Report - mtav.art/vod/detail/id/7952/

Report Overview

Visited public
2023-08-26 16:27:54
Tags
URL
mtav.art/vod/detail/id/7952/
Finishing URL
mtav.art/vod/detail/id/7952/
IP / ASN
172.67.206.72
#13335 CLOUDFLARENET
Title
果冻传媒91CM-190少女的悔悟-潘甜甜在线看 - 蜜桃视频 mtav.art

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
go.eabids.com	58057	2021-03-08	2021-03-12 15:49:46	2023-08-25 08:39:43	526 B	1.5 kB	217.22.19.194
u3y8v8u4.aucdn.net	unknown	2022-06-27	2022-08-08 15:30:47	2023-08-26 14:33:49	503 B	3.5 MB	185.76.9.19
i.bngprm.com	unknown	2022-11-07	2022-11-11 00:27:29	2023-08-25 01:53:08	434 B	76 kB	64.210.135.150
syndication.realsrv.com	9112	2019-02-07	2019-07-03 23:39:52	2023-08-26 10:08:39	1.5 kB	7.9 kB	95.211.229.248
ndroip.com	195406	2020-10-13	2020-10-13 13:55:32	2023-08-12 10:53:13	454 B	12 kB	188.114.96.1
s3t3d2y8.afcdn.net	unknown	2022-06-27	2022-08-09 00:22:56	2023-08-26 09:57:43	1.4 kB	46 kB	185.76.9.19
imageproxy.pimg.tw	178030	2008-11-03	2012-11-15 20:01:06	2023-07-22 13:39:33	4.3 kB	234 kB	168.95.246.1
cloudflare.com	342	2009-02-17	2012-05-22 15:19:15	2023-08-25 16:27:53	393 B	587 B	104.16.133.229
s.magsrv.com	unknown	2023-08-01	2023-08-04 14:48:00	2023-08-26 13:30:26	6.7 kB	10 kB	95.211.229.245
a.pemsrv.com	unknown	2023-08-01	2023-08-05 14:08:36	2023-08-25 14:13:02	369 B	42 kB	205.185.216.42
ocsp.usertrust.com	899	1997-12-05	2012-05-21 17:43:18	2023-08-26 05:22:33	2.3 kB	7.1 kB	104.18.15.101
bngpt.com	39180	2020-03-18	2017-02-01 06:03:52	2023-08-25 08:39:42	765 B	741 B	94.199.255.192
video.ktkjmp.com	23778	2020-08-07	2020-10-02 10:52:19	2023-08-26 14:17:50	906 B	2.0 kB	104.18.48.21
img.strpst.com	12993	2021-05-31	2021-06-03 10:45:56	2023-08-26 14:17:48	4.6 kB	144 kB	104.18.63.124
xhamster.com	9737	2007-04-02	2012-05-21 18:40:28	2023-08-26 04:33:40	432 B	722 B	104.18.184.10
a.magsrv.com	unknown	2023-08-01	2023-08-04 18:18:00	2023-08-26 13:30:25	15 kB	196 kB	205.185.216.10
s.pemsrv.com	unknown	2023-08-01	2023-08-04 15:10:46	2023-08-26 08:28:16	385 B	282 B	95.211.229.248
go.xlivrdr.com	unknown	2021-06-22	2021-07-02 12:51:24	2023-08-26 17:59:19	11 kB	45 kB	104.18.51.106
creative.xlivrdr.com	unknown	2021-06-22	2021-07-02 12:51:24	2023-08-26 14:17:49	5.6 kB	416 kB	104.18.51.106
strp.chat	unknown	2018-12-17	2019-12-09 16:12:35	2023-08-24 18:53:33	421 B	446 B	104.18.63.126
qcsuoq.com	unknown	2023-03-03	2023-03-08 14:07:55	2023-08-25 04:23:56	550 B	606 B	185.162.85.1
mtav.art	unknown	2021-05-23	2021-05-23 19:00:29	2023-08-25 12:21:07	5.9 kB	686 kB	172.67.206.72

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-08-26	medium	qcsuoq.com	Sinkholed

ThreatFox

Scan Date	Severity	Indicator	Alert
2023-08-22	medium	cloudflare.com	IcedID

JavaScript (35)

	URL	From	Size	First Seen	Last Seen
	mtav.art/vod/detail/id/7952/	ScriptElement	453 B	2024-08-21	2024-08-21
Pretty URL mtav.art/vod/detail/id/7952/ IP 172.67.206.72 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-21 08:01 Last Seen2024-08-21 08:01 Times Seen1 Hash 44ef3de6509cabb1cf46da758f9d9fbe dad7c55461b03a5b8e32039f4655697a627a181a abc769491c4d86be16995307fdc4d5fd3c62ac9dac9c466d30c999c4845aa6c1 Loading...

	a.pemsrv.com/popunder1000.js	ScriptElement	98 kB	2023-08-16	2023-10-03
Pretty URL a.pemsrv.com/popunder1000.js IP 205.185.216.42 ASN #20446 STACKPATH-CDN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-16 10:14 Last Seen2023-10-03 03:58 Times Seen118 Hash fa1e1a8d08a00197de324d77142e35f9 6462861dac2e776aab8135261405188eb9b44128 901abe1a34628ce8a21c45de35a2c027372acf475573c4c34c18572417c16d46 Loading...

	a.magsrv.com/build-iframe-js-url.js?idzone=4293146	ScriptElement	759 B	2023-08-26	2023-08-26
Pretty URL a.magsrv.com/build-iframe-js-url.js?idzone=4293146 IP 205.185.216.10 ASN #20446 STACKPATH-CDN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-26 18:27 Last Seen2023-08-26 18:27 Times Seen1 Hash 13a04dec8d0215231e40253e5dfd82a1 17b60d80d1ec8af1a814fb16098b1b495e545b0d 093f2f1edddf30fe06667a65635efc12b9eb0b854f47c2e107a5f810b1958ce0 Loading...

	creative.xlivrdr.com/widgets/v4/Universal/main.15dd808dd5b090c798f7.js	ScriptElement	279 kB	2023-08-25	2024-08-21
Pretty URL creative.xlivrdr.com/widgets/v4/Universal/main.15dd808dd5b090c798f7.js IP 104.18.51.106 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-25 09:33 Last Seen2024-08-21 08:08 Times Seen33 Hash 70b8140806d070f102152c8378a47c69 7dafafa93ed13a3a9c905ea0f8673735cbc14005 ae246067919b0ebe10514f949739b500159cd1f988078a77dfa50e4b64965004 Loading...

	unknown	DomTimer	125 B	2024-08-21	2024-08-21
Pretty Introduced by domTimer Embedded in HTML false Observations First Seen2024-08-21 08:01 Last Seen2024-08-21 08:01 Times Seen1 Hash eda4ea320625313da33f8da72606cd47 693f1121688fa17e97b6aef1e3cc755841404632 8c2c42e3e9dd151a8789fc4ba3c40b283dc1f32718e07560beaf8f51427d5255 Loading...

	mtav.art/vod/detail/id/7952/	ScriptElement	564 B	2024-08-21	2024-08-21
Pretty URL mtav.art/vod/detail/id/7952/ IP 172.67.206.72 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-21 08:01 Last Seen2024-08-21 08:01 Times Seen1 Hash 0b92f6db723daa41c0c4e7ee5af52405 a330ecfaf2e59eff778209f3b918da7d16b09c8b e536198db4ca750f79476561706a7b3326f9e5381b41fcf5dcbadef3ca524db9 Loading...

	ndroip.com/na/waWQiOjEwMzUxOTEsInNpZCI6MTA5NjkwOSwid2lkIjoyMDA2MTcsInNyYyI6Mn0=eyJ.js	ScriptElement	33 kB	2023-08-26	2023-08-26
Pretty URL ndroip.com/na/waWQiOjEwMzUxOTEsInNpZCI6MTA5NjkwOSwid2lkIjoyMDA2MTcsInNyYyI6Mn0=eyJ.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-26 18:27 Last Seen2023-08-26 18:27 Times Seen1 Hash 5ddc58c9887a4c3a659d2a4669f36c82 41212b3b4622cdf01dc0ce0ba430a52b270586ad 9b9f3e2c2a847d9051003082031250bbb98b9f9c5065f146540eccf2cf6e2f96 Loading...

	a.magsrv.com/ad-provider.js	ScriptElement	106 kB	2023-08-15	2023-08-29
Pretty URL a.magsrv.com/ad-provider.js IP 205.185.216.10 ASN #20446 STACKPATH-CDN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-15 14:46 Last Seen2023-08-29 01:46 Times Seen90 Hash 5ec20cab0e7ec92ed77f1fd3f5e8e4cb cd122e719e2826da4fb812c8bb16088219ad5d96 372905c2867757ac6dd123c08e1157967265587ceefa623439a4ac4d44d0421c Loading...

	bngpt.com/promo.php?c=688955&subid=2\|159343\|186907237\|no\|112022\|40568594\|5215801\|1\|0\|10\|50304\|,,,,,\|4\|0\|0\|1,2,6\|0\|0\|en\|3\|91.90.42.154\|0\|0\|0\|0\|3143242&subid2=186907237&type=banner&size=300x250&name=st_true;st_dali;st_random_all;on_off;st_x2;double2;how_long;st-double-penetration	ScriptElement	577 B	2023-03-08	2025-03-09
Pretty URL bngpt.com/promo.php?c=688955&subid=2\|159343\|186907237\|no\|112022\|40568594\|5215801\|1\|0\|10\|50304\|,,,,,\|4\|0\|0\|1,2,6\|0\|0\|en\|3\|91.90.42.154\|0\|0\|0\|0\|3143242&subid2=186907237&type=banner&size=300x250&name=st_true;st_dali;st_random_all;on_off;st_x2;double2;how_long;st-double-penetration IP 94.199.255.192 ASN #48684 Viking Host B.V. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 16:35 Last Seen2025-03-09 15:27 Times Seen165 Hash 00c40a4f34da9eda5c49578b5cb2f3f1 6674561cb89ee1381dbda30eb8a28ab44c5391ff 40ca2112a8451daa91973acd815b7d1b91396b13b43433ed6e166a06a256e5ed Loading...

	mtav.art/template/mtav/cssjs/sweetalert2.min.js?ver=8.7.1	ScriptElement	38 kB	2023-03-07	2025-04-15
Pretty URL mtav.art/template/mtav/cssjs/sweetalert2.min.js?ver=8.7.1 IP 172.67.206.72 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:58 Last Seen2025-04-15 03:52 Times Seen46 Hash 572cf28ce79ee54513d9c68b6eddcec2 f9e7e1ca01ed799d37fb35cbfbbb3d7660f0b8fe c3e7025c1ceb9675c8a010ef167ac90799e31638647bb43399e9242a498986f7 Loading...

	mtav.art/vod/detail/id/7952/	ScriptElement	473 B	2024-08-21	2024-08-21
Pretty URL mtav.art/vod/detail/id/7952/ IP 172.67.206.72 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-21 08:01 Last Seen2024-08-21 08:01 Times Seen1 Hash c8a29459393f967cc1ea78ca40cc7e92 2fc446fd0c47503069e8503b22dac355ffef972c dc2ab651fa04867cab0928f4bfa9314ff27b8f4915a9705a9e7310c314486bc6 Loading...

	unknown	Function	37 B	2023-04-11	2025-05-10
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:31 Last Seen2025-05-10 03:48 Times Seen263451 Hash 29d0c84b9d1d8da446a6062c6a840ad9 6d6b3a6065667c7c50d92f3889c85ed65a9ad784 3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1 Loading...

	a.magsrv.com/build-iframe-js-url.js?idzone=4293144	ScriptElement	759 B	2023-08-26	2023-08-26
Pretty URL a.magsrv.com/build-iframe-js-url.js?idzone=4293144 IP 205.185.216.10 ASN #20446 STACKPATH-CDN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-26 18:27 Last Seen2023-08-26 18:27 Times Seen1 Hash 211515c7df504ceddb25aa13a4bd550f 5960f73af54f88c3604fa4bcd1470a72ab18654c 1e20030e258040ff83918c0c8cf5d2549362553bebd3d7a3a3e5911d95c4de0c Loading...

	mtav.art/vod/detail/id/7952/	ScriptElement	487 B	2024-08-21	2024-08-21
Pretty URL mtav.art/vod/detail/id/7952/ IP 172.67.206.72 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-21 08:01 Last Seen2024-08-21 08:01 Times Seen1 Hash b72af271bb1ab88bcbae80390c38c2d1 aea11d2f553cac8ac87112a37e11517fe0dee127 53b2f62764dad6d074ef189e2e96dd0c292b5a53d929146529eda84a0cfb7585 Loading...

	mtav.art/vod/detail/id/7952/	ScriptElement	207 B	2024-08-21	2024-08-21
Pretty URL mtav.art/vod/detail/id/7952/ IP 172.67.206.72 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-21 08:01 Last Seen2024-08-21 08:01 Times Seen1 Hash 28dd5cc33b2a6a81ea578c46126140c0 c08f761d31c68c28d42df09f0798e9061240ccad 70a14b902d8f686de11df96ab3dd24c6b82a1a0b2b4573dbbdcb9a38d927c5fc Loading...

	mtav.art/template/mtav/cssjs/app.js?ver=8.7.1	ScriptElement	31 kB	2023-03-08	2025-01-22
Pretty URL mtav.art/template/mtav/cssjs/app.js?ver=8.7.1 IP 172.67.206.72 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 04:54 Last Seen2025-01-22 23:00 Times Seen22 Hash 3d63ae9fc20c9541c081782157cba6ee e3075d0d6d050436fdea697e2f306eed62a3a62f 5bf585b78ead3ab2250a673d385e6f7d018751e422cb5c3a37a1519fc530d249 Loading...

	a.magsrv.com/video-outstream.js	ScriptElement	43 kB	2023-08-26	2024-08-21
Pretty URL a.magsrv.com/video-outstream.js IP 205.185.216.10 ASN #20446 STACKPATH-CDN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-26 18:27 Last Seen2024-08-21 08:01 Times Seen29 Hash 7b9562f0cb4fff397ec5e01685c9ebdd 4354883264211534671be7c5eaa39fac49ba2044 d822e9e7c43abefa5982bc00e096130eaa23cd4575e26374aff1f8a2dcfb94c6 Loading...

	mtav.art/vod/detail/id/7952/	ScriptElement	800 B	2024-08-21	2024-08-21
Pretty URL mtav.art/vod/detail/id/7952/ IP 172.67.206.72 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-21 08:01 Last Seen2024-08-21 08:01 Times Seen1 Hash 7d7751ad259f2dc1eeb336056690e7b0 d7c5cd3da91c2d4ee4884b7fe4aaa0fb8eaeca79 af2c9f3316f74dd2c8253d2a532337ffbd0e56ef8de30d4b742174b40c8128b7 Loading...

	mtav.art/vod/detail/id/7952/	ScriptElement	232 B	2024-08-21	2024-08-21
Pretty URL mtav.art/vod/detail/id/7952/ IP 172.67.206.72 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-21 08:01 Last Seen2024-08-21 08:01 Times Seen1 Hash 01cf273c4b8f26753509698994a292e8 7b5c4853a2fc14a939a0d907ad126d05ec6a3459 94606bb2cd4683fddbd3bcf9472f9d07d457a5ace6b79053d3ac216a0f0cf115 Loading...

	mtav.art/vod/detail/id/7952/	ScriptElement	456 B	2024-08-21	2024-08-21
Pretty URL mtav.art/vod/detail/id/7952/ IP 172.67.206.72 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-21 08:01 Last Seen2024-08-21 08:01 Times Seen1 Hash e88007862c9d4b05536b5ccb1416b3de 6b79ccdfb2dc660bf7f55d816486027e0ceaf973 a86aa7e376dd06ec3a65d458bcaa880fadb7c2515b36eb925ab79cac955e5c9e Loading...

	a.magsrv.com/build-iframe-js-url.js?idzone=4293714	ScriptElement	759 B	2023-08-26	2023-08-26
Pretty URL a.magsrv.com/build-iframe-js-url.js?idzone=4293714 IP 205.185.216.10 ASN #20446 STACKPATH-CDN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-26 18:27 Last Seen2023-08-26 18:27 Times Seen1 Hash e62c1653ca5400b97db8c080f271cc65 46d5b3cc94259376219c3e88fb744ec19e0eed79 fa49b1624ab4e90466404b6e743106a4d397db4ae2b01e8c27f829b2754be4ce Loading...

	syndication.realsrv.com/splash.php?idzone=4293152&capping=0	ScriptElement	7.0 kB	2023-08-26	2023-08-26
Pretty URL syndication.realsrv.com/splash.php?idzone=4293152&capping=0 IP 95.211.229.248 ASN #60781 LeaseWeb Netherlands B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-26 18:27 Last Seen2023-08-26 18:27 Times Seen1 Hash 2e6d08a73acd43dc6bcc42329a078b87 eb9cdaf4daa8ffee9646a47bc72c8ec5eda04962 1c4c86ea27168862a5b7a4d277a3efebb228860e12399c1440916acc5e7f1637 Loading...

	a.magsrv.com/iframe.js?idzone=4293714&size=728x90	ScriptElement	2.2 kB	2023-08-26	2023-08-26
Pretty URL a.magsrv.com/iframe.js?idzone=4293714&size=728x90 IP 205.185.216.10 ASN #20446 STACKPATH-CDN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-26 18:27 Last Seen2023-08-26 18:27 Times Seen1 Hash e3818c5ea34611b5aff523fc1df4c2fe 641d75106ba98b1f1143cb216583ead1423c4118 97d50979a883de3faf763d4e8dc91bd54b77f8a386b3396e6b77062c036ed859 Loading...

	a.magsrv.com/iframe.js?idzone=4293146&size=300x100	ScriptElement	2.2 kB	2023-08-26	2023-08-26
Pretty URL a.magsrv.com/iframe.js?idzone=4293146&size=300x100 IP 205.185.216.10 ASN #20446 STACKPATH-CDN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-26 18:27 Last Seen2023-08-26 18:27 Times Seen1 Hash 4891b04b5533c7de8881c6e2b70ccde8 68135747bb0b8c53362e26760d46cdf95ed243fb 5566143cad6ea85d4a8a4588a50822463ef074770df4eb800277141bc9d08ce3 Loading...

	mtav.art/template/mtav/cssjs/jquery-2.2.4.min.js?ver=2.2.4	ScriptElement	86 kB	2023-03-07	2025-05-10
Pretty URL mtav.art/template/mtav/cssjs/jquery-2.2.4.min.js?ver=2.2.4 IP 172.67.206.72 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-10 03:48 Times Seen173967 Hash 2f6b11a7e914718e0290410e85366fe9 69bb69e25ca7d5ef0935317584e6153f3fd9a88c 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e Loading...

	mtav.art/template/mtav/cssjs/plugins.js?ver=8.7.1	ScriptElement	121 kB	2023-03-10	2025-01-22
Pretty URL mtav.art/template/mtav/cssjs/plugins.js?ver=8.7.1 IP 172.67.206.72 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 05:15 Last Seen2025-01-22 23:00 Times Seen24 Hash 46c5791f93409c307202fd01b1f31225 2685e8e56598067779dff62f4b76e3fbbacb30cd b008df59056aa7243407183dc8bf29c6dcff6a5f99696114b31495363a43a599 Loading...

	unknown	ScriptElement	134 B	2023-03-07	2025-05-09
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-09 23:20 Times Seen5777 Hash 41eece0da217398b6f4d4ee2f01b6245 72f2098b0520b07dd3c6874646c920a3d367a4e2 62bba8c2295a14bb2d007a3f7f8730fd10cef7348a6474f3f832c99ca6795d35 Loading...

	a.magsrv.com/iframe.js?idzone=4293144&size=300x250	ScriptElement	2.2 kB	2023-08-26	2023-08-26
Pretty URL a.magsrv.com/iframe.js?idzone=4293144&size=300x250 IP 205.185.216.10 ASN #20446 STACKPATH-CDN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-26 18:27 Last Seen2023-08-26 18:27 Times Seen1 Hash d57243b1d6e78295c18e45af5018c95f d51f83042afb37fa5927233541a55e92ac75a71d 8e80808f8a1845a0c74fda169e4677899f3e600dba0fa1f9161c219446131c61 Loading...

	mtav.art/template/ex.js?2023	ScriptElement	9.6 kB	2024-08-21	2024-08-21
Pretty URL mtav.art/template/ex.js?2023 IP 172.67.206.72 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-21 08:01 Last Seen2024-08-21 08:01 Times Seen1 Hash 5d39189e735500723845d1a8e8abfd3e 5597f78eca059f9203f662185157cd8c1896b2cc 69f028668cad8c67fa84208267351724038dacb989730eb4d5b4ac664103852c Loading...

		Size	First Seen	Last Seen
	#1 Write - c15c8fd0d324fbc9c4ae154c2a37a237	191 B	2024-08-21 08:01	2024-08-21 08:01
Pretty Observations First Seen2024-08-21 08:01 Last Seen2024-08-21 08:01 Times Seen1 Hash c15c8fd0d324fbc9c4ae154c2a37a237 f437b9bf425519751c5e25e0a6c03e894a465d03 b4fc696507d91bc2a030ef12ad180c62ca87a5d1177041506a0f42d4badb3987 Loading...

	#2 Write - 22a1f3ee07910030099063eab5e4cc14	121 B	2024-08-21 08:01	2024-08-21 08:01
Pretty Observations First Seen2024-08-21 08:01 Last Seen2024-08-21 08:01 Times Seen1 Hash 22a1f3ee07910030099063eab5e4cc14 d0d4f2c4b2d8b373ca29433b9241775007ab949d 42732006f185f76a6eff1e0de767c907ab88fd3b79b77b31f7e131482e167441 Loading...

	#3 Write - 8bdbc4a5306838de828c0aa7c188591a	462 B	2024-08-21 08:01	2024-08-21 08:01
Pretty Observations First Seen2024-08-21 08:01 Last Seen2024-08-21 08:01 Times Seen1 Hash 8bdbc4a5306838de828c0aa7c188591a 099a3e82b14f82f01db0c04ac02b5fcc658635ee 4920401198caa81f5944b382e91671051da8299f1bc785b923b83268ede5356b Loading...

	#4 Write - 782d7db7dee58a0579c3bcff3d79ee97	550 B	2024-08-21 08:01	2024-08-21 08:01
Pretty Observations First Seen2024-08-21 08:01 Last Seen2024-08-21 08:01 Times Seen1 Hash 782d7db7dee58a0579c3bcff3d79ee97 9db11789bec7fa56124294150ea945488826c13b 67c6bbcf59389ac06fb7ebe18dc328b6bb777c8e63ab07c5e0f4d45351aeb0b0 Loading...

	#5 Write - d842e4d1a454f38fc51e4940fb111ad9	164 B	2024-08-21 08:01	2024-08-21 08:01
Pretty Observations First Seen2024-08-21 08:01 Last Seen2024-08-21 08:01 Times Seen1 Hash d842e4d1a454f38fc51e4940fb111ad9 801d194dd198f849fa9b07ad77af17de27b58f5c 58d869c09fc124e67268ae63b3d093fb7cb6c264b3dcffdc7c0437d651c7691a Loading...

	#6 Write - cab57c30c5d19a216ba2d3582562fe35	187 B	2024-08-21 08:01	2024-08-21 08:01
Pretty Observations First Seen2024-08-21 08:01 Last Seen2024-08-21 08:01 Times Seen1 Hash cab57c30c5d19a216ba2d3582562fe35 e3c0983db61d7aefdd5392df23f499a7de89257a 65948222dfeaa8728bbad55cd0e53fdcb893d324a46d432601f7e8b78fd219c2 Loading...

HTTP Transactions (102)

URL IP Response Size

mtav.art/template/mtav/logo.png

172.67.206.72

200 OK

8.1 kB

URL GET HTTP/3
mtav.art/template/mtav/logo.png
IP
172.67.206.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mtav.art/vod/detail/id/7952/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint03:F2:D9:68:6E:B2:82:DB:76:D4:74:F7:7C:46:8E:49:FB:E0:96:45
ValidityThu, 23 Mar 2023 00:00:00 GMT - Fri, 22 Mar 2024 23:59:59 GMT

File type
PNG image data, 200 x 60, 8-bit/color RGBA, non-interlaced\012- data
Size
8.1 kB (8082 bytes)
Hash
4750baa6e2036d487cd7a58fec36a78d
dd7667460eda61bb9a2ba61ac46004b642e61cc2
64748a63277993009166482d2959f04072864b1d58ea32482dc168146e33203d

HTTP Headers

GET /template/mtav/logo.png HTTP/1.1
Host: mtav.art
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mtav.art/vod/detail/id/7952/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 26 Aug 2023 16:27:34 GMT
content-type: image/png
content-length: 8082
last-modified: Sun, 23 May 2021 23:07:06 GMT
etag: "60aae01a-1f92"
expires: Tue, 12 Sep 2023 17:07:22 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 1120812
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FWFh0nRMWx2L847Xtieyu2CdeLiaqGhtUW0%2BLXlMMbi%2Bcqzx3TRAReEPLbZZ0EbBWtqYYQSNBDuWW2bm%2FRkU6InlPih1Pw4JdA%2FUt8jpIEjIP7G7%2Bfsl07hx9w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7fcd71669b510b65-OSL
alt-svc: h3=":443"; ma=86400

a.magsrv.com/video-outstream.js

205.185.216.10

200 OK

13 kB

URL GET HTTP/2
a.magsrv.com/video-outstream.js
IP
205.185.216.10:443
ASN
#20446 STACKPATH-CDN

Requested by
https://mtav.art/vod/detail/id/7952/
Certificate
IssuerLet's Encrypt
Subjectmagsrv.com
Fingerprint9C:9C:8C:15:3B:65:AB:34:94:B5:CD:26:D6:67:61:2A:99:F9:0A:7B
ValidityTue, 01 Aug 2023 11:24:30 GMT - Mon, 30 Oct 2023 11:24:29 GMT

File type
ASCII text, with very long lines (42590), with no line terminators
Size
13 kB (13070 bytes)
Hash
7b9562f0cb4fff397ec5e01685c9ebdd
4354883264211534671be7c5eaa39fac49ba2044
d822e9e7c43abefa5982bc00e096130eaa23cd4575e26374aff1f8a2dcfb94c6

HTTP Headers

GET /video-outstream.js HTTP/1.1
Host: a.magsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mtav.art/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 26 Aug 2023 16:27:34 GMT
content-encoding: gzip
content-length: 13070
content-type: application/javascript
accept-ranges: bytes
server: nginx
etag: W/"4354883264211534671be7c5eaa"
accept-ch: 
cache-control: max-age=10800
x-robots-tag: noindex, follow
access-control-allow-origin: *
x-hw: 1693067254.dop205.sk1.t,1693067254.cds226.sk1.hn,1693067254.cds242.sk1.c
X-Firefox-Spdy: h2

mtav.art/template/mtav/cssjs/app.js?ver=8.7.1

172.67.206.72

200 OK

8.3 kB

URL GET HTTP/3
mtav.art/template/mtav/cssjs/app.js?ver=8.7.1
IP
172.67.206.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mtav.art/vod/detail/id/7952/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint03:F2:D9:68:6E:B2:82:DB:76:D4:74:F7:7C:46:8E:49:FB:E0:96:45
ValidityThu, 23 Mar 2023 00:00:00 GMT - Fri, 22 Mar 2024 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (29867), with no line terminators
Size
8.3 kB (8279 bytes)
Hash
3d63ae9fc20c9541c081782157cba6ee
e3075d0d6d050436fdea697e2f306eed62a3a62f
5bf585b78ead3ab2250a673d385e6f7d018751e422cb5c3a37a1519fc530d249

HTTP Headers

GET /template/mtav/cssjs/app.js?ver=8.7.1 HTTP/1.1
Host: mtav.art
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 26 Aug 2023 16:27:34 GMT
content-type: application/javascript
last-modified: Sun, 23 May 2021 05:20:07 GMT
vary: Accept-Encoding
etag: W/"60a9e607-7769"
expires: Sat, 26 Aug 2023 18:01:38 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 37556
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UHXdoOIkcoI%2FUEW5fh2z3anRhWaWnoeRwjXRPOdAamYVfZ5GkiI8hY6lpj7eSXk9ZsuL7iARf5h0rYRjVMUfLBfO%2FX%2FkQ3bf%2B%2BUmrVfHp8Smf35V0W41g%2BHVjg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7fcd7166ab660b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

a.magsrv.com/iframe.php?idzone=4293146&size=300x100

205.185.216.10

200 OK

185 B

URL GET HTTP/2
a.magsrv.com/iframe.php?idzone=4293146&size=300x100
IP
205.185.216.10:443
ASN
#20446 STACKPATH-CDN

Requested by
https://mtav.art/vod/detail/id/7952/
Certificate
IssuerLet's Encrypt
Subjectmagsrv.com
Fingerprint9C:9C:8C:15:3B:65:AB:34:94:B5:CD:26:D6:67:61:2A:99:F9:0A:7B
ValidityTue, 01 Aug 2023 11:24:30 GMT - Mon, 30 Oct 2023 11:24:29 GMT

File type
HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
185 B (185 bytes)
Hash
273da2bca8bb1b59f3b1fbe1bbef817c
94939fe15adedd26b03c146f44541deb973ab03f
d9e1eeeec9f7697e81071178efc91f5d4cf9dbc82fdd81572a840676acf7f72e

HTTP Headers

GET /iframe.php?idzone=4293146&size=300x100 HTTP/1.1
Host: a.magsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mtav.art/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 26 Aug 2023 16:27:35 GMT
content-encoding: gzip
content-length: 185
content-type: text/html; charset=UTF-8
accept-ranges: bytes
server: nginx
accept-ch: 
cache-control: max-age=10800
x-robots-tag: noindex, follow
access-control-allow-origin: *
x-hw: 1693067255.dop205.sk1.t,1693067255.cds226.sk1.hn,1693067255.cds264.sk1.c
X-Firefox-Spdy: h2

mtav.art/template/mtav/cssjs/plugins.js?ver=8.7.1

172.67.206.72

200 OK

35 kB

URL GET HTTP/3
mtav.art/template/mtav/cssjs/plugins.js?ver=8.7.1
IP
172.67.206.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mtav.art/vod/detail/id/7952/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint03:F2:D9:68:6E:B2:82:DB:76:D4:74:F7:7C:46:8E:49:FB:E0:96:45
ValidityThu, 23 Mar 2023 00:00:00 GMT - Fri, 22 Mar 2024 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (28191)
Size
35 kB (34965 bytes)
Hash
46c5791f93409c307202fd01b1f31225
2685e8e56598067779dff62f4b76e3fbbacb30cd
b008df59056aa7243407183dc8bf29c6dcff6a5f99696114b31495363a43a599

