.poprtb.pro/filter?q=blog%2Cchat%2Ccomputers%2Ccomputing%2Cdownloads%2Cforum%2Cit%2Cimage%2Csharing%2Chosting%2Ctechnology&i=3YTvpUXvne4_0&ci=-8972352496561471004&t=118235514
Pragma: no-cache
filter.poprtb.pro/filter?q=blog%2Cchat%2Ccomputers%2Ccomputing%2Cdownloads%2Cforum%2Cit%2Cimage%2Csharing%2Chosting%2Ctechnology&i=3YTvpUXvne4_0&ci=-8972352496561471004&t=118235514
13 kB URL filter.poprtb.pro/filter?q=blog%2Cchat%2Ccomputers%2Ccomputing%2Cdownloads%2Cforum%2Cit%2Cimage%2Csharing%2Chosting%2Ctechnology&i=3YTvpUXvne4_0&ci=-8972352496561471004&t=118235514
IP
ASN #27257 WEBAIR-INTERNET
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (524)
Hash bea1680efcb56c840cfd2538793bd53b
e1379f36d25ccce3bb3795954f269f10fb84e150
7390045d3c2c1d253010c2ca13c8718373cf132f0b772238c81e33f04093dd29
GET /filter?q=blog%2Cchat%2Ccomputers%2Ccomputing%2Cdownloads%2Cforum%2Cit%2Cimage%2Csharing%2Chosting%2Ctechnology&i=3YTvpUXvne4_0&ci=-8972352496561471004&t=118235514 HTTP/1.1
Host: filter.poprtb.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: x3331467=3347779
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Jun 2023 19:46:35 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 12876
Connection: keep-alive
Cache-Control: no-store
Age: 0
Set-Cookie: c666722020=3347779
x3331467=3347779; Domain=.poprtb.pro
Pragma: no-cache
xml.poprtb.pro/click2?i=3YTvpUXvne4_0&ci=-8972352496561471004&j=rv%3Db%26ss%3D1280x1024%26ws%3D1280x1024%26wp%3D0x0%26ce%3D1%26ck%3Djc%26cv%3D5882%26cs%3D1%26fr%3D0%26hc%3D0%26fl%3Dnull%26jv%3Dnull%26sc%3D24%26hr%3D6%26rf%3D%26lo%3Dfilter.poprtb.pro%26mb%3D0%26hb%3D1%26pl%3DLinux%2Bx86_64%26ua%3DMozilla%252F5.0%2B%28X11%253B%2BLinux%2Bx86_64%253B%2Brv%253A109.0%29%2BGecko%252F20100101%2BFirefox%252F111.0%26nd%3D0%26to%3Dnull%26wbd%3D1%26wbde%3D0%26sqm%3D0%26phj%3D0%26nmj%3D0%26sln%3D0%26es%3D0%26ln%3Den-US%252Cen%26lnl%3D2%26hsc%3D0%26frc%3D0%26dbt%3D0%26prb%3D20100101%26tz%3D0%26hid%3D0%26mq%3D1%26bch%3D%26blv%3D%26my%3D%26geo%3D1%26thx%3D0%26the%3D0%26ths%3D0%26cpc%3D%26ocp%3DLinux%2Bx86_64%26hwc%3D48%26hrl%3D%26acd%3Dpmpmm%26vcd%3Dppp%26pal%3D5%26pai%3D1%26pli%3D1%26win%3D1280x1024%26wout%3D1280x1024%26wpof%3D0x0%26bcld%3D1264x19%26scrp%3D0x0%26scrad%3D1280x1024%26spd%3D24%26pxr%3D1%26sck%3D1%26ckl%3D45%26sls%3D1%26sss%3D1%26six%3D1%26sdb%3D0%26vvr%3Dnull%26vrd%3Dnull%26pnt%3Dprompt%26cnvs%3D7f7f7f80%26mmd_ao%3D0%26mmd_ai%3D0%26mmd_vi%3D0
0 B URL xml.poprtb.pro/click2?i=3YTvpUXvne4_0&ci=-8972352496561471004&j=rv%3Db%26ss%3D1280x1024%26ws%3D1280x1024%26wp%3D0x0%26ce%3D1%26ck%3Djc%26cv%3D5882%26cs%3D1%26fr%3D0%26hc%3D0%26fl%3Dnull%26jv%3Dnull%26sc%3D24%26hr%3D6%26rf%3D%26lo%3Dfilter.poprtb.pro%26mb%3D0%26hb%3D1%26pl%3DLinux%2Bx86_64%26ua%3DMozilla%252F5.0%2B%28X11%253B%2BLinux%2Bx86_64%253B%2Brv%253A109.0%29%2BGecko%252F20100101%2BFirefox%252F111.0%26nd%3D0%26to%3Dnull%26wbd%3D1%26wbde%3D0%26sqm%3D0%26phj%3D0%26nmj%3D0%26sln%3D0%26es%3D0%26ln%3Den-US%252Cen%26lnl%3D2%26hsc%3D0%26frc%3D0%26dbt%3D0%26prb%3D20100101%26tz%3D0%26hid%3D0%26mq%3D1%26bch%3D%26blv%3D%26my%3D%26geo%3D1%26thx%3D0%26the%3D0%26ths%3D0%26cpc%3D%26ocp%3DLinux%2Bx86_64%26hwc%3D48%26hrl%3D%26acd%3Dpmpmm%26vcd%3Dppp%26pal%3D5%26pai%3D1%26pli%3D1%26win%3D1280x1024%26wout%3D1280x1024%26wpof%3D0x0%26bcld%3D1264x19%26scrp%3D0x0%26scrad%3D1280x1024%26spd%3D24%26pxr%3D1%26sck%3D1%26ckl%3D45%26sls%3D1%26sss%3D1%26six%3D1%26sdb%3D0%26vvr%3Dnull%26vrd%3Dnull%26pnt%3Dprompt%26cnvs%3D7f7f7f80%26mmd_ao%3D0%26mmd_ai%3D0%26mmd_vi%3D0
IP
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click2?i=3YTvpUXvne4_0&ci=-8972352496561471004&j=rv%3Db%26ss%3D1280x1024%26ws%3D1280x1024%26wp%3D0x0%26ce%3D1%26ck%3Djc%26cv%3D5882%26cs%3D1%26fr%3D0%26hc%3D0%26fl%3Dnull%26jv%3Dnull%26sc%3D24%26hr%3D6%26rf%3D%26lo%3Dfilter.poprtb.pro%26mb%3D0%26hb%3D1%26pl%3DLinux%2Bx86_64%26ua%3DMozilla%252F5.0%2B%28X11%253B%2BLinux%2Bx86_64%253B%2Brv%253A109.0%29%2BGecko%252F20100101%2BFirefox%252F111.0%26nd%3D0%26to%3Dnull%26wbd%3D1%26wbde%3D0%26sqm%3D0%26phj%3D0%26nmj%3D0%26sln%3D0%26es%3D0%26ln%3Den-US%252Cen%26lnl%3D2%26hsc%3D0%26frc%3D0%26dbt%3D0%26prb%3D20100101%26tz%3D0%26hid%3D0%26mq%3D1%26bch%3D%26blv%3D%26my%3D%26geo%3D1%26thx%3D0%26the%3D0%26ths%3D0%26cpc%3D%26ocp%3DLinux%2Bx86_64%26hwc%3D48%26hrl%3D%26acd%3Dpmpmm%26vcd%3Dppp%26pal%3D5%26pai%3D1%26pli%3D1%26win%3D1280x1024%26wout%3D1280x1024%26wpof%3D0x0%26bcld%3D1264x19%26scrp%3D0x0%26scrad%3D1280x1024%26spd%3D24%26pxr%3D1%26sck%3D1%26ckl%3D45%26sls%3D1%26sss%3D1%26six%3D1%26sdb%3D0%26vvr%3Dnull%26vrd%3Dnull%26pnt%3Dprompt%26cnvs%3D7f7f7f80%26mmd_ao%3D0%26mmd_ai%3D0%26mmd_vi%3D0 HTTP/1.1
Host: xml.poprtb.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://filter.poprtb.pro/
Cookie: x3331467=3347779
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Sat, 03 Jun 2023 19:46:35 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Location: https://forza.idescargarapk.com/get.php?code=enVPOS81Z1JyRjFvTDZsdHBFbmI5UT09&clickid=lHNDBNQuhVs&campaignid=997319&siteid=433011.464127&publishid=433011&country=no&os=Linux&browser=FIREFOX_111.0&referrer=https%3A%2F%2Ffilter.poprtb.pro%2F&device=Desktop&carrier=Blix+Solutions&connection=&bid=0.0002
Pragma: no-cache
colegialasinocentes.com/wp-admin/admin-access.php
200 OK 1.0 kB URL GET HTTP/2 colegialasinocentes.com/wp-admin/admin-access.php
IP
Requested by https://forza.idescargarapk.com/ts_pro/new-all-sites.php?rd=1685821595&country=no
Certificate IssuercPanel, Inc.