HTTP Headers

GET /template/mtav/cssjs/plugins.js?ver=8.7.1 HTTP/1.1
Host: mtav.art
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 26 Aug 2023 16:27:34 GMT
content-type: application/javascript
last-modified: Sun, 23 May 2021 05:20:06 GMT
vary: Accept-Encoding
etag: W/"60a9e606-1d846"
expires: Sat, 26 Aug 2023 18:01:37 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 37557
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u7h2aAh4WDDWeSzYEvFl%2BvnieSkDdLhalRX0e6zaqQ82tZLMCvzJX2PRWaCiWSRZ8A%2BRpkFhsY916xoqGJ7lIsZCDUvDGjQ42uN%2F9qReNfW9MIix7XwXMopxiA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7fcd7166ab600b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

a.pemsrv.com/popunder1000.js

205.185.216.42

200 OK

41 kB

URL GET HTTP/2
a.pemsrv.com/popunder1000.js
IP
205.185.216.42:443
ASN
#20446 STACKPATH-CDN

Requested by
https://mtav.art/vod/detail/id/7952/
Certificate
IssuerLet's Encrypt
Subjectpemsrv.com
Fingerprint6A:BE:92:41:5D:8D:0E:9B:62:8C:CC:18:7C:41:8B:66:F4:F7:6B:15
ValidityTue, 01 Aug 2023 11:24:47 GMT - Mon, 30 Oct 2023 11:24:46 GMT

File type
Unicode text, UTF-8 text, with very long lines (65533), with no line terminators
Size
41 kB (41100 bytes)
Hash
fa1e1a8d08a00197de324d77142e35f9
6462861dac2e776aab8135261405188eb9b44128
901abe1a34628ce8a21c45de35a2c027372acf475573c4c34c18572417c16d46

HTTP Headers

GET /popunder1000.js HTTP/1.1
Host: a.pemsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 26 Aug 2023 16:27:35 GMT
content-encoding: gzip
content-length: 41100
content-type: application/javascript
accept-ranges: bytes
server: nginx
etag: W/"6462861dac2e776aab813526140"
accept-ch: 
cache-control: max-age=10800
x-robots-tag: noindex, follow
access-control-allow-origin: *
x-hw: 1693067255.dop207.sk1.t,1693067255.cds256.sk1.hn,1693067255.cds261.sk1.c
X-Firefox-Spdy: h2

a.magsrv.com/build-iframe-js-url.js?idzone=4293144

205.185.216.10

200 OK

455 B

URL GET HTTP/2
a.magsrv.com/build-iframe-js-url.js?idzone=4293144
IP
205.185.216.10:443
ASN
#20446 STACKPATH-CDN

Requested by
https://a.magsrv.com/iframe.php?idzone=4293144&size=300x250
Certificate
IssuerLet's Encrypt
Subjectmagsrv.com
Fingerprint9C:9C:8C:15:3B:65:AB:34:94:B5:CD:26:D6:67:61:2A:99:F9:0A:7B
ValidityTue, 01 Aug 2023 11:24:30 GMT - Mon, 30 Oct 2023 11:24:29 GMT

File type
ASCII text, with very long lines (759), with no line terminators
Size
455 B (455 bytes)
Hash
211515c7df504ceddb25aa13a4bd550f
5960f73af54f88c3604fa4bcd1470a72ab18654c
1e20030e258040ff83918c0c8cf5d2549362553bebd3d7a3a3e5911d95c4de0c

HTTP Headers

GET /build-iframe-js-url.js?idzone=4293144 HTTP/1.1
Host: a.magsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.magsrv.com/iframe.php?idzone=4293144&size=300x250
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 26 Aug 2023 16:27:35 GMT
content-encoding: gzip
content-length: 455
content-type: application/javascript
accept-ranges: bytes
server: nginx
etag: W/"5960f73af54f88c3604fa4bcd14"
accept-ch: 
cache-control: max-age=10800
x-robots-tag: noindex, follow
access-control-allow-origin: *
x-hw: 1693067255.dop205.sk1.t,1693067255.cds226.sk1.hn,1693067255.cds017.sk1.c
X-Firefox-Spdy: h2

a.magsrv.com/ad-provider.js

205.185.216.10

200 OK

33 kB

URL GET HTTP/2
a.magsrv.com/ad-provider.js
IP
205.185.216.10:443
ASN
#20446 STACKPATH-CDN

Requested by
https://a.magsrv.com/iframe.php?idzone=4293714&size=728x90
Certificate
IssuerLet's Encrypt
Subjectmagsrv.com
Fingerprint9C:9C:8C:15:3B:65:AB:34:94:B5:CD:26:D6:67:61:2A:99:F9:0A:7B
ValidityTue, 01 Aug 2023 11:24:30 GMT - Mon, 30 Oct 2023 11:24:29 GMT

File type
ASCII text, with very long lines (33829)
Size
33 kB (33305 bytes)
Hash
5ec20cab0e7ec92ed77f1fd3f5e8e4cb
cd122e719e2826da4fb812c8bb16088219ad5d96
372905c2867757ac6dd123c08e1157967265587ceefa623439a4ac4d44d0421c

HTTP Headers

GET /ad-provider.js HTTP/1.1
Host: a.magsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.magsrv.com/iframe.php?idzone=4293144&size=300x250
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 26 Aug 2023 16:27:35 GMT
content-encoding: gzip
content-length: 33305
content-type: application/javascript
accept-ranges: bytes
server: nginx
etag: W/"cd122e719e2826da4fb812c8bb1"
accept-ch: 
cache-control: max-age=10800
x-robots-tag: noindex, follow
access-control-allow-origin: *
x-hw: 1693067255.dop205.sk1.t,1693067255.cds226.sk1.hn,1693067255.cds257.sk1.c
X-Firefox-Spdy: h2

syndication.realsrv.com/splash.php?idzone=4293152&capping=0

95.211.229.248

2.9 kB

URL
syndication.realsrv.com/splash.php?idzone=4293152&capping=0
IP
95.211.229.248:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
ASCII text, with very long lines (1708)
Size
2.9 kB (2882 bytes)
Hash
2e6d08a73acd43dc6bcc42329a078b87
eb9cdaf4daa8ffee9646a47bc72c8ec5eda04962
1c4c86ea27168862a5b7a4d277a3efebb228860e12399c1440916acc5e7f1637

HTTP Headers

GET /splash.php?idzone=4293152&capping=0 HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Aug 2023 16:27:35 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Headers: X-CH-VALUES
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2264ea27f73c70e9.486787552380134926%22%3B%7D; expires=Mon, 25 Aug 2025 16:27:35 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4293152%7C82759252%7C0%7C300x100%7C508%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C%7C0%7C%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C1693067255%7Cok%22%7D; expires=Fri, 24 Nov 2023 16:27:35 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
Accept-CH: 
X-Robots-Tag: noindex, follow
Content-Encoding: gzip

s.magsrv.com/splash.php?idzone=4293708&cookieconsent=true&tags=null

95.211.229.245

200 OK

2.6 kB

URL GET HTTP/1.1
s.magsrv.com/splash.php?idzone=4293708&cookieconsent=true&tags=null
IP
95.211.229.245:443
ASN
#60781 LeaseWeb Netherlands B.V.

Requested by
https://mtav.art/vod/detail/id/7952/
Certificate
IssuerLet's Encrypt
Subjectmagsrv.com
Fingerprint9C:9C:8C:15:3B:65:AB:34:94:B5:CD:26:D6:67:61:2A:99:F9:0A:7B
ValidityTue, 01 Aug 2023 11:24:30 GMT - Mon, 30 Oct 2023 11:24:29 GMT

File type
XML 1.0 document text\012- XML document, ASCII text, with very long lines (1539)
Size
2.6 kB (2571 bytes)
Hash
8aabac94978ea980e951f021499c5045
585da91228723c95bf4440925883b97f9d778f49
8d2e7038e76e8e2f20f72e58999ae26cc7ac8d381908c0a72f61200ef1fd6fb4

HTTP Headers

GET /splash.php?idzone=4293708&cookieconsent=true&tags=null HTTP/1.1
Host: s.magsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mtav.art
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Aug 2023 16:27:35 GMT
Content-Type: text/xml;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Headers: X-CH-VALUES
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2264ea27f73fae44.920262971521795494%22%3B%7D; expires=Mon, 25 Aug 2025 16:27:35 GMT; path=; domain=.magsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-video%22%3A%22v3%7C%7CNOR%7C4293708%7C82332902%7C0%7C%7C508%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C%7C0%7C%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C1693067255%7Cok%22%7D; expires=Sun, 27 Aug 2023 16:27:35 GMT; path=/; domain=.magsrv.com; Secure; SameSite=none
Cache-Control: no-store
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: https://mtav.art
Access-Control-Allow-Credentials: true
Accept-CH: 
X-Robots-Tag: noindex, follow
Content-Encoding: gzip

a.magsrv.com/build-iframe-js-url.js?idzone=4293146

205.185.216.10

200 OK

456 B

URL GET HTTP/2
a.magsrv.com/build-iframe-js-url.js?idzone=4293146
IP
205.185.216.10:443
ASN
#20446 STACKPATH-CDN

Requested by
https://a.magsrv.com/iframe.php?idzone=4293146&size=300x100
Certificate
IssuerLet's Encrypt
Subjectmagsrv.com
Fingerprint9C:9C:8C:15:3B:65:AB:34:94:B5:CD:26:D6:67:61:2A:99:F9:0A:7B
ValidityTue, 01 Aug 2023 11:24:30 GMT - Mon, 30 Oct 2023 11:24:29 GMT

File type
ASCII text, with very long lines (759), with no line terminators
Size
456 B (456 bytes)
Hash
13a04dec8d0215231e40253e5dfd82a1
17b60d80d1ec8af1a814fb16098b1b495e545b0d
093f2f1edddf30fe06667a65635efc12b9eb0b854f47c2e107a5f810b1958ce0

HTTP Headers

GET /build-iframe-js-url.js?idzone=4293146 HTTP/1.1
Host: a.magsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.magsrv.com/iframe.php?idzone=4293146&size=300x100
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2264ea27f73fae44.920262971521795494%22%3B%7D; c-tag=%7B%22tag-video%22%3A%22v3%7C%7CNOR%7C4293708%7C82332902%7C0%7C%7C508%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C%7C0%7C%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C1693067255%7Cok%22%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 26 Aug 2023 16:27:35 GMT
content-encoding: gzip
content-length: 456
content-type: application/javascript
accept-ranges: bytes
server: nginx
etag: W/"17b60d80d1ec8af1a814fb16098"
accept-ch: 
cache-control: max-age=10800
x-robots-tag: noindex, follow
access-control-allow-origin: *
x-hw: 1693067255.dop205.sk1.t,1693067255.cds226.sk1.hn,1693067255.cds262.sk1.c
X-Firefox-Spdy: h2

a.magsrv.com/ad-provider.js

205.185.216.10

200 OK

33 kB

URL GET HTTP/2
a.magsrv.com/ad-provider.js
IP
205.185.216.10:443
ASN
#20446 STACKPATH-CDN

Requested by
https://a.magsrv.com/iframe.php?idzone=4293714&size=728x90
Certificate
IssuerLet's Encrypt
Subjectmagsrv.com
Fingerprint9C:9C:8C:15:3B:65:AB:34:94:B5:CD:26:D6:67:61:2A:99:F9:0A:7B
ValidityTue, 01 Aug 2023 11:24:30 GMT - Mon, 30 Oct 2023 11:24:29 GMT

File type
ASCII text, with very long lines (33829)
Size
33 kB (33305 bytes)
Hash
5ec20cab0e7ec92ed77f1fd3f5e8e4cb
cd122e719e2826da4fb812c8bb16088219ad5d96
372905c2867757ac6dd123c08e1157967265587ceefa623439a4ac4d44d0421c

HTTP Headers

GET /ad-provider.js HTTP/1.1
Host: a.magsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.magsrv.com/iframe.php?idzone=4293146&size=300x100
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2264ea27f73fae44.920262971521795494%22%3B%7D; c-tag=%7B%22tag-video%22%3A%22v3%7C%7CNOR%7C4293708%7C82332902%7C0%7C%7C508%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C%7C0%7C%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C1693067255%7Cok%22%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 26 Aug 2023 16:27:35 GMT
content-encoding: gzip
content-length: 33305
content-type: application/javascript
accept-ranges: bytes
server: nginx
etag: W/"cd122e719e2826da4fb812c8bb1"
accept-ch: 
cache-control: max-age=10800
x-robots-tag: noindex, follow
access-control-allow-origin: *
x-hw: 1693067255.dop205.sk1.t,1693067255.cds226.sk1.hn,1693067255.cds257.sk1.c
X-Firefox-Spdy: h2

a.magsrv.com/ad-provider.js

205.185.216.10

200 OK

33 kB

URL GET HTTP/2
a.magsrv.com/ad-provider.js
IP
205.185.216.10:443
ASN
#20446 STACKPATH-CDN

Requested by
https://a.magsrv.com/iframe.php?idzone=4293714&size=728x90
Certificate
IssuerLet's Encrypt
Subjectmagsrv.com
Fingerprint9C:9C:8C:15:3B:65:AB:34:94:B5:CD:26:D6:67:61:2A:99:F9:0A:7B
ValidityTue, 01 Aug 2023 11:24:30 GMT - Mon, 30 Oct 2023 11:24:29 GMT

File type
ASCII text, with very long lines (33829)
Size
33 kB (33305 bytes)
Hash
5ec20cab0e7ec92ed77f1fd3f5e8e4cb
cd122e719e2826da4fb812c8bb16088219ad5d96
372905c2867757ac6dd123c08e1157967265587ceefa623439a4ac4d44d0421c

HTTP Headers

GET /ad-provider.js HTTP/1.1
Host: a.magsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.magsrv.com/iframe.php?idzone=4293714&size=728x90
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2264ea27f73fae44.920262971521795494%22%3B%7D; c-tag=%7B%22tag-video%22%3A%22v3%7C%7CNOR%7C4293708%7C82332902%7C0%7C%7C508%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C%7C0%7C%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C1693067255%7Cok%22%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 26 Aug 2023 16:27:35 GMT
content-encoding: gzip
content-length: 33305
content-type: application/javascript
accept-ranges: bytes
server: nginx
etag: W/"cd122e719e2826da4fb812c8bb1"
accept-ch: 
cache-control: max-age=10800
x-robots-tag: noindex, follow
access-control-allow-origin: *
x-hw: 1693067255.dop205.sk1.t,1693067255.cds226.sk1.hn,1693067255.cds257.sk1.c
X-Firefox-Spdy: h2

ndroip.com/na/waWQiOjEwMzUxOTEsInNpZCI6MTA5NjkwOSwid2lkIjoyMDA2MTcsInNyYyI6Mn0=eyJ.js

188.114.96.1

200 OK

11 kB

URL GET HTTP/2
ndroip.com/na/waWQiOjEwMzUxOTEsInNpZCI6MTA5NjkwOSwid2lkIjoyMDA2MTcsInNyYyI6Mn0=eyJ.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mtav.art/vod/detail/id/7952/
Certificate
IssuerLet's Encrypt
Subjectndroip.com
FingerprintA4:68:01:1C:C3:34:E6:91:66:99:6E:8F:19:A4:FE:A9:9A:86:6C:6D
ValidityThu, 13 Jul 2023 01:16:51 GMT - Wed, 11 Oct 2023 01:16:50 GMT

File type
ASCII text, with very long lines (32879), with no line terminators
Size
11 kB (11012 bytes)
Hash
5ddc58c9887a4c3a659d2a4669f36c82
41212b3b4622cdf01dc0ce0ba430a52b270586ad
9b9f3e2c2a847d9051003082031250bbb98b9f9c5065f146540eccf2cf6e2f96

HTTP Headers

GET /na/waWQiOjEwMzUxOTEsInNpZCI6MTA5NjkwOSwid2lkIjoyMDA2MTcsInNyYyI6Mn0=eyJ.js HTTP/1.1
Host: ndroip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mtav.art/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 26 Aug 2023 16:27:35 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: https://mtav.art
e-tag: 013e2d5a9ff7a187b8ee52bb5a57c626
cache-control: max-age=14400
cf-cache-status: EXPIRED
last-modified: Sat, 26 Aug 2023 05:50:05 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=30PnrE0yaRaMwaiBlrwzfxnuuOo31GIDdxSLH1oI1V8jZxTKK18b%2B2nWYcP7y0zQCiwBUe5FjYqFEMGtBKh3toXAt9hlgntmbDDlEgstamLjbWTS5UWMhvjXM148"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7fcd71670f460b69-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

a.magsrv.com/build-iframe-js-url.js?idzone=4293714

205.185.216.10

456 B

URL
a.magsrv.com/build-iframe-js-url.js?idzone=4293714
IP
205.185.216.10:0
ASN
#20446 STACKPATH-CDN

Certificate
IssuerLet's Encrypt
Subjectmagsrv.com
Fingerprint9C:9C:8C:15:3B:65:AB:34:94:B5:CD:26:D6:67:61:2A:99:F9:0A:7B
ValidityTue, 01 Aug 2023 11:24:30 GMT - Mon, 30 Oct 2023 11:24:29 GMT

File type
ASCII text, with very long lines (759), with no line terminators
Size
456 B (456 bytes)
Hash
e62c1653ca5400b97db8c080f271cc65
46d5b3cc94259376219c3e88fb744ec19e0eed79
fa49b1624ab4e90466404b6e743106a4d397db4ae2b01e8c27f829b2754be4ce

HTTP Headers

GET /build-iframe-js-url.js?idzone=4293714 HTTP/1.1
Host: a.magsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.magsrv.com/iframe.php?idzone=4293714&size=728x90
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2264ea27f73fae44.920262971521795494%22%3B%7D; c-tag=%7B%22tag-video%22%3A%22v3%7C%7CNOR%7C4293708%7C82332902%7C0%7C%7C508%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C%7C0%7C%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C1693067255%7Cok%22%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 26 Aug 2023 16:27:35 GMT
accept-ranges: bytes
content-encoding: gzip
content-length: 456
content-type: application/javascript
x-hw: 1693067255.dop205.sk1.t,1693067255.cds226.sk1.hn,1693067255.cds263.sk1.p
server: nginx
etag: W/"46d5b3cc94259376219c3e88fb7"
accept-ch: 
cache-control: max-age=10800
x-robots-tag: noindex, follow
access-control-allow-origin: *
X-Firefox-Spdy: h2

a.magsrv.com/iframe.js?idzone=4293144&size=300x250

205.185.216.10

200 OK

1.1 kB

URL GET HTTP/2
a.magsrv.com/iframe.js?idzone=4293144&size=300x250
IP
205.185.216.10:443
ASN
#20446 STACKPATH-CDN

Requested by
https://a.magsrv.com/iframe.php?idzone=4293144&size=300x250
Certificate
IssuerLet's Encrypt
Subjectmagsrv.com
Fingerprint9C:9C:8C:15:3B:65:AB:34:94:B5:CD:26:D6:67:61:2A:99:F9:0A:7B
ValidityTue, 01 Aug 2023 11:24:30 GMT - Mon, 30 Oct 2023 11:24:29 GMT

File type
ASCII text, with very long lines (2191), with no line terminators
Size
1.1 kB (1059 bytes)
Hash
d57243b1d6e78295c18e45af5018c95f
d51f83042afb37fa5927233541a55e92ac75a71d
8e80808f8a1845a0c74fda169e4677899f3e600dba0fa1f9161c219446131c61

HTTP Headers

GET /iframe.js?idzone=4293144&size=300x250 HTTP/1.1
Host: a.magsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.magsrv.com/iframe.php?idzone=4293144&size=300x250
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2264ea27f73fae44.920262971521795494%22%3B%7D; c-tag=%7B%22tag-video%22%3A%22v3%7C%7CNOR%7C4293708%7C82332902%7C0%7C%7C508%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C%7C0%7C%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C1693067255%7Cok%22%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 26 Aug 2023 16:27:35 GMT
content-encoding: gzip
content-length: 1059
content-type: application/javascript
accept-ranges: bytes
server: nginx
etag: W/"d51f83042afb37fa5927233541a"
accept-ch: 
cache-control: max-age=10800
x-robots-tag: noindex, follow
access-control-allow-origin: *
x-hw: 1693067255.dop205.sk1.t,1693067255.cds226.sk1.hn,1693067255.cds014.sk1.c
X-Firefox-Spdy: h2

s.pemsrv.com/venor.php

95.211.229.248

200 OK

21 B

URL GET HTTP/1.1
s.pemsrv.com/venor.php
IP
95.211.229.248:443
ASN
#60781 LeaseWeb Netherlands B.V.

Requested by
https://mtav.art/vod/detail/id/7952/
Certificate
IssuerLet's Encrypt
Subjectpemsrv.com
Fingerprint6A:BE:92:41:5D:8D:0E:9B:62:8C:CC:18:7C:41:8B:66:F4:F7:6B:15
ValidityTue, 01 Aug 2023 11:24:47 GMT - Mon, 30 Oct 2023 11:24:46 GMT

File type
very short file (no magic)
Size
21 B (21 bytes)
Hash
cfcd208495d565ef66e7dff9f98764da
b6589fc6ab0dc82cf12099d1c2d40ab994e8410c
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

HTTP Headers

GET /venor.php HTTP/1.1
Host: s.pemsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mtav.art
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Aug 2023 16:27:35 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Accept-CH: 
X-Robots-Tag: noindex, follow
Content-Encoding: gzip

a.magsrv.com/iframe.js?idzone=4293146&size=300x100

205.185.216.10

200 OK

1.1 kB

URL GET HTTP/2
a.magsrv.com/iframe.js?idzone=4293146&size=300x100
IP
205.185.216.10:443
ASN
#20446 STACKPATH-CDN

Requested by
https://a.magsrv.com/iframe.php?idzone=4293146&size=300x100
Certificate
IssuerLet's Encrypt
Subjectmagsrv.com
Fingerprint9C:9C:8C:15:3B:65:AB:34:94:B5:CD:26:D6:67:61:2A:99:F9:0A:7B
ValidityTue, 01 Aug 2023 11:24:30 GMT - Mon, 30 Oct 2023 11:24:29 GMT

File type
ASCII text, with very long lines (2191), with no line terminators
Size
1.1 kB (1060 bytes)
Hash
4891b04b5533c7de8881c6e2b70ccde8
68135747bb0b8c53362e26760d46cdf95ed243fb
5566143cad6ea85d4a8a4588a50822463ef074770df4eb800277141bc9d08ce3

HTTP Headers

GET /iframe.js?idzone=4293146&size=300x100 HTTP/1.1
Host: a.magsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.magsrv.com/iframe.php?idzone=4293146&size=300x100
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2264ea27f73fae44.920262971521795494%22%3B%7D; c-tag=%7B%22tag-video%22%3A%22v3%7C%7CNOR%7C4293708%7C82332902%7C0%7C%7C508%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C%7C0%7C%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C1693067255%7Cok%22%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 26 Aug 2023 16:27:35 GMT
content-encoding: gzip
content-length: 1060
content-type: application/javascript
accept-ranges: bytes
server: nginx
etag: W/"68135747bb0b8c53362e26760d4"
accept-ch: 
cache-control: max-age=10800
x-robots-tag: noindex, follow
access-control-allow-origin: *
x-hw: 1693067255.dop205.sk1.t,1693067255.cds226.sk1.hn,1693067255.cds247.sk1.c
X-Firefox-Spdy: h2

a.magsrv.com/iframe.js?idzone=4293714&size=728x90

205.185.216.10

1.1 kB

URL
a.magsrv.com/iframe.js?idzone=4293714&size=728x90
IP
205.185.216.10:0
ASN
#20446 STACKPATH-CDN

Certificate
IssuerLet's Encrypt
Subjectmagsrv.com
Fingerprint9C:9C:8C:15:3B:65:AB:34:94:B5:CD:26:D6:67:61:2A:99:F9:0A:7B
ValidityTue, 01 Aug 2023 11:24:30 GMT - Mon, 30 Oct 2023 11:24:29 GMT

File type
ASCII text, with very long lines (2191), with no line terminators
Size
1.1 kB (1060 bytes)
Hash
e3818c5ea34611b5aff523fc1df4c2fe
641d75106ba98b1f1143cb216583ead1423c4118
97d50979a883de3faf763d4e8dc91bd54b77f8a386b3396e6b77062c036ed859

HTTP Headers

GET /iframe.js?idzone=4293714&size=728x90 HTTP/1.1
Host: a.magsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.magsrv.com/iframe.php?idzone=4293714&size=728x90
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2264ea27f73fae44.920262971521795494%22%3B%7D; c-tag=%7B%22tag-video%22%3A%22v3%7C%7CNOR%7C4293708%7C82332902%7C0%7C%7C508%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C%7C0%7C%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C1693067255%7Cok%22%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 26 Aug 2023 16:27:35 GMT
accept-ranges: bytes
content-encoding: gzip
content-length: 1060
content-type: application/javascript
x-hw: 1693067255.dop205.sk1.t,1693067255.cds226.sk1.hn,1693067255.cds218.sk1.p
server: nginx
etag: W/"641d75106ba98b1f1143cb21658"
accept-ch: 
cache-control: max-age=10800
x-robots-tag: noindex, follow
access-control-allow-origin: *
X-Firefox-Spdy: h2

s3t3d2y8.afcdn.net/images/close-icon-circle.png

185.76.9.19

405 B

URL
s3t3d2y8.afcdn.net/images/close-icon-circle.png
IP
185.76.9.19:0
ASN
#60068 Datacamp Limited

File type
PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Size
405 B (405 bytes)
Hash
bc8bf5d1633e548e9a178bf29be30b7b
bd290b6eabd73d2c95db053620797503e9178484
94f575abdb5c45476f9c2b62bbe06fbfacce9d25e95796ffcd07680bd7c6c0bb

HTTP Headers

GET /images/close-icon-circle.png HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 26 Aug 2023 16:27:35 GMT
content-type: image/png
content-length: 405
last-modified: Tue, 25 Oct 2022 11:33:38 GMT
etag: "6357c992-195"
expires: Fri, 27 Oct 2023 07:10:07 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-cache-op: HIT
server: CDN77-Turbo
x-77-nzt: AblMCQ31fgT/YVdKAA
x-77-nzt-ray: c0a4cc28b68e0187f727ea648d2c3224
x-accel-expires: @1719731222
x-accel-date: 1688195222
x-cache: HIT
x-age: 4872033
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

syndication.realsrv.com/cimp.php?t=imp&data=H4sIAAAAAAAAA01PQWoEMQz7Sj8wwXZsx9lzzy209AGzk5lbL2Upe9Dj15myUITBihVLFpK6UCziLywXaZdq6Fw6FZXCpnh7/4Ayvm/rb1l/bjBmCwW35hYpda0KlV7ZBEaBnJI5IaRZl3xkQwUlxKrq7ApxqLUQRSN8fb6exROKSnRnoiTTGuyI7Ok+NwzlEdvocRBdhXTvQdR77NsRKm2fQpxefy7J5UkTyxxX1iqZA3hqgX+aCT/3ZBbp+Z9VZxrQum3djXcPsbEf12E1T7Sw5qvH8QCTg4mjSwEAAA==&d=inst

95.211.229.248

20 B

URL
syndication.realsrv.com/cimp.php?t=imp&data=H4sIAAAAAAAAA01PQWoEMQz7Sj8wwXZsx9lzzy209AGzk5lbL2Upe9Dj15myUITBihVLFpK6UCziLywXaZdq6Fw6FZXCpnh7/4Ayvm/rb1l/bjBmCwW35hYpda0KlV7ZBEaBnJI5IaRZl3xkQwUlxKrq7ApxqLUQRSN8fb6exROKSnRnoiTTGuyI7Ok+NwzlEdvocRBdhXTvQdR77NsRKm2fQpxefy7J5UkTyxxX1iqZA3hqgX+aCT/3ZBbp+Z9VZxrQum3djXcPsbEf12E1T7Sw5qvH8QCTg4mjSwEAAA==&d=inst
IP
95.211.229.248:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
gzip compressed data, max speed, from Unix\012- data
Size
20 B (20 bytes)
Hash
a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf

HTTP Headers

GET /cimp.php?t=imp&data=H4sIAAAAAAAAA01PQWoEMQz7Sj8wwXZsx9lzzy209AGzk5lbL2Upe9Dj15myUITBihVLFpK6UCziLywXaZdq6Fw6FZXCpnh7/4Ayvm/rb1l/bjBmCwW35hYpda0KlV7ZBEaBnJI5IaRZl3xkQwUlxKrq7ApxqLUQRSN8fb6exROKSnRnoiTTGuyI7Ok+NwzlEdvocRBdhXTvQdR77NsRKm2fQpxefy7J5UkTyxxX1iqZA3hqgX+aCT/3ZBbp+Z9VZxrQum3djXcPsbEf12E1T7Sw5qvH8QCTg4mjSwEAAA==&d=inst HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mtav.art
DNT: 1
Connection: keep-alive
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2264ea27f73c70e9.486787552380134926%22%3B%7D; c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4293152%7C82759252%7C0%7C300x100%7C508%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C%7C0%7C%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C1693067255%7Cok%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Aug 2023 16:27:35 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://mtav.art
Access-Control-Allow-Credentials: true
Set-Cookie: impressions=cxbmsbocnxgxalseoxramgeioslmrxbmnxgxalsexcexxgeimcersxocnxgxabamamroxgeioslmrxlsnxgxalxsccxrcgeimcclsxlbnxgxalollaxeageimcclossbnxgxabbmlasmogeimcclsxobnxgxalxbassrogeicxbmsbcenxgxalsexcexxgeioslmrxbrnxgxalsesalxrgeicxbmsbxcnxgxalsexcexxgeioslmroemnxgxalsexcexxgeimcclsxlcnxgxalxrrbxscgeicxbmsboenxgxalsesalxrgeialbserebnxgxalxbmemxrgeialbserecnxgxalxclsrmrgeimcersxrcnxgxablrolooageimcersoeenxgxabllbmcoageirbabxabbnxgxalolbrmbogeimcersxacnxgxabbxbrmsmgeialbserxenxgxalxlrocoageimcclsxsonxgxalseeobmogeimcclsxlenxgxalsesalxrgeimcclossanxgxabboesooageimcclsxlonxgxaloblrobageimcclsxmenxgxaloxsbecrgeimcersxaanxgxalorrberageialbsereanxgxalxlroslcgeimcclsxconxgxalollmmxsgeimrblxoobnxgxabbmosmxsgeimrblxelcnxgxalxassbxogeimrblxocenxgxalxrmlrllgeimrblxxmcnxgxabbmosmxsgeimcclsxsanxgxalollaxeageimcclosconxgxabbmararageimcclsxscnxgxalxrmlrllgeimcclsoeenxgxalosexrscgeimcclsxsenxgxaloxexxclgeicmmsxrbonxgxalxsclexegeialbserxonxgxaloblrobageimrblxosenxgxabblercelgeimrblxxaenxgxabblercelgeimcclsxcanxgxalxbrarxxgeislsaroornxgxalxbmemxrgeicmmsxaeenxgxabblxelaegeimrblxosanxgxalxbrarxxgeimrblxxmbnxgxaloebalxageimrblxxoenxgxablxeomocgeimrblxxxanxgxablxbbebsgeimrblxelenxgxablxbbebsgeimcclsxlanxgxalocrccbegeimcclsxacnxgxalxlbreargeimrblxoscnxgxablcrbsrlgeimrblxxxbnxgxablcrbsrlgeimrblxoxenxgxablcrbsrlgeimcersxbbnxgxalxorsooegeimcersoeonxgxalxbaaxsrgeimcersoebnxgxablrolooageimcersxcanxgxabllbmcoageimcclsxoanxgxalocxbsrageicaxsscmbnxgxalxsclexegeibrxlceaanxgxalxxrmaxegeimmoamoccnxgxalxcemeacgeimrblxosbnxgxalxroclebgeimcersoxenxgxalxorsooegeimcclsxaonxgxalolcxbcageimcersxxbnxgxalxcemeacgeimcersxeonxgxalxcemeacgeimcerocrenxgxalxcemeacgeimcersxsenxgxalxcemeacgeimcersrscnxgxalxaecmoogeimrblxxmanxgxalxboomxogeimrblxxbonxgxalxboomxogeimrblxebbnxgxalxboomxogeimcersxlanxgxalxbaaooxgeimcersxmbnxgxalxbaacmsgeimcersxlonxgxalxlroslcgeimcersxlcnxgxalxlrocoageimrblxxbenxgxalxlasaelgeimrblxxrbnxgxalxlasaxegeimcersrsanxgxalxlbreargeimcersxbcnxgxalorrallogeimcersoecnxgxalorrmlxcgeimeelaclansgxalolbxxbcgxcceimeelaclcnsgxalolbxxbcgxcceibrarroronogxalolbxarrgxcceibxocmmconogxalolboascgxcceibxrlmsconxgxalolboascgxcceibrsleeacnxgxalolbrmbogxcceibrbbxeoonxgxalolbrmbogxcceimrblxxbcnxgxalolbrmbogeibrbbxorenxgxalolbrmbcgxcceibrbbxxrbnxgxalolbaabogxcceicxmecmcanxgxalolbaabogxcceibrarrorenxgxalolbaabogxcceibxbaraaanbgxalolbabregxcceibrcrrlebnxgxalolbboomgxcceibccsxsronsgxalolbboomgxcceibrsleembnxgxalolblxclgxcceibrbbearenxgxalolloolegxcceibcmxaosbnogxalolloologxcceimclsaoxbnxgxalollcsosgxcceibrarbbaenogxalollcclcgxcceimllrabmanxgxalollrxcagxcceimllrabmonxgxalollrxcagxcceibccsxsaenogxalollromegxcceimeelarecnxgxalollromegxcceimeelareenxgxalollromegxcceimeelaclbnxgxalollromegxcceibxrlmscanxgxalollaxeagxcceibxrlmssbnxgxalollaxeagxcceibrsleemanrgxalollaxmogxcceibxolerrcnxgxalollaclxgxcceicloaxxmonxgxalollaclxgxcceibrbbxxlenxgxalollaclxgxcceibrbbxocbnxgxalollmrsagxcceibcmxrlrbnogxalollmrsmgxcceimllrabbonxgxalollmmxcgxcceimllrabmcnxgxalollmmxcgxcceibrarbbaonogxalseerccbgxcceibccsxsrcnogxalseebmobgxcceibrbbxelonxgxalsexcexxgxcceibrbbxocenxgxalsexcexxgxcceibxocmmcenxgxalseoxramgxcceibrbbxxlonxgxalseoxramgxcceibccsxsranogxalseoxrabgxcceicloaxxmenxgxalseosobegxcceimasbsabanxgxalsesaaacgxcceibrbbelxcnxgxalsesalxrgxcceibcmxaooanxgxalsesalxagxcceibrbbxeabnxgxalsecoamxgxcceibxrceomonxgxalsecoamxgxcceimlrbelmenxgxalseclcoagxcceimlrelblanxgxalsecllaagxcceibcmxaoobnxgxalseroasxgxcceimlxmcabcnogxalseaxomcgxcceibcmxmrsbnxgxalseacrmsgxcceibccsxsccnxgxalseamxcbgxcceibeoabmsanxgxalseamxcbgxcceibccsxsaonxgxalseamxcbgxcceibosmablenxgxalseamxcbgxcceibomrloronxgxalseamorrgxcce; expires=Sun, 27 Aug 2023 16:27:35 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
__upt=%7B%22v%22%3A1%2C%22id%22%3A%220%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0199%22%7D; expires=Mon, 25 Aug 2025 16:27:35 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
Accept-CH: 
X-Robots-Tag: noindex, follow
Content-Encoding: gzip

s.magsrv.com/v1/api.php

95.211.229.245

200 OK

1.3 kB

URL POST HTTP/1.1
s.magsrv.com/v1/api.php
IP
95.211.229.245:443
ASN
#60781 LeaseWeb Netherlands B.V.

Requested by
https://a.magsrv.com/iframe.php?idzone=4293144&size=300x250
Certificate
IssuerLet's Encrypt
Subjectmagsrv.com
Fingerprint9C:9C:8C:15:3B:65:AB:34:94:B5:CD:26:D6:67:61:2A:99:F9:0A:7B
ValidityTue, 01 Aug 2023 11:24:30 GMT - Mon, 30 Oct 2023 11:24:29 GMT

File type
JSON data\012- , ASCII text, with very long lines (1781), with no line terminators
Size
1.3 kB (1306 bytes)
Hash
eda1eafc656f1ee9ca594da9ff07ceb3
09e9dcd2cee403cbd846de9aeda96763767776e5
27a64d828ed825e1c7da690dc02897600aa65e577542bbd47af83f3e719a6412

HTTP Headers

POST /v1/api.php HTTP/1.1
Host: s.magsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 301
Origin: https://a.magsrv.com
DNT: 1
Connection: keep-alive
Referer: https://a.magsrv.com/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2264ea27f73fae44.920262971521795494%22%3B%7D; c-tag=%7B%22tag-video%22%3A%22v3%7C%7CNOR%7C4293708%7C82332902%7C0%7C%7C508%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C%7C0%7C%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C1693067255%7Cok%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Aug 2023 16:27:35 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.magsrv.com
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
Accept-CH: 
X-Robots-Tag: noindex, follow
Content-Encoding: gzip

go.xlivrdr.com/smartpop/73000fb03f0408f156f57c5bb1d2c227a69b57f5b5d628392bd2eabd45e007b3?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&memberId=ooc4ASOpnuomqndbPZVdPVO6V1EsqppZXVS2upmdQ6ap0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumc50rnOdK6V0rpXSuldK6V0rpq7qJa7J6qnB9g--&sourceId=4293152p1={campaign&p1=5840560&ax=0&kbLimit=1000

104.18.51.106

302 Found

0 B

URL GET HTTP/2
go.xlivrdr.com/smartpop/73000fb03f0408f156f57c5bb1d2c227a69b57f5b5d628392bd2eabd45e007b3?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&memberId=ooc4ASOpnuomqndbPZVdPVO6V1EsqppZXVS2upmdQ6ap0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumc50rnOdK6V0rpXSuldK6V0rpq7qJa7J6qnB9g--&sourceId=4293152p1={campaign&p1=5840560&ax=0&kbLimit=1000
IP
104.18.51.106:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mtav.art/vod/detail/id/7952/
Certificate
IssuerCloudflare, Inc.
Subjectxlivrdr.com
FingerprintDA:D9:AC:E4:B1:E8:44:C4:D9:A4:0E:1B:DF:33:4B:24:74:45:7D:0E
ValidityWed, 03 May 2023 00:00:00 GMT - Wed, 01 May 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /smartpop/73000fb03f0408f156f57c5bb1d2c227a69b57f5b5d628392bd2eabd45e007b3?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&memberId=ooc4ASOpnuomqndbPZVdPVO6V1EsqppZXVS2upmdQ6ap0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumc50rnOdK6V0rpXSuldK6V0rpq7qJa7J6qnB9g--&sourceId=4293152p1={campaign&p1=5840560&ax=0&kbLimit=1000 HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mtav.art/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Sat, 26 Aug 2023 16:27:35 GMT
content-length: 0
location: https://creative.xlivrdr.com/widgets/v4/Universal?action=sbSignupWithModel&ax=0&campaignId=73000fb03f0408f156f57c5bb1d2c227a69b57f5b5d628392bd2eabd45e007b3&campaignType=smartpop&creativeId=3672fc27bfb593b05d38e7fde02505c3103c2218a2ae9c36d69ba41396748660&iterationId=718022&kbLimit=1000&masterSmartpopId=1605&memberId=ooc4ASOpnuomqndbPZVdPVO6V1EsqppZXVS2upmdQ6ap0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumc50rnOdK6V0rpXSuldK6V0rpq7qJa7J6qnB9g--&mlView=1&p1=5840560&ruleId=3&smartpopId=3072&sourceId=4293152p1%3D%7Bcampaign&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=31685&webp=1
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64
cf-cache-status: DYNAMIC
set-cookie: _var=2063057.31685_N2UxOTUwM2E=; Path=/; Expires=Mon, 25 Sep 2023 16:27:35 GMT; HttpOnly; SameSite=Strict
__cflb=04dToPfSdwpmYL4m1jJR4AaLHvZoKEoZs2MKjuMUma; SameSite=None; Secure; path=/; expires=Sun, 27-Aug-23 16:27:35 GMT; HttpOnly
server: cloudflare
cf-ray: 7fcd716c1900b517-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

a.magsrv.com/iframe.php?idzone=4293144&size=300x250

205.185.216.10

200 OK

184 B

URL GET HTTP/2
a.magsrv.com/iframe.php?idzone=4293144&size=300x250
IP
205.185.216.10:443
ASN
#20446 STACKPATH-CDN

Requested by
https://mtav.art/vod/detail/id/7952/
Certificate
IssuerLet's Encrypt
Subjectmagsrv.com
Fingerprint9C:9C:8C:15:3B:65:AB:34:94:B5:CD:26:D6:67:61:2A:99:F9:0A:7B
ValidityTue, 01 Aug 2023 11:24:30 GMT - Mon, 30 Oct 2023 11:24:29 GMT

File type
HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
184 B (184 bytes)
Hash
584846cd056db846ee25f88d9e0b6a0f
315f28b1b9990c6d81dc1c79a75ddb7df151fb66
6f71bc494f7184dbe72da8aca27441da670410d6786a863b557a79c6a0797717

HTTP Headers

GET /iframe.php?idzone=4293144&size=300x250 HTTP/1.1
Host: a.magsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2264ea27f73fae44.920262971521795494%22%3B%7D; c-tag=%7B%22tag-video%22%3A%22v3%7C%7CNOR%7C4293708%7C82332902%7C0%7C%7C508%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C%7C0%7C%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C1693067255%7Cok%22%7D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 26 Aug 2023 16:27:35 GMT
content-encoding: gzip
content-length: 184
content-type: text/html; charset=UTF-8
accept-ranges: bytes
server: nginx
accept-ch: 
cache-control: max-age=10800
x-robots-tag: noindex, follow
access-control-allow-origin: *
x-hw: 1693067255.dop205.sk1.t,1693067255.cds226.sk1.hn,1693067255.cds246.sk1.c
X-Firefox-Spdy: h2

go.eabids.com/banner.go?spaceid=5215801&keywords=&maincat=

217.22.19.194

200 OK

742 B

URL GET HTTP/2
go.eabids.com/banner.go?spaceid=5215801&keywords=&maincat=
IP
217.22.19.194:443
ASN
#42567 Mojohost B.v.

Requested by
https://mtav.art/vod/detail/id/7952/
Certificate
IssuerLet's Encrypt
Subjectgo.eabids.com
Fingerprint65:DC:52:4C:95:98:1B:9C:E1:92:29:2F:C6:65:CC:E0:A0:E8:9C:D8
ValiditySat, 05 Aug 2023 21:00:10 GMT - Fri, 03 Nov 2023 21:00:09 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (742), with no line terminators
Size
742 B (742 bytes)
Hash
f365b754cfbf86d5d57e7142e04b7fd9
da61d88f78c52395c1baf392f7340df3526f86f7
65deefb3701f1c01a10adfb9ca965d5cccadeb525c8cbf0eb8f824f9242c6789

HTTP Headers

GET /banner.go?spaceid=5215801&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 26 Aug 2023 16:27:35 GMT
content-type: text/html; charset=utf-8
content-length: 742
expires: Mon, 03 Jul 2001 06:00:00 GMT
last-modified: Sat, 26 08 2023 16:27:35 GMT
cache-control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
pragma: no-cache
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
x-backend-server: nl2-web-202
X-Firefox-Spdy: h2

a.magsrv.com/iframe.php?idzone=4293146&size=300x100

205.185.216.10

200 OK

185 B

URL GET HTTP/2
a.magsrv.com/iframe.php?idzone=4293146&size=300x100
IP
205.185.216.10:443
ASN
#20446 STACKPATH-CDN

Requested by
https://mtav.art/vod/detail/id/7952/
Certificate
IssuerLet's Encrypt
Subjectmagsrv.com
Fingerprint9C:9C:8C:15:3B:65:AB:34:94:B5:CD:26:D6:67:61:2A:99:F9:0A:7B
ValidityTue, 01 Aug 2023 11:24:30 GMT - Mon, 30 Oct 2023 11:24:29 GMT

File type
HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
185 B (185 bytes)
Hash
273da2bca8bb1b59f3b1fbe1bbef817c
94939fe15adedd26b03c146f44541deb973ab03f
d9e1eeeec9f7697e81071178efc91f5d4cf9dbc82fdd81572a840676acf7f72e

HTTP Headers

GET /iframe.php?idzone=4293146&size=300x100 HTTP/1.1
Host: a.magsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2264ea27f73fae44.920262971521795494%22%3B%7D; c-tag=%7B%22tag-video%22%3A%22v3%7C%7CNOR%7C4293708%7C82332902%7C0%7C%7C508%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C%7C0%7C%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C1693067255%7Cok%22%7D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 26 Aug 2023 16:27:35 GMT
content-encoding: gzip
content-length: 185
content-type: text/html; charset=UTF-8
accept-ranges: bytes
server: nginx
accept-ch: 
cache-control: max-age=10800
x-robots-tag: noindex, follow
access-control-allow-origin: *
x-hw: 1693067255.dop205.sk1.t,1693067255.cds226.sk1.hn,1693067255.cds264.sk1.c
X-Firefox-Spdy: h2

mtav.art/vod/detail/id/7952/

172.67.206.72

12 kB

URL
mtav.art/vod/detail/id/7952/
IP
172.67.206.72:0
ASN
#13335 CLOUDFLARENET

Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint03:F2:D9:68:6E:B2:82:DB:76:D4:74:F7:7C:46:8E:49:FB:E0:96:45
ValidityThu, 23 Mar 2023 00:00:00 GMT - Fri, 22 Mar 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (624), with CRLF line terminators
Size
12 kB (11689 bytes)
Hash
360b0be9d8a28582687dba529e92a0bd
c965e3839b5ccf58fb0907470d6a7ee3eff70045
cc02a04b65412b21143fbee245a64a518fe634006428706d7c35e77b7fd1a125

HTTP Headers

GET /vod/detail/id/7952/ HTTP/1.1
Host: mtav.art
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 26 Aug 2023 16:27:34 GMT
content-type: text/html;charset=utf-8
vary: Accept-Encoding
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tQ6hS98OD%2Bx3Gsv%2F6J9VWkEXWPm8LJrXMRVSv8NBbAazFLqS79zCNZDizlNcUhOTX%2BVVYguyGQh6dgqhPG0xUgyBqop2ZrCcTQM%2B4ucWZwkx4UgS13jVgA39%2BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7fcd71603ff0b505-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.usertrust.com/

104.18.15.101

472 B

URL
ocsp.usertrust.com/
IP
104.18.15.101:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
a9b8831d6d5c82f55b4a167802f8fa83
9f48659d14b9ceacb7912b0e288022f1de2b1a6e
7d10223cf2ffa0cf0ac36284a74bca44512de6aa9d4d75b38be4e5f2f9885567

HTTP Headers

POST / HTTP/1.1
Host: ocsp.usertrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 26 Aug 2023 16:27:35 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 26 Aug 2023 07:29:41 GMT
Expires: Sat, 02 Sep 2023 07:29:40 GMT
Etag: "9f48659d14b9ceacb7912b0e288022f1de2b1a6e"
Cache-Control: max-age=602926,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7fcd716d2fca0b31-OSL

ocsp.usertrust.com/

104.18.15.101

472 B

URL
ocsp.usertrust.com/
IP
104.18.15.101:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
a9b8831d6d5c82f55b4a167802f8fa83
9f48659d14b9ceacb7912b0e288022f1de2b1a6e
7d10223cf2ffa0cf0ac36284a74bca44512de6aa9d4d75b38be4e5f2f9885567

HTTP Headers

POST / HTTP/1.1
Host: ocsp.usertrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 26 Aug 2023 16:27:35 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 26 Aug 2023 07:29:41 GMT
Expires: Sat, 02 Sep 2023 07:29:40 GMT
Etag: "9f48659d14b9ceacb7912b0e288022f1de2b1a6e"
Cache-Control: max-age=602926,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7fcd716d2f3d0b06-OSL

ocsp.usertrust.com/

104.18.15.101

472 B

URL
ocsp.usertrust.com/
IP
104.18.15.101:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
a9b8831d6d5c82f55b4a167802f8fa83
9f48659d14b9ceacb7912b0e288022f1de2b1a6e
7d10223cf2ffa0cf0ac36284a74bca44512de6aa9d4d75b38be4e5f2f9885567

HTTP Headers

POST / HTTP/1.1
Host: ocsp.usertrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 26 Aug 2023 16:27:35 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 26 Aug 2023 07:29:41 GMT
Expires: Sat, 02 Sep 2023 07:29:40 GMT
Etag: "9f48659d14b9ceacb7912b0e288022f1de2b1a6e"
Cache-Control: max-age=602926,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7fcd716d29efb524-OSL

mtav.art/template/mtav/cssjs/fonts/materialdesignicons-webfont.woff2?v=2.1.19

172.67.206.72

200 OK

112 kB

URL GET HTTP/3
mtav.art/template/mtav/cssjs/fonts/materialdesignicons-webfont.woff2?v=2.1.19
IP
172.67.206.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mtav.art/vod/detail/id/7952/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint03:F2:D9:68:6E:B2:82:DB:76:D4:74:F7:7C:46:8E:49:FB:E0:96:45
ValidityThu, 23 Mar 2023 00:00:00 GMT - Fri, 22 Mar 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 112468, version 1.0\012- data
Size
112 kB (112468 bytes)
Hash
4b1359677a76d07aa0526d2fddbd77b7
71e2b65fbdff1c32161550781aaba562dce68b31
656ed4a30c05c776f81b4387cad95f2ac8043cfefe797b3a8da5ad045304d185

HTTP Headers

GET /template/mtav/cssjs/fonts/materialdesignicons-webfont.woff2?v=2.1.19 HTTP/1.1
Host: mtav.art
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://mtav.art/template/mtav/cssjs/external.css?ver=8.7.1
Cookie: /vod/detail/id/7952/=/vod/detail/id/7952/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 26 Aug 2023 16:27:35 GMT
content-type: font/woff2
content-length: 112468
last-modified: Sun, 23 May 2021 05:35:41 GMT
etag: "60a9e9ad-1b754"
strict-transport-security: max-age=31536000
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lo%2FmXU8eHfh0Bjq1doByvjWz14sZ2QiRbmG269SnTVw8YeUTBeUnTZjJVlOKVVwbocQhGhmp3SFVkqDu4pGrKbqdPnHGgDrzw4fdTY1BkCw1i6cuuBQSpp8Kmw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7fcd71685dbc0b65-OSL
alt-svc: h3=":443"; ma=86400

u3y8v8u4.aucdn.net/library/141372/abdb867bedaf9fe15afffe28dcf88eb396107634.mp4

185.76.9.19

3.5 MB

URL
u3y8v8u4.aucdn.net/library/141372/abdb867bedaf9fe15afffe28dcf88eb396107634.mp4
IP
185.76.9.19:0
ASN
#60068 Datacamp Limited

File type
ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Size
3.5 MB (3504302 bytes)
Hash
4b0ad1abde1eeeebae95203e0bf628b3
abdb867bedaf9fe15afffe28dcf88eb396107634
7774ead1b93382a859c05690802ec94416c857e0620c87281dfbf26e50dc4927

HTTP Headers

GET /library/141372/abdb867bedaf9fe15afffe28dcf88eb396107634.mp4 HTTP/1.1
Host: u3y8v8u4.aucdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 206 Partial Content
date: Sat, 26 Aug 2023 16:27:35 GMT
content-type: video/mp4
content-length: 3504302
last-modified: Thu, 04 May 2023 14:26:51 GMT
etag: "6453c0ab-3578ae"
expires: Thu, 16 May 2024 10:01:04 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-cache-op: HIT
server: CDN77-Turbo
x-77-nzt: AblMCQ2hU6//LoCFAA
x-77-nzt-ray: c0a4cc28b68e0187f727ea64ab3ab722
x-accel-expires: @1715854153
x-accel-date: 1684318153
x-cache: HIT
x-age: 8749102
x-77-pop: stockholmSE
x-77-cache: HIT
content-range: bytes 0-3504301/3504302
X-Firefox-Spdy: h2

ocsp.usertrust.com/

104.18.15.101

472 B

URL
ocsp.usertrust.com/
IP
104.18.15.101:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
a9b8831d6d5c82f55b4a167802f8fa83
9f48659d14b9ceacb7912b0e288022f1de2b1a6e
7d10223cf2ffa0cf0ac36284a74bca44512de6aa9d4d75b38be4e5f2f9885567

HTTP Headers

POST / HTTP/1.1
Host: ocsp.usertrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 26 Aug 2023 16:27:35 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 26 Aug 2023 07:29:41 GMT
Expires: Sat, 02 Sep 2023 07:29:40 GMT
Etag: "9f48659d14b9ceacb7912b0e288022f1de2b1a6e"
Cache-Control: max-age=602926,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7fcd716d2c5ab4f9-OSL

ocsp.usertrust.com/

104.18.15.101

472 B

URL
ocsp.usertrust.com/
IP
104.18.15.101:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
a9b8831d6d5c82f55b4a167802f8fa83
9f48659d14b9ceacb7912b0e288022f1de2b1a6e
7d10223cf2ffa0cf0ac36284a74bca44512de6aa9d4d75b38be4e5f2f9885567

HTTP Headers

POST / HTTP/1.1
Host: ocsp.usertrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 26 Aug 2023 16:27:35 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 26 Aug 2023 07:29:41 GMT
Expires: Sat, 02 Sep 2023 07:29:40 GMT
Etag: "9f48659d14b9ceacb7912b0e288022f1de2b1a6e"
Cache-Control: max-age=602926,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7fcd716d3eb7b4ff-OSL

a.magsrv.com/build-iframe-js-url.js?idzone=4293144

205.185.216.10

200 OK

455 B

URL GET HTTP/2
a.magsrv.com/build-iframe-js-url.js?idzone=4293144
IP
205.185.216.10:443
ASN
#20446 STACKPATH-CDN

Requested by
https://a.magsrv.com/iframe.php?idzone=4293144&size=300x250
Certificate
IssuerLet's Encrypt
Subjectmagsrv.com
Fingerprint9C:9C:8C:15:3B:65:AB:34:94:B5:CD:26:D6:67:61:2A:99:F9:0A:7B
ValidityTue, 01 Aug 2023 11:24:30 GMT - Mon, 30 Oct 2023 11:24:29 GMT

File type
ASCII text, with very long lines (759), with no line terminators
Size
455 B (455 bytes)
Hash
211515c7df504ceddb25aa13a4bd550f
5960f73af54f88c3604fa4bcd1470a72ab18654c
1e20030e258040ff83918c0c8cf5d2549362553bebd3d7a3a3e5911d95c4de0c

HTTP Headers

GET /build-iframe-js-url.js?idzone=4293144 HTTP/1.1
Host: a.magsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.magsrv.com/iframe.php?idzone=4293144&size=300x250
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2264ea27f73fae44.920262971521795494%22%3B%7D; c-tag=%7B%22tag-video%22%3A%22v3%7C%7CNOR%7C4293708%7C82332902%7C0%7C%7C508%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C%7C0%7C%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C1693067255%7Cok%22%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 26 Aug 2023 16:27:36 GMT
content-encoding: gzip
content-length: 455
content-type: application/javascript
accept-ranges: bytes
server: nginx
etag: W/"5960f73af54f88c3604fa4bcd14"
accept-ch: 
cache-control: max-age=10800
x-robots-tag: noindex, follow
access-control-allow-origin: *
x-hw: 1693067256.dop205.sk1.t,1693067256.cds226.sk1.hn,1693067256.cds017.sk1.c
X-Firefox-Spdy: h2

a.magsrv.com/ad-provider.js

205.185.216.10

200 OK

33 kB

URL GET HTTP/2
a.magsrv.com/ad-provider.js
IP
205.185.216.10:443
ASN
#20446 STACKPATH-CDN

Requested by
https://a.magsrv.com/iframe.php?idzone=4293714&size=728x90
Certificate
IssuerLet's Encrypt
Subjectmagsrv.com
Fingerprint9C:9C:8C:15:3B:65:AB:34:94:B5:CD:26:D6:67:61:2A:99:F9:0A:7B
ValidityTue, 01 Aug 2023 11:24:30 GMT - Mon, 30 Oct 2023 11:24:29 GMT

File type
ASCII text, with very long lines (33829)
Size
33 kB (33305 bytes)
Hash
5ec20cab0e7ec92ed77f1fd3f5e8e4cb
cd122e719e2826da4fb812c8bb16088219ad5d96
372905c2867757ac6dd123c08e1157967265587ceefa623439a4ac4d44d0421c

HTTP Headers

GET /ad-provider.js HTTP/1.1
Host: a.magsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.magsrv.com/iframe.php?idzone=4293144&size=300x250
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2264ea27f73fae44.920262971521795494%22%3B%7D; c-tag=%7B%22tag-video%22%3A%22v3%7C%7CNOR%7C4293708%7C82332902%7C0%7C%7C508%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C%7C0%7C%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C1693067255%7Cok%22%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 26 Aug 2023 16:27:36 GMT
content-encoding: gzip
content-length: 33305
content-type: application/javascript
accept-ranges: bytes
server: nginx
etag: W/"cd122e719e2826da4fb812c8bb1"
accept-ch: 
cache-control: max-age=10800
x-robots-tag: noindex, follow
access-control-allow-origin: *
x-hw: 1693067256.dop205.sk1.t,1693067256.cds226.sk1.hn,1693067256.cds257.sk1.c
X-Firefox-Spdy: h2

s.magsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAAz1PS2pDMRC7Si8QMz97PFm32xZScgAnsUsXj0ISQhc6fP0epDMLzUcISUh0R3Un5YVlL77XjOAUlEwSZ8P7xwHGWO7tkdr1DpNCOcDuJddJLaY2j6HOhkwV5sEahCoq5l7BGQqaLVnN1ikRMYuqVWIvwgwnHD9f8XY8gBPVKE8QAngzASPYnOmXUKw38eE6WjdLISRFwjkLe2QLQ5FqfspWh4/eLqPK4NrrpauwcYtVCC0t7et2faTzz7I5XL3xfMlzm71bmco20xhmEbbz97i2pQP/PK0b+KYsAolpdyacO5q5RKHCkU/9PPrIfOI+BTOH6Dn/AZ7s81+GAQAA

95.211.229.245

200 OK

20 B

URL GET HTTP/1.1
s.magsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAAz1PS2pDMRC7Si8QMz97PFm32xZScgAnsUsXj0ISQhc6fP0epDMLzUcISUh0R3Un5YVlL77XjOAUlEwSZ8P7xwHGWO7tkdr1DpNCOcDuJddJLaY2j6HOhkwV5sEahCoq5l7BGQqaLVnN1ikRMYuqVWIvwgwnHD9f8XY8gBPVKE8QAngzASPYnOmXUKw38eE6WjdLISRFwjkLe2QLQ5FqfspWh4/eLqPK4NrrpauwcYtVCC0t7et2faTzz7I5XL3xfMlzm71bmco20xhmEbbz97i2pQP/PK0b+KYsAolpdyacO5q5RKHCkU/9PPrIfOI+BTOH6Dn/AZ7s81+GAQAA
IP
95.211.229.245:443
ASN
#60781 LeaseWeb Netherlands B.V.

Requested by
https://a.magsrv.com/iframe.php?idzone=4293714&size=728x90
Certificate
IssuerLet's Encrypt
Subjectmagsrv.com
Fingerprint9C:9C:8C:15:3B:65:AB:34:94:B5:CD:26:D6:67:61:2A:99:F9:0A:7B
ValidityTue, 01 Aug 2023 11:24:30 GMT - Mon, 30 Oct 2023 11:24:29 GMT

File type
gzip compressed data, max speed, from Unix\012- data
Size
20 B (20 bytes)
Hash
a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf

HTTP Headers

GET /cimp.php?t=api&data=H4sIAAAAAAAAAz1PS2pDMRC7Si8QMz97PFm32xZScgAnsUsXj0ISQhc6fP0epDMLzUcISUh0R3Un5YVlL77XjOAUlEwSZ8P7xwHGWO7tkdr1DpNCOcDuJddJLaY2j6HOhkwV5sEahCoq5l7BGQqaLVnN1ikRMYuqVWIvwgwnHD9f8XY8gBPVKE8QAngzASPYnOmXUKw38eE6WjdLISRFwjkLe2QLQ5FqfspWh4/eLqPK4NrrpauwcYtVCC0t7et2faTzz7I5XL3xfMlzm71bmco20xhmEbbz97i2pQP/PK0b+KYsAolpdyacO5q5RKHCkU/9PPrIfOI+BTOH6Dn/AZ7s81+GAQAA HTTP/1.1
Host: s.magsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.magsrv.com
DNT: 1
Connection: keep-alive
Referer: https://a.magsrv.com/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2264ea27f73fae44.920262971521795494%22%3B%7D; c-tag=%7B%22tag-video%22%3A%22v3%7C%7CNOR%7C4293708%7C82332902%7C0%7C%7C508%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C%7C0%7C%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C1693067255%7Cok%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Aug 2023 16:27:36 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.magsrv.com
Access-Control-Allow-Credentials: true
Set-Cookie: __upt=%7B%22v%22%3A1%2C%22id%22%3A%2264ea27f73fae44.920262971521795494%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0199%22%7D; expires=Mon, 25 Aug 2025 16:27:36 GMT; path=/; domain=.magsrv.com; Secure; SameSite=none
Accept-CH: 
X-Robots-Tag: noindex, follow
Content-Encoding: gzip

a.magsrv.com/build-iframe-js-url.js?idzone=4293146

205.185.216.10

200 OK

456 B

URL GET HTTP/2
a.magsrv.com/build-iframe-js-url.js?idzone=4293146
IP
205.185.216.10:443
ASN
#20446 STACKPATH-CDN

Requested by
https://a.magsrv.com/iframe.php?idzone=4293146&size=300x100
Certificate
IssuerLet's Encrypt
Subjectmagsrv.com
Fingerprint9C:9C:8C:15:3B:65:AB:34:94:B5:CD:26:D6:67:61:2A:99:F9:0A:7B
ValidityTue, 01 Aug 2023 11:24:30 GMT - Mon, 30 Oct 2023 11:24:29 GMT

File type
ASCII text, with very long lines (759), with no line terminators
Size
456 B (456 bytes)
Hash
13a04dec8d0215231e40253e5dfd82a1
17b60d80d1ec8af1a814fb16098b1b495e545b0d
093f2f1edddf30fe06667a65635efc12b9eb0b854f47c2e107a5f810b1958ce0

HTTP Headers

GET /build-iframe-js-url.js?idzone=4293146 HTTP/1.1
Host: a.magsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.magsrv.com/iframe.php?idzone=4293146&size=300x100
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2264ea27f73fae44.920262971521795494%22%3B%7D; c-tag=%7B%22tag-video%22%3A%22v3%7C%7CNOR%7C4293708%7C82332902%7C0%7C%7C508%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C%7C0%7C%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C1693067255%7Cok%22%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 26 Aug 2023 16:27:36 GMT
content-encoding: gzip
content-length: 456
content-type: application/javascript
accept-ranges: bytes
server: nginx
etag: W/"17b60d80d1ec8af1a814fb16098"
accept-ch: 
cache-control: max-age=10800
x-robots-tag: noindex, follow
access-control-allow-origin: *
x-hw: 1693067256.dop205.sk1.t,1693067256.cds226.sk1.hn,1693067256.cds262.sk1.c
X-Firefox-Spdy: h2

a.magsrv.com/ad-provider.js

205.185.216.10

200 OK

33 kB

URL GET HTTP/2
a.magsrv.com/ad-provider.js
IP
205.185.216.10:443
ASN
#20446 STACKPATH-CDN

Requested by
https://a.magsrv.com/iframe.php?idzone=4293714&size=728x90
Certificate
IssuerLet's Encrypt
Subjectmagsrv.com
Fingerprint9C:9C:8C:15:3B:65:AB:34:94:B5:CD:26:D6:67:61:2A:99:F9:0A:7B
ValidityTue, 01 Aug 2023 11:24:30 GMT - Mon, 30 Oct 2023 11:24:29 GMT

File type
ASCII text, with very long lines (33829)
Size
33 kB (33305 bytes)
Hash
5ec20cab0e7ec92ed77f1fd3f5e8e4cb
cd122e719e2826da4fb812c8bb16088219ad5d96
372905c2867757ac6dd123c08e1157967265587ceefa623439a4ac4d44d0421c

HTTP Headers

GET /ad-provider.js HTTP/1.1
Host: a.magsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.magsrv.com/iframe.php?idzone=4293146&size=300x100
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2264ea27f73fae44.920262971521795494%22%3B%7D; c-tag=%7B%22tag-video%22%3A%22v3%7C%7CNOR%7C4293708%7C82332902%7C0%7C%7C508%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C%7C0%7C%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C1693067255%7Cok%22%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 26 Aug 2023 16:27:36 GMT
content-encoding: gzip
content-length: 33305
content-type: application/javascript
accept-ranges: bytes
server: nginx
etag: W/"cd122e719e2826da4fb812c8bb1"
accept-ch: 
cache-control: max-age=10800
x-robots-tag: noindex, follow
access-control-allow-origin: *
x-hw: 1693067256.dop205.sk1.t,1693067256.cds226.sk1.hn,1693067256.cds257.sk1.c
X-Firefox-Spdy: h2

s3t3d2y8.afcdn.net/library/426059/de81f30f25d7e6f9e711560ffbd2ed49873b55d1.jpg

185.76.9.19

30 kB

URL
s3t3d2y8.afcdn.net/library/426059/de81f30f25d7e6f9e711560ffbd2ed49873b55d1.jpg
IP
185.76.9.19:0
ASN
#60068 Datacamp Limited

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90", baseline, precision 8, 300x300, components 3\012- data
Size
30 kB (29904 bytes)
Hash
1f34a02da7b37b8ef5552334e07e2670
de81f30f25d7e6f9e711560ffbd2ed49873b55d1
cba93f0fa004cdb3068d7e70070e82239f046fcc21f4358f9ac13086e3175232

HTTP Headers

GET /library/426059/de81f30f25d7e6f9e711560ffbd2ed49873b55d1.jpg HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.magsrv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 26 Aug 2023 16:27:36 GMT
content-type: image/jpeg
content-length: 29904
last-modified: Tue, 16 May 2023 20:07:59 GMT
etag: "6463e29f-74d0"
expires: Wed, 15 May 2024 20:15:27 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-cache-op: HIT
server: CDN77-Turbo
x-77-nzt: AblMCQ1Ayg//qw2GAA
x-77-nzt-ray: c0a4cc28b68e0187f827ea64784d0411
x-accel-expires: @1715817933
x-accel-date: 1684281933
x-cache: HIT
x-age: 8785323
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

a.magsrv.com/iframe.js?idzone=4293144&size=300x250

205.185.216.10

200 OK

1.1 kB

URL GET HTTP/2
a.magsrv.com/iframe.js?idzone=4293144&size=300x250
IP
205.185.216.10:443
ASN
#20446 STACKPATH-CDN

Requested by
https://a.magsrv.com/iframe.php?idzone=4293144&size=300x250
Certificate
IssuerLet's Encrypt
Subjectmagsrv.com
Fingerprint9C:9C:8C:15:3B:65:AB:34:94:B5:CD:26:D6:67:61:2A:99:F9:0A:7B
ValidityTue, 01 Aug 2023 11:24:30 GMT - Mon, 30 Oct 2023 11:24:29 GMT

File type
ASCII text, with very long lines (2191), with no line terminators
Size
1.1 kB (1059 bytes)
Hash
d57243b1d6e78295c18e45af5018c95f
d51f83042afb37fa5927233541a55e92ac75a71d
8e80808f8a1845a0c74fda169e4677899f3e600dba0fa1f9161c219446131c61

HTTP Headers

GET /iframe.js?idzone=4293144&size=300x250 HTTP/1.1
Host: a.magsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.magsrv.com/iframe.php?idzone=4293144&size=300x250
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2264ea27f73fae44.920262971521795494%22%3B%7D; c-tag=%7B%22tag-video%22%3A%22v3%7C%7CNOR%7C4293708%7C82332902%7C0%7C%7C508%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C%7C0%7C%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C1693067255%7Cok%22%7D; __upt=%7B%22v%22%3A1%2C%22id%22%3A%2264ea27f73fae44.920262971521795494%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0199%22%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 26 Aug 2023 16:27:36 GMT
content-encoding: gzip
content-length: 1059
content-type: application/javascript
accept-ranges: bytes
server: nginx
etag: W/"d51f83042afb37fa5927233541a"
accept-ch: 
cache-control: max-age=10800
x-robots-tag: noindex, follow
access-control-allow-origin: *
x-hw: 1693067256.dop205.sk1.t,1693067256.cds226.sk1.hn,1693067256.cds014.sk1.c
X-Firefox-Spdy: h2

a.magsrv.com/iframe.js?idzone=4293146&size=300x100

205.185.216.10

200 OK

1.1 kB

URL GET HTTP/2
a.magsrv.com/iframe.js?idzone=4293146&size=300x100
IP
205.185.216.10:443
ASN
#20446 STACKPATH-CDN

Requested by
https://a.magsrv.com/iframe.php?idzone=4293146&size=300x100
Certificate
IssuerLet's Encrypt
Subjectmagsrv.com
Fingerprint9C:9C:8C:15:3B:65:AB:34:94:B5:CD:26:D6:67:61:2A:99:F9:0A:7B
ValidityTue, 01 Aug 2023 11:24:30 GMT - Mon, 30 Oct 2023 11:24:29 GMT

File type
ASCII text, with very long lines (2191), with no line terminators
Size
1.1 kB (1060 bytes)
Hash
4891b04b5533c7de8881c6e2b70ccde8
68135747bb0b8c53362e26760d46cdf95ed243fb
5566143cad6ea85d4a8a4588a50822463ef074770df4eb800277141bc9d08ce3

HTTP Headers

GET /iframe.js?idzone=4293146&size=300x100 HTTP/1.1
Host: a.magsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.magsrv.com/iframe.php?idzone=4293146&size=300x100
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2264ea27f73fae44.920262971521795494%22%3B%7D; c-tag=%7B%22tag-video%22%3A%22v3%7C%7CNOR%7C4293708%7C82332902%7C0%7C%7C508%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C%7C0%7C%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C1693067255%7Cok%22%7D; __upt=%7B%22v%22%3A1%2C%22id%22%3A%2264ea27f73fae44.920262971521795494%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0199%22%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 26 Aug 2023 16:27:36 GMT
content-encoding: gzip
content-length: 1060
content-type: application/javascript
accept-ranges: bytes
server: nginx
etag: W/"68135747bb0b8c53362e26760d4"
accept-ch: 
cache-control: max-age=10800
x-robots-tag: noindex, follow
access-control-allow-origin: *
x-hw: 1693067256.dop205.sk1.t,1693067256.cds226.sk1.hn,1693067256.cds247.sk1.c
X-Firefox-Spdy: h2

ocsp.usertrust.com/

104.18.15.101

472 B

URL
ocsp.usertrust.com/
IP
104.18.15.101:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
4b8230f0268e790334749c74ac28c021
d49c4a966d6d0c45ae8925b4757717d662994918
1c643edfdeb63aae70b5d1d7523fde7c5a25335307385887803f3d875944322e

HTTP Headers

POST / HTTP/1.1
Host: ocsp.usertrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 26 Aug 2023 16:27:36 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 24 Aug 2023 05:05:18 GMT
Expires: Thu, 31 Aug 2023 05:05:17 GMT
Etag: "d49c4a966d6d0c45ae8925b4757717d662994918"
Cache-Control: max-age=603524,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 592
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7fcd71707be90b31-OSL

s.magsrv.com/v1/api.php

95.211.229.245

200 OK

1.3 kB

URL POST HTTP/1.1
s.magsrv.com/v1/api.php
IP
95.211.229.245:443
ASN
#60781 LeaseWeb Netherlands B.V.

Requested by
https://a.magsrv.com/iframe.php?idzone=4293144&size=300x250
Certificate
IssuerLet's Encrypt
Subjectmagsrv.com
Fingerprint9C:9C:8C:15:3B:65:AB:34:94:B5:CD:26:D6:67:61:2A:99:F9:0A:7B
ValidityTue, 01 Aug 2023 11:24:30 GMT - Mon, 30 Oct 2023 11:24:29 GMT

File type
JSON data\012- , ASCII text, with very long lines (1780), with no line terminators
Size
1.3 kB (1304 bytes)
Hash
53c3b20b4bfd712d2d919278d8d7c179
4c00e57a142543f68e1c60ebb6e25aea8aa75cbe
4f32f04b30a570449fc6c4f34c7cefd211cd02b1363f630c65d8d91dc7ffab72

HTTP Headers

POST /v1/api.php HTTP/1.1
Host: s.magsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 301
Origin: https://a.magsrv.com
DNT: 1
Connection: keep-alive
Referer: https://a.magsrv.com/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2264ea27f73fae44.920262971521795494%22%3B%7D; c-tag=%7B%22tag-video%22%3A%22v3%7C%7CNOR%7C4293708%7C82332902%7C0%7C%7C508%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C%7C0%7C%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C1693067255%7Cok%22%7D; __upt=%7B%22v%22%3A1%2C%22id%22%3A%2264ea27f73fae44.920262971521795494%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0199%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Aug 2023 16:27:36 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.magsrv.com
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
Accept-CH: 
X-Robots-Tag: noindex, follow
Content-Encoding: gzip

s3t3d2y8.afcdn.net/library/426059/cf160b8ebaa2d961f1e404d01b4d6a146e14db0b.webp

185.76.9.19

14 kB

URL
s3t3d2y8.afcdn.net/library/426059/cf160b8ebaa2d961f1e404d01b4d6a146e14db0b.webp
IP
185.76.9.19:0
ASN
#60068 Datacamp Limited

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 300x250, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
14 kB (13894 bytes)
Hash
33695de0abfc78d9ad0bf2b67dcb42a2
cf160b8ebaa2d961f1e404d01b4d6a146e14db0b
49593d2ae923b495ec5567ef55d1b6d8468351654746bbe0a356376d3057d9b8

HTTP Headers

GET /library/426059/cf160b8ebaa2d961f1e404d01b4d6a146e14db0b.webp HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.magsrv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 26 Aug 2023 16:27:36 GMT
content-type: image/webp
content-length: 13894
last-modified: Tue, 04 Jul 2023 16:47:29 GMT
etag: "64a44d21-3646"
accept-ch: 
expires: Wed, 03 Jul 2024 18:05:15 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-cache-op: HIT
server: CDN77-Turbo
x-77-nzt: AblMCQ0FXan/nMhFAA
x-77-nzt-ray: c0a4cc28b68e0187f827ea64bc9a2321
x-accel-expires: @1720029916
x-accel-date: 1688493916
x-cache: HIT
x-age: 4573340
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

s.magsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA01QS2pDMRC7Si8QMz97PFm32xZScgDHsUsXj8JrCFnM4TvvQaDWwmNZFpIJiA9QD1RekI6kRy5umAySUMIs/v5xckFfbu2e2npzoQLZHFVLriEtwhKkMYp4huqiVbMWr0JcSiXH7OwQoMyhiSkBsKCAlXhPZsUV/Pz56m/nk2OCGsxzA2eAB2Vw3LO4gEvM8AAvMhrpVJ5tiCQjoLBTzIRqWUx8jgsrXGvPUghs2OShc9p1yqS8+Ueelpb29bveU/9Z9qB7RMS4pOc5cNi0UZMpWsQC3+nvubZluP9TbtDdOkqbF5e6xfeOOKBf4wMjDPfSM3Vt89KrTBNuf0rLzAiNAQAA

95.211.229.245

200 OK

20 B

URL GET HTTP/1.1
s.magsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA01QS2pDMRC7Si8QMz97PFm32xZScgDHsUsXj8JrCFnM4TvvQaDWwmNZFpIJiA9QD1RekI6kRy5umAySUMIs/v5xckFfbu2e2npzoQLZHFVLriEtwhKkMYp4huqiVbMWr0JcSiXH7OwQoMyhiSkBsKCAlXhPZsUV/Pz56m/nk2OCGsxzA2eAB2Vw3LO4gEvM8AAvMhrpVJ5tiCQjoLBTzIRqWUx8jgsrXGvPUghs2OShc9p1yqS8+Ueelpb29bveU/9Z9qB7RMS4pOc5cNi0UZMpWsQC3+nvubZluP9TbtDdOkqbF5e6xfeOOKBf4wMjDPfSM3Vt89KrTBNuf0rLzAiNAQAA
IP
95.211.229.245:443
ASN
#60781 LeaseWeb Netherlands B.V.

Requested by
https://a.magsrv.com/iframe.php?idzone=4293144&size=300x250
Certificate
IssuerLet's Encrypt
Subjectmagsrv.com
Fingerprint9C:9C:8C:15:3B:65:AB:34:94:B5:CD:26:D6:67:61:2A:99:F9:0A:7B
ValidityTue, 01 Aug 2023 11:24:30 GMT - Mon, 30 Oct 2023 11:24:29 GMT

File type
gzip compressed data, max speed, from Unix\012- data
Size
20 B (20 bytes)
Hash
a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf

HTTP Headers

GET /cimp.php?t=api&data=H4sIAAAAAAAAA01QS2pDMRC7Si8QMz97PFm32xZScgDHsUsXj8JrCFnM4TvvQaDWwmNZFpIJiA9QD1RekI6kRy5umAySUMIs/v5xckFfbu2e2npzoQLZHFVLriEtwhKkMYp4huqiVbMWr0JcSiXH7OwQoMyhiSkBsKCAlXhPZsUV/Pz56m/nk2OCGsxzA2eAB2Vw3LO4gEvM8AAvMhrpVJ5tiCQjoLBTzIRqWUx8jgsrXGvPUghs2OShc9p1yqS8+Ueelpb29bveU/9Z9qB7RMS4pOc5cNi0UZMpWsQC3+nvubZluP9TbtDdOkqbF5e6xfeOOKBf4wMjDPfSM3Vt89KrTBNuf0rLzAiNAQAA HTTP/1.1
Host: s.magsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.magsrv.com
DNT: 1
Connection: keep-alive
Referer: https://a.magsrv.com/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2264ea27f73fae44.920262971521795494%22%3B%7D; c-tag=%7B%22tag-video%22%3A%22v3%7C%7CNOR%7C4293708%7C82332902%7C0%7C%7C508%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C%7C0%7C%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C1693067255%7Cok%22%7D; __upt=%7B%22v%22%3A1%2C%22id%22%3A%2264ea27f73fae44.920262971521795494%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0199%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Aug 2023 16:27:36 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.magsrv.com
Access-Control-Allow-Credentials: true
Set-Cookie: __upt=%7B%22v%22%3A1%2C%22id%22%3A%2264ea27f73fae44.920262971521795494%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.029701%22%7D; expires=Mon, 25 Aug 2025 16:27:36 GMT; path=/; domain=.magsrv.com; Secure; SameSite=none
Accept-CH: 
X-Robots-Tag: noindex, follow
Content-Encoding: gzip

s.magsrv.com/v1/api.php

95.211.229.248

200 OK

940 B

URL POST HTTP/1.1
s.magsrv.com/v1/api.php
IP
95.211.229.248:443
ASN
#60781 LeaseWeb Netherlands B.V.

Requested by
https://a.magsrv.com/iframe.php?idzone=4293144&size=300x250
Certificate
IssuerLet's Encrypt
Subjectmagsrv.com
Fingerprint9C:9C:8C:15:3B:65:AB:34:94:B5:CD:26:D6:67:61:2A:99:F9:0A:7B
ValidityTue, 01 Aug 2023 11:24:30 GMT - Mon, 30 Oct 2023 11:24:29 GMT

File type
JSON data\012- , ASCII text, with very long lines (1277), with no line terminators
Size
940 B (940 bytes)
Hash
252a9b38f10f39761cb66c77156edd03
b6f11c52afe0f07119dd716f9283caed4b1b37d0
ca5635f98982c501dc1f5073bc9a190f0d42827049d0b7690ab1e06ebbb90b7c

HTTP Headers

POST /v1/api.php HTTP/1.1
Host: s.magsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 301
Origin: https://a.magsrv.com
DNT: 1
Connection: keep-alive
Referer: https://a.magsrv.com/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2264ea27f73fae44.920262971521795494%22%3B%7D; c-tag=%7B%22tag-video%22%3A%22v3%7C%7CNOR%7C4293708%7C82332902%7C0%7C%7C508%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C%7C0%7C%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C1693067255%7Cok%22%7D; __upt=%7B%22v%22%3A1%2C%22id%22%3A%2264ea27f73fae44.920262971521795494%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0199%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Aug 2023 16:27:36 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.magsrv.com
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
Accept-CH: 
X-Robots-Tag: noindex, follow
Content-Encoding: gzip

s.magsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA01QS05DMQy8Chdo5H/irlmDBOIAea95iMUTUqmqLnx4nAISGVnyZzQeh4D4AO1A9oB0pHpkC8fiUIQKqsTT80sIxn7p19LPl1BEbRJYq2lLqglLCDmjWCi0yCmoQTSq6qQUqMEBCVIWmVkBbACATlEh3l4f74ETEAxwQ4As5upAi5Y53CBMRqe6Vd76EClOQEZeUQmrq7jEOmyROlDBV9XNmUWlde8VW1+2OoWil72/f52vZf3c775+HeWQ/urEYXLzKqY0nQ/i3v7Yzn0fEf+YEz/SKEGeKigyDwg8dafc3NaTgWF+1qLcdbFBxq7jG9Qo2SR+AQAA

95.211.229.245

200 OK

20 B

URL GET HTTP/1.1
s.magsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA01QS05DMQy8Chdo5H/irlmDBOIAea95iMUTUqmqLnx4nAISGVnyZzQeh4D4AO1A9oB0pHpkC8fiUIQKqsTT80sIxn7p19LPl1BEbRJYq2lLqglLCDmjWCi0yCmoQTSq6qQUqMEBCVIWmVkBbACATlEh3l4f74ETEAxwQ4As5upAi5Y53CBMRqe6Vd76EClOQEZeUQmrq7jEOmyROlDBV9XNmUWlde8VW1+2OoWil72/f52vZf3c775+HeWQ/urEYXLzKqY0nQ/i3v7Yzn0fEf+YEz/SKEGeKigyDwg8dafc3NaTgWF+1qLcdbFBxq7jG9Qo2SR+AQAA
IP
95.211.229.245:443
ASN
#60781 LeaseWeb Netherlands B.V.

Requested by
https://a.magsrv.com/iframe.php?idzone=4293146&size=300x100
Certificate
IssuerLet's Encrypt
Subjectmagsrv.com
Fingerprint9C:9C:8C:15:3B:65:AB:34:94:B5:CD:26:D6:67:61:2A:99:F9:0A:7B
ValidityTue, 01 Aug 2023 11:24:30 GMT - Mon, 30 Oct 2023 11:24:29 GMT

File type
gzip compressed data, max speed, from Unix\012- data
Size
20 B (20 bytes)
Hash
a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf

HTTP Headers

GET /cimp.php?t=api&data=H4sIAAAAAAAAA01QS05DMQy8Chdo5H/irlmDBOIAea95iMUTUqmqLnx4nAISGVnyZzQeh4D4AO1A9oB0pHpkC8fiUIQKqsTT80sIxn7p19LPl1BEbRJYq2lLqglLCDmjWCi0yCmoQTSq6qQUqMEBCVIWmVkBbACATlEh3l4f74ETEAxwQ4As5upAi5Y53CBMRqe6Vd76EClOQEZeUQmrq7jEOmyROlDBV9XNmUWlde8VW1+2OoWil72/f52vZf3c775+HeWQ/urEYXLzKqY0nQ/i3v7Yzn0fEf+YEz/SKEGeKigyDwg8dafc3NaTgWF+1qLcdbFBxq7jG9Qo2SR+AQAA HTTP/1.1
Host: s.magsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.magsrv.com
DNT: 1
Connection: keep-alive
Referer: https://a.magsrv.com/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2264ea27f73fae44.920262971521795494%22%3B%7D; c-tag=%7B%22tag-video%22%3A%22v3%7C%7CNOR%7C4293708%7C82332902%7C0%7C%7C508%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C%7C0%7C%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C1693067255%7Cok%22%7D; __upt=%7B%22v%22%3A1%2C%22id%22%3A%2264ea27f73fae44.920262971521795494%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.029701%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Aug 2023 16:27:36 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.magsrv.com
Access-Control-Allow-Credentials: true
Set-Cookie: __upt=%7B%22v%22%3A1%2C%22id%22%3A%2264ea27f73fae44.920262971521795494%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.03940399%22%7D; expires=Mon, 25 Aug 2025 16:27:36 GMT; path=/; domain=.magsrv.com; Secure; SameSite=none
Accept-CH: 
X-Robots-Tag: noindex, follow
Content-Encoding: gzip

bngpt.com/promo.php?c=688955&subid=2|159343|186907237|no|112022|40568594|5215801|1|0|10|50304|,,,,,|4|0|0|1,2,6|0|0|en|3|91.90.42.154|0|0|0|0|3143242&subid2=186907237&type=banner&size=300x250&name=st_true;st_dali;st_random_all;on_off;st_x2;double2;how_long;st-double-penetration

94.199.255.192

200 OK

417 B

URL GET HTTP/2
bngpt.com/promo.php?c=688955&subid=2|159343|186907237|no|112022|40568594|5215801|1|0|10|50304|,,,,,|4|0|0|1,2,6|0|0|en|3|91.90.42.154|0|0|0|0|3143242&subid2=186907237&type=banner&size=300x250&name=st_true;st_dali;st_random_all;on_off;st_x2;double2;how_long;st-double-penetration
IP
94.199.255.192:443
ASN
#48684 Viking Host B.V.

Requested by
https://go.eabids.com/banner.go?spaceid=5215801&keywords=&maincat=
Certificate
IssuerGoGetSSL
Subjectbngpt.com
Fingerprint29:02:5E:FE:0C:D3:95:34:E8:D0:1A:17:74:24:D5:5E:AE:00:29:2E
ValidityFri, 14 Apr 2023 00:00:00 GMT - Tue, 14 May 2024 23:59:59 GMT

File type
HTML document text\012- HTML document, ASCII text, with very long lines (594)
Size
417 B (417 bytes)
Hash
ab57062eb255a6195045abf90294341f
2af5216dd30e3ae162f8cc6c5174aa0bc1715ef0
fc997d56fb16c2d838ffa50b53fb91a0b3922a6aadc63b06b3ba42bd850beca6

HTTP Headers

GET /promo.php?c=688955&subid=2|159343|186907237|no|112022|40568594|5215801|1|0|10|50304|,,,,,|4|0|0|1,2,6|0|0|en|3|91.90.42.154|0|0|0|0|3143242&subid2=186907237&type=banner&size=300x250&name=st_true;st_dali;st_random_all;on_off;st_x2;double2;how_long;st-double-penetration HTTP/1.1
Host: bngpt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go.eabids.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 26 Aug 2023 16:27:36 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: 
expires: Sat, 26 Aug 2023 16:27:35 GMT
x-bcs: ded7013
strict-transport-security: max-age=0;
cache-control: no-cache, public
content-encoding: gzip
x-bc-bl: 102
X-Firefox-Spdy: h2

video.ktkjmp.com/adsbygoogle.js

104.18.48.21

200 OK

16 B

URL GET HTTP/2
video.ktkjmp.com/adsbygoogle.js
IP
104.18.48.21:443
ASN
#13335 CLOUDFLARENET

Requested by
https://creative.xlivrdr.com/widgets/v4/Universal?action=sbSignupWithModel&ax=0&campaignId=73000fb03f0408f156f57c5bb1d2c227a69b57f5b5d628392bd2eabd45e007b3&campaignType=smartpop&creativeId=3672fc27bfb593b05d38e7fde02505c3103c2218a2ae9c36d69ba41396748660&iterationId=718022&kbLimit=1000&masterSmartpopId=1605&memberId=ooc4ASOpnuomqndbPZVdPVO6V1EsqppZXVS2upmdQ6ap0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumc50rnOdK6V0rpXSuldK6V0rpq7qJa7J6qnB9g--&mlView=1&p1=5840560&ruleId=3&smartpopId=3072&sourceId=4293152p1%3D%7Bcampaign&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=31685&webp=1
Certificate
IssuerCloudflare, Inc.
Subjectvideo.ktkjmp.com
Fingerprint02:C1:75:9D:DD:6A:66:20:9E:A3:46:1B:5E:A4:87:83:5A:09:92:93
ValiditySun, 02 Jul 2023 00:00:00 GMT - Mon, 01 Jul 2024 23:59:59 GMT

File type
ASCII text
Size
16 B (16 bytes)
Hash
3d7f7a60216d40dea48e495fef6903c9
fecdb5184f55cf012563d78940eb97b10b9cc99b
96d83ac9f20fc0b88404f307f135e212642e02d6ea295c96b28aed0d771a224f

HTTP Headers

GET /adsbygoogle.js HTTP/1.1
Host: video.ktkjmp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.xlivrdr.com/
Origin: https://creative.xlivrdr.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 26 Aug 2023 16:27:36 GMT
content-type: application/javascript
content-length: 16
x-amz-id-2: vyeGnGdlTyojmOYSIUGVlkgbVgeOOGCLIaQn1JUXSWf+3Pefo3BQFYiXbFyiqHYw9AcYvZvBFpo=
x-amz-request-id: 5JAJ7X857BTA65NJ
last-modified: Thu, 10 Mar 2022 13:52:07 GMT
etag: "3d7f7a60216d40dea48e495fef6903c9"
x-amz-meta-s3cmd-attrs: atime:1646920284/ctime:1646920283/gid:20/gname:staff/md5:3d7f7a60216d40dea48e495fef6903c9/mode:33188/mtime:1646920283/uid:501/uname:mikhailchubar
x-amz-version-id: eIgLIBoMMcsEXtxOH6UDjWyfAquRpkIG
access-control-allow-origin: https://creative.xlivrdr.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: HIT
age: 2507
expires: Sat, 26 Aug 2023 20:27:36 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7fcd71728de7b50c-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

creative.xlivrdr.com/widgets/v4/Universal/lang/en.json

104.18.51.106

200 OK

82 kB

URL GET HTTP/3
creative.xlivrdr.com/widgets/v4/Universal/lang/en.json
IP
104.18.51.106:443
ASN
#13335 CLOUDFLARENET

Requested by
https://creative.xlivrdr.com/widgets/v4/Universal?action=sbSignupWithModel&ax=0&campaignId=73000fb03f0408f156f57c5bb1d2c227a69b57f5b5d628392bd2eabd45e007b3&campaignType=smartpop&creativeId=3672fc27bfb593b05d38e7fde02505c3103c2218a2ae9c36d69ba41396748660&iterationId=718022&kbLimit=1000&masterSmartpopId=1605&memberId=ooddNHdLHTPHNVS4ASOpnuomprdbPZVdPVO6V1EsqppZXVS2upmdQ6ap0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumdXTvnPZxZRxnvTTHdPLPXPdZNVPNZdVTdS7XevSmzeaqW7Wqri6iimqm3O7Oya3PTix0rs4_8.SkRHqH9znSuldK6V0rpXSuldK6au6iWuyeqtwfYA-&mlView=1&p1=5840560&ruleId=3&smartpopId=3072&sourceId=4293146p1%3D%7Bcampaign&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=31685&webp=1
Certificate
IssuerCloudflare, Inc.
Subjectxlivrdr.com
FingerprintDA:D9:AC:E4:B1:E8:44:C4:D9:A4:0E:1B:DF:33:4B:24:74:45:7D:0E
ValidityWed, 03 May 2023 00:00:00 GMT - Wed, 01 May 2024 23:59:59 GMT

File type
JSON data\012- , ASCII text
Size
82 kB (81796 bytes)
Hash
69a54638b649d7ce4748bd42c4b6dade
a2dfe9f8791952fbc5cc44d4757b031a6cee1731
0c25fbbff92c994866041b57d519aa22aa84d55b6b31bcf681dd5b74668cb750