Subjectcolegialasinocentes.com
FingerprintB8:1A:26:57:30:02:49:A3:C6:75:AA:D4:F6:9E:EA:48:D4:96:1F:CF
ValiditySat, 29 Apr 2023 00:00:00 GMT - Fri, 28 Jul 2023 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (374), with CRLF line terminators
Hash 0ac8b725f22a7cec3209ece2d2a18c7f
c14c70b51ca114706289920d4487f54130ee7eee
e281b88db29181a2cb38f04b0b2c6ae1b2ced731cae274cc88d0435e08a3dd5b
GET /wp-admin/admin-access.php HTTP/1.1
Host: colegialasinocentes.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
content-length: 1039
content-encoding: br
vary: Accept-Encoding
date: Sat, 03 Jun 2023 19:46:37 GMT
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
porno-japones.top/wp-admin/admin-access.php
200 OK 1.0 kB URL GET HTTP/2 porno-japones.top/wp-admin/admin-access.php
IP
Requested by https://forza.idescargarapk.com/ts_pro/new-all-sites.php?rd=1685821595&country=no
Certificate IssuercPanel, Inc.
Subjectporno-japones.top
FingerprintA2:AE:B8:B4:41:7E:E3:31:DA:AD:61:82:7D:F2:A9:26:9A:3A:9C:B6
ValiditySun, 23 Apr 2023 00:00:00 GMT - Sat, 22 Jul 2023 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (346), with CRLF line terminators
Hash 4d0a1849f8af7eb840ee5567f2c4021b
92ac3ebdddf0d01df3ee560c17b4f33f6de4a596
a6699bfba542725c89f141990a7cd305dd23083893b5cb00f5b08cca98243f86
GET /wp-admin/admin-access.php HTTP/1.1
Host: porno-japones.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
content-length: 1021
content-encoding: br
vary: Accept-Encoding
date: Sat, 03 Jun 2023 19:46:37 GMT
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
noticiasporno.site/wp-admin/admin-access.php
200 OK 1.0 kB URL GET HTTP/2 noticiasporno.site/wp-admin/admin-access.php
IP
Requested by https://forza.idescargarapk.com/ts_pro/new-all-sites.php?rd=1685821595&country=no
Certificate IssuercPanel, Inc.
Subjectnoticiasporno.site
Fingerprint31:0E:7A:F7:0C:60:3C:8A:ED:16:D3:8E:17:95:5E:52:CF:97:0A:18
ValiditySun, 30 Apr 2023 00:00:00 GMT - Sat, 29 Jul 2023 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (346), with CRLF line terminators
Hash cf53656d650d1af3d90e683280b78e75
8031217f2cdc015e8c7f871e9145d4e0c7fe5f10
ea29c1a140f9bccb31f8b8e7f2e7a654343bf65500b873e25ed6c32c5c8c5a98
GET /wp-admin/admin-access.php HTTP/1.1
Host: noticiasporno.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
cache-control: public, max-age=0
expires: Sat, 03 Jun 2023 19:46:37 GMT
content-length: 1018
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
date: Sat, 03 Jun 2023 19:46:37 GMT
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
forza.idescargarapk.com/get.php?code=enVPOS81Z1JyRjFvTDZsdHBFbmI5UT09&clickid=lHNDBNQuhVs&campaignid=997319&siteid=433011.464127&publishid=433011&country=no&os=Linux&browser=FIREFOX_111.0&referrer=https%3A%2F%2Ffilter.poprtb.pro%2F&device=Desktop&carrier=Blix+Solutions&connection=&bid=0.0002
4.0 kB URL forza.idescargarapk.com/get.php?code=enVPOS81Z1JyRjFvTDZsdHBFbmI5UT09&clickid=lHNDBNQuhVs&campaignid=997319&siteid=433011.464127&publishid=433011&country=no&os=Linux&browser=FIREFOX_111.0&referrer=https%3A%2F%2Ffilter.poprtb.pro%2F&device=Desktop&carrier=Blix+Solutions&connection=&bid=0.0002
IP
File type gzip compressed data, from Unix\012- data
Hash 0662ec87544f79b563dd7b153ab365e1
0892b841a3b0f4654272defddb3a0845b7200d43
199846e35e7ef1b6ddcc4c8c91c82f553bfe3f025d5b3fad8ae030c95f570b63
GET /get.php?code=enVPOS81Z1JyRjFvTDZsdHBFbmI5UT09&clickid=lHNDBNQuhVs&campaignid=997319&siteid=433011.464127&publishid=433011&country=no&os=Linux&browser=FIREFOX_111.0&referrer=https%3A%2F%2Ffilter.poprtb.pro%2F&device=Desktop&carrier=Blix+Solutions&connection=&bid=0.0002 HTTP/1.1
Host: forza.idescargarapk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://filter.poprtb.pro/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 03 Jun 2023 19:46:36 GMT
content-type: text/html; charset=UTF-8
set-cookie: PHPSESSID=db8f3ac18ce125e748625cf5c7fbfad9; path=/; secure
expires: Tue, 03 Jul 2001 06:00:00 GMT
last-modified: Sat, 03 Jun 2023 19:46:35 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0,pre-check=0
pragma: no-cache
vary: Accept-Encoding,User-Agent
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2LZgJduKGpQ6BcqY5nqqz5B8UxiEAqzvmfBprN%2Fy2kWC5Ijov0bp0Z4ddGUkZUel06%2BvBdyLuCKOsu%2B%2FO8rLveZTeHcwSz40ObmeaJRXb3HQqk07WQ5RSKJ2XC3RJdH6VYfcl%2Bm1Sh0ZFw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d1a716e1cff0b06-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
runative-syndicate.com/api/v1/direct/f0c18ca751754f20bdb9eb073a5e2aac?domain=animeflips.com&rnd=0.09723378883241895&x=669&y=634&w=1280&h=1024&tz=&tz=0&adb=0&priv=0&categories=DESCARGAR,SPY,FAMILY,Todos,sus,Cap,tulos,Completo,por,MEGA,MEDIAFIRE,2022,Descargar,SPY,FAMILY,Mega,Medifire,