HTTP Headers

GET /widgets/v4/Universal/lang/en.json HTTP/1.1
Host: creative.xlivrdr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.xlivrdr.com/widgets/v4/Universal?action=sbSignupWithModel&ax=0&campaignId=73000fb03f0408f156f57c5bb1d2c227a69b57f5b5d628392bd2eabd45e007b3&campaignType=smartpop&creativeId=3672fc27bfb593b05d38e7fde02505c3103c2218a2ae9c36d69ba41396748660&iterationId=718022&kbLimit=1000&masterSmartpopId=1605&memberId=ooc4ASOpnuomqndbPZVdPVO6V1EsqppZXVS2upmdQ6ap0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumc50rnOdK6V0rpXSuldK6V0rpq7qJa7J6qnB9g--&mlView=1&p1=5840560&ruleId=3&smartpopId=3072&sourceId=4293152p1%3D%7Bcampaign&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=31685&webp=1
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 26 Aug 2023 16:27:36 GMT
content-type: application/json
last-modified: Fri, 25 Aug 2023 03:07:56 GMT
etag: W/"64e81b0c-ac"
expires: Sat, 26 Aug 2023 16:27:42 GMT
cache-control: max-age=10
pragma: public
cf-cache-status: HIT
age: 2
vary: Accept-Encoding
server: cloudflare
cf-ray: 7fcd71725cb7b511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

img.strpst.com/thumbs/1693067160/6408502_webp

104.18.63.124

200 OK

6.9 kB

URL GET HTTP/2
img.strpst.com/thumbs/1693067160/6408502_webp
IP
104.18.63.124:443
ASN
#13335 CLOUDFLARENET

Requested by
https://creative.xlivrdr.com/widgets/v4/Universal?action=sbSignupWithModel&ax=0&campaignId=73000fb03f0408f156f57c5bb1d2c227a69b57f5b5d628392bd2eabd45e007b3&campaignType=smartpop&creativeId=3672fc27bfb593b05d38e7fde02505c3103c2218a2ae9c36d69ba41396748660&iterationId=718022&kbLimit=1000&masterSmartpopId=1605&memberId=ooc4ASOpnuomqndbPZVdPVO6V1EsqppZXVS2upmdQ6ap0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumc50rnOdK6V0rpXSuldK6V0rpq7qJa7J6qnB9g--&mlView=1&p1=5840560&ruleId=3&smartpopId=3072&sourceId=4293152p1%3D%7Bcampaign&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=31685&webp=1
Certificate
IssuerCloudflare, Inc.
Subjectimg.strpst.com
FingerprintED:62:74:FE:E4:F5:89:43:B3:49:55:FE:18:19:0D:29:24:96:75:BC
ValidityMon, 03 Apr 2023 00:00:00 GMT - Tue, 02 Apr 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 270x360, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
6.9 kB (6866 bytes)
Hash
f4f27153f25599827bfa53421db76b5a
22ae69b8d81dd34f9187f4ad8e57277c250b8db4
ad46c2776ed55a214170b1a690b626afeec7a50da703cac870adee1b48ee269c

HTTP Headers

GET /thumbs/1693067160/6408502_webp HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://creative.xlivrdr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 26 Aug 2023 16:27:36 GMT
content-type: image/webp
content-length: 6866
etag: "f4f27153f25599827bfa53421db76b5a"
last-modified: Sat, 26 Aug 2023 16:25:35 GMT
cache-control: public, max-age=1800, s-maxage=1800
access-control-allow-origin: *
access-control-allow-methods: GET
cf-cache-status: HIT
age: 82
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7fcd71740bdeb50b-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

img.strpst.com/thumbs/1693067160/123320858_webp

104.18.63.124

200 OK

17 kB

URL GET HTTP/2
img.strpst.com/thumbs/1693067160/123320858_webp
IP
104.18.63.124:443
ASN
#13335 CLOUDFLARENET

Requested by
https://creative.xlivrdr.com/widgets/v4/Universal?action=sbSignupWithModel&ax=0&campaignId=73000fb03f0408f156f57c5bb1d2c227a69b57f5b5d628392bd2eabd45e007b3&campaignType=smartpop&creativeId=3672fc27bfb593b05d38e7fde02505c3103c2218a2ae9c36d69ba41396748660&iterationId=718022&kbLimit=1000&masterSmartpopId=1605&memberId=ooc4ASOpnuomqndbPZVdPVO6V1EsqppZXVS2upmdQ6ap0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumc50rnOdK6V0rpXSuldK6V0rpq7qJa7J6qnB9g--&mlView=1&p1=5840560&ruleId=3&smartpopId=3072&sourceId=4293152p1%3D%7Bcampaign&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=31685&webp=1
Certificate
IssuerCloudflare, Inc.
Subjectimg.strpst.com
FingerprintED:62:74:FE:E4:F5:89:43:B3:49:55:FE:18:19:0D:29:24:96:75:BC
ValidityMon, 03 Apr 2023 00:00:00 GMT - Tue, 02 Apr 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 640x360, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
17 kB (17184 bytes)
Hash
a3afa1e5d9e314babae40b1f1c899e6b
ea9150f75bc5df9fe5594cfb18235199fa5e115c
969c71ba54adccbdafc83ef522b9598b9c912b16aef393f0afe29fe3dd359d4f

HTTP Headers

GET /thumbs/1693067160/123320858_webp HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://creative.xlivrdr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 26 Aug 2023 16:27:36 GMT
content-type: image/webp
content-length: 17184
etag: "a3afa1e5d9e314babae40b1f1c899e6b"
last-modified: Sat, 26 Aug 2023 16:25:37 GMT
cache-control: public, max-age=1800, s-maxage=1800
access-control-allow-origin: *
access-control-allow-methods: GET
cf-cache-status: HIT
age: 81
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7fcd71740bdfb50b-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

img.strpst.com/thumbs/1693067160/83833878_webp

104.18.63.124

200 OK

16 kB

URL GET HTTP/2
img.strpst.com/thumbs/1693067160/83833878_webp
IP
104.18.63.124:443
ASN
#13335 CLOUDFLARENET

Requested by
https://creative.xlivrdr.com/widgets/v4/Universal?action=sbSignupWithModel&ax=0&campaignId=73000fb03f0408f156f57c5bb1d2c227a69b57f5b5d628392bd2eabd45e007b3&campaignType=smartpop&creativeId=3672fc27bfb593b05d38e7fde02505c3103c2218a2ae9c36d69ba41396748660&iterationId=718022&kbLimit=1000&masterSmartpopId=1605&memberId=ooc4ASOpnuomqndbPZVdPVO6V1EsqppZXVS2upmdQ6ap0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumc50rnOdK6V0rpXSuldK6V0rpq7qJa7J6qnB9g--&mlView=1&p1=5840560&ruleId=3&smartpopId=3072&sourceId=4293152p1%3D%7Bcampaign&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=31685&webp=1
Certificate
IssuerCloudflare, Inc.
Subjectimg.strpst.com
FingerprintED:62:74:FE:E4:F5:89:43:B3:49:55:FE:18:19:0D:29:24:96:75:BC
ValidityMon, 03 Apr 2023 00:00:00 GMT - Tue, 02 Apr 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 270x360, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
16 kB (15538 bytes)
Hash
60d8abd08f54132c35626f4751026ea6
8c823bfe7d44e2ec55e18c599c9cdf38e4fc5a1d
cddd819f5b264b981d674e7cb08b8787eb0ce1504a8a89e58b8f59fb34cef6fc

HTTP Headers

GET /thumbs/1693067160/83833878_webp HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://creative.xlivrdr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 26 Aug 2023 16:27:36 GMT
content-type: image/webp
content-length: 15538
etag: "60d8abd08f54132c35626f4751026ea6"
last-modified: Sat, 26 Aug 2023 16:25:40 GMT
cache-control: public, max-age=1800, s-maxage=1800
access-control-allow-origin: *
access-control-allow-methods: GET
cf-cache-status: HIT
age: 82
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7fcd71740bddb50b-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

imageproxy.pimg.tw/resize?url=https://666546.xyz/images/2023/08/26/9206bb513ae6b50cda02f78ae66d00f3.jpg

168.95.246.1

38 kB

URL
imageproxy.pimg.tw/resize?url=https://666546.xyz/images/2023/08/26/9206bb513ae6b50cda02f78ae66d00f3.jpg
IP
168.95.246.1:0
ASN
#131660 Data Communication Business Group

File type
JPEG image data, baseline, precision 8, 626x427, components 3\012- data
Size
38 kB (38304 bytes)
Hash
51e8d821c432576a22b407347f33db8d
b53fbcce382285492de32296ddb58751b0590ddf
6a761e04619e9b994d6cc64f8c2154d6e3c906cac3ddb7126bc6cf0fcd0207b0

HTTP Headers

GET /resize?url=https://666546.xyz/images/2023/08/26/9206bb513ae6b50cda02f78ae66d00f3.jpg HTTP/1.1
Host: imageproxy.pimg.tw
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: HiNetCDN/2307
date: Sat, 26 Aug 2023 16:27:36 GMT
content-type: image/jpeg
cache-control: public, max-age=31536000
x-image-geometry: 626,427
x-cache: HIT
x-request-id: 4a810742a0eacbda7d127ee6f3f7755a
X-Firefox-Spdy: h2

imageproxy.pimg.tw/resize?url=https://666546.xyz/images/2023/08/26/d80ecdbc6fa9dc55a3fe116427cd2883.jpg

168.95.246.1

200 OK

31 kB

URL GET HTTP/2
imageproxy.pimg.tw/resize?url=https://666546.xyz/images/2023/08/26/d80ecdbc6fa9dc55a3fe116427cd2883.jpg
IP
168.95.246.1:443
ASN
#131660 Data Communication Business Group

Requested by
https://mtav.art/vod/detail/id/7952/
Certificate
IssuerGandi
Subject*.pimg.tw
Fingerprint1F:80:A2:2D:B5:CF:89:91:4C:BF:82:5F:D2:8A:F4:F3:42:C6:E9:1C
ValidityThu, 12 Jan 2023 00:00:00 GMT - Thu, 25 Jan 2024 23:59:59 GMT

File type
JPEG image data, baseline, precision 8, 449x333, components 3\012- data
Size
31 kB (31047 bytes)
Hash
c8dc21496d07e4ed9b5eae10b95a4a97
fde16842b8a7d2d6329c62d02de3b77ef066bd69
d7f84dbaed982e7d72367d46dd94f1e6c887817be4a64fd1eedabd50467b4c4a

HTTP Headers

GET /resize?url=https://666546.xyz/images/2023/08/26/d80ecdbc6fa9dc55a3fe116427cd2883.jpg HTTP/1.1
Host: imageproxy.pimg.tw
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: HiNetCDN/2307
date: Sat, 26 Aug 2023 16:27:36 GMT
content-type: image/jpeg
cache-control: public, max-age=31536000
x-image-geometry: 449,333
x-cache: HIT
x-request-id: 2583ebe9ae48825db1ea8072fbc9b890
X-Firefox-Spdy: h2

img.strpst.com/thumbs/1693067160/69186111_webp

104.18.63.124

22 kB

URL
img.strpst.com/thumbs/1693067160/69186111_webp
IP
104.18.63.124:0
ASN
#13335 CLOUDFLARENET

Certificate
IssuerCloudflare, Inc.
Subjectimg.strpst.com
FingerprintED:62:74:FE:E4:F5:89:43:B3:49:55:FE:18:19:0D:29:24:96:75:BC
ValidityMon, 03 Apr 2023 00:00:00 GMT - Tue, 02 Apr 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 640x360, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
22 kB (22522 bytes)
Hash
b9c23b6b10a9216028e88afa9c949d13
21f48532455230a0256a565b3677a9ca2d87593f
4d3238ca429bac99abd4a1b4aeb974e22f267c0e497a09c3aaf655d6d8609c8c

HTTP Headers

GET /thumbs/1693067160/69186111_webp HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://creative.xlivrdr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 26 Aug 2023 16:27:37 GMT
content-type: image/webp
content-length: 22522
etag: "b9c23b6b10a9216028e88afa9c949d13"
last-modified: Sat, 26 Aug 2023 16:25:40 GMT
cache-control: public, max-age=1800, s-maxage=1800
access-control-allow-origin: *
access-control-allow-methods: GET
cf-cache-status: HIT
age: 92
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7fcd71745ca8b50b-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

img.strpst.com/thumbs/1693067160/120484409_webp

104.18.63.124

6.7 kB

URL
img.strpst.com/thumbs/1693067160/120484409_webp
IP
104.18.63.124:0
ASN
#13335 CLOUDFLARENET

Certificate
IssuerCloudflare, Inc.
Subjectimg.strpst.com
FingerprintED:62:74:FE:E4:F5:89:43:B3:49:55:FE:18:19:0D:29:24:96:75:BC
ValidityMon, 03 Apr 2023 00:00:00 GMT - Tue, 02 Apr 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 270x360, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
6.7 kB (6678 bytes)
Hash
a64bcfa65228411d8388e310ab15db51
007cbf551c95ee7ac7bfe832a168e012768bd350
592b922cab3c9ca4c7024ae80bc14f7b7d6119e34a9b70b18844d912d4e749cd

HTTP Headers

GET /thumbs/1693067160/120484409_webp HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://creative.xlivrdr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 26 Aug 2023 16:27:37 GMT
content-type: image/webp
content-length: 6678
etag: "a64bcfa65228411d8388e310ab15db51"
last-modified: Sat, 26 Aug 2023 16:25:42 GMT
cache-control: public, max-age=1800, s-maxage=1800
access-control-allow-origin: *
access-control-allow-methods: GET
cf-cache-status: HIT
age: 90
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7fcd71746cadb50b-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

imageproxy.pimg.tw/resize?url=https://666546.xyz/images/2023/08/26/1a54df65e33ac11115678fce20c5c9e8.jpg

168.95.246.1

200 OK

34 kB

URL GET HTTP/2
imageproxy.pimg.tw/resize?url=https://666546.xyz/images/2023/08/26/1a54df65e33ac11115678fce20c5c9e8.jpg
IP
168.95.246.1:443
ASN
#131660 Data Communication Business Group

Requested by
https://mtav.art/vod/detail/id/7952/
Certificate
IssuerGandi
Subject*.pimg.tw
Fingerprint1F:80:A2:2D:B5:CF:89:91:4C:BF:82:5F:D2:8A:F4:F3:42:C6:E9:1C
ValidityThu, 12 Jan 2023 00:00:00 GMT - Thu, 25 Jan 2024 23:59:59 GMT

File type
JPEG image data, baseline, precision 8, 468x325, components 3\012- data
Size
34 kB (34153 bytes)
Hash
f1b087d1be15fa08986c77e9fc1d7dae
62d0306e45d0ff4b2bf472ba6657afcd5993af6d
3d1b2ddc433161ca601086123b4a60e74c908fce5bcff82bfcbbf72f3d99c122

HTTP Headers

GET /resize?url=https://666546.xyz/images/2023/08/26/1a54df65e33ac11115678fce20c5c9e8.jpg HTTP/1.1
Host: imageproxy.pimg.tw
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: HiNetCDN/2307
date: Sat, 26 Aug 2023 16:27:36 GMT
content-type: image/jpeg
cache-control: public, max-age=31536000
x-image-geometry: 468,325
x-cache: HIT
x-request-id: ea2361699e59df4cdb8ff24a9c0f59d6
X-Firefox-Spdy: h2

creative.xlivrdr.com/widgets/v4/Universal?action=sbSignupWithModel&ax=0&campaignId=73000fb03f0408f156f57c5bb1d2c227a69b57f5b5d628392bd2eabd45e007b3&campaignType=smartpop&creativeId=3672fc27bfb593b05d38e7fde02505c3103c2218a2ae9c36d69ba41396748660&iterationId=718022&kbLimit=1000&masterSmartpopId=1605&memberId=ooddNHdLHTPHNVS4ASOpnuomprdbPZVdPVO6V1EsqppZXVS2upmdQ6ap0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumdXTvnPZxZRxnvTTHdPLPXPdZNVPNZdVTdS7XevSmzeaqW7Wqri6iimqm3O7Oya3PTix0rs4_8.SkRHqH9znSuldK6V0rpXSuldK6au6iWuyeqtwfYA-&mlView=1&p1=5840560&ruleId=3&smartpopId=3072&sourceId=4293146p1%3D%7Bcampaign&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=31685&webp=1

104.18.51.106

200 OK

26 kB

URL GET HTTP/3
creative.xlivrdr.com/widgets/v4/Universal?action=sbSignupWithModel&ax=0&campaignId=73000fb03f0408f156f57c5bb1d2c227a69b57f5b5d628392bd2eabd45e007b3&campaignType=smartpop&creativeId=3672fc27bfb593b05d38e7fde02505c3103c2218a2ae9c36d69ba41396748660&iterationId=718022&kbLimit=1000&masterSmartpopId=1605&memberId=ooddNHdLHTPHNVS4ASOpnuomprdbPZVdPVO6V1EsqppZXVS2upmdQ6ap0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumdXTvnPZxZRxnvTTHdPLPXPdZNVPNZdVTdS7XevSmzeaqW7Wqri6iimqm3O7Oya3PTix0rs4_8.SkRHqH9znSuldK6V0rpXSuldK6au6iWuyeqtwfYA-&mlView=1&p1=5840560&ruleId=3&smartpopId=3072&sourceId=4293146p1%3D%7Bcampaign&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=31685&webp=1
IP
104.18.51.106:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a.magsrv.com/iframe.php?idzone=4293146&size=300x100
Certificate
IssuerCloudflare, Inc.
Subjectxlivrdr.com
FingerprintDA:D9:AC:E4:B1:E8:44:C4:D9:A4:0E:1B:DF:33:4B:24:74:45:7D:0E
ValidityWed, 03 May 2023 00:00:00 GMT - Wed, 01 May 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
26 kB (25889 bytes)
Hash
bf181c0bc54d5bca3cab598bfcae214c
e59f6f5d159dfbc845983f376783997a6dafedbd
8d36c4761c9fed51b161592e983d10f1fc2200934a52165983068ae1680daee6

HTTP Headers

GET /widgets/v4/Universal?action=sbSignupWithModel&ax=0&campaignId=73000fb03f0408f156f57c5bb1d2c227a69b57f5b5d628392bd2eabd45e007b3&campaignType=smartpop&creativeId=3672fc27bfb593b05d38e7fde02505c3103c2218a2ae9c36d69ba41396748660&iterationId=718022&kbLimit=1000&masterSmartpopId=1605&memberId=ooddNHdLHTPHNVS4ASOpnuomprdbPZVdPVO6V1EsqppZXVS2upmdQ6ap0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumdXTvnPZxZRxnvTTHdPLPXPdZNVPNZdVTdS7XevSmzeaqW7Wqri6iimqm3O7Oya3PTix0rs4_8.SkRHqH9znSuldK6V0rpXSuldK6au6iWuyeqtwfYA-&mlView=1&p1=5840560&ruleId=3&smartpopId=3072&sourceId=4293146p1%3D%7Bcampaign&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=31685&webp=1 HTTP/1.1
Host: creative.xlivrdr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://a.magsrv.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 26 Aug 2023 16:27:36 GMT
content-type: text/html
last-modified: Fri, 25 Aug 2023 03:07:56 GMT
expires: Sat, 26 Aug 2023 16:27:30 GMT
cache-control: max-age=10
strict-transport-security: max-age=15768000
pragma: public
report-to: { "endpoints":[{ "url": "https://go.stripchat.com/report" }], "group": "default", "max_age":  1048576 }
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64
cf-cache-status: HIT
age: 10
vary: Accept-Encoding
server: cloudflare
cf-ray: 7fcd71728d0eb511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

img.strpst.com/thumbs/1693067160/82759176_webp

104.18.63.124

200 OK

15 kB

URL GET HTTP/2
img.strpst.com/thumbs/1693067160/82759176_webp
IP
104.18.63.124:443
ASN
#13335 CLOUDFLARENET

Requested by
https://creative.xlivrdr.com/widgets/v4/Universal?action=sbSignupWithModel&ax=0&campaignId=73000fb03f0408f156f57c5bb1d2c227a69b57f5b5d628392bd2eabd45e007b3&campaignType=smartpop&creativeId=3672fc27bfb593b05d38e7fde02505c3103c2218a2ae9c36d69ba41396748660&iterationId=718022&kbLimit=1000&masterSmartpopId=1605&memberId=ooc4ASOpnuomqndbPZVdPVO6V1EsqppZXVS2upmdQ6ap0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumc50rnOdK6V0rpXSuldK6V0rpq7qJa7J6qnB9g--&mlView=1&p1=5840560&ruleId=3&smartpopId=3072&sourceId=4293152p1%3D%7Bcampaign&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=31685&webp=1
Certificate
IssuerCloudflare, Inc.
Subjectimg.strpst.com
FingerprintED:62:74:FE:E4:F5:89:43:B3:49:55:FE:18:19:0D:29:24:96:75:BC
ValidityMon, 03 Apr 2023 00:00:00 GMT - Tue, 02 Apr 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 640x360, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
15 kB (14866 bytes)
Hash
bc738aae2c81e11babfddf1fd35baece
a27c491e64563135c21de7bc282fe1bb127af463
96e462064895a9ed0a82c710140e1e3995b677a25c0f6d721377a2a94257e27a

HTTP Headers

GET /thumbs/1693067160/82759176_webp HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://creative.xlivrdr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 26 Aug 2023 16:27:37 GMT
content-type: image/webp
content-length: 14866
etag: "bc738aae2c81e11babfddf1fd35baece"
last-modified: Sat, 26 Aug 2023 16:25:59 GMT
cache-control: public, max-age=1800, s-maxage=1800
access-control-allow-origin: *
access-control-allow-methods: GET
cf-cache-status: HIT
age: 91
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7fcd71745ca9b50b-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

video.ktkjmp.com/adsbygoogle.js

104.18.48.21

200 OK

16 B

URL GET HTTP/2
video.ktkjmp.com/adsbygoogle.js
IP
104.18.48.21:443
ASN
#13335 CLOUDFLARENET

Requested by
https://creative.xlivrdr.com/widgets/v4/Universal?action=sbSignupWithModel&ax=0&campaignId=73000fb03f0408f156f57c5bb1d2c227a69b57f5b5d628392bd2eabd45e007b3&campaignType=smartpop&creativeId=3672fc27bfb593b05d38e7fde02505c3103c2218a2ae9c36d69ba41396748660&iterationId=718022&kbLimit=1000&masterSmartpopId=1605&memberId=ooc4ASOpnuomqndbPZVdPVO6V1EsqppZXVS2upmdQ6ap0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumc50rnOdK6V0rpXSuldK6V0rpq7qJa7J6qnB9g--&mlView=1&p1=5840560&ruleId=3&smartpopId=3072&sourceId=4293152p1%3D%7Bcampaign&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=31685&webp=1
Certificate
IssuerCloudflare, Inc.
Subjectvideo.ktkjmp.com
Fingerprint02:C1:75:9D:DD:6A:66:20:9E:A3:46:1B:5E:A4:87:83:5A:09:92:93
ValiditySun, 02 Jul 2023 00:00:00 GMT - Mon, 01 Jul 2024 23:59:59 GMT

File type
ASCII text
Size
16 B (16 bytes)
Hash
3d7f7a60216d40dea48e495fef6903c9
fecdb5184f55cf012563d78940eb97b10b9cc99b
96d83ac9f20fc0b88404f307f135e212642e02d6ea295c96b28aed0d771a224f

HTTP Headers

GET /adsbygoogle.js HTTP/1.1
Host: video.ktkjmp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.xlivrdr.com/
Origin: https://creative.xlivrdr.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 26 Aug 2023 16:27:37 GMT
content-type: application/javascript
content-length: 16
x-amz-id-2: vyeGnGdlTyojmOYSIUGVlkgbVgeOOGCLIaQn1JUXSWf+3Pefo3BQFYiXbFyiqHYw9AcYvZvBFpo=
x-amz-request-id: 5JAJ7X857BTA65NJ
last-modified: Thu, 10 Mar 2022 13:52:07 GMT
etag: "3d7f7a60216d40dea48e495fef6903c9"
x-amz-meta-s3cmd-attrs: atime:1646920284/ctime:1646920283/gid:20/gname:staff/md5:3d7f7a60216d40dea48e495fef6903c9/mode:33188/mtime:1646920283/uid:501/uname:mikhailchubar
x-amz-version-id: eIgLIBoMMcsEXtxOH6UDjWyfAquRpkIG
access-control-allow-origin: https://creative.xlivrdr.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: HIT
age: 2508
expires: Sat, 26 Aug 2023 20:27:37 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7fcd71762b41b50c-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.usertrust.com/

104.18.15.101

471 B

URL
ocsp.usertrust.com/
IP
104.18.15.101:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
9edfca24e8bca3b49be3434e4c8f4a08
481fa0adca74b70cce5bd5de14d3fc27deb80096
5bed5887796867cc38e26e05fd93c0547a6ee40a4c0b0fc92d0eb90978ba94a6

HTTP Headers

POST / HTTP/1.1
Host: ocsp.usertrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 26 Aug 2023 16:27:37 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 25 Aug 2023 13:54:47 GMT
Expires: Fri, 01 Sep 2023 13:54:46 GMT
Etag: "481fa0adca74b70cce5bd5de14d3fc27deb80096"
Cache-Control: max-age=603053,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 1283
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7fcd7176aac60b06-OSL

i.bngprm.com/banners/300x250/st_true/no.gif

64.210.135.150

200 OK

75 kB

URL GET HTTP/2
i.bngprm.com/banners/300x250/st_true/no.gif
IP
64.210.135.150:443
ASN
#30361 SWIFTWILL2

Requested by
https://bngpt.com/promo.php?c=688955&subid=2|159343|186907237|no|112022|40568594|5215801|1|0|10|50304|,,,,,|4|0|0|1,2,6|0|0|en|3|91.90.42.154|0|0|0|0|3143242&subid2=186907237&type=banner&size=300x250&name=st_true;st_dali;st_random_all;on_off;st_x2;double2;how_long;st-double-penetration
Certificate
IssuerGoGetSSL
Subjecti.bngprm.com
Fingerprint0E:0B:EE:89:64:0D:F4:D8:82:85:C8:53:77:C4:1F:03:11:1B:33:60
ValidityMon, 07 Nov 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT

File type
GIF image data, version 89a, 300 x 250\012- data
Size
75 kB (75330 bytes)
Hash
de730d6e184d22a2d28354d2d6c65a2d
0812aed5ccc895f06684a5e6b57820307594d900
e88eb35f34018650122d82ff52b47c1f1cda37898df1e57141930a193947200f

HTTP Headers

GET /banners/300x250/st_true/no.gif HTTP/1.1
Host: i.bngprm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bngpt.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 26 Aug 2023 16:27:37 GMT
content-type: image/gif
content-length: 75330
last-modified: Wed, 20 May 2020 10:39:46 GMT
cache-control: max-age=2592000
x-bcs-o: 1
expires: Sat, 11 Dec 2021 10:32:18 GMT
x-o1-bcs-ban: EXPIRED
access-control-allow-origin: *
access-control-allow-methods: GET
accept-ranges: bytes
x-cdn-diag: ams5-6302-2-10216-h-0-0---;7028-25-50585----0-0-1
X-Firefox-Spdy: h2

img.strpst.com/thumbs/1693067160/108885162_webp

104.18.63.124

200 OK

7.5 kB

URL GET HTTP/3
img.strpst.com/thumbs/1693067160/108885162_webp
IP
104.18.63.124:443
ASN
#13335 CLOUDFLARENET

Requested by
https://creative.xlivrdr.com/widgets/v4/Universal?action=sbSignupWithModel&ax=0&campaignId=73000fb03f0408f156f57c5bb1d2c227a69b57f5b5d628392bd2eabd45e007b3&campaignType=smartpop&creativeId=3672fc27bfb593b05d38e7fde02505c3103c2218a2ae9c36d69ba41396748660&iterationId=718022&kbLimit=1000&masterSmartpopId=1605&memberId=ooc4ASOpnuomqndbPZVdPVO6V1EsqppZXVS2upmdQ6ap0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumc50rnOdK6V0rpXSuldK6V0rpq7qJa7J6qnB9g--&mlView=1&p1=5840560&ruleId=3&smartpopId=3072&sourceId=4293152p1%3D%7Bcampaign&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=31685&webp=1
Certificate
IssuerCloudflare, Inc.
Subjectimg.strpst.com
FingerprintED:62:74:FE:E4:F5:89:43:B3:49:55:FE:18:19:0D:29:24:96:75:BC
ValidityMon, 03 Apr 2023 00:00:00 GMT - Tue, 02 Apr 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 270x360, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
7.5 kB (7540 bytes)
Hash
83dc93a43e4ba981ae6e110558d0427c
d5646dd707e76cb8fa48aa42f625f92032edea1e
51ff5972a94307c81b5bc69c5a8c45b61c3709d766b8f54ab4872213ebe5a140

HTTP Headers

GET /thumbs/1693067160/108885162_webp HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://creative.xlivrdr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 26 Aug 2023 16:27:37 GMT
content-type: image/webp
content-length: 7540
etag: "83dc93a43e4ba981ae6e110558d0427c"
last-modified: Sat, 26 Aug 2023 16:25:35 GMT
cache-control: public, max-age=1800, s-maxage=1800
access-control-allow-origin: *
access-control-allow-methods: GET
cf-cache-status: HIT
age: 93
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7fcd717778d50b45-OSL
alt-svc: h3=":443"; ma=86400

img.strpst.com/thumbs/1693067160/66768818_webp

104.18.63.124

200 OK

15 kB

URL GET HTTP/3
img.strpst.com/thumbs/1693067160/66768818_webp
IP
104.18.63.124:443
ASN
#13335 CLOUDFLARENET

Requested by
https://creative.xlivrdr.com/widgets/v4/Universal?action=sbSignupWithModel&ax=0&campaignId=73000fb03f0408f156f57c5bb1d2c227a69b57f5b5d628392bd2eabd45e007b3&campaignType=smartpop&creativeId=3672fc27bfb593b05d38e7fde02505c3103c2218a2ae9c36d69ba41396748660&iterationId=718022&kbLimit=1000&masterSmartpopId=1605&memberId=ooc4ASOpnuomqndbPZVdPVO6V1EsqppZXVS2upmdQ6ap0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumc50rnOdK6V0rpXSuldK6V0rpq7qJa7J6qnB9g--&mlView=1&p1=5840560&ruleId=3&smartpopId=3072&sourceId=4293152p1%3D%7Bcampaign&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=31685&webp=1
Certificate
IssuerCloudflare, Inc.
Subjectimg.strpst.com
FingerprintED:62:74:FE:E4:F5:89:43:B3:49:55:FE:18:19:0D:29:24:96:75:BC
ValidityMon, 03 Apr 2023 00:00:00 GMT - Tue, 02 Apr 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 640x360, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
15 kB (14708 bytes)
Hash
0eefa5caebe7e51288171e3412dcbd7e
dfbe97aaa13e3004631d63a26cdf268cbaaffd88
153dd2aae931f3a6d7adb3127a307b71655d6e9e765dc4b5338d60f04b6b00d3

HTTP Headers

GET /thumbs/1693067160/66768818_webp HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://creative.xlivrdr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 26 Aug 2023 16:27:37 GMT
content-type: image/webp
content-length: 14708
etag: "0eefa5caebe7e51288171e3412dcbd7e"
last-modified: Sat, 26 Aug 2023 16:25:41 GMT
cache-control: public, max-age=1800, s-maxage=1800
access-control-allow-origin: *
access-control-allow-methods: GET
cf-cache-status: HIT
age: 86
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7fcd717778da0b45-OSL
alt-svc: h3=":443"; ma=86400

go.xlivrdr.com/abc.gif?action=sbSignupWithModel&campaignId=73000fb03f0408f156f57c5bb1d2c227a69b57f5b5d628392bd2eabd45e007b3&campaignType=smartpop&creativeId=3672fc27bfb593b05d38e7fde02505c3103c2218a2ae9c36d69ba41396748660&iterationId=718022&kbLimit=1000&masterSmartpopId=1605&p1=5840560&ruleId=3&smartpopId=3072&sourceId=4293146p1%3D%7Bcampaign&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=31685&modelsLimit=2&actionButtonPlacement=bottom&thumbSizeKey=big&hideButtonOnSmallSpots=1&hideTitleOnSmallSpots=1&hideModelNameOnSmallSpots=1&buttonColor=%23DC0C2C&liveBadgeColor=%2300bd8f&language=en&thumbFit=cover&quality=original&stripcashR=0&thumbType=default&modelsInWatchHistoryCount=-1&modelsInFavoritesCount=-1&userType=newuser&modelsCount=2&segment=hls-newAPI&landing=WidgetV4Universal&referrer=https%3A%2F%2Fa.magsrv.com%2F&i=0&ib=0&filtersMatch=1&m=%5B%7B%22type%22%3A%22navigation%22%2C%22startTime%22%3A0%2C%22duration%22%3A462%7D%2C%7B%22type%22%3A%22resource%22%2C%22startTime%22%3A174%2C%22duration%22%3A32%2C%22transferSize%22%3A4625%7D%2C%7B%22type%22%3A%22resource%22%2C%22startTime%22%3A174%2C%22duration%22%3A36%2C%22transferSize%22%3A79858%7D%2C%7B%22type%22%3A%22first-contentful-paint%22%2C%22startTime%22%3A828%2C%22duration%22%3A0%7D%5D&mh=-721796658

104.18.51.106

200 OK

103 B

URL GET HTTP/3
go.xlivrdr.com/abc.gif?action=sbSignupWithModel&campaignId=73000fb03f0408f156f57c5bb1d2c227a69b57f5b5d628392bd2eabd45e007b3&campaignType=smartpop&creativeId=3672fc27bfb593b05d38e7fde02505c3103c2218a2ae9c36d69ba41396748660&iterationId=718022&kbLimit=1000&masterSmartpopId=1605&p1=5840560&ruleId=3&smartpopId=3072&sourceId=4293146p1%3D%7Bcampaign&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=31685&modelsLimit=2&actionButtonPlacement=bottom&thumbSizeKey=big&hideButtonOnSmallSpots=1&hideTitleOnSmallSpots=1&hideModelNameOnSmallSpots=1&buttonColor=%23DC0C2C&liveBadgeColor=%2300bd8f&language=en&thumbFit=cover&quality=original&stripcashR=0&thumbType=default&modelsInWatchHistoryCount=-1&modelsInFavoritesCount=-1&userType=newuser&modelsCount=2&segment=hls-newAPI&landing=WidgetV4Universal&referrer=https%3A%2F%2Fa.magsrv.com%2F&i=0&ib=0&filtersMatch=1&m=%5B%7B%22type%22%3A%22navigation%22%2C%22startTime%22%3A0%2C%22duration%22%3A462%7D%2C%7B%22type%22%3A%22resource%22%2C%22startTime%22%3A174%2C%22duration%22%3A32%2C%22transferSize%22%3A4625%7D%2C%7B%22type%22%3A%22resource%22%2C%22startTime%22%3A174%2C%22duration%22%3A36%2C%22transferSize%22%3A79858%7D%2C%7B%22type%22%3A%22first-contentful-paint%22%2C%22startTime%22%3A828%2C%22duration%22%3A0%7D%5D&mh=-721796658
IP
104.18.51.106:443
ASN
#13335 CLOUDFLARENET

Requested by
https://creative.xlivrdr.com/widgets/v4/Universal?action=sbSignupWithModel&ax=0&campaignId=73000fb03f0408f156f57c5bb1d2c227a69b57f5b5d628392bd2eabd45e007b3&campaignType=smartpop&creativeId=3672fc27bfb593b05d38e7fde02505c3103c2218a2ae9c36d69ba41396748660&iterationId=718022&kbLimit=1000&masterSmartpopId=1605&memberId=ooddNHdLHTPHNVS4ASOpnuomprdbPZVdPVO6V1EsqppZXVS2upmdQ6ap0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumdXTvnPZxZRxnvTTHdPLPXPdZNVPNZdVTdS7XevSmzeaqW7Wqri6iimqm3O7Oya3PTix0rs4_8.SkRHqH9znSuldK6V0rpXSuldK6au6iWuyeqtwfYA-&mlView=1&p1=5840560&ruleId=3&smartpopId=3072&sourceId=4293146p1%3D%7Bcampaign&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=31685&webp=1
Certificate
IssuerCloudflare, Inc.
Subjectxlivrdr.com
FingerprintDA:D9:AC:E4:B1:E8:44:C4:D9:A4:0E:1B:DF:33:4B:24:74:45:7D:0E
ValidityWed, 03 May 2023 00:00:00 GMT - Wed, 01 May 2024 23:59:59 GMT

File type
data
Size
103 B (103 bytes)
Hash
8c99886486b9a004383cb4df29011c43
d79ca4754481fc59598bc08fcdf354900918bffe
bda00b0f6892b1c6991e793b42654ad1807694e2ffabcbc4eb1399379737ef6c

HTTP Headers

GET /abc.gif?action=sbSignupWithModel&campaignId=73000fb03f0408f156f57c5bb1d2c227a69b57f5b5d628392bd2eabd45e007b3&campaignType=smartpop&creativeId=3672fc27bfb593b05d38e7fde02505c3103c2218a2ae9c36d69ba41396748660&iterationId=718022&kbLimit=1000&masterSmartpopId=1605&p1=5840560&ruleId=3&smartpopId=3072&sourceId=4293146p1%3D%7Bcampaign&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=31685&modelsLimit=2&actionButtonPlacement=bottom&thumbSizeKey=big&hideButtonOnSmallSpots=1&hideTitleOnSmallSpots=1&hideModelNameOnSmallSpots=1&buttonColor=%23DC0C2C&liveBadgeColor=%2300bd8f&language=en&thumbFit=cover&quality=original&stripcashR=0&thumbType=default&modelsInWatchHistoryCount=-1&modelsInFavoritesCount=-1&userType=newuser&modelsCount=2&segment=hls-newAPI&landing=WidgetV4Universal&referrer=https%3A%2F%2Fa.magsrv.com%2F&i=0&ib=0&filtersMatch=1&m=%5B%7B%22type%22%3A%22navigation%22%2C%22startTime%22%3A0%2C%22duration%22%3A462%7D%2C%7B%22type%22%3A%22resource%22%2C%22startTime%22%3A174%2C%22duration%22%3A32%2C%22transferSize%22%3A4625%7D%2C%7B%22type%22%3A%22resource%22%2C%22startTime%22%3A174%2C%22duration%22%3A36%2C%22transferSize%22%3A79858%7D%2C%7B%22type%22%3A%22first-contentful-paint%22%2C%22startTime%22%3A828%2C%22duration%22%3A0%7D%5D&mh=-721796658 HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://creative.xlivrdr.com/
Cookie: __cflb=04dToPfSdwpmYL4m1jJR4AaLHvZoKEoZs2MKjuMUma
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 26 Aug 2023 16:27:37 GMT
content-type: image/gif
content-length: 103
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7fcd71778d31b511-OSL
alt-svc: h3=":443"; ma=86400

strp.chat/checkUrl

104.18.63.126

15 B

URL
strp.chat/checkUrl
IP
104.18.63.126:0
ASN
#13335 CLOUDFLARENET

File type
JSON data\012- , ASCII text, with no line terminators
Size
15 B (15 bytes)
Hash
7fb97eb7c8636552ad068f6d56b5ea34
b69679936779fb02503bc0fe1374a737cc762ecb
e78008828abaa93c4462e326ef384dcda1443352a0f24bdeedada6a6fdbfd1d5

HTTP Headers

GET /checkUrl HTTP/1.1
Host: strp.chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en
Accept-Encoding: gzip, deflate, br
Referer: https://creative.xlivrdr.com/
Origin: https://creative.xlivrdr.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 26 Aug 2023 16:27:37 GMT
content-type: application/json
content-length: 15
access-control-allow-origin: https://creative.xlivrdr.com
cf-cache-status: DYNAMIC
set-cookie: __cflb=0H28vf6sQBvhykduxUFAzhY1qJBuG8zCwWAiY7aeAgL; SameSite=None; Secure; path=/; expires=Sun, 27-Aug-23 16:27:37 GMT; HttpOnly
server: cloudflare
cf-ray: 7fcd71791983b51b-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

go.xlivrdr.com/checkDomainResult

104.18.51.106

204 No Content

0 B

URL POST HTTP/3
go.xlivrdr.com/checkDomainResult
IP
104.18.51.106:443
ASN
#13335 CLOUDFLARENET

Requested by
https://creative.xlivrdr.com/widgets/v4/Universal?action=sbSignupWithModel&ax=0&campaignId=73000fb03f0408f156f57c5bb1d2c227a69b57f5b5d628392bd2eabd45e007b3&campaignType=smartpop&creativeId=3672fc27bfb593b05d38e7fde02505c3103c2218a2ae9c36d69ba41396748660&iterationId=718022&kbLimit=1000&masterSmartpopId=1605&memberId=ooc4ASOpnuomqndbPZVdPVO6V1EsqppZXVS2upmdQ6ap0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumc50rnOdK6V0rpXSuldK6V0rpq7qJa7J6qnB9g--&mlView=1&p1=5840560&ruleId=3&smartpopId=3072&sourceId=4293152p1%3D%7Bcampaign&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=31685&webp=1
Certificate
IssuerCloudflare, Inc.
Subjectxlivrdr.com
FingerprintDA:D9:AC:E4:B1:E8:44:C4:D9:A4:0E:1B:DF:33:4B:24:74:45:7D:0E
ValidityWed, 03 May 2023 00:00:00 GMT - Wed, 01 May 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /checkDomainResult HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.xlivrdr.com/
Content-Type: text/plain;charset=UTF-8
Content-Length: 174
Origin: https://creative.xlivrdr.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
date: Sat, 26 Aug 2023 16:27:37 GMT
access-control-allow-origin: https://creative.xlivrdr.com
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64
cf-cache-status: DYNAMIC
set-cookie: __cflb=02DiuDFRFiBZBvMSLtsgHAphT8dt9Y3eaSZ1h3uU2sY52; SameSite=None; Secure; path=/; expires=Sun, 27-Aug-23 16:27:37 GMT; HttpOnly
server: cloudflare
cf-ray: 7fcd717988b7b511-OSL
alt-svc: h3=":443"; ma=86400

img.strpst.com/thumbs/1693067160/108885162_webp

104.18.63.124

200 OK

7.5 kB

URL GET HTTP/3
img.strpst.com/thumbs/1693067160/108885162_webp
IP
104.18.63.124:443
ASN
#13335 CLOUDFLARENET

Requested by
https://creative.xlivrdr.com/widgets/v4/Universal?action=sbSignupWithModel&ax=0&campaignId=73000fb03f0408f156f57c5bb1d2c227a69b57f5b5d628392bd2eabd45e007b3&campaignType=smartpop&creativeId=3672fc27bfb593b05d38e7fde02505c3103c2218a2ae9c36d69ba41396748660&iterationId=718022&kbLimit=1000&masterSmartpopId=1605&memberId=ooc4ASOpnuomqndbPZVdPVO6V1EsqppZXVS2upmdQ6ap0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumc50rnOdK6V0rpXSuldK6V0rpq7qJa7J6qnB9g--&mlView=1&p1=5840560&ruleId=3&smartpopId=3072&sourceId=4293152p1%3D%7Bcampaign&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=31685&webp=1
Certificate
IssuerCloudflare, Inc.
Subjectimg.strpst.com
FingerprintED:62:74:FE:E4:F5:89:43:B3:49:55:FE:18:19:0D:29:24:96:75:BC
ValidityMon, 03 Apr 2023 00:00:00 GMT - Tue, 02 Apr 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 270x360, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
7.5 kB (7540 bytes)
Hash
83dc93a43e4ba981ae6e110558d0427c
d5646dd707e76cb8fa48aa42f625f92032edea1e
51ff5972a94307c81b5bc69c5a8c45b61c3709d766b8f54ab4872213ebe5a140

HTTP Headers

GET /thumbs/1693067160/108885162_webp HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://creative.xlivrdr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 26 Aug 2023 16:27:38 GMT
content-type: image/webp
content-length: 7540
etag: "83dc93a43e4ba981ae6e110558d0427c"
last-modified: Sat, 26 Aug 2023 16:25:35 GMT
cache-control: public, max-age=1800, s-maxage=1800
access-control-allow-origin: *
access-control-allow-methods: GET
cf-cache-status: HIT
age: 94
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7fcd717b0be10b45-OSL
alt-svc: h3=":443"; ma=86400

imageproxy.pimg.tw/resize?url=http://249999.xyz/images/2021/10/01/c472cd7f47ccd8b20e7b5be61f220b0c.jpg

168.95.246.1

33 kB

URL
imageproxy.pimg.tw/resize?url=http://249999.xyz/images/2021/10/01/c472cd7f47ccd8b20e7b5be61f220b0c.jpg
IP
168.95.246.1:0
ASN
#131660 Data Communication Business Group

File type
JPEG image data, baseline, precision 8, 361x295, components 3\012- data
Size
33 kB (32711 bytes)
Hash
6b9a3a8d9b366fdd75b564dd61f6767b
f3eb45110d665c66bd83b284759a6701bad12618
72e2a37c53b0a8ed9a28c68bb5d3b69cbe33ed3a31c4d65730aed795d547c24e

HTTP Headers

GET /resize?url=http://249999.xyz/images/2021/10/01/c472cd7f47ccd8b20e7b5be61f220b0c.jpg HTTP/1.1
Host: imageproxy.pimg.tw
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mtav.art/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: HiNetCDN/2307
date: Sat, 26 Aug 2023 16:27:36 GMT
content-type: image/jpeg
cache-control: public, max-age=31536000
x-image-geometry: 361,295
x-cache: MISS, HIT
x-request-id: e4d0a3531a8d250bdbc1f748d895b548
X-Firefox-Spdy: h2

xhamster.com/pwa/isXHamsterOk

104.18.184.10

200 OK

14 B

URL GET HTTP/2
xhamster.com/pwa/isXHamsterOk
IP
104.18.184.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://creative.xlivrdr.com/widgets/v4/Universal?action=sbSignupWithModel&ax=0&campaignId=73000fb03f0408f156f57c5bb1d2c227a69b57f5b5d628392bd2eabd45e007b3&campaignType=smartpop&creativeId=3672fc27bfb593b05d38e7fde02505c3103c2218a2ae9c36d69ba41396748660&iterationId=718022&kbLimit=1000&masterSmartpopId=1605&memberId=ooc4ASOpnuomqndbPZVdPVO6V1EsqppZXVS2upmdQ6ap0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumc50rnOdK6V0rpXSuldK6V0rpq7qJa7J6qnB9g--&mlView=1&p1=5840560&ruleId=3&smartpopId=3072&sourceId=4293152p1%3D%7Bcampaign&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=31685&webp=1
Certificate
IssuerLet's Encrypt
Subjectxhamster.com
Fingerprint3F:A0:2C:45:90:A4:C5:C3:5F:FD:7F:70:E9:7F:0B:7F:39:25:41:2B
ValiditySat, 26 Aug 2023 14:25:03 GMT - Fri, 24 Nov 2023 14:25:02 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
14 B (14 bytes)
Hash
5adb849d1e5031fa27c14f861f6700da
a5b1658db04aa9183a780d00838f638c7936446a
c45272c1b33373d94fb6786698d5145ba0cb558fc7494d91cbbb380b4fc561a8

HTTP Headers

GET /pwa/isXHamsterOk HTTP/1.1
Host: xhamster.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en
Accept-Encoding: gzip, deflate, br
Referer: https://creative.xlivrdr.com/
Origin: https://creative.xlivrdr.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 26 Aug 2023 16:27:38 GMT
content-type: application/json
content-length: 14
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-allow-headers: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KS4byrXORfnLe22GBb68Q5deghiKAMb60hbAJe9KW44UNtf6kPJWFzN32DaFsHBx6KbK5ZHtjxnW9Sj0z5%2BQT5wLtwjI%2FQWTLS6aLsj4ut%2BuQKK1O1mKg77qoDCU9Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7fcd717d087db51d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

go.xlivrdr.com/thumbs/view

104.18.51.106

200 OK

192 B

URL POST HTTP/3
go.xlivrdr.com/thumbs/view
IP
104.18.51.106:443
ASN
#13335 CLOUDFLARENET

Requested by
https://creative.xlivrdr.com/widgets/v4/Universal?action=sbSignupWithModel&ax=0&campaignId=73000fb03f0408f156f57c5bb1d2c227a69b57f5b5d628392bd2eabd45e007b3&campaignType=smartpop&creativeId=3672fc27bfb593b05d38e7fde02505c3103c2218a2ae9c36d69ba41396748660&iterationId=718022&kbLimit=1000&masterSmartpopId=1605&memberId=ooc4ASOpnuomqndbPZVdPVO6V1EsqppZXVS2upmdQ6ap0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumc50rnOdK6V0rpXSuldK6V0rpq7qJa7J6qnB9g--&mlView=1&p1=5840560&ruleId=3&smartpopId=3072&sourceId=4293152p1%3D%7Bcampaign&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=31685&webp=1
Certificate
IssuerCloudflare, Inc.
Subjectxlivrdr.com
FingerprintDA:D9:AC:E4:B1:E8:44:C4:D9:A4:0E:1B:DF:33:4B:24:74:45:7D:0E
ValidityWed, 03 May 2023 00:00:00 GMT - Wed, 01 May 2024 23:59:59 GMT

File type
JSON data\012- , ASCII text
Size
192 B (192 bytes)
Hash
bad9b0b3de6e6d4cfdb34f6dad474655
25342389d4a45f86a31917fb85c9095fac40db9b
481c69a2147845b25cd0562fe7bf95f953eb525098f7613a5f5e8034a3eec4b9

HTTP Headers

POST /thumbs/view HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.xlivrdr.com/
Content-Type: text/plain;charset=UTF-8
Content-Length: 156
Origin: https://creative.xlivrdr.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 26 Aug 2023 16:27:38 GMT
content-type: application/json
access-control-allow-origin: https://creative.xlivrdr.com
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64
cf-cache-status: DYNAMIC
set-cookie: __cflb=02DiuDFRFiBZBvMSLtsgHAjogiG8Ahr7aaGEqcLtLgDTA; SameSite=None; Secure; path=/; expires=Sun, 27-Aug-23 16:27:38 GMT; HttpOnly
server: cloudflare
cf-ray: 7fcd717c6d7eb511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

go.xlivrdr.com/abc.gif?action=sbSignupWithModel&campaignId=73000fb03f0408f156f57c5bb1d2c227a69b57f5b5d628392bd2eabd45e007b3&campaignType=smartpop&creativeId=3672fc27bfb593b05d38e7fde02505c3103c2218a2ae9c36d69ba41396748660&iterationId=718022&kbLimit=1000&masterSmartpopId=1605&p1=5840560&ruleId=3&smartpopId=3072&sourceId=4293152p1%3D%7Bcampaign&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=31685&actionButtonPlacement=bottom&thumbSizeKey=big&hideButtonOnSmallSpots=1&hideTitleOnSmallSpots=1&hideModelNameOnSmallSpots=1&buttonColor=%23DC0C2C&liveBadgeColor=%2300bd8f&language=en&thumbFit=cover&quality=original&stripcashR=0&thumbType=default&modelsInWatchHistoryCount=-1&modelsInFavoritesCount=-1&userType=newuser&modelsCount=10&segment=hls-newAPI&landing=WidgetV4Universal&referrer=https%3A%2F%2Fmtav.art%2F&i=0&ib=0&filtersMatch=1&m=%5B%7B%22type%22%3A%22navigation%22%2C%22startTime%22%3A0%2C%22duration%22%3A1106%7D%2C%7B%22type%22%3A%22resource%22%2C%22startTime%22%3A921%2C%22duration%22%3A51%2C%22transferSize%22%3A79858%7D%2C%7B%22type%22%3A%22resource%22%2C%22startTime%22%3A921%2C%22duration%22%3A38%2C%22transferSize%22%3A4625%7D%5D&mh=854850112

104.18.51.106

200 OK

0 B

URL GET HTTP/3
go.xlivrdr.com/abc.gif?action=sbSignupWithModel&campaignId=73000fb03f0408f156f57c5bb1d2c227a69b57f5b5d628392bd2eabd45e007b3&campaignType=smartpop&creativeId=3672fc27bfb593b05d38e7fde02505c3103c2218a2ae9c36d69ba41396748660&iterationId=718022&kbLimit=1000&masterSmartpopId=1605&p1=5840560&ruleId=3&smartpopId=3072&sourceId=4293152p1%3D%7Bcampaign&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=31685&actionButtonPlacement=bottom&thumbSizeKey=big&hideButtonOnSmallSpots=1&hideTitleOnSmallSpots=1&hideModelNameOnSmallSpots=1&buttonColor=%23DC0C2C&liveBadgeColor=%2300bd8f&language=en&thumbFit=cover&quality=original&stripcashR=0&thumbType=default&modelsInWatchHistoryCount=-1&modelsInFavoritesCount=-1&userType=newuser&modelsCount=10&segment=hls-newAPI&landing=WidgetV4Universal&referrer=https%3A%2F%2Fmtav.art%2F&i=0&ib=0&filtersMatch=1&m=%5B%7B%22type%22%3A%22navigation%22%2C%22startTime%22%3A0%2C%22duration%22%3A1106%7D%2C%7B%22type%22%3A%22resource%22%2C%22startTime%22%3A921%2C%22duration%22%3A51%2C%22transferSize%22%3A79858%7D%2C%7B%22type%22%3A%22resource%22%2C%22startTime%22%3A921%2C%22duration%22%3A38%2C%22transferSize%22%3A4625%7D%5D&mh=854850112
IP
104.18.51.106:443
ASN
#13335 CLOUDFLARENET

Requested by
https://creative.xlivrdr.com/widgets/v4/Universal?action=sbSignupWithModel&ax=0&campaignId=73000fb03f0408f156f57c5bb1d2c227a69b57f5b5d628392bd2eabd45e007b3&campaignType=smartpop&creativeId=3672fc27bfb593b05d38e7fde02505c3103c2218a2ae9c36d69ba41396748660&iterationId=718022&kbLimit=1000&masterSmartpopId=1605&memberId=ooc4ASOpnuomqndbPZVdPVO6V1EsqppZXVS2upmdQ6ap0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumc50rnOdK6V0rpXSuldK6V0rpq7qJa7J6qnB9g--&mlView=1&p1=5840560&ruleId=3&smartpopId=3072&sourceId=4293152p1%3D%7Bcampaign&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=31685&webp=1
Certificate
IssuerCloudflare, Inc.
Subjectxlivrdr.com
FingerprintDA:D9:AC:E4:B1:E8:44:C4:D9:A4:0E:1B:DF:33:4B:24:74:45:7D:0E
ValidityWed, 03 May 2023 00:00:00 GMT - Wed, 01 May 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /abc.gif?action=sbSignupWithModel&campaignId=73000fb03f0408f156f57c5bb1d2c227a69b57f5b5d628392bd2eabd45e007b3&campaignType=smartpop&creativeId=3672fc27bfb593b05d38e7fde02505c3103c2218a2ae9c36d69ba41396748660&iterationId=718022&kbLimit=1000&masterSmartpopId=1605&p1=5840560&ruleId=3&smartpopId=3072&sourceId=4293152p1%3D%7Bcampaign&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=31685&actionButtonPlacement=bottom&thumbSizeKey=big&hideButtonOnSmallSpots=1&hideTitleOnSmallSpots=1&hideModelNameOnSmallSpots=1&buttonColor=%23DC0C2C&liveBadgeColor=%2300bd8f&language=en&thumbFit=cover&quality=original&stripcashR=0&thumbType=default&modelsInWatchHistoryCount=-1&modelsInFavoritesCount=-1&userType=newuser&modelsCount=10&segment=hls-newAPI&landing=WidgetV4Universal&referrer=https%3A%2F%2Fmtav.art%2F&i=0&ib=0&filtersMatch=1&m=%5B%7B%22type%22%3A%22navigation%22%2C%22startTime%22%3A0%2C%22duration%22%3A1106%7D%2C%7B%22type%22%3A%22resource%22%2C%22startTime%22%3A921%2C%22duration%22%3A51%2C%22transferSize%22%3A79858%7D%2C%7B%22type%22%3A%22resource%22%2C%22startTime%22%3A921%2C%22duration%22%3A38%2C%22transferSize%22%3A4625%7D%5D&mh=854850112 HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://creative.xlivrdr.com/
Cookie: __cflb=04dToPfSdwpmYL4m1jJR4AaLHvZoKEoZs2MKjuMUma
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 26 Aug 2023 16:27:36 GMT
content-type: image/gif
content-length: 103
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7fcd7173bf04b511-OSL
alt-svc: h3=":443"; ma=86400

go.xlivrdr.com/api/models?webp=1&forceClient=1&stripcashR=0&limit=NaN&usePreroll

104.18.51.106

200 OK

15 kB

URL GET HTTP/3
go.xlivrdr.com/api/models?webp=1&forceClient=1&stripcashR=0&limit=NaN&usePreroll
IP
104.18.51.106:443
ASN
#13335 CLOUDFLARENET

Requested by
https://creative.xlivrdr.com/widgets/v4/Universal?action=sbSignupWithModel&ax=0&campaignId=73000fb03f0408f156f57c5bb1d2c227a69b57f5b5d628392bd2eabd45e007b3&campaignType=smartpop&creativeId=3672fc27bfb593b05d38e7fde02505c3103c2218a2ae9c36d69ba41396748660&iterationId=718022&kbLimit=1000&masterSmartpopId=1605&memberId=ooc4ASOpnuomqndbPZVdPVO6V1EsqppZXVS2upmdQ6ap0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumc50rnOdK6V0rpXSuldK6V0rpq7qJa7J6qnB9g--&mlView=1&p1=5840560&ruleId=3&smartpopId=3072&sourceId=4293152p1%3D%7Bcampaign&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=31685&webp=1
Certificate
IssuerCloudflare, Inc.
Subjectxlivrdr.com
FingerprintDA:D9:AC:E4:B1:E8:44:C4:D9:A4:0E:1B:DF:33:4B:24:74:45:7D:0E
ValidityWed, 03 May 2023 00:00:00 GMT - Wed, 01 May 2024 23:59:59 GMT

File type
JSON data\012- , ASCII text, with very long lines (15415), with no line terminators
Size
15 kB (15415 bytes)
Hash
7af26ebb5ce32271412c69f54d6c6aad
b2851e02d23ab6626a7c684269793282039c3849
b1eb699840ee84a5635597d1878c521a20e1b47a3cf2ba3d8a375bc39c8c46ab

HTTP Headers

GET /api/models?webp=1&forceClient=1&stripcashR=0&limit=NaN&usePreroll HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.xlivrdr.com/
Origin: https://creative.xlivrdr.com
DNT: 1
Connection: keep-alive
Cookie: __cflb=04dToPfSdwpmYL4m1jJR4AaLHvZoKEoZs2MKjuMUma
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 26 Aug 2023 16:27:36 GMT
content-type: application/json
access-control-allow-origin: https://creative.xlivrdr.com
access-control-allow-credentials: true
vary: Origin, Accept-Encoding
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64
last-modified: Sat, 26 Aug 2023 16:26:52 GMT
cf-cache-status: HIT
age: 11
server: cloudflare
cf-ray: 7fcd71731debb511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

imageproxy.pimg.tw/resize?url=http://249999.xyz/images/2021/10/01/c472cd7f47ccd8b20e7b5be61f220b0c.jpg

168.95.246.1

200 OK

18 kB

URL GET HTTP/2
imageproxy.pimg.tw/resize?url=http://249999.xyz/images/2021/10/01/c472cd7f47ccd8b20e7b5be61f220b0c.jpg
IP
168.95.246.1:443
ASN
#131660 Data Communication Business Group

Requested by
https://mtav.art/vod/detail/id/7952/
Certificate
IssuerGandi
Subject*.pimg.tw
Fingerprint1F:80:A2:2D:B5:CF:89:91:4C:BF:82:5F:D2:8A:F4:F3:42:C6:E9:1C
ValidityThu, 12 Jan 2023 00:00:00 GMT - Thu, 25 Jan 2024 23:59:59 GMT

File type
JPEG image data, baseline, precision 8, 361x295, components 3\012- data
Size
18 kB (18003 bytes)
Hash
e0d1ec2b60a67fce608653ad56debc1d
f0a53a6efaa12cdc598fec520713c16b9d565ddd
10a8fed54170eeb02f87f75ddec248c62a558d8e7f3a1143b7dad218b8152b24

HTTP Headers

GET /resize?url=http://249999.xyz/images/2021/10/01/c472cd7f47ccd8b20e7b5be61f220b0c.jpg HTTP/1.1
Host: imageproxy.pimg.tw
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mtav.art/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: HiNetCDN/2307
date: Sat, 26 Aug 2023 16:27:36 GMT
content-type: image/jpeg
cache-control: public, max-age=31536000
x-image-geometry: 361,295
x-cache: MISS, HIT
x-request-id: e4d0a3531a8d250bdbc1f748d895b548
X-Firefox-Spdy: h2

mtav.art/template/mtav/cssjs/sweetalert2.min.js?ver=8.7.1

172.67.206.72

200 OK

38 kB

URL GET HTTP/3
mtav.art/template/mtav/cssjs/sweetalert2.min.js?ver=8.7.1
IP
172.67.206.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mtav.art/vod/detail/id/7952/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint03:F2:D9:68:6E:B2:82:DB:76:D4:74:F7:7C:46:8E:49:FB:E0:96:45
ValidityThu, 23 Mar 2023 00:00:00 GMT - Fri, 22 Mar 2024 23:59:59 GMT