302 Found 0 B URL GET HTTP/2 runative-syndicate.com/api/v1/direct/f0c18ca751754f20bdb9eb073a5e2aac?domain=animeflips.com&rnd=0.09723378883241895&x=669&y=634&w=1280&h=1024&tz=&tz=0&adb=0&priv=0&categories=DESCARGAR,SPY,FAMILY,Todos,sus,Cap,tulos,Completo,por,MEGA,MEDIAFIRE,2022,Descargar,SPY,FAMILY,Mega,Medifire,
IP
ASN #24940 Hetzner Online GmbH
Requested by https://forza.idescargarapk.com/ts_pro/new-all-sites.php?rd=1685821595&country=no
Certificate IssuerLet's Encrypt
Subjectrunative-syndicate.com
Fingerprint3F:B2:E2:FA:1F:59:12:A7:70:91:91:D9:39:2F:B9:67:1F:7A:B6:84
ValiditySun, 30 Apr 2023 23:06:21 GMT - Sat, 29 Jul 2023 23:06:20 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/v1/direct/f0c18ca751754f20bdb9eb073a5e2aac?domain=animeflips.com&rnd=0.09723378883241895&x=669&y=634&w=1280&h=1024&tz=&tz=0&adb=0&priv=0&categories=DESCARGAR,SPY,FAMILY,Todos,sus,Cap,tulos,Completo,por,MEGA,MEDIAFIRE,2022,Descargar,SPY,FAMILY,Mega,Medifire, HTTP/1.1
Host: runative-syndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
server: nginx
date: Sat, 03 Jun 2023 19:46:37 GMT
content-length: 0
pragma: no-cache
expires: 0
vary: *
x-api-version: 2
location: https://creative.xlivrdr.com/LPExperience?nonNudeContent=1&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&campaignId=nonnude&memberId=DBorjXUkZXBzeI0hEQ3snA3tW9ar25Qbjcynr9d9PgFYbekdh77wKg9kV5WvQF9YFVcyghmTM5agNQH-6-BZs1_eeiz8W_3qphmUcYrlMjUTnv76jA_gUIDRUi&sourceId=460140&p1=4299480
x-request-id: f4449025be4d5c84
set-cookie: ts_uid=bcf9112c-3ade-41f7-a722-ccfb67728f92; expires=Sun, 03 Dec 2023 19:46:37 GMT; domain=.runative-syndicate.com; path=/; HttpOnly; secure; SameSite=None
ts_direct_tag=460140:2954798:18498:4299480:33313; expires=Mon, 03 Jul 2023 19:46:37 GMT; domain=.runative-syndicate.com; path=/; secure; SameSite=None
cache-control: no-cache, no-store, no-transform, must-revalidate, no-transform
x-robots-tag: none, noindex, nofollow
report-to: { "url": "https://pxl.runative-syndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
X-Firefox-Spdy: h2
runative-syndicate.com/api/v1/direct/f0c18ca751754f20bdb9eb073a5e2aac?domain=animeflips.com&rnd=0.09723378883241895&x=669&y=634&w=1280&h=1024&tz=&tz=0&adb=0&priv=0&categories=DESCARGAR,SPY,FAMILY,Todos,sus,Cap,tulos,Completo,por,MEGA,MEDIAFIRE,2022,Descargar,SPY,FAMILY,Mega,Medifire,
302 Found 0 B URL GET HTTP/2 runative-syndicate.com/api/v1/direct/f0c18ca751754f20bdb9eb073a5e2aac?domain=animeflips.com&rnd=0.09723378883241895&x=669&y=634&w=1280&h=1024&tz=&tz=0&adb=0&priv=0&categories=DESCARGAR,SPY,FAMILY,Todos,sus,Cap,tulos,Completo,por,MEGA,MEDIAFIRE,2022,Descargar,SPY,FAMILY,Mega,Medifire,
IP
ASN #24940 Hetzner Online GmbH
Requested by https://forza.idescargarapk.com/ts_pro/new-all-sites.php?rd=1685821595&country=no
Certificate IssuerLet's Encrypt
Subjectrunative-syndicate.com
Fingerprint3F:B2:E2:FA:1F:59:12:A7:70:91:91:D9:39:2F:B9:67:1F:7A:B6:84
ValiditySun, 30 Apr 2023 23:06:21 GMT - Sat, 29 Jul 2023 23:06:20 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/v1/direct/f0c18ca751754f20bdb9eb073a5e2aac?domain=animeflips.com&rnd=0.09723378883241895&x=669&y=634&w=1280&h=1024&tz=&tz=0&adb=0&priv=0&categories=DESCARGAR,SPY,FAMILY,Todos,sus,Cap,tulos,Completo,por,MEGA,MEDIAFIRE,2022,Descargar,SPY,FAMILY,Mega,Medifire, HTTP/1.1
Host: runative-syndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: ts_uid=bcf9112c-3ade-41f7-a722-ccfb67728f92; ts_direct_tag=460140:2954798:18498:4299480:33313
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx
date: Sat, 03 Jun 2023 19:46:38 GMT
content-length: 0
pragma: no-cache
expires: 0
vary: *
x-api-version: 2
location: https://creative.xlivrdr.com/LPExperience?nonNudeContent=1&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&campaignId=nonnude&memberId=YaPODP3WZdfnm3G525ax1sGSVinYtj9SuPveT6DHgRe9Q9Opp_oElW5JWGL7s736VZEJy5rJI6rcLUouw2QWTJXZ8nEg3EYr9cQurH9C8-0HoSZOIg_gUIDRUi&sourceId=460140&p1=4299480
x-request-id: e1782146f7382e86
set-cookie: ts_uid=bcf9112c-3ade-41f7-a722-ccfb67728f92; expires=Sun, 03 Dec 2023 19:46:38 GMT; domain=.runative-syndicate.com; path=/; HttpOnly; secure; SameSite=None
ts_direct_tag=460140:2954798:18498:4299480:33313; expires=Mon, 03 Jul 2023 19:46:38 GMT; domain=.runative-syndicate.com; path=/; secure; SameSite=None
cache-control: no-cache, no-store, no-transform, must-revalidate, no-transform
x-robots-tag: none, noindex, nofollow
report-to: { "url": "https://pxl.runative-syndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
X-Firefox-Spdy: h2
video.ktkjmp.com/adsbygoogle.js
200 OK 16 B URL GET HTTP/2 video.ktkjmp.com/adsbygoogle.js
IP
Requested by https://creative.xlivrdr.com/LPExperience?nonNudeContent=1&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&campaignId=nonnude&memberId=YaPODP3WZdfnm3G525ax1sGSVinYtj9SuPveT6DHgRe9Q9Opp_oElW5JWGL7s736VZEJy5rJI6rcLUouw2QWTJXZ8nEg3EYr9cQurH9C8-0HoSZOIg_gUIDRUi&sourceId=460140&p1=4299480
Certificate IssuerCloudflare, Inc.
Subjectvideo.ktkjmp.com
FingerprintD6:F4:DC:36:6D:BC:E5:36:F7:AC:71:BE:47:40:06:E8:12:9F:23:EC
ValidityMon, 01 Aug 2022 00:00:00 GMT - Tue, 01 Aug 2023 23:59:59 GMT
Hash 3d7f7a60216d40dea48e495fef6903c9
fecdb5184f55cf012563d78940eb97b10b9cc99b
96d83ac9f20fc0b88404f307f135e212642e02d6ea295c96b28aed0d771a224f
GET /adsbygoogle.js HTTP/1.1
Host: video.ktkjmp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.xlivrdr.com/
Origin: https://creative.xlivrdr.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 03 Jun 2023 19:46:38 GMT
content-type: application/javascript
content-length: 16
x-amz-id-2: vyeGnGdlTyojmOYSIUGVlkgbVgeOOGCLIaQn1JUXSWf+3Pefo3BQFYiXbFyiqHYw9AcYvZvBFpo=
x-amz-request-id: 5JAJ7X857BTA65NJ
last-modified: Thu, 10 Mar 2022 13:52:07 GMT
etag: "3d7f7a60216d40dea48e495fef6903c9"
x-amz-meta-s3cmd-attrs: atime:1646920284/ctime:1646920283/gid:20/gname:staff/md5:3d7f7a60216d40dea48e495fef6903c9/mode:33188/mtime:1646920283/uid:501/uname:mikhailchubar
x-amz-version-id: eIgLIBoMMcsEXtxOH6UDjWyfAquRpkIG
access-control-allow-origin: https://creative.xlivrdr.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: HIT
age: 404
expires: Sat, 03 Jun 2023 21:46:38 GMT
cache-control: public, max-age=7200
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d1a71816aedb503-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
go.xlivrdr.com/abc.gif?nonNudeContent=1&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&campaignId=nonnude&sourceId=460140&p1=4299480&language=en&keyText=sex%20chat&agev=0&ageVerificationTheme=dark&exitConfirmation=0&exitConfirmationTheme=dark&theme=dark&viewsBeforeRedirect=1&modelsCount=0&landing=LPExperience&referrer&i=0&ib=0&m=%5B%7B%22type%22%3A%22navigation%22%2C%22startTime%22%3A0%2C%22duration%22%3A872%7D%2C%7B%22type%22%3A%22resource%22%2C%22startTime%22%3A732%2C%22duration%22%3A55%2C%22transferSize%22%3A91736%7D%2C%7B%22type%22%3A%22resource%22%2C%22startTime%22%3A732%2C%22duration%22%3A46%2C%22transferSize%22%3A13165%7D%5D&mh=-304837604
200 OK 103 B URL GET HTTP/3 go.xlivrdr.com/abc.gif?nonNudeContent=1&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&campaignId=nonnude&sourceId=460140&p1=4299480&language=en&keyText=sex%20chat&agev=0&ageVerificationTheme=dark&exitConfirmation=0&exitConfirmationTheme=dark&theme=dark&viewsBeforeRedirect=1&modelsCount=0&landing=LPExperience&referrer&i=0&ib=0&m=%5B%7B%22type%22%3A%22navigation%22%2C%22startTime%22%3A0%2C%22duration%22%3A872%7D%2C%7B%22type%22%3A%22resource%22%2C%22startTime%22%3A732%2C%22duration%22%3A55%2C%22transferSize%22%3A91736%7D%2C%7B%22type%22%3A%22resource%22%2C%22startTime%22%3A732%2C%22duration%22%3A46%2C%22transferSize%22%3A13165%7D%5D&mh=-304837604
IP
Requested by https://creative.xlivrdr.com/LPExperience?nonNudeContent=1&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&campaignId=nonnude&memberId=YaPODP3WZdfnm3G525ax1sGSVinYtj9SuPveT6DHgRe9Q9Opp_oElW5JWGL7s736VZEJy5rJI6rcLUouw2QWTJXZ8nEg3EYr9cQurH9C8-0HoSZOIg_gUIDRUi&sourceId=460140&p1=4299480
Certificate IssuerCloudflare, Inc.
Subjectxlivrdr.com
FingerprintDA:D9:AC:E4:B1:E8:44:C4:D9:A4:0E:1B:DF:33:4B:24:74:45:7D:0E
ValidityWed, 03 May 2023 00:00:00 GMT - Wed, 01 May 2024 23:59:59 GMT
Hash 8c99886486b9a004383cb4df29011c43
d79ca4754481fc59598bc08fcdf354900918bffe
bda00b0f6892b1c6991e793b42654ad1807694e2ffabcbc4eb1399379737ef6c
GET /abc.gif?nonNudeContent=1&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&campaignId=nonnude&sourceId=460140&p1=4299480&language=en&keyText=sex%20chat&agev=0&ageVerificationTheme=dark&exitConfirmation=0&exitConfirmationTheme=dark&theme=dark&viewsBeforeRedirect=1&modelsCount=0&landing=LPExperience&referrer&i=0&ib=0&m=%5B%7B%22type%22%3A%22navigation%22%2C%22startTime%22%3A0%2C%22duration%22%3A872%7D%2C%7B%22type%22%3A%22resource%22%2C%22startTime%22%3A732%2C%22duration%22%3A55%2C%22transferSize%22%3A91736%7D%2C%7B%22type%22%3A%22resource%22%2C%22startTime%22%3A732%2C%22duration%22%3A46%2C%22transferSize%22%3A13165%7D%5D&mh=-304837604 HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://creative.xlivrdr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 03 Jun 2023 19:46:39 GMT
content-type: image/gif
content-length: 103
access-control-allow-origin: *
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7d1a71821f9cb51e-OSL
alt-svc: h3=":443"; ma=86400
tracking-647905d3f2124.plat-clicks.com/go/1ee0204a-53bb-6b04-b334-c232bdf7f4d4?visitor_id=${SUBID}&cost={cost}&zoneid={zoneid}&bannerid={bannerid}&browser={browser}&os={os}&device={device}®ion={region}&isp={isp}&useragent={useragent}&language={language}&connection_type={connection.type}
6.4 kB URL tracking-647905d3f2124.plat-clicks.com/go/1ee0204a-53bb-6b04-b334-c232bdf7f4d4?visitor_id=${SUBID}&cost={cost}&zoneid={zoneid}&bannerid={bannerid}&browser={browser}&os={os}&device={device}®ion={region}&isp={isp}&useragent={useragent}&language={language}&connection_type={connection.type}
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hash fe616276595aba36e48010dad8d2187a
5b4cebf3a365e53ff13b1c43ee723131d461336d
3185e56df8f2c26e090bb799c4d2095f3a991e8bab70e5fd545d3e591d187bcc
GET /go/1ee0204a-53bb-6b04-b334-c232bdf7f4d4?visitor_id=${SUBID}&cost={cost}&zoneid={zoneid}&bannerid={bannerid}&browser={browser}&os={os}&device={device}®ion={region}&isp={isp}&useragent={useragent}&language={language}&connection_type={connection.type} HTTP/1.1
Host: tracking-647905d3f2124.plat-clicks.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 03 Jun 2023 19:46:32 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/8.1.8
cache-control: max-age=0, must-revalidate, private
expires: Sat, 03 Jun 2023 19:46:32 GMT
set-cookie: PHPSESSID=0a76d54c5a561df3de8eb20d1edb49d8; path=/; secure; httponly; samesite=none
strict-transport-security: max-age=15724800; includeSubDomains
X-Firefox-Spdy: h2
creative.xlivrdr.com/LPExperience/main.7a1f1d29db201df6ba0a.css
200 OK 2.0 MB URL GET HTTP/3 creative.xlivrdr.com/LPExperience/main.7a1f1d29db201df6ba0a.css
IP
Requested by https://creative.xlivrdr.com/LPExperience?nonNudeContent=1&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&campaignId=nonnude&memberId=YaPODP3WZdfnm3G525ax1sGSVinYtj9SuPveT6DHgRe9Q9Opp_oElW5JWGL7s736VZEJy5rJI6rcLUouw2QWTJXZ8nEg3EYr9cQurH9C8-0HoSZOIg_gUIDRUi&sourceId=460140&p1=4299480
Certificate IssuerCloudflare, Inc.
Subjectxlivrdr.com
FingerprintDA:D9:AC:E4:B1:E8:44:C4:D9:A4:0E:1B:DF:33:4B:24:74:45:7D:0E
ValidityWed, 03 May 2023 00:00:00 GMT - Wed, 01 May 2024 23:59:59 GMT
File type ASCII text, with very long lines (64004), with no line terminators
Size 2.0 MB (1987837 bytes)
Hash 5a96ae6c520ddc5e851f6d677b87c03e
8af86e71371a5a766b0b7fc0810d704cf8115b31
9c96364a8695c14c944d4df402bcb01c629f8148a3671b9b5ab27201be898ddc
GET /LPExperience/main.7a1f1d29db201df6ba0a.css HTTP/1.1
Host: creative.xlivrdr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://creative.xlivrdr.com/LPExperience?nonNudeContent=1&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&campaignId=nonnude&memberId=YaPODP3WZdfnm3G525ax1sGSVinYtj9SuPveT6DHgRe9Q9Opp_oElW5JWGL7s736VZEJy5rJI6rcLUouw2QWTJXZ8nEg3EYr9cQurH9C8-0HoSZOIg_gUIDRUi&sourceId=460140&p1=4299480
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 03 Jun 2023 19:46:38 GMT
content-type: text/css
last-modified: Mon, 29 May 2023 11:42:01 GMT
etag: W/"64748f89-fa04"
expires: Sat, 03 Jun 2023 19:46:47 GMT
cache-control: max-age=10
pragma: public
cf-cache-status: HIT
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d1a71801c40b51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
creative.xlivrdr.com/LPExperience/images/logo.svg
200 OK 4.7 kB URL GET HTTP/3 creative.xlivrdr.com/LPExperience/images/logo.svg
IP
Requested by https://creative.xlivrdr.com/LPExperience?nonNudeContent=1&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&campaignId=nonnude&memberId=YaPODP3WZdfnm3G525ax1sGSVinYtj9SuPveT6DHgRe9Q9Opp_oElW5JWGL7s736VZEJy5rJI6rcLUouw2QWTJXZ8nEg3EYr9cQurH9C8-0HoSZOIg_gUIDRUi&sourceId=460140&p1=4299480
Certificate IssuerCloudflare, Inc.
Subjectxlivrdr.com
FingerprintDA:D9:AC:E4:B1:E8:44:C4:D9:A4:0E:1B:DF:33:4B:24:74:45:7D:0E
ValidityWed, 03 May 2023 00:00:00 GMT - Wed, 01 May 2024 23:59:59 GMT
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (4663), with no line terminators
Hash b34379a919618d3b0f04357cab722886
80531efba93c2974b2d760796ae74af6f5b6a67a
8a86ed4c381a4c376ac04d698138b78a256fdb4547ef36fd327dbef535e70069
GET /LPExperience/images/logo.svg HTTP/1.1
Host: creative.xlivrdr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://creative.xlivrdr.com/LPExperience?nonNudeContent=1&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&campaignId=nonnude&memberId=YaPODP3WZdfnm3G525ax1sGSVinYtj9SuPveT6DHgRe9Q9Opp_oElW5JWGL7s736VZEJy5rJI6rcLUouw2QWTJXZ8nEg3EYr9cQurH9C8-0HoSZOIg_gUIDRUi&sourceId=460140&p1=4299480
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 03 Jun 2023 19:46:39 GMT
content-type: image/svg+xml
last-modified: Mon, 29 May 2023 11:37:43 GMT
etag: W/"64748e87-122f"
expires: Sat, 03 Jun 2023 19:46:41 GMT
cache-control: max-age=10
pragma: public
cf-cache-status: HIT
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d1a71824fe0b51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
javsub-english.top/wp-admin/admin-access.php
200 OK 2.8 kB URL GET HTTP/2 javsub-english.top/wp-admin/admin-access.php
IP
Requested by https://forza.idescargarapk.com/ts_pro/new-all-sites.php?rd=1685821595&country=no
Certificate IssuercPanel, Inc.
Subjectjavsub-english.top
FingerprintF1:13:48:D5:66:BE:85:19:9F:71:2F:C1:62:0F:A5:52:5C:4A:D6:70
ValidityThu, 18 May 2023 00:00:00 GMT - Wed, 16 Aug 2023 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3081), with no line terminators
Hash 5889bb6ada1ded699d60ef4ebe21e108
593ba338f2bf6855507320c3f53df0944dde3c30
8f7ba43725d436a3a5f5ca2c9a10d6b2fd7e4115703b55ed4c23a71a2d266cce
GET /wp-admin/admin-access.php HTTP/1.1
Host: javsub-english.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
expires: Tue, 03 Jul 2001 06:00:00 GMT
last-modified: Sat, 03 Jun 2023 19:46:37 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0,pre-check=0
pragma: no-cache
content-type: text/html; charset=UTF-8
content-length: 980
content-encoding: br
vary: Accept-Encoding
date: Sat, 03 Jun 2023 19:46:37 GMT
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
creative.xlivrdr.com/LPExperience?nonNudeContent=1&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&campaignId=nonnude&memberId=YaPODP3WZdfnm3G525ax1sGSVinYtj9SuPveT6DHgRe9Q9Opp_oElW5JWGL7s736VZEJy5rJI6rcLUouw2QWTJXZ8nEg3EYr9cQurH9C8-0HoSZOIg_gUIDRUi&sourceId=460140&p1=4299480
200 OK 830 B URL GET HTTP/2 creative.xlivrdr.com/LPExperience?nonNudeContent=1&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&campaignId=nonnude&memberId=YaPODP3WZdfnm3G525ax1sGSVinYtj9SuPveT6DHgRe9Q9Opp_oElW5JWGL7s736VZEJy5rJI6rcLUouw2QWTJXZ8nEg3EYr9cQurH9C8-0HoSZOIg_gUIDRUi&sourceId=460140&p1=4299480
IP
Requested by https://forza.idescargarapk.com/ts_pro/new-all-sites.php?rd=1685821595&country=no
Certificate IssuerCloudflare, Inc.
Subjectxlivrdr.com
FingerprintDA:D9:AC:E4:B1:E8:44:C4:D9:A4:0E:1B:DF:33:4B:24:74:45:7D:0E
ValidityWed, 03 May 2023 00:00:00 GMT - Wed, 01 May 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (896), with no line terminators
Hash 2bca5446d67501c4d4f4f089f96a1b48
7e7da4b6e3077560408aa93e4e232d5283434d5b
cd6ccbc4b42bd4034cbc0bde7014144e645a11748c0581dcca8f169472f0a6b3
GET /LPExperience?nonNudeContent=1&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&campaignId=nonnude&memberId=YaPODP3WZdfnm3G525ax1sGSVinYtj9SuPveT6DHgRe9Q9Opp_oElW5JWGL7s736VZEJy5rJI6rcLUouw2QWTJXZ8nEg3EYr9cQurH9C8-0HoSZOIg_gUIDRUi&sourceId=460140&p1=4299480 HTTP/1.1
Host: creative.xlivrdr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 03 Jun 2023 19:46:38 GMT
content-type: text/html
last-modified: Mon, 29 May 2023 11:37:43 GMT
expires: Sat, 03 Jun 2023 19:46:48 GMT
cache-control: max-age=10
strict-transport-security: max-age=15768000
pragma: public
report-to: { "endpoints":[{ "url": "https://go.stripchat.com/report" }], "group": "default", "max_age": 1048576 }
cf-cache-status: HIT
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d1a717ec9d2b4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
go.xlivrdr.com/config?url=https%3A%2F%2Fcreative.xlivrdr.com%2FLPExperience%3FnonNudeContent%3D1%26userId%3Ded4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e%26campaignId%3Dnonnude%26memberId%3DYaPODP3WZdfnm3G525ax1sGSVinYtj9SuPveT6DHgRe9Q9Opp_oElW5JWGL7s736VZEJy5rJI6rcLUouw2QWTJXZ8nEg3EYr9cQurH9C8-0HoSZOIg_gUIDRUi%26sourceId%3D460140%26p1%3D4299480
200 OK 6.5 kB URL GET HTTP/2 go.xlivrdr.com/config?url=https%3A%2F%2Fcreative.xlivrdr.com%2FLPExperience%3FnonNudeContent%3D1%26userId%3Ded4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e%26campaignId%3Dnonnude%26memberId%3DYaPODP3WZdfnm3G525ax1sGSVinYtj9SuPveT6DHgRe9Q9Opp_oElW5JWGL7s736VZEJy5rJI6rcLUouw2QWTJXZ8nEg3EYr9cQurH9C8-0HoSZOIg_gUIDRUi%26sourceId%3D460140%26p1%3D4299480
IP
Requested by https://creative.xlivrdr.com/LPExperience?nonNudeContent=1&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&campaignId=nonnude&memberId=YaPODP3WZdfnm3G525ax1sGSVinYtj9SuPveT6DHgRe9Q9Opp_oElW5JWGL7s736VZEJy5rJI6rcLUouw2QWTJXZ8nEg3EYr9cQurH9C8-0HoSZOIg_gUIDRUi&sourceId=460140&p1=4299480
Certificate IssuerCloudflare, Inc.
Subjectxlivrdr.com
FingerprintDA:D9:AC:E4:B1:E8:44:C4:D9:A4:0E:1B:DF:33:4B:24:74:45:7D:0E
ValidityWed, 03 May 2023 00:00:00 GMT - Wed, 01 May 2024 23:59:59 GMT
File type ASCII text, with very long lines (8506), with no line terminators
Hash 27d7f473c5031001aa0f0868e0216a3b
fd575c10008c0a17bd20e0e02a1c44cf9bc85d31
709b51506ae45a2a13660bab59a283bc133855aaefda388f72c343c1670dcdae
GET /config?url=https%3A%2F%2Fcreative.xlivrdr.com%2FLPExperience%3FnonNudeContent%3D1%26userId%3Ded4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e%26campaignId%3Dnonnude%26memberId%3DYaPODP3WZdfnm3G525ax1sGSVinYtj9SuPveT6DHgRe9Q9Opp_oElW5JWGL7s736VZEJy5rJI6rcLUouw2QWTJXZ8nEg3EYr9cQurH9C8-0HoSZOIg_gUIDRUi%26sourceId%3D460140%26p1%3D4299480 HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.xlivrdr.com/
Origin: https://creative.xlivrdr.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 03 Jun 2023 19:46:39 GMT
content-type: application/json
access-control-allow-origin: *
last-modified: Sat, 03 Jun 2023 19:46:38 GMT
cf-cache-status: MISS
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d1a718168ae1c0a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
creative.xlivrdr.com/LPExperience/main.7a1f1d29db201df6ba0a.js
200 OK 304 kB URL GET HTTP/3 creative.xlivrdr.com/LPExperience/main.7a1f1d29db201df6ba0a.js
IP
Requested by https://creative.xlivrdr.com/LPExperience?nonNudeContent=1&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&campaignId=nonnude&memberId=YaPODP3WZdfnm3G525ax1sGSVinYtj9SuPveT6DHgRe9Q9Opp_oElW5JWGL7s736VZEJy5rJI6rcLUouw2QWTJXZ8nEg3EYr9cQurH9C8-0HoSZOIg_gUIDRUi&sourceId=460140&p1=4299480
Certificate IssuerCloudflare, Inc.
Subjectxlivrdr.com
FingerprintDA:D9:AC:E4:B1:E8:44:C4:D9:A4:0E:1B:DF:33:4B:24:74:45:7D:0E
ValidityWed, 03 May 2023 00:00:00 GMT - Wed, 01 May 2024 23:59:59 GMT
Size 304 kB (304371 bytes)
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /LPExperience/main.7a1f1d29db201df6ba0a.js HTTP/1.1
Host: creative.xlivrdr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://creative.xlivrdr.com/LPExperience?nonNudeContent=1&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&campaignId=nonnude&memberId=YaPODP3WZdfnm3G525ax1sGSVinYtj9SuPveT6DHgRe9Q9Opp_oElW5JWGL7s736VZEJy5rJI6rcLUouw2QWTJXZ8nEg3EYr9cQurH9C8-0HoSZOIg_gUIDRUi&sourceId=460140&p1=4299480
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 03 Jun 2023 19:46:38 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 29 May 2023 11:42:01 GMT
etag: W/"64748f89-4a4f3"
expires: Sat, 03 Jun 2023 19:46:46 GMT
cache-control: max-age=10
pragma: public
cf-cache-status: HIT
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d1a71801c44b51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
creative.xlivrdr.com/widgets/AgeVerification/lang/en.json
200 OK 3.8 kB URL GET HTTP/3 creative.xlivrdr.com/widgets/AgeVerification/lang/en.json
IP
Requested by https://creative.xlivrdr.com/LPExperience?nonNudeContent=1&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&campaignId=nonnude&memberId=YaPODP3WZdfnm3G525ax1sGSVinYtj9SuPveT6DHgRe9Q9Opp_oElW5JWGL7s736VZEJy5rJI6rcLUouw2QWTJXZ8nEg3EYr9cQurH9C8-0HoSZOIg_gUIDRUi&sourceId=460140&p1=4299480
Certificate IssuerCloudflare, Inc.
Subjectxlivrdr.com
FingerprintDA:D9:AC:E4:B1:E8:44:C4:D9:A4:0E:1B:DF:33:4B:24:74:45:7D:0E
ValidityWed, 03 May 2023 00:00:00 GMT - Wed, 01 May 2024 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (3893), with no line terminators
Hash 439492a182f83d206bc2866395232d07
f6680107d67d58a60979d0cc5e0df445df20f3c5
8cb9b080564a499f7fe089136876d951b70f26d23cbe4fa4078808830b461108
GET /widgets/AgeVerification/lang/en.json HTTP/1.1
Host: creative.xlivrdr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.xlivrdr.com/LPExperience?nonNudeContent=1&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&campaignId=nonnude&memberId=YaPODP3WZdfnm3G525ax1sGSVinYtj9SuPveT6DHgRe9Q9Opp_oElW5JWGL7s736VZEJy5rJI6rcLUouw2QWTJXZ8nEg3EYr9cQurH9C8-0HoSZOIg_gUIDRUi&sourceId=460140&p1=4299480
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 03 Jun 2023 19:46:38 GMT
content-type: application/json
last-modified: Mon, 29 May 2023 11:39:01 GMT
etag: W/"64748ed5-f06"
expires: Sat, 03 Jun 2023 19:46:41 GMT
cache-control: max-age=10
access-control-allow-origin: *
cf-cache-status: HIT
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d1a71814e75b51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
video.hpyrdr.com/models/IreneKasia-nsfw.mp4
206 Partial Content 70 kB URL GET HTTP/2 video.hpyrdr.com/models/IreneKasia-nsfw.mp4
IP
Requested by https://creative.xlivrdr.com/LPExperience?nonNudeContent=1&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&campaignId=nonnude&memberId=YaPODP3WZdfnm3G525ax1sGSVinYtj9SuPveT6DHgRe9Q9Opp_oElW5JWGL7s736VZEJy5rJI6rcLUouw2QWTJXZ8nEg3EYr9cQurH9C8-0HoSZOIg_gUIDRUi&sourceId=460140&p1=4299480
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint91:A1:4C:88:E3:8C:8D:B4:16:FE:1E:CE:4D:BD:74:C4:8B:A1:31:17
ValidityThu, 20 Apr 2023 00:00:00 GMT - Fri, 19 Apr 2024 23:59:59 GMT
File type zlib compressed data\012- data
Hash bd43caa00ac2b2f7db5d3df7babf2215
ee99bee953314bac64d8770606d6a4636a225658
5d2aa69d5dda4689c657961e2ffa949f4963e340af1f05b2c5eaccbc00d64397
GET /models/IreneKasia-nsfw.mp4 HTTP/1.1
Host: video.hpyrdr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=12419072-
DNT: 1
Connection: keep-alive
Referer: https://creative.xlivrdr.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 206 Partial Content
date: Sat, 03 Jun 2023 19:46:39 GMT
content-type: video/mp4
content-length: 70056
x-amz-id-2: Grc8VmMKXljmUH+L0v+oWsCYtX3d2z6vt2lR9MGjTPJdF22Pf2ufpd/cjBsQu/pfzz7MAAA0HBA=
x-amz-request-id: RM11FN4W49JJWRFW
last-modified: Sat, 30 Jan 2021 17:46:34 GMT
etag: "5989bc9a2b94edd57f4756d8ad502fc5"
x-amz-meta-s3cmd-attrs: md5:5989bc9a2b94edd57f4756d8ad502fc5
x-amz-version-id: t6gxKrlZhneUWUZxDjCqHJE.AwCCuEOA
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: HIT
age: 1804
expires: Sat, 03 Jun 2023 21:46:39 GMT
cache-control: public, max-age=7200
content-range: bytes 12419072-12489127/12489128
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d1a71839e0a0b06-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
hentai-zero.com/wp-content/themes/newscard/bh__ts.php
200 OK 2.7 kB URL GET HTTP/2 hentai-zero.com/wp-content/themes/newscard/bh__ts.php
IP
Requested by https://forza.idescargarapk.com/ts_pro/new-all-sites.php?rd=1685821595&country=no
Certificate IssuerGoogle Trust Services LLC
Subjecthentai-zero.com
FingerprintC8:3C:41:A8:F5:E4:2F:FD:C7:7A:88:75:99:DA:86:98:2A:19:83:55
ValidityWed, 31 May 2023 07:34:28 GMT - Tue, 29 Aug 2023 07:34:27 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2891), with no line terminators
Hash 8c4a036ca4d4663f945aaea6953ca570
54c127d94452319045a1914eea38ada1d37ce427
2223588bb79566b83e4a36b120bb4b64dc24dab86be183bad7bc76d19c7ec4fe
GET /wp-content/themes/newscard/bh__ts.php HTTP/1.1
Host: hentai-zero.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 03 Jun 2023 19:46:37 GMT
content-type: text/html; charset=UTF-8
expires: Tue, 03 Jul 2001 06:00:00 GMT
last-modified: Sat, 03 Jun 2023 19:46:36 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0,pre-check=0
pragma: no-cache
vary: Accept-Encoding,User-Agent
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O4mvil4aExNi%2B5VEc9EztYxYFeZU%2Blm0VS%2FeYUboDvYOCGrtFbkj9MUyOhR1X8s8bxiyQhnLAqeP8hNT2d217LCRF0X4R%2BAh8NtXWwvI7FDftsfKPeglj%2Bm8rQMqWbYK7yA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d1a71755c4eb4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
creative.xlivrdr.com/LPExperience/images/avatar@2x.png
200 OK 4.0 kB URL GET HTTP/3 creative.xlivrdr.com/LPExperience/images/avatar@2x.png
IP
Requested by https://creative.xlivrdr.com/LPExperience?nonNudeContent=1&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&campaignId=nonnude&memberId=YaPODP3WZdfnm3G525ax1sGSVinYtj9SuPveT6DHgRe9Q9Opp_oElW5JWGL7s736VZEJy5rJI6rcLUouw2QWTJXZ8nEg3EYr9cQurH9C8-0HoSZOIg_gUIDRUi&sourceId=460140&p1=4299480
Certificate IssuerCloudflare, Inc.
Subjectxlivrdr.com
FingerprintDA:D9:AC:E4:B1:E8:44:C4:D9:A4:0E:1B:DF:33:4B:24:74:45:7D:0E
ValidityWed, 03 May 2023 00:00:00 GMT - Wed, 01 May 2024 23:59:59 GMT
File type PNG image data, 72 x 72, 8-bit colormap, non-interlaced\012- data
Hash 491f7b9badbc15c7678b9a39597233c0
8be67a910ed78fd87131fd12838d422c6fd5a98c
e6f514f2df495d2f35d0fc0d0d5880b3de365c1c902419644b5853dd0cb141cf
GET /LPExperience/images/avatar@2x.png HTTP/1.1
Host: creative.xlivrdr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://creative.xlivrdr.com/LPExperience/main.7a1f1d29db201df6ba0a.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 03 Jun 2023 19:46:39 GMT
content-type: image/png
content-length: 4010
last-modified: Mon, 29 May 2023 11:37:43 GMT
etag: "64748e87-faa"
expires: Sat, 03 Jun 2023 19:46:40 GMT
cache-control: max-age=10
pragma: public
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d1a71824fe2b51e-OSL
alt-svc: h3=":443"; ma=86400
creative.xlivrdr.com/LPExperience/core.67310e10f78df9828ec2.js
200 OK 2.8 kB URL GET HTTP/3 creative.xlivrdr.com/LPExperience/core.67310e10f78df9828ec2.js
IP
Requested by https://creative.xlivrdr.com/LPExperience?nonNudeContent=1&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&campaignId=nonnude&memberId=YaPODP3WZdfnm3G525ax1sGSVinYtj9SuPveT6DHgRe9Q9Opp_oElW5JWGL7s736VZEJy5rJI6rcLUouw2QWTJXZ8nEg3EYr9cQurH9C8-0HoSZOIg_gUIDRUi&sourceId=460140&p1=4299480
Certificate IssuerCloudflare, Inc.
Subjectxlivrdr.com
FingerprintDA:D9:AC:E4:B1:E8:44:C4:D9:A4:0E:1B:DF:33:4B:24:74:45:7D:0E
ValidityWed, 03 May 2023 00:00:00 GMT - Wed, 01 May 2024 23:59:59 GMT
File type ASCII text, with very long lines (2839), with no line terminators
Hash a472b820167af9787772320b71946f1d
bf6df7bf192ce5623151346c79f2d04fec8d82b5
619f1271854c24ea74f6c11d23d87998a0b4ec5235abec76b5e6fc7e4926b175
GET /LPExperience/core.67310e10f78df9828ec2.js HTTP/1.1
Host: creative.xlivrdr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://creative.xlivrdr.com/LPExperience?nonNudeContent=1&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&campaignId=nonnude&memberId=YaPODP3WZdfnm3G525ax1sGSVinYtj9SuPveT6DHgRe9Q9Opp_oElW5JWGL7s736VZEJy5rJI6rcLUouw2QWTJXZ8nEg3EYr9cQurH9C8-0HoSZOIg_gUIDRUi&sourceId=460140&p1=4299480
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 03 Jun 2023 19:46:39 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 29 May 2023 11:42:01 GMT
etag: W/"64748f89-acd"
expires: Sat, 03 Jun 2023 19:46:41 GMT
cache-control: max-age=10
pragma: public
cf-cache-status: HIT
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d1a7181ff6fb51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
forza.idescargarapk.com/favicon.ico
404 Not Found 708 B URL GET HTTP/3 forza.idescargarapk.com/favicon.ico
IP
Requested by https://forza.idescargarapk.com/ts_pro/new-all-sites.php?rd=1685821595&country=no
Certificate IssuerGoogle Trust Services LLC
Subjectidescargarapk.com
Fingerprint52:B5:84:FE:6A:13:46:75:02:34:B3:33:43:A2:C5:F7:49:86:2F:05
ValiditySat, 06 May 2023 21:38:55 GMT - Fri, 04 Aug 2023 21:38:54 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (739), with no line terminators
Hash 9a088ded79e56cc72e737869c04f755f
1431a084bae06f9a31fc4f1f9c87887be8f64b2d
768cb8655c2f2a1c7d68551a7e858fe3f13e2101172c4898638a2240b5b25ad2
GET /favicon.ico HTTP/1.1
Host: forza.idescargarapk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=db8f3ac18ce125e748625cf5c7fbfad9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 404 Not Found
date: Sat, 03 Jun 2023 19:46:37 GMT
content-type: text/html
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
vary: User-Agent, Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W0lsWQosIR1krKYSfcOwyuxJcdnDLgGR5ZokA695r8JXSIFFFNQfiamfjhsS7kJ7MK6JFw0YOzqJaYPLME6naSuVpmuzhRi0%2Bfe41CEQ7nlr7Z%2BLZcqlKpMEGjlfhdsLyTZoz7nyvomFnw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d1a71753e880b3d-OSL
content-encoding: gzip
forza.idescargarapk.com/ts_tyler/animeflips.com.php
200 OK 4.3 kB URL GET HTTP/3 forza.idescargarapk.com/ts_tyler/animeflips.com.php
IP
Requested by https://forza.idescargarapk.com/ts_pro/new-all-sites.php?rd=1685821595&country=no
Certificate IssuerGoogle Trust Services LLC
Subjectidescargarapk.com
Fingerprint52:B5:84:FE:6A:13:46:75:02:34:B3:33:43:A2:C5:F7:49:86:2F:05
ValiditySat, 06 May 2023 21:38:55 GMT - Fri, 04 Aug 2023 21:38:54 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4697), with no line terminators
Hash 4abc68b8e960ead3bf11f0bba1ee2006
3309427cf45580d75a0275d21e68a6cb7fd051d5
f034846c97e76c579a2aa5ab8ad239fbe4077f145ac55da47432aba3fb5f73b1
GET /ts_tyler/animeflips.com.php HTTP/1.1
Host: forza.idescargarapk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=db8f3ac18ce125e748625cf5c7fbfad9
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 03 Jun 2023 19:46:37 GMT
content-type: text/html; charset=UTF-8
expires: Tue, 03 Jul 2001 06:00:00 GMT
last-modified: Sat, 03 Jun 2023 19:46:36 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0,pre-check=0
pragma: no-cache
vary: Accept-Encoding,User-Agent
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4oVYfoittqf62tNL6KKZjV83JNz6wB6d%2FeXKcIZX7D%2BbyDQZlQatzwv728y4QoJUVcfjKrOPrpTE7S251Zqew7lKfsU60rTWgJ1bZx0TMr0e%2FDr0JeFPqQqD6k4e2GXK%2BeC2%2FRDwzrMnqQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d1a71753e8a0b3d-OSL
content-encoding: gzip
forza.idescargarapk.com/ts_pro/new-all-sites.php?rd=1685821595&country=no
200 OK 5.5 kB URL User Request GET HTTP/3 forza.idescargarapk.com/ts_pro/new-all-sites.php?rd=1685821595&country=no
IP
Certificate IssuerGoogle Trust Services LLC
Subjectidescargarapk.com
Fingerprint52:B5:84:FE:6A:13:46:75:02:34:B3:33:43:A2:C5:F7:49:86:2F:05
ValiditySat, 06 May 2023 21:38:55 GMT - Fri, 04 Aug 2023 21:38:54 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (5875), with no line terminators
Hash 99687dc6d0da61ce4aa62a467c8df04d
84c9035959b316c639808318c366b67555becd61
d3a5f599effcd7da7625b8392e2647da4284beb6dbf44bb79c935e4a1d8e49f8
GET /ts_pro/new-all-sites.php?rd=1685821595&country=no HTTP/1.1
Host: forza.idescargarapk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=db8f3ac18ce125e748625cf5c7fbfad9
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 03 Jun 2023 19:46:36 GMT
content-type: text/html; charset=UTF-8
expires: Tue, 03 Jul 2001 06:00:00 GMT
last-modified: Sat, 03 Jun 2023 19:46:35 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0,pre-check=0
pragma: no-cache
vary: Accept-Encoding,User-Agent
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1SRhLlRaVtFjsl3G7dEpEUryxAepr%2BfpbzifVinrjXZ7qyKtTaSaVvUr%2BUswjrLTtKfQ2cvIK%2FeVmvOnJTeo38136VQ2EAnlARguEIYdCOVwmLPa3yZfo6kfL8%2FzzKcZAFILx9v9xgu5CA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d1a71724b420b3d-OSL
content-encoding: gzip
creative.xlivrdr.com/LPExperience/lang/en.json
200 OK 3.8 kB URL GET HTTP/3 creative.xlivrdr.com/LPExperience/lang/en.json
IP
Requested by https://creative.xlivrdr.com/LPExperience?nonNudeContent=1&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&campaignId=nonnude&memberId=YaPODP3WZdfnm3G525ax1sGSVinYtj9SuPveT6DHgRe9Q9Opp_oElW5JWGL7s736VZEJy5rJI6rcLUouw2QWTJXZ8nEg3EYr9cQurH9C8-0HoSZOIg_gUIDRUi&sourceId=460140&p1=4299480
Certificate IssuerCloudflare, Inc.
Subjectxlivrdr.com
FingerprintDA:D9:AC:E4:B1:E8:44:C4:D9:A4:0E:1B:DF:33:4B:24:74:45:7D:0E
ValidityWed, 03 May 2023 00:00:00 GMT - Wed, 01 May 2024 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (4001), with no line terminators
Hash 411e7ac383ad7c4e6a8e93b28eafae61
e48ca8fc1e609ab5f79fc89187a7c596e03a2155
2c621fc0583f231de2967d6767af0625066d7486918717a1d5b560df9fe1ebb7
GET /LPExperience/lang/en.json HTTP/1.1
Host: creative.xlivrdr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.xlivrdr.com/LPExperience?nonNudeContent=1&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&campaignId=nonnude&memberId=YaPODP3WZdfnm3G525ax1sGSVinYtj9SuPveT6DHgRe9Q9Opp_oElW5JWGL7s736VZEJy5rJI6rcLUouw2QWTJXZ8nEg3EYr9cQurH9C8-0HoSZOIg_gUIDRUi&sourceId=460140&p1=4299480
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 03 Jun 2023 19:46:38 GMT
content-type: application/json
last-modified: Mon, 29 May 2023 11:37:43 GMT
etag: W/"64748e87-eca"
expires: Sat, 03 Jun 2023 19:46:43 GMT
cache-control: max-age=10
pragma: public
cf-cache-status: HIT
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d1a71814e74b51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
video.hpyrdr.com/models/IreneKasia-nsfw.mp4
206 Partial Content 1.6 MB URL GET HTTP/2 video.hpyrdr.com/models/IreneKasia-nsfw.mp4
IP
Requested by https://creative.xlivrdr.com/LPExperience?nonNudeContent=1&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&campaignId=nonnude&memberId=YaPODP3WZdfnm3G525ax1sGSVinYtj9SuPveT6DHgRe9Q9Opp_oElW5JWGL7s736VZEJy5rJI6rcLUouw2QWTJXZ8nEg3EYr9cQurH9C8-0HoSZOIg_gUIDRUi&sourceId=460140&p1=4299480
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint91:A1:4C:88:E3:8C:8D:B4:16:FE:1E:CE:4D:BD:74:C4:8B:A1:31:17
ValidityThu, 20 Apr 2023 00:00:00 GMT - Fri, 19 Apr 2024 23:59:59 GMT
Size 1.6 MB (1572864 bytes)
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /models/IreneKasia-nsfw.mp4 HTTP/1.1
Host: video.hpyrdr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://creative.xlivrdr.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 206 Partial Content
date: Sat, 03 Jun 2023 19:46:39 GMT
content-type: video/mp4
content-length: 12489128
x-amz-id-2: Grc8VmMKXljmUH+L0v+oWsCYtX3d2z6vt2lR9MGjTPJdF22Pf2ufpd/cjBsQu/pfzz7MAAA0HBA=
x-amz-request-id: RM11FN4W49JJWRFW
last-modified: Sat, 30 Jan 2021 17:46:34 GMT
etag: "5989bc9a2b94edd57f4756d8ad502fc5"
x-amz-meta-s3cmd-attrs: md5:5989bc9a2b94edd57f4756d8ad502fc5
x-amz-version-id: t6gxKrlZhneUWUZxDjCqHJE.AwCCuEOA
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: HIT
age: 1804
expires: Sat, 03 Jun 2023 21:46:39 GMT
cache-control: public, max-age=7200
content-range: bytes 0-12489127/12489128
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d1a7182cadc0b49-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
79.98.26.41
104.18.51.106
216.246.46.85
139.45.195.8
188.114.97.1
95.101.11.42
136.243.80.153