File type
ASCII text, with very long lines (37868), with no line terminators
Size
38 kB (37868 bytes)
Hash
572cf28ce79ee54513d9c68b6eddcec2
f9e7e1ca01ed799d37fb35cbfbbb3d7660f0b8fe
c3e7025c1ceb9675c8a010ef167ac90799e31638647bb43399e9242a498986f7

HTTP Headers

GET /template/mtav/cssjs/sweetalert2.min.js?ver=8.7.1 HTTP/1.1
Host: mtav.art
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mtav.art/vod/detail/id/7952/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 26 Aug 2023 16:27:34 GMT
content-type: application/javascript
last-modified: Sun, 23 May 2021 05:03:53 GMT
vary: Accept-Encoding
etag: W/"60a9e239-93ec"
expires: Sat, 26 Aug 2023 18:01:36 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 37558
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BFbgUwE8xZwCr9guBOsZdIegLjnE1upjQ1M6qtoBe0ohXY1k%2B1e35ZIiPmTxVNYAlJJ3LPvDeUXjm8I4DfmYFlqcgW93N25wtfTFL6KKtYBeusP0o7%2F7cG3dgg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7fcd71669b4f0b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

mtav.art/template/mtav/cssjs/sweetalert2.min.css?ver=8.7.1

172.67.206.72

200 OK

22 kB

URL GET HTTP/3
mtav.art/template/mtav/cssjs/sweetalert2.min.css?ver=8.7.1
IP
172.67.206.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mtav.art/vod/detail/id/7952/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint03:F2:D9:68:6E:B2:82:DB:76:D4:74:F7:7C:46:8E:49:FB:E0:96:45
ValidityThu, 23 Mar 2023 00:00:00 GMT - Fri, 22 Mar 2024 23:59:59 GMT

File type

Size
22 kB (21864 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /template/mtav/cssjs/sweetalert2.min.css?ver=8.7.1 HTTP/1.1
Host: mtav.art
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mtav.art/vod/detail/id/7952/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 26 Aug 2023 16:27:34 GMT
content-type: text/css
last-modified: Sun, 23 May 2021 05:03:50 GMT
vary: Accept-Encoding
etag: W/"60a9e236-5568"
expires: Sat, 26 Aug 2023 18:01:36 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 37558
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wm9HJl7yeejilFdn6bjPk%2BbsfVzJbKEKV2N8BiDd70yXpuzgcdqSbB24wK5z9O6rTQDtdpi0VWysIWLwxMXsmejlhYnAd70Eee2TUT%2Bm6D9Rwit6aXZNplmP1w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7fcd71668b390b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

imageproxy.pimg.tw/resize?url=https://666546.xyz/images/2023/08/26/f91740967d3c9624def5d0405aa6ba34.jpg

168.95.246.1

200 OK

18 kB

URL GET HTTP/2
imageproxy.pimg.tw/resize?url=https://666546.xyz/images/2023/08/26/f91740967d3c9624def5d0405aa6ba34.jpg
IP
168.95.246.1:443
ASN
#131660 Data Communication Business Group

Requested by
https://mtav.art/vod/detail/id/7952/
Certificate
IssuerGandi
Subject*.pimg.tw
Fingerprint1F:80:A2:2D:B5:CF:89:91:4C:BF:82:5F:D2:8A:F4:F3:42:C6:E9:1C
ValidityThu, 12 Jan 2023 00:00:00 GMT - Thu, 25 Jan 2024 23:59:59 GMT

File type
JPEG image data, baseline, precision 8, 539x342, components 3\012- data
Size
18 kB (17934 bytes)
Hash
afde883437b2d69b10f590868e893a05
f498c5e28fd975bb362c963a76d13ee9a1b9f522
a8ff73c2347b056a7f765722095544dfd5a70cc29a141dbef2df6e3d898c2406

HTTP Headers

GET /resize?url=https://666546.xyz/images/2023/08/26/f91740967d3c9624def5d0405aa6ba34.jpg HTTP/1.1
Host: imageproxy.pimg.tw
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: HiNetCDN/2307
date: Sat, 26 Aug 2023 16:27:36 GMT
content-type: image/jpeg
cache-control: public, max-age=31536000
x-image-geometry: 539,342
x-cache: HIT
x-request-id: be00a9e78e95310cce8ffd9651ffc9a5
X-Firefox-Spdy: h2

cloudflare.com/cdn-cgi/trace

104.16.133.229

200 OK

260 B

URL GET HTTP/2
cloudflare.com/cdn-cgi/trace
IP
104.16.133.229:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mtav.art/vod/detail/id/7952/
Certificate
IssuerCloudflare, Inc.
Subjectcloudflare.com
Fingerprint49:1D:23:BB:41:85:C4:9B:1D:5B:6D:56:37:AF:48:EE:4D:C2:D2:FD
ValidityFri, 04 Aug 2023 00:00:00 GMT - Wed, 01 Nov 2023 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
260 B (260 bytes)
Hash
5e4247631a3992918d2f0722109d5ae1
a573b97af0b87044eca5c5b4c7e7bab372287610
1358f49790335117c3d7fbd5e50e9407d83215ea9e5134744c71cda7aed1dd7a

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	IcedID

HTTP Headers

GET /cdn-cgi/trace HTTP/1.1
Host: cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mtav.art
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 26 Aug 2023 16:27:35 GMT
content-type: text/plain
access-control-allow-origin: *
server: cloudflare
cf-ray: 7fcd71690c17b523-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

go.xlivrdr.com/smartpop/73000fb03f0408f156f57c5bb1d2c227a69b57f5b5d628392bd2eabd45e007b3?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&memberId=ooddNHdLHTPHNVS4ASOpnuomprdbPZVdPVO6V1EsqppZXVS2upmdQ6ap0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumdXTvnPZxZRxnvTTHdPLPXPdZNVPNZdVTdS7XevSmzeaqW7Wqri6iimqm3O7Oya3PTix0rs4_8.SkRHqH9znSuldK6V0rpXSuldK6au6iWuyeqtwfYA-&sourceId=4293146p1={campaign&p1=5840560&ax=0&kbLimit=1000

104.18.51.106

302 Found

852 B

URL GET HTTP/3
go.xlivrdr.com/smartpop/73000fb03f0408f156f57c5bb1d2c227a69b57f5b5d628392bd2eabd45e007b3?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&memberId=ooddNHdLHTPHNVS4ASOpnuomprdbPZVdPVO6V1EsqppZXVS2upmdQ6ap0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumdXTvnPZxZRxnvTTHdPLPXPdZNVPNZdVTdS7XevSmzeaqW7Wqri6iimqm3O7Oya3PTix0rs4_8.SkRHqH9znSuldK6V0rpXSuldK6au6iWuyeqtwfYA-&sourceId=4293146p1={campaign&p1=5840560&ax=0&kbLimit=1000
IP
104.18.51.106:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a.magsrv.com/iframe.php?idzone=4293146&size=300x100
Certificate
IssuerCloudflare, Inc.
Subjectxlivrdr.com
FingerprintDA:D9:AC:E4:B1:E8:44:C4:D9:A4:0E:1B:DF:33:4B:24:74:45:7D:0E
ValidityWed, 03 May 2023 00:00:00 GMT - Wed, 01 May 2024 23:59:59 GMT

File type

Size
852 B (852 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /smartpop/73000fb03f0408f156f57c5bb1d2c227a69b57f5b5d628392bd2eabd45e007b3?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&memberId=ooddNHdLHTPHNVS4ASOpnuomprdbPZVdPVO6V1EsqppZXVS2upmdQ6ap0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumdXTvnPZxZRxnvTTHdPLPXPdZNVPNZdVTdS7XevSmzeaqW7Wqri6iimqm3O7Oya3PTix0rs4_8.SkRHqH9znSuldK6V0rpXSuldK6au6iWuyeqtwfYA-&sourceId=4293146p1={campaign&p1=5840560&ax=0&kbLimit=1000 HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.magsrv.com/
Cookie: __cflb=04dToPfSdwpmYL4m1jJR4AaLHvZoKEoZs2MKjuMUma
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 302 Found
date: Sat, 26 Aug 2023 16:27:36 GMT
content-length: 0
location: https://creative.xlivrdr.com/widgets/v4/Universal?action=sbSignupWithModel&ax=0&campaignId=73000fb03f0408f156f57c5bb1d2c227a69b57f5b5d628392bd2eabd45e007b3&campaignType=smartpop&creativeId=3672fc27bfb593b05d38e7fde02505c3103c2218a2ae9c36d69ba41396748660&iterationId=718022&kbLimit=1000&masterSmartpopId=1605&memberId=ooddNHdLHTPHNVS4ASOpnuomprdbPZVdPVO6V1EsqppZXVS2upmdQ6ap0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumdXTvnPZxZRxnvTTHdPLPXPdZNVPNZdVTdS7XevSmzeaqW7Wqri6iimqm3O7Oya3PTix0rs4_8.SkRHqH9znSuldK6V0rpXSuldK6au6iWuyeqtwfYA-&mlView=1&p1=5840560&ruleId=3&smartpopId=3072&sourceId=4293146p1%3D%7Bcampaign&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=31685&webp=1
set-cookie: _var=2063057.31685_N2UxOTUwM2E=; Path=/; Expires=Mon, 25 Sep 2023 16:27:36 GMT; HttpOnly; SameSite=Strict
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7fcd71722c5cb511-OSL
alt-svc: h3=":443"; ma=86400

creative.xlivrdr.com/widgets/v4/Universal/main.15dd808dd5b090c798f7.css

104.18.51.106

200 OK

13 kB

URL GET HTTP/3
creative.xlivrdr.com/widgets/v4/Universal/main.15dd808dd5b090c798f7.css
IP
104.18.51.106:443
ASN
#13335 CLOUDFLARENET

Requested by
https://creative.xlivrdr.com/widgets/v4/Universal?action=sbSignupWithModel&ax=0&campaignId=73000fb03f0408f156f57c5bb1d2c227a69b57f5b5d628392bd2eabd45e007b3&campaignType=smartpop&creativeId=3672fc27bfb593b05d38e7fde02505c3103c2218a2ae9c36d69ba41396748660&iterationId=718022&kbLimit=1000&masterSmartpopId=1605&memberId=ooddNHdLHTPHNVS4ASOpnuomprdbPZVdPVO6V1EsqppZXVS2upmdQ6ap0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumdXTvnPZxZRxnvTTHdPLPXPdZNVPNZdVTdS7XevSmzeaqW7Wqri6iimqm3O7Oya3PTix0rs4_8.SkRHqH9znSuldK6V0rpXSuldK6au6iWuyeqtwfYA-&mlView=1&p1=5840560&ruleId=3&smartpopId=3072&sourceId=4293146p1%3D%7Bcampaign&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=31685&webp=1
Certificate
IssuerCloudflare, Inc.
Subjectxlivrdr.com
FingerprintDA:D9:AC:E4:B1:E8:44:C4:D9:A4:0E:1B:DF:33:4B:24:74:45:7D:0E
ValidityWed, 03 May 2023 00:00:00 GMT - Wed, 01 May 2024 23:59:59 GMT

File type
ASCII text, with very long lines (13396), with no line terminators
Size
13 kB (13396 bytes)
Hash
d55b785d72863fbb8425a36b7d675ec2
546cda15b6fb2a67ce1f102dc82eefb6f749f9c3
a4d09f6a50b6d96e7f22ab12f406dcf44be0d815105018cc5c7f1105fbf597f7

HTTP Headers

GET /widgets/v4/Universal/main.15dd808dd5b090c798f7.css HTTP/1.1
Host: creative.xlivrdr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://creative.xlivrdr.com/widgets/v4/Universal?action=sbSignupWithModel&ax=0&campaignId=73000fb03f0408f156f57c5bb1d2c227a69b57f5b5d628392bd2eabd45e007b3&campaignType=smartpop&creativeId=3672fc27bfb593b05d38e7fde02505c3103c2218a2ae9c36d69ba41396748660&iterationId=718022&kbLimit=1000&masterSmartpopId=1605&memberId=ooddNHdLHTPHNVS4ASOpnuomprdbPZVdPVO6V1EsqppZXVS2upmdQ6ap0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumdXTvnPZxZRxnvTTHdPLPXPdZNVPNZdVTdS7XevSmzeaqW7Wqri6iimqm3O7Oya3PTix0rs4_8.SkRHqH9znSuldK6V0rpXSuldK6au6iWuyeqtwfYA-&mlView=1&p1=5840560&ruleId=3&smartpopId=3072&sourceId=4293146p1%3D%7Bcampaign&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=31685&webp=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 26 Aug 2023 16:27:36 GMT
content-type: text/css
last-modified: Fri, 25 Aug 2023 03:09:09 GMT
etag: W/"64e81b55-3454"
expires: Sat, 26 Aug 2023 16:27:46 GMT
cache-control: max-age=10
pragma: public
cf-cache-status: HIT
age: 0
vary: Accept-Encoding
server: cloudflare
cf-ray: 7fcd71733e29b511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

img.strpst.com/thumbs/1693067160/41991456_webp

104.18.63.124

200 OK

26 kB

URL GET HTTP/2
img.strpst.com/thumbs/1693067160/41991456_webp
IP
104.18.63.124:443
ASN
#13335 CLOUDFLARENET

Requested by
https://creative.xlivrdr.com/widgets/v4/Universal?action=sbSignupWithModel&ax=0&campaignId=73000fb03f0408f156f57c5bb1d2c227a69b57f5b5d628392bd2eabd45e007b3&campaignType=smartpop&creativeId=3672fc27bfb593b05d38e7fde02505c3103c2218a2ae9c36d69ba41396748660&iterationId=718022&kbLimit=1000&masterSmartpopId=1605&memberId=ooc4ASOpnuomqndbPZVdPVO6V1EsqppZXVS2upmdQ6ap0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumc50rnOdK6V0rpXSuldK6V0rpq7qJa7J6qnB9g--&mlView=1&p1=5840560&ruleId=3&smartpopId=3072&sourceId=4293152p1%3D%7Bcampaign&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=31685&webp=1
Certificate
IssuerCloudflare, Inc.
Subjectimg.strpst.com
FingerprintED:62:74:FE:E4:F5:89:43:B3:49:55:FE:18:19:0D:29:24:96:75:BC
ValidityMon, 03 Apr 2023 00:00:00 GMT - Tue, 02 Apr 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 640x360, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
26 kB (25580 bytes)
Hash
effeb4d73639b29458bab107b8b66e45
ffb31877ba296f26708864f785a2fdc9bd77e037
3342ab71d65d6b3dbf9ead7b109c8844cc7b66dc30113b2e32cff3b0b88222c6

HTTP Headers

GET /thumbs/1693067160/41991456_webp HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://creative.xlivrdr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 26 Aug 2023 16:27:37 GMT
content-type: image/webp
content-length: 25580
etag: "effeb4d73639b29458bab107b8b66e45"
last-modified: Sat, 26 Aug 2023 16:25:35 GMT
cache-control: public, max-age=1800, s-maxage=1800
access-control-allow-origin: *
access-control-allow-methods: GET
cf-cache-status: HIT
age: 90
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7fcd71746cafb50b-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

mtav.art/template/mtav/cssjs/jquery-2.2.4.min.js?ver=2.2.4

172.67.206.72

200 OK

86 kB

URL GET HTTP/3
mtav.art/template/mtav/cssjs/jquery-2.2.4.min.js?ver=2.2.4
IP
172.67.206.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mtav.art/vod/detail/id/7952/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint03:F2:D9:68:6E:B2:82:DB:76:D4:74:F7:7C:46:8E:49:FB:E0:96:45
ValidityThu, 23 Mar 2023 00:00:00 GMT - Fri, 22 Mar 2024 23:59:59 GMT

File type
ASCII text, with very long lines (32065)
Size
86 kB (85578 bytes)
Hash
2f6b11a7e914718e0290410e85366fe9
69bb69e25ca7d5ef0935317584e6153f3fd9a88c
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

HTTP Headers

GET /template/mtav/cssjs/jquery-2.2.4.min.js?ver=2.2.4 HTTP/1.1
Host: mtav.art
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mtav.art/vod/detail/id/7952/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 26 Aug 2023 16:27:34 GMT
content-type: application/javascript
last-modified: Sun, 23 May 2021 05:03:52 GMT
vary: Accept-Encoding
etag: W/"60a9e238-14e4a"
expires: Sat, 26 Aug 2023 18:01:36 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 37558
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZqRJNOGr2ms%2BYpsp3anDZlON1syA9pLJ6YNPA1rAyLR1x12xX5JonFhZTKPbeHUmrqM0UPeaVnBPy9u6wc8d%2B%2FLdiE9%2BscnEqer6t72R4UtxkDjZBtoLJkZMIA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7fcd71669b490b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

qcsuoq.com/ntload?a=1&e=aeyJwaWQiOjEwMzUxOTEsInNpZCI6MTA5NjkwOSwid2lkIjoyMDA2MTcsImQiOiJtdGF2LmFydCIsImxpIjoxfQ%3D%3D&tz=0&if=0&u=aHR0cHM6Ly9tdGF2LmFydC92b2QvZGV0YWlsL2lkLzc5NTIv&ntli=1

185.162.85.1

200 OK

324 B

URL GET HTTP/2
qcsuoq.com/ntload?a=1&e=aeyJwaWQiOjEwMzUxOTEsInNpZCI6MTA5NjkwOSwid2lkIjoyMDA2MTcsImQiOiJtdGF2LmFydCIsImxpIjoxfQ%3D%3D&tz=0&if=0&u=aHR0cHM6Ly9tdGF2LmFydC92b2QvZGV0YWlsL2lkLzc5NTIv&ntli=1
IP
185.162.85.1:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://mtav.art/vod/detail/id/7952/
Certificate
IssuerLet's Encrypt
Subjectqcsuoq.com
FingerprintF8:2A:5E:33:5C:27:E5:AA:F7:8E:3A:89:33:EF:1E:E0:5C:A3:28:56
ValidityFri, 30 Jun 2023 04:55:21 GMT - Thu, 28 Sep 2023 04:55:20 GMT

File type
Unicode text, UTF-8 text, with very long lines (356), with no line terminators
Size
324 B (324 bytes)
Hash
4622d620139ffa4e40f2bee980a12ecd
892c69a2630eca71b6c2102c02281f181e97c5e6
c31d0ec38e59eebcb0405e88e22e10e018b3eca1e6b47dc5628e98ced9d05cf4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ntload?a=1&e=aeyJwaWQiOjEwMzUxOTEsInNpZCI6MTA5NjkwOSwid2lkIjoyMDA2MTcsImQiOiJtdGF2LmFydCIsImxpIjoxfQ%3D%3D&tz=0&if=0&u=aHR0cHM6Ly9tdGF2LmFydC92b2QvZGV0YWlsL2lkLzc5NTIv&ntli=1 HTTP/1.1
Host: qcsuoq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mtav.art
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0
date: Sat, 26 Aug 2023 16:27:35 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
access-control-allow-origin: https://mtav.art
accept-ch: Sec-CH-UA-Platform-Version
content-encoding: gzip
X-Firefox-Spdy: h2

go.xlivrdr.com/event/ml

104.18.51.106

200 OK

107 B

URL POST HTTP/3
go.xlivrdr.com/event/ml
IP
104.18.51.106:443
ASN
#13335 CLOUDFLARENET

Requested by
https://creative.xlivrdr.com/widgets/v4/Universal?action=sbSignupWithModel&ax=0&campaignId=73000fb03f0408f156f57c5bb1d2c227a69b57f5b5d628392bd2eabd45e007b3&campaignType=smartpop&creativeId=3672fc27bfb593b05d38e7fde02505c3103c2218a2ae9c36d69ba41396748660&iterationId=718022&kbLimit=1000&masterSmartpopId=1605&memberId=ooddNHdLHTPHNVS4ASOpnuomprdbPZVdPVO6V1EsqppZXVS2upmdQ6ap0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumdXTvnPZxZRxnvTTHdPLPXPdZNVPNZdVTdS7XevSmzeaqW7Wqri6iimqm3O7Oya3PTix0rs4_8.SkRHqH9znSuldK6V0rpXSuldK6au6iWuyeqtwfYA-&mlView=1&p1=5840560&ruleId=3&smartpopId=3072&sourceId=4293146p1%3D%7Bcampaign&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=31685&webp=1
Certificate
IssuerCloudflare, Inc.
Subjectxlivrdr.com
FingerprintDA:D9:AC:E4:B1:E8:44:C4:D9:A4:0E:1B:DF:33:4B:24:74:45:7D:0E
ValidityWed, 03 May 2023 00:00:00 GMT - Wed, 01 May 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
107 B (107 bytes)
Hash
b4623b16228094b06e6632011454b8bd
ef3f43b82fcbaa4b330afc24566c957b23cc30f6
3b1745b5c945fefd33af10864451932e4f9b268fbe48e6de35061e9ebe261ba5

HTTP Headers

POST /event/ml HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.xlivrdr.com/
Content-Type: text/plain;charset=UTF-8
Content-Length: 97
Origin: https://creative.xlivrdr.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 26 Aug 2023 16:27:37 GMT
content-type: application/json
access-control-allow-origin: https://creative.xlivrdr.com
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64
cf-cache-status: DYNAMIC
set-cookie: __cflb=02DiuDFRFiBZBvMSLtrsEK7fDqK6EwaD8sUG5GiQsqMBr; SameSite=None; Secure; path=/; expires=Sun, 27-Aug-23 16:27:37 GMT; HttpOnly
server: cloudflare
cf-ray: 7fcd7178ff9bb511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

go.xlivrdr.com/event/ml

104.18.51.106

200 OK

245 B

URL POST HTTP/3
go.xlivrdr.com/event/ml
IP
104.18.51.106:443
ASN
#13335 CLOUDFLARENET

Requested by
https://creative.xlivrdr.com/widgets/v4/Universal?action=sbSignupWithModel&ax=0&campaignId=73000fb03f0408f156f57c5bb1d2c227a69b57f5b5d628392bd2eabd45e007b3&campaignType=smartpop&creativeId=3672fc27bfb593b05d38e7fde02505c3103c2218a2ae9c36d69ba41396748660&iterationId=718022&kbLimit=1000&masterSmartpopId=1605&memberId=ooc4ASOpnuomqndbPZVdPVO6V1EsqppZXVS2upmdQ6ap0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumc50rnOdK6V0rpXSuldK6V0rpq7qJa7J6qnB9g--&mlView=1&p1=5840560&ruleId=3&smartpopId=3072&sourceId=4293152p1%3D%7Bcampaign&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=31685&webp=1
Certificate
IssuerCloudflare, Inc.
Subjectxlivrdr.com
FingerprintDA:D9:AC:E4:B1:E8:44:C4:D9:A4:0E:1B:DF:33:4B:24:74:45:7D:0E
ValidityWed, 03 May 2023 00:00:00 GMT - Wed, 01 May 2024 23:59:59 GMT

File type
ASCII text, with very long lines (308), with no line terminators
Size
245 B (245 bytes)
Hash
78762473e4660ae7f0756b2746aecf15
5d40ef96933221d20cb3e3befeeb573e1e03f0fa
5a9ae7761512e5832ac8326cc24d0931407d6b5153d91331af572f935b49f9b0

HTTP Headers

POST /event/ml HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.xlivrdr.com/
Content-Type: text/plain;charset=UTF-8
Content-Length: 170
Origin: https://creative.xlivrdr.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 26 Aug 2023 16:27:37 GMT
content-type: application/json
access-control-allow-origin: https://creative.xlivrdr.com
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64
cf-cache-status: DYNAMIC
set-cookie: __cflb=0H28upDCGznfDm9XVE9MvJSVQVB7yW4PnuPLDcUhSmz; SameSite=None; Secure; path=/; expires=Sun, 27-Aug-23 16:27:37 GMT; HttpOnly
server: cloudflare
cf-ray: 7fcd71762b49b511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

imageproxy.pimg.tw/resize?url=https://666546.xyz/images/2023/08/26/bb79c24ad2b4a7b20549fb0d2117b76c.jpg

168.95.246.1

200 OK

24 kB

URL GET HTTP/2
imageproxy.pimg.tw/resize?url=https://666546.xyz/images/2023/08/26/bb79c24ad2b4a7b20549fb0d2117b76c.jpg
IP
168.95.246.1:443
ASN
#131660 Data Communication Business Group

Requested by
https://mtav.art/vod/detail/id/7952/
Certificate
IssuerGandi
Subject*.pimg.tw
Fingerprint1F:80:A2:2D:B5:CF:89:91:4C:BF:82:5F:D2:8A:F4:F3:42:C6:E9:1C
ValidityThu, 12 Jan 2023 00:00:00 GMT - Thu, 25 Jan 2024 23:59:59 GMT

File type
JPEG image data, baseline, precision 8, 468x359, components 3\012- data
Size
24 kB (24158 bytes)
Hash
5f8553f5ff2bd5cbcdba89d2eb328e1e
19ff730e8d857ed23a6683a79afb62290695d191
7c4c7bd4968529c874b13423328255dc732d8dc8e65d2df0459c56218adf13a0

HTTP Headers

GET /resize?url=https://666546.xyz/images/2023/08/26/bb79c24ad2b4a7b20549fb0d2117b76c.jpg HTTP/1.1
Host: imageproxy.pimg.tw
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: HiNetCDN/2307
date: Sat, 26 Aug 2023 16:27:36 GMT
content-type: image/jpeg
cache-control: public, max-age=31536000
x-image-geometry: 468,359
x-cache: HIT
x-request-id: cc6242ce45e35b0fa84942ac5947af0f
X-Firefox-Spdy: h2

imageproxy.pimg.tw/resize?url=https://666546.xyz/images/2023/08/26/fa7bb315dd6b710dbe35bbfda468917f.jpg

168.95.246.1

200 OK

17 kB

URL GET HTTP/2
imageproxy.pimg.tw/resize?url=https://666546.xyz/images/2023/08/26/fa7bb315dd6b710dbe35bbfda468917f.jpg
IP
168.95.246.1:443
ASN
#131660 Data Communication Business Group

Requested by
https://mtav.art/vod/detail/id/7952/
Certificate
IssuerGandi
Subject*.pimg.tw
Fingerprint1F:80:A2:2D:B5:CF:89:91:4C:BF:82:5F:D2:8A:F4:F3:42:C6:E9:1C
ValidityThu, 12 Jan 2023 00:00:00 GMT - Thu, 25 Jan 2024 23:59:59 GMT

File type
JPEG image data, baseline, precision 8, 373x306, components 3\012- data
Size
17 kB (16839 bytes)
Hash
62ff2925a9bb9d976083c0156d08d2dc
bcede97011c1ea54958e2a2122ae91cfd23e367f
0df5a7890d9209db8585a2c952c083785107375689a175c01c560d4f35823ff4

HTTP Headers

GET /resize?url=https://666546.xyz/images/2023/08/26/fa7bb315dd6b710dbe35bbfda468917f.jpg HTTP/1.1
Host: imageproxy.pimg.tw
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: HiNetCDN/2307
date: Sat, 26 Aug 2023 16:27:36 GMT
content-type: image/jpeg
cache-control: public, max-age=31536000
x-image-geometry: 373,306
x-cache: HIT
x-request-id: f44626e721014c1764d13967fe3f1de2
X-Firefox-Spdy: h2

go.xlivrdr.com/api/models?webp=1&forceClient=1&stripcashR=0&limit=2&usePreroll

104.18.51.106

200 OK

3.3 kB

URL GET HTTP/3
go.xlivrdr.com/api/models?webp=1&forceClient=1&stripcashR=0&limit=2&usePreroll
IP
104.18.51.106:443
ASN
#13335 CLOUDFLARENET

Requested by
https://creative.xlivrdr.com/widgets/v4/Universal?action=sbSignupWithModel&ax=0&campaignId=73000fb03f0408f156f57c5bb1d2c227a69b57f5b5d628392bd2eabd45e007b3&campaignType=smartpop&creativeId=3672fc27bfb593b05d38e7fde02505c3103c2218a2ae9c36d69ba41396748660&iterationId=718022&kbLimit=1000&masterSmartpopId=1605&memberId=ooddNHdLHTPHNVS4ASOpnuomprdbPZVdPVO6V1EsqppZXVS2upmdQ6ap0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumdXTvnPZxZRxnvTTHdPLPXPdZNVPNZdVTdS7XevSmzeaqW7Wqri6iimqm3O7Oya3PTix0rs4_8.SkRHqH9znSuldK6V0rpXSuldK6au6iWuyeqtwfYA-&mlView=1&p1=5840560&ruleId=3&smartpopId=3072&sourceId=4293146p1%3D%7Bcampaign&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=31685&webp=1
Certificate
IssuerCloudflare, Inc.
Subjectxlivrdr.com
FingerprintDA:D9:AC:E4:B1:E8:44:C4:D9:A4:0E:1B:DF:33:4B:24:74:45:7D:0E
ValidityWed, 03 May 2023 00:00:00 GMT - Wed, 01 May 2024 23:59:59 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (3573), with no line terminators
Size
3.3 kB (3309 bytes)
Hash
15dd08f69d79bb06d72158a915d37683
1698a9026d696d7e8287315d1f2ae3891142f2e2
2bb16b7cc7c00fecb4aaffbdf751d0de1de41ed1b1af90c96dfd56262b179256

HTTP Headers

GET /api/models?webp=1&forceClient=1&stripcashR=0&limit=2&usePreroll HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.xlivrdr.com/
Origin: https://creative.xlivrdr.com
DNT: 1
Connection: keep-alive
Cookie: __cflb=04dToPfSdwpmYL4m1jJR4AaLHvZoKEoZs2MKjuMUma
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 26 Aug 2023 16:27:37 GMT
content-type: application/json
access-control-allow-origin: https://creative.xlivrdr.com
access-control-allow-credentials: true
vary: Origin, Accept-Encoding
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64
last-modified: Sat, 26 Aug 2023 16:26:54 GMT
cf-cache-status: HIT
age: 14
server: cloudflare
cf-ray: 7fcd71774cd4b511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

creative.xlivrdr.com/widgets/v4/Universal/main.15dd808dd5b090c798f7.css

104.18.51.106

200 OK

13 kB

URL GET HTTP/3
creative.xlivrdr.com/widgets/v4/Universal/main.15dd808dd5b090c798f7.css
IP
104.18.51.106:443
ASN
#13335 CLOUDFLARENET

Requested by
https://creative.xlivrdr.com/widgets/v4/Universal?action=sbSignupWithModel&ax=0&campaignId=73000fb03f0408f156f57c5bb1d2c227a69b57f5b5d628392bd2eabd45e007b3&campaignType=smartpop&creativeId=3672fc27bfb593b05d38e7fde02505c3103c2218a2ae9c36d69ba41396748660&iterationId=718022&kbLimit=1000&masterSmartpopId=1605&memberId=ooc4ASOpnuomqndbPZVdPVO6V1EsqppZXVS2upmdQ6ap0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumc50rnOdK6V0rpXSuldK6V0rpq7qJa7J6qnB9g--&mlView=1&p1=5840560&ruleId=3&smartpopId=3072&sourceId=4293152p1%3D%7Bcampaign&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=31685&webp=1
Certificate
IssuerCloudflare, Inc.
Subjectxlivrdr.com
FingerprintDA:D9:AC:E4:B1:E8:44:C4:D9:A4:0E:1B:DF:33:4B:24:74:45:7D:0E
ValidityWed, 03 May 2023 00:00:00 GMT - Wed, 01 May 2024 23:59:59 GMT

File type
ASCII text, with very long lines (13396), with no line terminators
Size
13 kB (13396 bytes)
Hash
d55b785d72863fbb8425a36b7d675ec2
546cda15b6fb2a67ce1f102dc82eefb6f749f9c3
a4d09f6a50b6d96e7f22ab12f406dcf44be0d815105018cc5c7f1105fbf597f7

HTTP Headers

GET /widgets/v4/Universal/main.15dd808dd5b090c798f7.css HTTP/1.1
Host: creative.xlivrdr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://creative.xlivrdr.com/widgets/v4/Universal?action=sbSignupWithModel&ax=0&campaignId=73000fb03f0408f156f57c5bb1d2c227a69b57f5b5d628392bd2eabd45e007b3&campaignType=smartpop&creativeId=3672fc27bfb593b05d38e7fde02505c3103c2218a2ae9c36d69ba41396748660&iterationId=718022&kbLimit=1000&masterSmartpopId=1605&memberId=ooc4ASOpnuomqndbPZVdPVO6V1EsqppZXVS2upmdQ6ap0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumc50rnOdK6V0rpXSuldK6V0rpq7qJa7J6qnB9g--&mlView=1&p1=5840560&ruleId=3&smartpopId=3072&sourceId=4293152p1%3D%7Bcampaign&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=31685&webp=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 26 Aug 2023 16:27:36 GMT
content-type: text/css
last-modified: Fri, 25 Aug 2023 03:09:09 GMT
etag: W/"64e81b55-3454"
expires: Sat, 26 Aug 2023 16:27:46 GMT
cache-control: max-age=10
pragma: public
cf-cache-status: HIT
age: 0
vary: Accept-Encoding
server: cloudflare
cf-ray: 7fcd71713a21b511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

mtav.art/template/mtav/cssjs/external.css?ver=8.7.1

172.67.206.72

200 OK

123 kB

URL GET HTTP/3
mtav.art/template/mtav/cssjs/external.css?ver=8.7.1
IP
172.67.206.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mtav.art/vod/detail/id/7952/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint03:F2:D9:68:6E:B2:82:DB:76:D4:74:F7:7C:46:8E:49:FB:E0:96:45
ValidityThu, 23 Mar 2023 00:00:00 GMT - Fri, 22 Mar 2024 23:59:59 GMT

File type
ASCII text, with very long lines (36463), with CRLF line terminators
Size
123 kB (123442 bytes)
Hash
5b5f8d7173021bef4775d04d76da4a2d
af3f01dda7a566943667fd21e9a9796fd7ea089e
d32f410cbca5479168fe580d82d47ef7c2eceb1c97c53f1cc171ada81ae4f830

HTTP Headers

GET /template/mtav/cssjs/external.css?ver=8.7.1 HTTP/1.1
Host: mtav.art
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mtav.art/vod/detail/id/7952/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 26 Aug 2023 16:27:34 GMT
content-type: text/css
last-modified: Sun, 23 May 2021 05:03:49 GMT
vary: Accept-Encoding
etag: W/"60a9e235-1e232"
expires: Sat, 26 Aug 2023 18:01:36 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 37558
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5wq4iZKrdLFRZ048gCHnnZlnup1b3Coj1d6W6WcrG5BZit6WCoAZHAAF%2FYHKwwZ%2FwfzTRMvoJzD%2FFuwyJB4mCTdCFVwN%2BwFqdxk6cVkKNX0NdwYiPPQ7VW0%2FOA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7fcd71668b350b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

mtav.art/template/mtav/cssjs/app.css?ver=8.7.1

172.67.206.72

200 OK

218 kB

URL GET HTTP/3
mtav.art/template/mtav/cssjs/app.css?ver=8.7.1
IP
172.67.206.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mtav.art/vod/detail/id/7952/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint03:F2:D9:68:6E:B2:82:DB:76:D4:74:F7:7C:46:8E:49:FB:E0:96:45
ValidityThu, 23 Mar 2023 00:00:00 GMT - Fri, 22 Mar 2024 23:59:59 GMT

File type

Size
218 kB (218334 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /template/mtav/cssjs/app.css?ver=8.7.1 HTTP/1.1
Host: mtav.art
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mtav.art/vod/detail/id/7952/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 26 Aug 2023 16:27:34 GMT
content-type: text/css
last-modified: Sun, 23 May 2021 05:03:51 GMT
vary: Accept-Encoding
etag: W/"60a9e237-354de"
expires: Sat, 26 Aug 2023 18:01:36 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 37558
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f3vIJoC0aPF9SQEF2Lrh3E%2BFesevQhm0zoV%2By%2Bgl%2BC0V%2F1iZwj%2BwPRsi3bhHCOEc65JZ1uyb4jkkh5tHo3Cf61Ux5u3jlEL6lO5pLAbtv%2BwbBzU4Ci3ADm3J7Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7fcd71669b450b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

mtav.art/template/mtav/favicon.ico

172.67.206.72

200 OK

4.3 kB

URL GET HTTP/3
mtav.art/template/mtav/favicon.ico
IP
172.67.206.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mtav.art/vod/detail/id/7952/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint03:F2:D9:68:6E:B2:82:DB:76:D4:74:F7:7C:46:8E:49:FB:E0:96:45
ValidityThu, 23 Mar 2023 00:00:00 GMT - Fri, 22 Mar 2024 23:59:59 GMT

File type
MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel\012- data
Size
4.3 kB (4286 bytes)
Hash
22d96f6a0c4d342e33a50111cb4c00ae
02cf5bdc638665fc0cc70e8491ee766613bf7316
0770977475b71cd759b5b0cadfad5bae03f962b1ff0b10cd3985df307e2a25fc

HTTP Headers

GET /template/mtav/favicon.ico HTTP/1.1
Host: mtav.art
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: /vod/detail/id/7952/=/vod/detail/id/7952/; _rce=NO
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 26 Aug 2023 16:27:35 GMT
content-type: image/x-icon
last-modified: Sun, 23 May 2021 21:43:39 GMT
etag: W/"60aacc8b-10be"
strict-transport-security: max-age=31536000
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1zO0zbpK8H00MO2w3zLlYuNJ7MQwCNr8opexXZQrpH2WoulCTk42v7gflR%2F11P%2Bvt3hnHscbwSZ2ET0UbaY2C4WatJ7a%2BNgrCZsx2fTzy1VUygrh6KGr1A3L%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7fcd716a0fa20b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

mtav.art/template/ex.js?2023

172.67.206.72

200 OK

9.6 kB

URL GET HTTP/3
mtav.art/template/ex.js?2023
IP
172.67.206.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mtav.art/vod/detail/id/7952/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint03:F2:D9:68:6E:B2:82:DB:76:D4:74:F7:7C:46:8E:49:FB:E0:96:45
ValidityThu, 23 Mar 2023 00:00:00 GMT - Fri, 22 Mar 2024 23:59:59 GMT

File type
ASCII text, with very long lines (9943), with no line terminators
Size
9.6 kB (9578 bytes)
Hash
7ff8b3777667ccd8a1f5a9418ba1fba7
3ba46358f4ca4da5d72b1585a00b2a9a88c03b40
b8f9ba6630cb6d03cdc9e84ecb3728233a1fec08e18c0892fa7f810bbfebe9d3

HTTP Headers

GET /template/ex.js?2023 HTTP/1.1
Host: mtav.art
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 26 Aug 2023 16:27:34 GMT
content-type: application/javascript
last-modified: Fri, 11 Aug 2023 01:02:12 GMT
vary: Accept-Encoding
etag: W/"64d58894-256a"
expires: Sat, 26 Aug 2023 18:01:38 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 37556
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fhkqw0JJ%2F3DsZK1BoAKvO%2FurUuqngd9i75CpuDKCX%2BIeSUAACcjcKkGYxF3FVdoSW1O5k8KUBIZZIELy%2FJmpmj%2FJQCFUwlgGZj5EI98Hwawb784ydSn4DIbSmQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7fcd7166ab6d0b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

go.xlivrdr.com/config?url=https%3A%2F%2Fcreative.xlivrdr.com%2Fwidgets%2Fv4%2FUniversal%3Faction%3DsbSignupWithModel%26ax%3D0%26campaignId%3D73000fb03f0408f156f57c5bb1d2c227a69b57f5b5d628392bd2eabd45e007b3%26campaignType%3Dsmartpop%26creativeId%3D3672fc27bfb593b05d38e7fde02505c3103c2218a2ae9c36d69ba41396748660%26iterationId%3D718022%26kbLimit%3D1000%26masterSmartpopId%3D1605%26memberId%3DooddNHdLHTPHNVS4ASOpnuomprdbPZVdPVO6V1EsqppZXVS2upmdQ6ap0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumdXTvnPZxZRxnvTTHdPLPXPdZNVPNZdVTdS7XevSmzeaqW7Wqri6iimqm3O7Oya3PTix0rs4_8.SkRHqH9znSuldK6V0rpXSuldK6au6iWuyeqtwfYA-%26mlView%3D1%26p1%3D5840560%26ruleId%3D3%26smartpopId%3D3072%26sourceId%3D4293146p1%253D%257Bcampaign%26userId%3D1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9%26variationId%3D31685%26webp%3D1

104.18.51.106

200 OK

6.6 kB

URL GET HTTP/3
go.xlivrdr.com/config?url=https%3A%2F%2Fcreative.xlivrdr.com%2Fwidgets%2Fv4%2FUniversal%3Faction%3DsbSignupWithModel%26ax%3D0%26campaignId%3D73000fb03f0408f156f57c5bb1d2c227a69b57f5b5d628392bd2eabd45e007b3%26campaignType%3Dsmartpop%26creativeId%3D3672fc27bfb593b05d38e7fde02505c3103c2218a2ae9c36d69ba41396748660%26iterationId%3D718022%26kbLimit%3D1000%26masterSmartpopId%3D1605%26memberId%3DooddNHdLHTPHNVS4ASOpnuomprdbPZVdPVO6V1EsqppZXVS2upmdQ6ap0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumdXTvnPZxZRxnvTTHdPLPXPdZNVPNZdVTdS7XevSmzeaqW7Wqri6iimqm3O7Oya3PTix0rs4_8.SkRHqH9znSuldK6V0rpXSuldK6au6iWuyeqtwfYA-%26mlView%3D1%26p1%3D5840560%26ruleId%3D3%26smartpopId%3D3072%26sourceId%3D4293146p1%253D%257Bcampaign%26userId%3D1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9%26variationId%3D31685%26webp%3D1
IP
104.18.51.106:443
ASN
#13335 CLOUDFLARENET

Requested by
https://creative.xlivrdr.com/widgets/v4/Universal?action=sbSignupWithModel&ax=0&campaignId=73000fb03f0408f156f57c5bb1d2c227a69b57f5b5d628392bd2eabd45e007b3&campaignType=smartpop&creativeId=3672fc27bfb593b05d38e7fde02505c3103c2218a2ae9c36d69ba41396748660&iterationId=718022&kbLimit=1000&masterSmartpopId=1605&memberId=ooddNHdLHTPHNVS4ASOpnuomprdbPZVdPVO6V1EsqppZXVS2upmdQ6ap0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumdXTvnPZxZRxnvTTHdPLPXPdZNVPNZdVTdS7XevSmzeaqW7Wqri6iimqm3O7Oya3PTix0rs4_8.SkRHqH9znSuldK6V0rpXSuldK6au6iWuyeqtwfYA-&mlView=1&p1=5840560&ruleId=3&smartpopId=3072&sourceId=4293146p1%3D%7Bcampaign&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=31685&webp=1
Certificate
IssuerCloudflare, Inc.
Subjectxlivrdr.com
FingerprintDA:D9:AC:E4:B1:E8:44:C4:D9:A4:0E:1B:DF:33:4B:24:74:45:7D:0E
ValidityWed, 03 May 2023 00:00:00 GMT - Wed, 01 May 2024 23:59:59 GMT

File type
ASCII text, with very long lines (8645), with no line terminators
Size
6.6 kB (6586 bytes)
Hash
198964c593a9faf560b773dec2d68d8b
047429b1f91bede6c9029e262b45fae5f6503899
ddc67b6349e42be7b9d424cbab51517067d1df4c82f4ba34eb88ecaf38481732

HTTP Headers

GET /config?url=https%3A%2F%2Fcreative.xlivrdr.com%2Fwidgets%2Fv4%2FUniversal%3Faction%3DsbSignupWithModel%26ax%3D0%26campaignId%3D73000fb03f0408f156f57c5bb1d2c227a69b57f5b5d628392bd2eabd45e007b3%26campaignType%3Dsmartpop%26creativeId%3D3672fc27bfb593b05d38e7fde02505c3103c2218a2ae9c36d69ba41396748660%26iterationId%3D718022%26kbLimit%3D1000%26masterSmartpopId%3D1605%26memberId%3DooddNHdLHTPHNVS4ASOpnuomprdbPZVdPVO6V1EsqppZXVS2upmdQ6ap0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumdXTvnPZxZRxnvTTHdPLPXPdZNVPNZdVTdS7XevSmzeaqW7Wqri6iimqm3O7Oya3PTix0rs4_8.SkRHqH9znSuldK6V0rpXSuldK6au6iWuyeqtwfYA-%26mlView%3D1%26p1%3D5840560%26ruleId%3D3%26smartpopId%3D3072%26sourceId%3D4293146p1%253D%257Bcampaign%26userId%3D1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9%26variationId%3D31685%26webp%3D1 HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.xlivrdr.com/
Origin: https://creative.xlivrdr.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 26 Aug 2023 16:27:37 GMT
content-type: application/json
access-control-allow-origin: https://creative.xlivrdr.com
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64
last-modified: Sat, 26 Aug 2023 16:27:37 GMT
cf-cache-status: MISS
set-cookie: __cflb=0H28upDCGznfDm9XVDQoiPUVymMcUWjcMjDihxNdsvk; SameSite=None; Secure; path=/; expires=Sun, 27-Aug-23 16:27:37 GMT; HttpOnly
vary: Accept-Encoding
server: cloudflare
cf-ray: 7fcd71762b42b511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

go.xlivrdr.com/api/models?webp=1&forceClient=1&stripcashR=0&limit=2&usePreroll

104.18.51.106

200 OK

3.3 kB

URL GET HTTP/3
go.xlivrdr.com/api/models?webp=1&forceClient=1&stripcashR=0&limit=2&usePreroll
IP
104.18.51.106:443
ASN
#13335 CLOUDFLARENET

Requested by
https://creative.xlivrdr.com/widgets/v4/Universal?action=sbSignupWithModel&ax=0&campaignId=73000fb03f0408f156f57c5bb1d2c227a69b57f5b5d628392bd2eabd45e007b3&campaignType=smartpop&creativeId=3672fc27bfb593b05d38e7fde02505c3103c2218a2ae9c36d69ba41396748660&iterationId=718022&kbLimit=1000&masterSmartpopId=1605&memberId=ooc4ASOpnuomqndbPZVdPVO6V1EsqppZXVS2upmdQ6ap0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumc50rnOdK6V0rpXSuldK6V0rpq7qJa7J6qnB9g--&mlView=1&p1=5840560&ruleId=3&smartpopId=3072&sourceId=4293152p1%3D%7Bcampaign&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=31685&webp=1
Certificate
IssuerCloudflare, Inc.
Subjectxlivrdr.com
FingerprintDA:D9:AC:E4:B1:E8:44:C4:D9:A4:0E:1B:DF:33:4B:24:74:45:7D:0E
ValidityWed, 03 May 2023 00:00:00 GMT - Wed, 01 May 2024 23:59:59 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (3573), with no line terminators
Size
3.3 kB (3309 bytes)
Hash
15dd08f69d79bb06d72158a915d37683
1698a9026d696d7e8287315d1f2ae3891142f2e2
2bb16b7cc7c00fecb4aaffbdf751d0de1de41ed1b1af90c96dfd56262b179256

HTTP Headers

GET /api/models?webp=1&forceClient=1&stripcashR=0&limit=2&usePreroll HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.xlivrdr.com/
Origin: https://creative.xlivrdr.com
DNT: 1
Connection: keep-alive
Cookie: __cflb=04dToPfSdwpmYL4m1jJR4AaLHvZoKEoZs2MKjuMUma
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 26 Aug 2023 16:27:38 GMT
content-type: application/json
access-control-allow-origin: https://creative.xlivrdr.com
access-control-allow-credentials: true
vary: Origin, Accept-Encoding
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64
last-modified: Sat, 26 Aug 2023 16:26:54 GMT
cf-cache-status: HIT
age: 15
server: cloudflare
cf-ray: 7fcd717abae2b511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

a.magsrv.com/iframe.php?idzone=4293714&size=728x90

205.185.216.10

200 OK

275 B

URL GET HTTP/2
a.magsrv.com/iframe.php?idzone=4293714&size=728x90
IP
205.185.216.10:443
ASN
#20446 STACKPATH-CDN

Requested by
https://mtav.art/vod/detail/id/7952/
Certificate
IssuerLet's Encrypt
Subjectmagsrv.com
Fingerprint9C:9C:8C:15:3B:65:AB:34:94:B5:CD:26:D6:67:61:2A:99:F9:0A:7B
ValidityTue, 01 Aug 2023 11:24:30 GMT - Mon, 30 Oct 2023 11:24:29 GMT

File type
HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Size
275 B (275 bytes)
Hash
7dec6c6a70431ad667ee76519cc941c4
ebcd13910ea34ff8a1a90fdb5fe0ea9289b60420
10fda75677486553115788cedfcf91a1102c15f12d32e937b0e291a310aae7b5

HTTP Headers

GET /iframe.php?idzone=4293714&size=728x90 HTTP/1.1
Host: a.magsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mtav.art/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 26 Aug 2023 16:27:35 GMT
accept-ranges: bytes
content-encoding: gzip
content-length: 185
content-type: text/html; charset=UTF-8
x-hw: 1693067254.dop205.sk1.t,1693067254.cds226.sk1.hn,1693067255.cds250.sk1.p
server: nginx
accept-ch: 
cache-control: max-age=10800
x-robots-tag: noindex, follow
access-control-allow-origin: *
X-Firefox-Spdy: h2

go.xlivrdr.com/config?url=https%3A%2F%2Fcreative.xlivrdr.com%2Fwidgets%2Fv4%2FUniversal%3Faction%3DsbSignupWithModel%26ax%3D0%26campaignId%3D73000fb03f0408f156f57c5bb1d2c227a69b57f5b5d628392bd2eabd45e007b3%26campaignType%3Dsmartpop%26creativeId%3D3672fc27bfb593b05d38e7fde02505c3103c2218a2ae9c36d69ba41396748660%26iterationId%3D718022%26kbLimit%3D1000%26masterSmartpopId%3D1605%26memberId%3Dooc4ASOpnuomqndbPZVdPVO6V1EsqppZXVS2upmdQ6ap0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumc50rnOdK6V0rpXSuldK6V0rpq7qJa7J6qnB9g--%26mlView%3D1%26p1%3D5840560%26ruleId%3D3%26smartpopId%3D3072%26sourceId%3D4293152p1%253D%257Bcampaign%26userId%3D1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9%26variationId%3D31685%26webp%3D1

104.18.51.106

200 OK

6.6 kB

URL GET HTTP/3
go.xlivrdr.com/config?url=https%3A%2F%2Fcreative.xlivrdr.com%2Fwidgets%2Fv4%2FUniversal%3Faction%3DsbSignupWithModel%26ax%3D0%26campaignId%3D73000fb03f0408f156f57c5bb1d2c227a69b57f5b5d628392bd2eabd45e007b3%26campaignType%3Dsmartpop%26creativeId%3D3672fc27bfb593b05d38e7fde02505c3103c2218a2ae9c36d69ba41396748660%26iterationId%3D718022%26kbLimit%3D1000%26masterSmartpopId%3D1605%26memberId%3Dooc4ASOpnuomqndbPZVdPVO6V1EsqppZXVS2upmdQ6ap0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumc50rnOdK6V0rpXSuldK6V0rpq7qJa7J6qnB9g--%26mlView%3D1%26p1%3D5840560%26ruleId%3D3%26smartpopId%3D3072%26sourceId%3D4293152p1%253D%257Bcampaign%26userId%3D1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9%26variationId%3D31685%26webp%3D1
IP
104.18.51.106:443
ASN
#13335 CLOUDFLARENET

Requested by
https://creative.xlivrdr.com/widgets/v4/Universal?action=sbSignupWithModel&ax=0&campaignId=73000fb03f0408f156f57c5bb1d2c227a69b57f5b5d628392bd2eabd45e007b3&campaignType=smartpop&creativeId=3672fc27bfb593b05d38e7fde02505c3103c2218a2ae9c36d69ba41396748660&iterationId=718022&kbLimit=1000&masterSmartpopId=1605&memberId=ooc4ASOpnuomqndbPZVdPVO6V1EsqppZXVS2upmdQ6ap0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumc50rnOdK6V0rpXSuldK6V0rpq7qJa7J6qnB9g--&mlView=1&p1=5840560&ruleId=3&smartpopId=3072&sourceId=4293152p1%3D%7Bcampaign&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=31685&webp=1
Certificate
IssuerCloudflare, Inc.
Subjectxlivrdr.com
FingerprintDA:D9:AC:E4:B1:E8:44:C4:D9:A4:0E:1B:DF:33:4B:24:74:45:7D:0E
ValidityWed, 03 May 2023 00:00:00 GMT - Wed, 01 May 2024 23:59:59 GMT

File type
ASCII text, with very long lines (8645), with no line terminators
Size
6.6 kB (6586 bytes)
Hash
18b508d18e9e46b49900e60528d5de43
24f6de72d0974023f8471ba907d9dd4c3646f841
54e7ed61409630664121538115e15d9207676f5278d8a23e8cdd95853cadfc4f

HTTP Headers

GET /config?url=https%3A%2F%2Fcreative.xlivrdr.com%2Fwidgets%2Fv4%2FUniversal%3Faction%3DsbSignupWithModel%26ax%3D0%26campaignId%3D73000fb03f0408f156f57c5bb1d2c227a69b57f5b5d628392bd2eabd45e007b3%26campaignType%3Dsmartpop%26creativeId%3D3672fc27bfb593b05d38e7fde02505c3103c2218a2ae9c36d69ba41396748660%26iterationId%3D718022%26kbLimit%3D1000%26masterSmartpopId%3D1605%26memberId%3Dooc4ASOpnuomqndbPZVdPVO6V1EsqppZXVS2upmdQ6ap0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumc50rnOdK6V0rpXSuldK6V0rpq7qJa7J6qnB9g--%26mlView%3D1%26p1%3D5840560%26ruleId%3D3%26smartpopId%3D3072%26sourceId%3D4293152p1%253D%257Bcampaign%26userId%3D1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9%26variationId%3D31685%26webp%3D1 HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.xlivrdr.com/
Origin: https://creative.xlivrdr.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 26 Aug 2023 16:27:36 GMT
content-type: application/json
access-control-allow-origin: https://creative.xlivrdr.com
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64
last-modified: Sat, 26 Aug 2023 16:27:36 GMT
cf-cache-status: MISS
set-cookie: __cflb=02DiuDFRFiBZBvMSLtrsbPA44EurybeSA8FpkuxDNmPBz; SameSite=None; Secure; path=/; expires=Sun, 27-Aug-23 16:27:36 GMT; HttpOnly
vary: Accept-Encoding
server: cloudflare
cf-ray: 7fcd71725cbab511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

imageproxy.pimg.tw/resize?url=https://666546.xyz/images/2023/08/26/81bf09ed7f903f04ae9053858d8d03e8.jpg

168.95.246.1

200 OK

18 kB

URL GET HTTP/2
imageproxy.pimg.tw/resize?url=https://666546.xyz/images/2023/08/26/81bf09ed7f903f04ae9053858d8d03e8.jpg
IP
168.95.246.1:443
ASN
#131660 Data Communication Business Group

Requested by
https://mtav.art/vod/detail/id/7952/
Certificate
IssuerGandi
Subject*.pimg.tw
Fingerprint1F:80:A2:2D:B5:CF:89:91:4C:BF:82:5F:D2:8A:F4:F3:42:C6:E9:1C
ValidityThu, 12 Jan 2023 00:00:00 GMT - Thu, 25 Jan 2024 23:59:59 GMT

File type
JPEG image data, baseline, precision 8, 448x337, components 3\012- data
Size
18 kB (18175 bytes)
Hash
ae92f7d7439bb7d24e9381a22bda1bf5
ce9a3e31693719c2906035721557cc176bf68a6c
15a6177f26f20a9c3dc7a0de851d19b380317ea4481e1fc18027ce8eedec14d1

HTTP Headers

GET /resize?url=https://666546.xyz/images/2023/08/26/81bf09ed7f903f04ae9053858d8d03e8.jpg HTTP/1.1
Host: imageproxy.pimg.tw
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: HiNetCDN/2307
date: Sat, 26 Aug 2023 16:27:36 GMT
content-type: image/jpeg
cache-control: public, max-age=31536000
x-image-geometry: 448,337
x-cache: HIT
x-request-id: 912a46a5320290fbe528746b17670c70
X-Firefox-Spdy: h2

mtav.art/template/mtav/cssjs/diy.css?ver=8.7.1

172.67.206.72

200 OK

447 B

URL GET HTTP/3
mtav.art/template/mtav/cssjs/diy.css?ver=8.7.1
IP
172.67.206.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mtav.art/vod/detail/id/7952/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint03:F2:D9:68:6E:B2:82:DB:76:D4:74:F7:7C:46:8E:49:FB:E0:96:45
ValidityThu, 23 Mar 2023 00:00:00 GMT - Fri, 22 Mar 2024 23:59:59 GMT

File type
Unicode text, UTF-8 text, with no line terminators
Size
447 B (447 bytes)
Hash
87016d48b0300e815ed72900a6f94e22
0540eaea50e90f0997300aee0b05855826acb63d
5d5f1339368ed63628ebac72b8c19fdd7d8a564b86183eda0c9be7b36157e1a3

HTTP Headers

GET /template/mtav/cssjs/diy.css?ver=8.7.1 HTTP/1.1
Host: mtav.art
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mtav.art/vod/detail/id/7952/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 26 Aug 2023 16:27:34 GMT
content-type: text/css
last-modified: Sun, 23 May 2021 05:03:52 GMT
etag: W/"60a9e238-1bf"
expires: Sat, 26 Aug 2023 18:01:36 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 37558
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X6VzKU14lpIN%2FetC1FMYauxCcJzhTmkpIsRwGMiyBY1uWcKeqUjjVnD8iqnb7AQQ2Wri%2F%2BYsCIonJnFZsyWVrDny5fUf44zql3M1%2Bk8sjdDGNyqjQ86QeVJLVA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7fcd71669b470b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

creative.xlivrdr.com/widgets/v4/Universal/main.15dd808dd5b090c798f7.js

104.18.51.106

200 OK

279 kB

URL GET HTTP/3
creative.xlivrdr.com/widgets/v4/Universal/main.15dd808dd5b090c798f7.js
IP
104.18.51.106:443
ASN
#13335 CLOUDFLARENET

Requested by
https://creative.xlivrdr.com/widgets/v4/Universal?action=sbSignupWithModel&ax=0&campaignId=73000fb03f0408f156f57c5bb1d2c227a69b57f5b5d628392bd2eabd45e007b3&campaignType=smartpop&creativeId=3672fc27bfb593b05d38e7fde02505c3103c2218a2ae9c36d69ba41396748660&iterationId=718022&kbLimit=1000&masterSmartpopId=1605&memberId=ooddNHdLHTPHNVS4ASOpnuomprdbPZVdPVO6V1EsqppZXVS2upmdQ6ap0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumdXTvnPZxZRxnvTTHdPLPXPdZNVPNZdVTdS7XevSmzeaqW7Wqri6iimqm3O7Oya3PTix0rs4_8.SkRHqH9znSuldK6V0rpXSuldK6au6iWuyeqtwfYA-&mlView=1&p1=5840560&ruleId=3&smartpopId=3072&sourceId=4293146p1%3D%7Bcampaign&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=31685&webp=1
Certificate
IssuerCloudflare, Inc.
Subjectxlivrdr.com
FingerprintDA:D9:AC:E4:B1:E8:44:C4:D9:A4:0E:1B:DF:33:4B:24:74:45:7D:0E
ValidityWed, 03 May 2023 00:00:00 GMT - Wed, 01 May 2024 23:59:59 GMT

File type

Size
279 kB (279041 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /widgets/v4/Universal/main.15dd808dd5b090c798f7.js HTTP/1.1
Host: creative.xlivrdr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://creative.xlivrdr.com/widgets/v4/Universal?action=sbSignupWithModel&ax=0&campaignId=73000fb03f0408f156f57c5bb1d2c227a69b57f5b5d628392bd2eabd45e007b3&campaignType=smartpop&creativeId=3672fc27bfb593b05d38e7fde02505c3103c2218a2ae9c36d69ba41396748660&iterationId=718022&kbLimit=1000&masterSmartpopId=1605&memberId=ooddNHdLHTPHNVS4ASOpnuomprdbPZVdPVO6V1EsqppZXVS2upmdQ6ap0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumdXTvnPZxZRxnvTTHdPLPXPdZNVPNZdVTdS7XevSmzeaqW7Wqri6iimqm3O7Oya3PTix0rs4_8.SkRHqH9znSuldK6V0rpXSuldK6au6iWuyeqtwfYA-&mlView=1&p1=5840560&ruleId=3&smartpopId=3072&sourceId=4293146p1%3D%7Bcampaign&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=31685&webp=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 26 Aug 2023 16:27:36 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 25 Aug 2023 03:09:09 GMT
etag: W/"64e81b55-44201"
expires: Sat, 26 Aug 2023 16:27:36 GMT
cache-control: max-age=10
pragma: public
cf-cache-status: HIT
age: 0
vary: Accept-Encoding
server: cloudflare
cf-ray: 7fcd71733e2cb511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (35)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash