Report - www.twpornstars.com/zooe

Report Overview

Submitted URL
www.twpornstars.com/zooe_moore
IP
104.21.235.200
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-04 01:50:37
Access
public
Website Title
(1) New Message!
Final URL
www.twpornstars.com/zooe_moore
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
26

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
joiningslogan.com	unknown	unknown	No data	No data	880 B	48 kB	172.240.108.84
static.cloudflareinsights.com	1294	2019-08-30	2019-09-24	2024-05-03	504 B	20 kB	104.16.80.73
nellthirteenthoperative.com	unknown	unknown	No data	No data	8.0 kB	13 kB	192.243.61.227
unseenreport.com	unknown	2022-03-30	2022-03-30	2024-05-03	1.5 kB	846 B	192.243.61.227
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-05-02	416 B	1.8 kB	142.250.74.106
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-05-03	1.1 kB	33 kB	142.250.74.131
shawljeans.com	unknown	2024-04-29	2024-04-30	2024-04-30	486 B	469 B	172.240.108.84
www.googletagmanager.com	75	2011-11-11	2013-05-22	2024-05-02	426 B	92 kB	142.250.74.168
www.twpornstars.com	856502	2015-08-11	2015-09-28	2023-11-12	6.0 kB	264 kB	104.21.235.200
a.realsrv.com	10080	2019-02-07	2019-07-03	2024-05-03	827 B	104 kB	185.76.9.22
proftrafficcounter.com	unknown	2023-11-16	2023-11-21	2024-05-03	878 B	852 B	52.29.105.35
capaciousdrewreligion.com	unknown	2023-11-07	2023-11-27	2024-05-03	418 B	327 B	172.240.253.132
cdn.cloudimagesb.com	23099	2020-10-06	2021-02-12	2024-05-03	454 B	64 kB	45.133.44.10
cdn.barscreative1.com	25648	2021-09-08	2021-09-16	2024-05-02	498 B	3.4 kB	45.133.44.3
ocsp.r2m03.amazontrust.com	unknown	2007-05-11	2023-02-21	2024-05-03	676 B	1.9 kB	3.164.222.26
cdn.creative-bars1.com	unknown	2022-11-01	2022-11-15	2024-05-02	2.3 kB	68 kB	188.114.96.1
syndication.realsrv.com	9112	2019-02-07	2019-07-03	2024-05-02	479 B	4.0 kB	95.211.229.245
s3t3d2y8.afcdn.net	unknown	2022-06-27	2022-08-09	2024-05-02	446 B	1.0 kB	185.76.9.21
downstairsnegotiatebarren.com	unknown	2024-03-04	2024-03-04	2024-05-03	414 B	34 kB	104.21.35.227
u3y8v8u4.aucdn.net	unknown	2022-06-27	2022-08-08	2024-05-02	542 B	4.7 MB	185.76.9.21

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-04	medium	joiningslogan.com	Sinkholed
2024-05-04	medium	joiningslogan.com	Sinkholed
2024-05-03	medium	nellthirteenthoperative.com	Sinkholed
2024-05-03	medium	nellthirteenthoperative.com	Sinkholed
2024-05-03	medium	unseenreport.com	Sinkholed
2024-05-03	medium	unseenreport.com	Sinkholed
2024-05-03	medium	nellthirteenthoperative.com	Sinkholed
2024-05-03	medium	nellthirteenthoperative.com	Sinkholed
2024-05-03	medium	nellthirteenthoperative.com	Sinkholed
2024-05-03	medium	nellthirteenthoperative.com	Sinkholed
2024-05-03	medium	nellthirteenthoperative.com	Sinkholed
2024-05-03	medium	nellthirteenthoperative.com	Sinkholed
2024-05-03	medium	shawljeans.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (23)

	URL	Size	First Seen	Last Seen
	www.twpornstars.com/build/774.20b593a7.js	27 kB	2023-11-03	2024-05-05
Pretty URL www.twpornstars.com/build/774.20b593a7.js IP 104.21.235.200 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-03 02:34:50 Last Seen2024-05-05 16:50:32 Times Seen27 Hash d22744a40f2e0aebbfc7303da32c597a 5f652a643be14ffa99d8ebf06c5558a53a1874da 3feb8f619be686031fefc98a2aedaf2c9999f4d19141867ddb420c342169235d Loading...

	static.cloudflareinsights.com/beacon.min.js/vedd3670a3b1c4e178fdfb0cc912d969e1713874337387	19 kB	2024-04-24	2024-05-21
Pretty URL static.cloudflareinsights.com/beacon.min.js/vedd3670a3b1c4e178fdfb0cc912d969e1713874337387 IP 104.16.80.73 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 00:56:41 Last Seen2024-05-21 17:21:48 Times Seen2852 Hash 4c980ee97cb5c001b4d19e2895fa5603 2c6fe998aa7486c4becd74cf253bdd82666a64c3 d2e817d2c44b9cf45f0e45cfa351abba3203af38f5aa1c8576a2db69ebd15192 Loading...

	www.twpornstars.com/zooe_moore	185 B	2023-03-09	2024-05-05
Pretty URL www.twpornstars.com/zooe_moore IP 104.21.235.200 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-09 05:33:40 Last Seen2024-05-05 16:50:31 Times Seen28 Hash e7b01f16e6cb7ae875628cd276e6d37c 081b03c7fd136a9f1ff581855e7eb5a42c9c2747 707cdb3683251dbafc819455a94a0b6a8755d3b5072986055764a7c645b10942 Loading...

	www.twpornstars.com/zooe_moore	268 B	2023-03-09	2024-05-04
Pretty URL www.twpornstars.com/zooe_moore IP 104.21.235.200 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-09 05:33:40 Last Seen2024-05-04 03:50:44 Times Seen10 Hash b28dd390f0d6b42b975844531ce75fac 8f40a315bbaf8fb17633fa4d92e4ae9c55602866 e19b113f463c53a56549ddbf72953a9afc03b5e9e4f79e841d4dfa464794e843 Loading...

	www.twpornstars.com/zooe_moore	680 B	2023-06-15	2024-05-05
Pretty URL www.twpornstars.com/zooe_moore IP 104.21.235.200 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-15 22:39:25 Last Seen2024-05-05 16:50:31 Times Seen14 Hash 8585d7cfc9e845e97594962c7a98b6c2 2c1c78370558c8e9f40fdfa91820819d82fa4be5 7f666b80a2c64cbd17c21738482a7906186667025be081d74620c1148c81a1f4 Loading...

	www.twpornstars.com/build/runtime.602a9af0.js	1.4 kB	2023-03-10	2024-05-05
Pretty URL www.twpornstars.com/build/runtime.602a9af0.js IP 104.21.235.200 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 01:55:14 Last Seen2024-05-05 16:50:32 Times Seen23 Hash aff23c41d7875c2c7b4859bbb4eddc0f 92c8b95c5527b541220e9094f4509a492ba317b6 6e4db5cf8b6bb488fef73b08bce8271204c038204b16058bccaf366012872038 Loading...

	www.googletagmanager.com/gtag/js?id=G-V4D62Y39MW	262 kB	2024-05-04	2024-05-04
Pretty URL www.googletagmanager.com/gtag/js?id=G-V4D62Y39MW IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 03:50:44 Last Seen2024-05-04 03:50:44 Times Seen2 Hash 28f0e84e5d1185460336264f62c26ddc 54dcefd08554382efb6c12ac438d6e2000416c22 9e30c7fe27fb5c57775b5447ff1503ed218bcb5bfc052dbf6455fa4f59dc13ac Loading...

	www.twpornstars.com/build/index.636164b9.js	15 kB	2023-11-03	2024-05-05
Pretty URL www.twpornstars.com/build/index.636164b9.js IP 104.21.235.200 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-03 02:34:50 Last Seen2024-05-05 16:50:32 Times Seen28 Hash c28d52d30d19cf7b54cfce5614a643d7 37c35b4e09cb39ea62817895f438048c7dee0c45 2a84fbb7ffb3f430699a70187566aa2d24e30159491b88313274759a2d3fa78c Loading...

	a.realsrv.com/video-slider.js	46 kB	2024-04-02	2024-05-18
Pretty URL a.realsrv.com/video-slider.js IP 185.76.9.22 ASN #60068 Datacamp Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-02 23:53:56 Last Seen2024-05-18 22:39:32 Times Seen23 Hash cf99fff0ec7e5f106cb76a6ac2682b45 d3f01ae112d6ac9809a13607e358312ee7999a11 9d30deaf01bb0510dad8a4cd8b4414a1b4a47b48a71955cb3fce27ba38687f58 Loading...

	capaciousdrewreligion.com/advertisers.js	0 B	2023-03-07	2024-05-22
Pretty URL capaciousdrewreligion.com/advertisers.js IP 172.240.253.132 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-22 10:58:30 Times Seen37968902 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	www.twpornstars.com/build/755.1a058989.js	86 kB	2023-11-03	2024-05-05
Pretty URL www.twpornstars.com/build/755.1a058989.js IP 104.21.235.200 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-03 02:34:50 Last Seen2024-05-05 16:50:32 Times Seen27 Hash affbe8acda8b1e956e8e16a1a2f34456 f922a64aaeba12c3efb26450618ce5e4aa25f2e4 5bdc905dcf38a6798384a3c8089387bca04d5bbcb4ebe79e4ed29dfd46de2d05 Loading...

	joiningslogan.com/8b/c5/a4/8bc5a4feb5928590482f8376a67e6ba5.js	44 kB	2024-05-04	2024-05-04
Pretty URL joiningslogan.com/8b/c5/a4/8bc5a4feb5928590482f8376a67e6ba5.js IP 172.240.108.84 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 03:50:44 Last Seen2024-05-04 03:50:45 Times Seen2 Hash f4918ac9cf2b130b6c1c1c305b895efe 4f8a9a900b92a666da29e3d7bc8d8f3a524b72c0 6c3feb4b39686206a36565ad343ebeae19897f1423f2da34634a665f8acc36d0 Loading...

	joiningslogan.com/35/fd/86/35fd862a211871130a720a8040aa9aa6.js	84 kB	2024-05-04	2024-05-04
Pretty URL joiningslogan.com/35/fd/86/35fd862a211871130a720a8040aa9aa6.js IP 172.240.108.84 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 03:50:44 Last Seen2024-05-04 03:50:45 Times Seen2 Hash c22de5aa93d9021630c56ec4f54533dc 53e378222555b14aa9cd9c1ff36221a056c37834 9a6bdd97d725b4c5957c66b61541d70ad18a20cbf8c8a228dd0ffbce99a7abc2 Loading...

	cdn.creative-bars1.com/sb/chat/mob/ssp/1/js/jquery.min.js	90 kB	2023-03-07	2024-05-22
Pretty URL cdn.creative-bars1.com/sb/chat/mob/ssp/1/js/jquery.min.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:04:00 Last Seen2024-05-22 09:12:38 Times Seen4214 Hash 561acb3e541133bbdd2c0c19f8ee35a1 ffd1353cf3f77d25f801c84d8208613eb0d3d548 9fde6da568db31801e29243a903bf24f342256b41e3c01e7d018ff7c566ce7fc Loading...

	www.twpornstars.com/zooe_moore	18 B	2023-03-09	2024-05-04
Pretty URL www.twpornstars.com/zooe_moore IP 104.21.235.200 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-09 05:33:40 Last Seen2024-05-04 03:50:44 Times Seen18 Hash 198e2bf4e9a4b10efa1b30ba3f9441fe d916f37a1c6b1bf1399e4496066b13e6d58a2da1 6f5aa6791222667ea60a3f33df8f5b55ed447cc5e49c3516c9224549513adfd7 Loading...

	www.twpornstars.com/zooe_moore	182 B	2023-03-09	2024-05-05
Pretty URL www.twpornstars.com/zooe_moore IP 104.21.235.200 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-09 05:33:40 Last Seen2024-05-05 16:50:31 Times Seen28 Hash 7b477f4b2dfa1b808fe15d8c30620c0e 42cb277b4892d118fb7012a8dd218d1b27b7c15c 35f5e70c088e5ccc2d0d5102d158c676fd47d1b3179d89a4b2a34e988e349423 Loading...

	www.twpornstars.com/zooe_moore	2.6 kB	2023-11-03	2024-05-05
Pretty URL www.twpornstars.com/zooe_moore IP 104.21.235.200 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-11-03 02:34:50 Last Seen2024-05-05 16:50:32 Times Seen14 Hash ad2e0be66b71830b01d817f3941ad029 9fb6284ddfd3201aaca91d4df1105f7b6ca8474e e81b3f84c81e119c1bfae123d0cdae46687c16f6b81cecd3f5cc0d150d3600b6 Loading...

	a.realsrv.com/ad-provider.js	165 kB	2024-04-30	2024-05-12
Pretty URL a.realsrv.com/ad-provider.js IP 185.76.9.22 ASN #60068 Datacamp Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-30 00:38:27 Last Seen2024-05-12 13:26:18 Times Seen38 Hash 74ddbabe61572f037c202051d2cf4b31 0045eaa042ee4e29a4792348a8edd6b99f166425 4848ba3023514c02d6ea4fe4c7dcd590fa46251113497e20b851866c7dbe651c Loading...

	unknown	564 B	2024-01-27	2024-05-05
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-27 18:38:53 Last Seen2024-05-05 16:50:32 Times Seen4 Hash 33547da2d15854c6bdb4a46feec7498f 5f0c0bb8b62e4d58c3e1e98c0a06141f85d08db6 9050da311bce596a8fbcdf03c39f736a9188ea9c20254e1cb51d92f441eadd6c Loading...

	downstairsnegotiatebarren.com/sfp.js	86 kB	2024-03-29	2024-05-17
Pretty URL downstairsnegotiatebarren.com/sfp.js IP 104.21.35.227 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-29 13:13:34 Last Seen2024-05-17 14:49:08 Times Seen3553 Hash f4a2f8f9f99541c6f105bbd0a025bd40 1f8e3eff12168fdd9e719adfc098d24a45b6916a b717cb04231a10d425fd55b73c85a5407119c6826a8bac94142fddfff6958716 Loading...

	www.twpornstars.com/zooe_moore	455 B	2023-03-09	2024-05-05
Pretty URL www.twpornstars.com/zooe_moore IP 104.21.235.200 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-09 05:33:40 Last Seen2024-05-05 16:50:32 Times Seen28 Hash 12633f9632772009efc1b63b5267c0ba 1dc603b25824976c5ef9dd0fc1802cc30f4593f9 623b58d12abbe78495cc31addcd47486e637b6b4bb1d19e574bd2a306781ba9b Loading...

	www.twpornstars.com/zooe_moore	59 B	2023-03-07	2024-05-18
Pretty URL www.twpornstars.com/zooe_moore IP 104.21.235.200 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:01:58 Last Seen2024-05-18 05:25:30 Times Seen149 Hash 401d2c296bf9da0e58234e1de5a6b3a7 723cbe5943c5a3d4f2938afd6823d96c51bd98ea 4ea595e23e7787a0ed176e9eec16f0a34ca57450e74a2224bc7cab5156c68aca Loading...

	www.twpornstars.com/build/234.61c95dd6.js	13 kB	2023-11-03	2024-05-05
Pretty URL www.twpornstars.com/build/234.61c95dd6.js IP 104.21.235.200 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-03 02:34:50 Last Seen2024-05-05 16:50:32 Times Seen26 Hash 85ae003e483c2bbbbb5bcb092824aa99 46762a9bf6808ef1716eac71d4d8b845ce1ab2ab 9a14e3232aeb2d592ce1616914e100022d923406ecad03d18cd93f8d863265f5 Loading...

HTTP Transactions (47)

URL IP Response Size

www.googletagmanager.com/gtag/js?id=G-V4D62Y39MW

142.250.74.168

200 OK

92 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=G-V4D62Y39MW
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://www.twpornstars.com/zooe_moore
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE
ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT

File type
JavaScript source, ASCII text, with very long lines (5955)
Size
92 kB (91910 bytes)
Hash
28f0e84e5d1185460336264f62c26ddc
54dcefd08554382efb6c12ac438d6e2000416c22
9e30c7fe27fb5c57775b5447ff1503ed218bcb5bfc052dbf6455fa4f59dc13ac

HTTP Headers

GET /gtag/js?id=G-V4D62Y39MW HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.twpornstars.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 04 May 2024 01:50:10 GMT
expires: Sat, 04 May 2024 01:50:10 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 91910
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.twpornstars.com/cf-fonts/s/open-sans/5.0.20/latin/400/normal.woff2

104.21.235.200

200 OK

19 kB

URL GET HTTP/3
www.twpornstars.com/cf-fonts/s/open-sans/5.0.20/latin/400/normal.woff2
IP
104.21.235.200:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.twpornstars.com/zooe_moore
Certificate
IssuerGoogle Trust Services LLC
Subjecttwpornstars.com
FingerprintF5:FB:5D:9F:07:40:28:0F:39:69:15:12:96:70:A2:83:49:CB:41:1C
ValidityWed, 24 Apr 2024 17:05:35 GMT - Tue, 23 Jul 2024 17:05:34 GMT

File type
Web Open Font Format (Version 2), TrueType, length 18664, version 1.0
Size
19 kB (18664 bytes)
Hash
8d1c44b2bf75a4e6f1bd141f9a965f4f
1e5dfdb7ca5ee8e823f9f5787f84b18fbdc38434
441e23601fe7525a142857c98cbb2784997579d51a17f736d7964dceee609709

HTTP Headers

GET /cf-fonts/s/open-sans/5.0.20/latin/400/normal.woff2 HTTP/1.1
Host: www.twpornstars.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.twpornstars.com/zooe_moore
Cookie: _ga_V4D62Y39MW=GS1.1.1714787410.1.0.1714787410.0.0.0; _ga=GA1.1.557921624.1714787411; a_delay=1714787410776
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 04 May 2024 01:50:10 GMT
content-length: 18664
cf-cache-status: HIT
cache-control: public, max-age=31536000, immutable
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ql92WGvX7%2FROzKi8AIQ89loJP6vSY0tuJf2mx4WoQT1vOkFP25Sp3xR1b96oqq4F16cFP7eV70EXqmphGW76%2BffAMKkUwRm48UcmipgxN8w3IwhKK6VSpwlbupcf1t3F4UoEO%2B%2Bs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e4d6a65bb86533-LHR
alt-svc: h3=":443"; ma=86400

a.realsrv.com/video-slider.js

185.76.9.22

200 OK

32 kB

URL GET HTTP/2
a.realsrv.com/video-slider.js
IP
185.76.9.22:443
ASN
#60068 Datacamp Limited

Requested by
https://www.twpornstars.com/zooe_moore
Certificate
IssuerLet's Encrypt
Subjectrealsrv.com
Fingerprint0E:69:CE:5E:E5:4B:3B:03:49:89:DA:FE:B3:5F:5F:CF:9A:87:92:1F
ValidityTue, 27 Feb 2024 16:51:07 GMT - Mon, 27 May 2024 16:51:06 GMT

File type
gzip compressed data, from Unix
Size
32 kB (32011 bytes)
Hash
1dadce4fadcd6069da436d4e54e02b0a
894d2af60c235a4b85caf3a3aa348c58623924dc
dfceabfd846e7a096acd25d6e75366029c28228ce67a0002a5f541063653cb39

HTTP Headers

GET /video-slider.js HTTP/1.1
Host: a.realsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.twpornstars.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 01:50:10 GMT
content-type: application/javascript
vary: Accept-Encoding
etag: W/"d3f01ae112d6ac9809a13607e35"
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Model,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
expires: Thu, 02 May 2024 13:45:52 GMT
cache-control: max-age=10800
x-robots-tag: noindex, follow
access-control-allow-origin: *
x-77-nzt: EwwBuUwJFAH38gAAAAwBuUwKCQH3CAAAAAwBisclxAH3AwAAAA
x-77-nzt-ray: af585630784ff203529435661a739e1c
x-accel-expires: @1714797965
x-accel-date: 1714787168
x-77-cache: HIT
x-77-age: 242
content-encoding: gzip
server: CDN77-Turbo
x-cache: HIT
x-age: 242
x-77-pop: stockholmSE
X-Firefox-Spdy: h2

joiningslogan.com/8b/c5/a4/8bc5a4feb5928590482f8376a67e6ba5.js

172.240.108.84

200 OK

16 kB

URL GET HTTP/1.1
joiningslogan.com/8b/c5/a4/8bc5a4feb5928590482f8376a67e6ba5.js
IP
172.240.108.84:443
ASN
#7979 SERVERS-COM

Requested by
https://www.twpornstars.com/zooe_moore
Certificate
IssuerLet's Encrypt
Subjectjoiningslogan.com
Fingerprint2E:C3:85:73:44:86:89:6D:51:1A:7A:F2:AC:AF:51:B0:42:52:8B:AD
ValidityFri, 15 Mar 2024 09:16:30 GMT - Thu, 13 Jun 2024 09:16:29 GMT

File type
JavaScript source, ASCII text, with very long lines (44085), with no line terminators
Size
16 kB (15815 bytes)
Hash
f4918ac9cf2b130b6c1c1c305b895efe
4f8a9a900b92a666da29e3d7bc8d8f3a524b72c0
6c3feb4b39686206a36565ad343ebeae19897f1423f2da34634a665f8acc36d0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /8b/c5/a4/8bc5a4feb5928590482f8376a67e6ba5.js HTTP/1.1
Host: joiningslogan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.twpornstars.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 01:50:11 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: 4b4e7ab587d59b22ad7bcd2439afc363_CF-3448=0; expires=Tue, 07 May 2024 04:50:11 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0b4f5047eb36aba10bc102f0dae5a510
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

joiningslogan.com/35/fd/86/35fd862a211871130a720a8040aa9aa6.js

172.240.108.84

200 OK

31 kB

URL GET HTTP/1.1
joiningslogan.com/35/fd/86/35fd862a211871130a720a8040aa9aa6.js
IP
172.240.108.84:443
ASN
#7979 SERVERS-COM

Requested by
https://www.twpornstars.com/zooe_moore
Certificate
IssuerLet's Encrypt
Subjectjoiningslogan.com
Fingerprint2E:C3:85:73:44:86:89:6D:51:1A:7A:F2:AC:AF:51:B0:42:52:8B:AD
ValidityFri, 15 Mar 2024 09:16:30 GMT - Thu, 13 Jun 2024 09:16:29 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
31 kB (30616 bytes)
Hash
c22de5aa93d9021630c56ec4f54533dc
53e378222555b14aa9cd9c1ff36221a056c37834
9a6bdd97d725b4c5957c66b61541d70ad18a20cbf8c8a228dd0ffbce99a7abc2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /35/fd/86/35fd862a211871130a720a8040aa9aa6.js HTTP/1.1
Host: joiningslogan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.twpornstars.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 01:50:11 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 73cd6d37df2065f83d14680ceaff021c
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

ocsp.r2m03.amazontrust.com/

3.164.222.26

471 B

URL
ocsp.r2m03.amazontrust.com/
IP
3.164.222.26:0
ASN
#0

File type
data
Size
471 B (471 bytes)
Hash
353dbae1e1b45a750770ae51bef13ba7
465917a2a0bbb947e9727e7f08b584a82aa6fb81
9fa5becc3e07f31f2f08bf5f331d6bfda4f6386634ea524bc3a8c56ac1c0bc2b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Sat, 04 May 2024 01:50:11 GMT
Last-Modified: Sat, 04 May 2024 00:23:31 GMT
Server: ECAcc (ska/F775)
X-Cache: Miss from cloudfront
Via: 1.1 47cc7d5981f182b935da67eb4606a37e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN53-P1
X-Amz-Cf-Id: Bd7xqArjoVu-OaatQST8m0eoH69G0dB6il3y9HoCDVPFzYgNQoRX2g==
Age: 5200

ocsp.r2m03.amazontrust.com/

3.164.222.26

471 B

URL
ocsp.r2m03.amazontrust.com/
IP
3.164.222.26:0
ASN
#0

File type
data
Size
471 B (471 bytes)
Hash
353dbae1e1b45a750770ae51bef13ba7
465917a2a0bbb947e9727e7f08b584a82aa6fb81
9fa5becc3e07f31f2f08bf5f331d6bfda4f6386634ea524bc3a8c56ac1c0bc2b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Sat, 04 May 2024 01:50:11 GMT
Last-Modified: Sat, 04 May 2024 01:24:04 GMT
Server: ECAcc (ska/F776)
X-Cache: Miss from cloudfront
Via: 1.1 61fafbbf54e5560686b2d414df132838.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN53-P1
X-Amz-Cf-Id: VmKmJe5smv-ZdMIOf_7wl6bMfuzbl2OemBUiuRf1YIKsQ4mTRzJOsg==
Age: 1567

proftrafficcounter.com/stats

52.29.105.35

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
52.29.105.35:443
ASN
#16509 AMAZON-02

Requested by
https://www.twpornstars.com/zooe_moore
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
eab76308f82aeca653023d42d87609d5
34cbf7d65878083790bd7568da9c003e96d03db3
1e62eeac25a7ee422043f643e0f1e85271d966b4a09a0458cbc0ffc1a0b02526

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.twpornstars.com
DNT: 1
Connection: keep-alive
Referer: https://www.twpornstars.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 01:50:11 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://www.twpornstars.com
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=a2ad5c42-267c-48a1-aec8-2980e3d09ebf:2:1; expires=Tue, 02 May 2034 01:50:11 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

proftrafficcounter.com/stats

52.29.105.35

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
52.29.105.35:443
ASN
#16509 AMAZON-02

Requested by
https://www.twpornstars.com/zooe_moore
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
b69931489aef2f3d36ce1f25dc9eddd3
53855d3616c8439a38e187c5e795193b375c8914
32252657f934ca1a01b9e732e4d5d3a2ee675efabb8b964f5e7601a888bfc118

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.twpornstars.com
DNT: 1
Connection: keep-alive
Referer: https://www.twpornstars.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 01:50:11 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://www.twpornstars.com
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=559e41eb-9b79-4ff4-9d75-9db451a471fe:2:1; expires=Tue, 02 May 2034 01:50:11 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

www.twpornstars.com/build/index.80e44d59.css

104.21.235.200

200 OK

25 kB

URL GET HTTP/3
www.twpornstars.com/build/index.80e44d59.css
IP
104.21.235.200:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.twpornstars.com/zooe_moore
Certificate
IssuerGoogle Trust Services LLC
Subjecttwpornstars.com
FingerprintF5:FB:5D:9F:07:40:28:0F:39:69:15:12:96:70:A2:83:49:CB:41:1C
ValidityWed, 24 Apr 2024 17:05:35 GMT - Tue, 23 Jul 2024 17:05:34 GMT

File type
Unicode text, UTF-8 text, with very long lines (59131)
Size
25 kB (25353 bytes)
Hash
d162982a4ab440212b22d2186af420fe
14ac8457556be203a2cf8c4a2c48e7bcf83c56eb
cfd0366bdaf4b40e29ea41a77da70a502d6925c42a5f13c888956c8217c49542

HTTP Headers

GET /build/index.80e44d59.css HTTP/1.1
Host: www.twpornstars.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.twpornstars.com/zooe_moore
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 04 May 2024 01:50:10 GMT
content-type: text/css
cache-control: max-age=315360000, public, immutable
etag: W/"65412065-12a35"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Tue, 31 Oct 2023 15:42:29 GMT
cf-cache-status: DYNAMIC
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P6o%2F%2BHHeHVJJbX3baZaxipvB5o8zbkFr2wOS02VkmFcA4mefQkOdAHYV7Td2qst80leXS9oeptTRJMuS9uBfedDKyq%2Bw%2BjIyJ9L0oWMdAQXRZ9%2FJ8aCwZWtey9Jak6Z5oaHJ850g"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e4d6a2795d6533-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400

capaciousdrewreligion.com/advertisers.js

172.240.253.132

200 OK

0 B

URL GET HTTP/1.1
capaciousdrewreligion.com/advertisers.js
IP
172.240.253.132:443
ASN
#7979 SERVERS-COM

Requested by
https://www.twpornstars.com/zooe_moore
Certificate
IssuerLet's Encrypt
Subjectcapaciousdrewreligion.com
Fingerprint53:B6:ED:C6:B5:B6:60:3E:6D:02:5A:92:2E:C3:12:74:64:A1:23:DC
ValidityWed, 06 Mar 2024 11:57:32 GMT - Tue, 04 Jun 2024 11:57:31 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /advertisers.js HTTP/1.1
Host: capaciousdrewreligion.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.twpornstars.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 01:50:11 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ae97b418727df8ef0371cb290e8f9958
Strict-Transport-Security: max-age=0; includeSubdomains

www.twpornstars.com/cdn-cgi/rum?

104.21.235.200

204 No Content

0 B

URL POST HTTP/3
www.twpornstars.com/cdn-cgi/rum?
IP
104.21.235.200:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.twpornstars.com/zooe_moore
Certificate
IssuerGoogle Trust Services LLC
Subjecttwpornstars.com
FingerprintF5:FB:5D:9F:07:40:28:0F:39:69:15:12:96:70:A2:83:49:CB:41:1C
ValidityWed, 24 Apr 2024 17:05:35 GMT - Tue, 23 Jul 2024 17:05:34 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /cdn-cgi/rum? HTTP/1.1
Host: www.twpornstars.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: application/json
Content-Length: 1070
Origin: https://www.twpornstars.com
DNT: 1
Connection: keep-alive
Referer: https://www.twpornstars.com/zooe_moore
Cookie: _ga_V4D62Y39MW=GS1.1.1714787410.1.0.1714787410.0.0.0; _ga=GA1.1.557921624.1714787411; a_delay=1714787410776; dom3ic8zudi28v8lr6fgphwffqoz0j6c=559e41eb-9b79-4ff4-9d75-9db451a471fe%3A2%3A1; sb_main_8bc5a4feb5928590482f8376a67e6ba5=1; sb_count_8bc5a4feb5928590482f8376a67e6ba5=1; pp_main_35fd862a211871130a720a8040aa9aa6=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
date: Sat, 04 May 2024 01:50:12 GMT
access-control-allow-origin: https://www.twpornstars.com
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 87e4d6ada81c6533-LHR
x-frame-options: DENY
x-content-type-options: nosniff

nellthirteenthoperative.com/sbar.json?key=8bc5a4feb5928590482f8376a67e6ba5&psid=CF-3448_0&uuid=a2ad5c42-267c-48a1-aec8-2980e3d09ebf%3A2%3A1

192.243.61.227

200 OK

7.9 kB

URL GET HTTP/1.1
nellthirteenthoperative.com/sbar.json?key=8bc5a4feb5928590482f8376a67e6ba5&psid=CF-3448_0&uuid=a2ad5c42-267c-48a1-aec8-2980e3d09ebf%3A2%3A1
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.twpornstars.com/zooe_moore
Certificate
IssuerLet's Encrypt
Subjectnellthirteenthoperative.com
Fingerprint65:5D:31:B4:45:43:67:D0:A9:DE:BA:83:89:58:57:56:4F:28:3C:6D
ValidityMon, 29 Apr 2024 13:05:42 GMT - Sun, 28 Jul 2024 13:05:41 GMT

File type
JSON text data
Size
7.9 kB (7935 bytes)
Hash
38bba3752d3b63ba728c1440c2a16b1d
b35a802e908abba7c2bbd169be2cfd45d3de2f8c
20a6aa7d89890c141e71ba4f0bc1516e3b6841801b8e5ce924c852b48e4c8121

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sbar.json?key=8bc5a4feb5928590482f8376a67e6ba5&psid=CF-3448_0&uuid=a2ad5c42-267c-48a1-aec8-2980e3d09ebf%3A2%3A1 HTTP/1.1
Host: nellthirteenthoperative.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.twpornstars.com
DNT: 1
Connection: keep-alive
Referer: https://www.twpornstars.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 01:50:12 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://www.twpornstars.com
Access-Control-Allow-Origin: https://www.twpornstars.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=15413272; expires=Sun, 05 May 2024 01:50:12 GMT; secure; SameSite=None
uid_id2=a2ad5c42-267c-48a1-aec8-2980e3d09ebf:2:1; expires=Sat, 11 May 2024 01:50:12 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 05 May 2024 01:50:12 GMT; secure; SameSite=None
uncs=1; expires=Sun, 05 May 2024 01:50:12 GMT; secure; SameSite=None
pdhtkv29=true; expires=Sun, 05 May 2024 01:50:12 GMT; secure; SameSite=None
uncs29=1; expires=Sun, 05 May 2024 01:50:12 GMT; secure; SameSite=None
slec8bc5a4feb5928590482f8376a67e6ba5=[5212672,5212671]; expires=Sat, 04 May 2024 01:50:17 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 38bc42efad194cd4d5d990ce453c054f
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

a.realsrv.com/ad-provider.js

185.76.9.22

200 OK

71 kB

URL GET HTTP/2
a.realsrv.com/ad-provider.js
IP
185.76.9.22:443
ASN
#60068 Datacamp Limited

Requested by
https://www.twpornstars.com/zooe_moore
Certificate
IssuerLet's Encrypt
Subjectrealsrv.com
Fingerprint0E:69:CE:5E:E5:4B:3B:03:49:89:DA:FE:B3:5F:5F:CF:9A:87:92:1F
ValidityTue, 27 Feb 2024 16:51:07 GMT - Mon, 27 May 2024 16:51:06 GMT

File type
gzip compressed data, from Unix
Size
71 kB (70840 bytes)
Hash
0aa5557551994ecd40c2de3dca16901a
69f06375fbb37a11749778e5a9c5cfe162404b05
d994ecefd0c696c581055354168201344dc2d0ca0afdcaac0a0aca8aae2bee0a

HTTP Headers

GET /ad-provider.js HTTP/1.1
Host: a.realsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.twpornstars.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 01:50:10 GMT
content-type: application/javascript
vary: Accept-Encoding
etag: W/"0045eaa042ee4e29a4792348a8e"
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Model,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
expires: Thu, 02 May 2024 13:45:47 GMT
cache-control: max-age=10800
x-robots-tag: noindex, follow
access-control-allow-origin: *
x-77-nzt: EwwBuUwJFAH3ygAAAAwBuUwKAQH3CwAAAAwBJRPCLgH3AgAAAA
x-77-nzt-ray: af585630784ff2035294356662417217
x-accel-expires: @1714798007
x-accel-date: 1714787208
x-77-cache: HIT
x-77-age: 202
content-encoding: gzip
server: CDN77-Turbo
x-cache: HIT
x-age: 202
x-77-pop: stockholmSE
X-Firefox-Spdy: h2

www.twpornstars.com/build/774.20b593a7.js

104.21.235.200

200 OK

14 kB

URL GET HTTP/3
www.twpornstars.com/build/774.20b593a7.js
IP
104.21.235.200:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.twpornstars.com/zooe_moore
Certificate
IssuerGoogle Trust Services LLC
Subjecttwpornstars.com
FingerprintF5:FB:5D:9F:07:40:28:0F:39:69:15:12:96:70:A2:83:49:CB:41:1C
ValidityWed, 24 Apr 2024 17:05:35 GMT - Tue, 23 Jul 2024 17:05:34 GMT

File type
JavaScript source, ASCII text, with very long lines (27095)
Size
14 kB (14092 bytes)
Hash
d22744a40f2e0aebbfc7303da32c597a
5f652a643be14ffa99d8ebf06c5558a53a1874da
3feb8f619be686031fefc98a2aedaf2c9999f4d19141867ddb420c342169235d

HTTP Headers

GET /build/774.20b593a7.js HTTP/1.1
Host: www.twpornstars.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.twpornstars.com/zooe_moore
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 04 May 2024 01:50:10 GMT
content-type: application/javascript
cache-control: max-age=315360000, public, immutable
etag: W/"65412065-6a1d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Tue, 31 Oct 2023 15:42:29 GMT
cf-cache-status: DYNAMIC
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7QiFeeKOniKqJOHhXqvBk1RIgVKQIsZ1jvCqCqD2cbjZezMLIzDiNtyjAvtyKzxBLdx01QMcerbe50pTddJfm6cLPIja56lNcL6vV9o4EhD7R783KiT8IQr0Qr0NkqZsfr85IW%2FC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e4d6a379fe6533-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400

nellthirteenthoperative.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F2f%2F33%2F17%2F2f3317da28d2a6ed09610d2d267aa136%2F1648542458.html&l=2977&fd=91

192.243.61.227

200 OK

0 B

URL GET HTTP/1.1
nellthirteenthoperative.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F2f%2F33%2F17%2F2f3317da28d2a6ed09610d2d267aa136%2F1648542458.html&l=2977&fd=91
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.twpornstars.com/zooe_moore
Certificate
IssuerLet's Encrypt
Subjectnellthirteenthoperative.com
Fingerprint65:5D:31:B4:45:43:67:D0:A9:DE:BA:83:89:58:57:56:4F:28:3C:6D
ValidityMon, 29 Apr 2024 13:05:42 GMT - Sun, 28 Jul 2024 13:05:41 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F2f%2F33%2F17%2F2f3317da28d2a6ed09610d2d267aa136%2F1648542458.html&l=2977&fd=91 HTTP/1.1
Host: nellthirteenthoperative.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.twpornstars.com/
Cookie: u_pl=15413272; uid_id2=a2ad5c42-267c-48a1-aec8-2980e3d09ebf:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec8bc5a4feb5928590482f8376a67e6ba5=[5212672,5212671]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 01:50:12 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

cdn.creative-bars1.com/sb/chat/mob/ssp/1/img/close.png

188.114.96.1

200 OK

6.0 kB

URL GET HTTP/3
cdn.creative-bars1.com/sb/chat/mob/ssp/1/img/close.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.twpornstars.com/zooe_moore
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
PNG image data, 522 x 391, 8-bit/color RGBA, non-interlaced
Size
6.0 kB (5982 bytes)
Hash
c489ce2c491a22ee37a55e26a92dfd73
2fa588ab09e94dd902e5bd24b48f98ad1949c9d6
1eed147c7d5de6291c25fbc5274830c12d5549262fb144271576d4e15966e5bd

HTTP Headers

GET /sb/chat/mob/ssp/1/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 04 May 2024 01:50:12 GMT
content-type: image/png
content-length: 5982
last-modified: Mon, 21 Feb 2022 08:25:06 GMT
etag: "62134c62-175e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 285108
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i3EjmQyzehcZBaXAWOUEz%2Bf0zcAtpHphCDQbi%2B5%2BO0l5wjG0S83QoRmUDgiCKfWNtNc0CoMmV19mglda2Ufi5%2BkAV1GUHnUxnVipQ5%2BBpL2eZ5EO8gzg1pIDoXG9KcZDob4gAMPXhlHv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e4d6b23ae41c06-OSL
alt-svc: h3=":443"; ma=86400

unseenreport.com/pxf.gif?uuid=559e41eb-9b79-4ff4-9d75-9db451a471fe&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=8bc5a4feb5928590482f8376a67e6ba5&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=1

192.243.61.227

200 OK

1 B

URL GET HTTP/1.1
unseenreport.com/pxf.gif?uuid=559e41eb-9b79-4ff4-9d75-9db451a471fe&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=8bc5a4feb5928590482f8376a67e6ba5&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=1
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.twpornstars.com/zooe_moore
Certificate
IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint71:46:15:FD:76:6A:F5:5B:51:06:CC:93:DD:D8:63:E3:8B:10:BF:13
ValidityFri, 22 Mar 2024 07:32:41 GMT - Thu, 20 Jun 2024 07:32:40 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=559e41eb-9b79-4ff4-9d75-9db451a471fe&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=8bc5a4feb5928590482f8376a67e6ba5&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=1 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.twpornstars.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 01:50:12 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d9961bd5e26d870afebba3de5eed37da
Strict-Transport-Security: max-age=0; includeSubdomains

unseenreport.com/pxf.gif?uuid=559e41eb-9b79-4ff4-9d75-9db451a471fe&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=35fd862a211871130a720a8040aa9aa6&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=1

192.243.61.227

200 OK

1 B

URL GET HTTP/1.1
unseenreport.com/pxf.gif?uuid=559e41eb-9b79-4ff4-9d75-9db451a471fe&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=35fd862a211871130a720a8040aa9aa6&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=1
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.twpornstars.com/zooe_moore
Certificate
IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint71:46:15:FD:76:6A:F5:5B:51:06:CC:93:DD:D8:63:E3:8B:10:BF:13
ValidityFri, 22 Mar 2024 07:32:41 GMT - Thu, 20 Jun 2024 07:32:40 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=559e41eb-9b79-4ff4-9d75-9db451a471fe&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=35fd862a211871130a720a8040aa9aa6&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=1 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.twpornstars.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 01:50:12 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f8786b19b24367ddcf58d89d752d22ce
Strict-Transport-Security: max-age=0; includeSubdomains

nellthirteenthoperative.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2F1%2Fcss%2Fstyle.css&l=4617&fd=95

192.243.61.227

200 OK

0 B

URL GET HTTP/1.1
nellthirteenthoperative.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2F1%2Fcss%2Fstyle.css&l=4617&fd=95
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.twpornstars.com/zooe_moore
Certificate
IssuerLet's Encrypt
Subjectnellthirteenthoperative.com
Fingerprint65:5D:31:B4:45:43:67:D0:A9:DE:BA:83:89:58:57:56:4F:28:3C:6D
ValidityMon, 29 Apr 2024 13:05:42 GMT - Sun, 28 Jul 2024 13:05:41 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2F1%2Fcss%2Fstyle.css&l=4617&fd=95 HTTP/1.1
Host: nellthirteenthoperative.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.twpornstars.com/
Cookie: u_pl=15413272; uid_id2=a2ad5c42-267c-48a1-aec8-2980e3d09ebf:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec8bc5a4feb5928590482f8376a67e6ba5=[5212672,5212671]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 01:50:12 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

cdn.cloudimagesb.com/si/1a/05/5b/1a055b345100cec477bd93c769d04408/1712888919.png

45.133.44.10

200 OK

64 kB

URL GET HTTP/2
cdn.cloudimagesb.com/si/1a/05/5b/1a055b345100cec477bd93c769d04408/1712888919.png
IP
45.133.44.10:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.twpornstars.com/zooe_moore
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0
ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced
Size
64 kB (63660 bytes)
Hash
8d7188516294c1f6b26ddea4a6bdf25e
38c57e26ced55025c7cbdf90e23c345112034be4
59387b16fbf06a1fbf81c300bae1574910151aa7161298ee6007a4bb0099186b

HTTP Headers

GET /si/1a/05/5b/1a055b345100cec477bd93c769d04408/1712888919.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 01:50:12 GMT
content-type: image/png
content-length: 63660
server: nginx/1.21.6
last-modified: Fri, 12 Apr 2024 02:28:47 GMT
etag: "66189c5f-f8ac"
expires: Mon, 06 May 2024 01:50:12 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap

142.250.74.106

200 OK

1.2 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://www.twpornstars.com/zooe_moore
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
gzip compressed data, max compression
Size
1.2 kB (1188 bytes)
Hash
dd491997885c21f2a9a000f9bc2bf3dc
6f5cc3a59e8c0d12ff076c4bf63ded3400600efe
f8f7c5e8bf2596838beaaccc5bc9f3406237d47b419623b33262aa6bf006ae80

HTTP Headers

GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 04 May 2024 01:50:12 GMT
date: Sat, 04 May 2024 01:50:12 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/chat/mob/ssp/1/css/animate.css

188.114.96.1

200 OK

4.9 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/chat/mob/ssp/1/css/animate.css
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.twpornstars.com/zooe_moore
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
ASCII text
Size
4.9 kB (4860 bytes)
Hash
fc638645a938f69e69360c75335ffd1a
143132fb8361c3ad0acf88cb70bf0b07c0ecc2d4
7ef76aab275d0221c68602d18f81b4285b280756f0f71d535ed8b5b889bc2f90

HTTP Headers

GET /sb/chat/mob/ssp/1/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.twpornstars.com
DNT: 1
Connection: keep-alive
Referer: https://www.twpornstars.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 01:50:12 GMT
content-type: text/css
last-modified: Mon, 21 Feb 2022 08:25:04 GMT
etag: W/"62134c60-135d1"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 279382
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qZKw5JTW7OldVftx7CY9HL%2B8to5cDPUMbpQSQpg3sNN%2BuuUkgMqqAMh%2FZKN%2BzApGfa5329xYcycalf07W%2BauGC8zyR3sX0MjG9mUeIWROqcwn%2B%2B%2FSniI%2BB6%2BeU4MfcUgmQdWgmnkQ2i0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e4d6b1acba7131-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

nellthirteenthoperative.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2F1%2Fcss%2Fanimate.css&l=79313&fd=98

192.243.61.227

200 OK

0 B

URL GET HTTP/1.1
nellthirteenthoperative.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2F1%2Fcss%2Fanimate.css&l=79313&fd=98
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.twpornstars.com/zooe_moore
Certificate
IssuerLet's Encrypt
Subjectnellthirteenthoperative.com
Fingerprint65:5D:31:B4:45:43:67:D0:A9:DE:BA:83:89:58:57:56:4F:28:3C:6D
ValidityMon, 29 Apr 2024 13:05:42 GMT - Sun, 28 Jul 2024 13:05:41 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2F1%2Fcss%2Fanimate.css&l=79313&fd=98 HTTP/1.1
Host: nellthirteenthoperative.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.twpornstars.com/
Cookie: u_pl=15413272; uid_id2=a2ad5c42-267c-48a1-aec8-2980e3d09ebf:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec8bc5a4feb5928590482f8376a67e6ba5=[5212672,5212671]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 01:50:13 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

nellthirteenthoperative.com/impr.gif?sid=H4sIAAAAAAAC%2F1SSz4scxRvGqzd7%2Bx6%2BGnIQRJiDB5XsbndP90yPOYibuBJcsyGJ6MlQv3pSbnVXU9U9PdlTMCDR0xD8A3qf2SREgz%2F%2BAKPOBjwEhBlPe3CPXjwKuSozLo6%2Bl%2Fd963kLPu9T9cl%2BdUxCVPTowrtmT2lNN%2BJ1v%2FXKB0FwrrWt8mrYGiad653oXMsOXu911v1XW29Lvms2Qj%2Fw%2FcAPWlvKytQMN%2BYiVPGoF6z3%2FPUoXA%2FiCEP7395VHhz1IAbH5DSUmK0%2B8c5A8Qny7JsL0u2Wpjj7VlZpWhqLgXjwXr6bmzpHtixT6yHNH5xMw7jp1mOY%2FN4CF2bwzyBTM%2BL99Bgsf3ACCTY4WHAyDZmDif%2BhHkwg9QSKTsDNbSgxJQAXuLSDPLt%2Fydia3vxbpXN1Rlaf%2FQFVz8jqr2eQZ19tajVsXTW6KpXJHYZpAzWcQPUnKKpDlHsrUPUhePkxlPiZbDzbRp4d7DhtoMTRyzSkIuZRuBZ2unwtSmiwRiVP1sJe4su28HuSpQuDlJpApRNoOQJ1K6ich0p5qFIPVeEhE0ctHgRB1xec%2BkmP87boStYRfkC7aUADv5Og4vMdRiiLEbgegdtbKOwt7Kq70%2Fj09LKDrX6Au9HACQ%2BuJBiIBrUkqB1BTQlqRVCXBPWguSe0C11zX2hXseAkhye53YxN2d%2Bn90zZlzkBtSNY0ewXx%2BT5hY2%2F%2By9gVx61EsZjGqWSxb0wiXt%2BlIRp0u52aKcrO4zGcOrh%2Ba21dhQl130otwLqPOypafQ9CjUlUzB6CKcPwdVzoNVLoHUDeqPBXv51WRfG5q6k1q1zk0GYBkW5ivKmt6%2BPyYsLkp3PCCR%2F%2BsYv7UWA2waFbfCRekLQ13fGV0xNDq6Y2pFvd4pSZWqPzh%2F7aklLeeqLd%2BTN2lhx8YIbPXyTz4V5%2BeiadOU2zYXK%2B458uamEkHbLWC7Jdxfd%2B5JdrtyNzcrmVbF9%2BfzWxayw0jll8gmomm7Ot5mR%2F%2F%2F42uIXn%2F3wNyg7ga0aZNVTchJQ5hC8uAVXLOmdIbB6OcMKD3XVjG3IlodaEWi57Clr4P7Vs2U9tnR%2Bm6pm391B366AlreRZw0GtsFAN6B6BFedGpeFXWIwvTJm2q4cMG313YXJM7Lz6Z9w6qjV9kWXyVR2mYziKJVcsDhmPk85a4sk4SjdLI0%2Fv%2FYXAAAA%2F%2F8BAAD%2F%2F8gp0nafBAAA

192.243.61.227

200 OK

7 B

URL GET HTTP/1.1
nellthirteenthoperative.com/impr.gif?sid=H4sIAAAAAAAC%2F1SSz4scxRvGqzd7%2Bx6%2BGnIQRJiDB5XsbndP90yPOYibuBJcsyGJ6MlQv3pSbnVXU9U9PdlTMCDR0xD8A3qf2SREgz%2F%2BAKPOBjwEhBlPe3CPXjwKuSozLo6%2Bl%2Fd963kLPu9T9cl%2BdUxCVPTowrtmT2lNN%2BJ1v%2FXKB0FwrrWt8mrYGiad653oXMsOXu911v1XW29Lvms2Qj%2Fw%2FcAPWlvKytQMN%2BYiVPGoF6z3%2FPUoXA%2FiCEP7395VHhz1IAbH5DSUmK0%2B8c5A8Qny7JsL0u2Wpjj7VlZpWhqLgXjwXr6bmzpHtixT6yHNH5xMw7jp1mOY%2FN4CF2bwzyBTM%2BL99Bgsf3ACCTY4WHAyDZmDif%2BhHkwg9QSKTsDNbSgxJQAXuLSDPLt%2Fydia3vxbpXN1Rlaf%2FQFVz8jqr2eQZ19tajVsXTW6KpXJHYZpAzWcQPUnKKpDlHsrUPUhePkxlPiZbDzbRp4d7DhtoMTRyzSkIuZRuBZ2unwtSmiwRiVP1sJe4su28HuSpQuDlJpApRNoOQJ1K6ich0p5qFIPVeEhE0ctHgRB1xec%2BkmP87boStYRfkC7aUADv5Og4vMdRiiLEbgegdtbKOwt7Kq70%2Fj09LKDrX6Au9HACQ%2BuJBiIBrUkqB1BTQlqRVCXBPWguSe0C11zX2hXseAkhye53YxN2d%2Bn90zZlzkBtSNY0ewXx%2BT5hY2%2F%2By9gVx61EsZjGqWSxb0wiXt%2BlIRp0u52aKcrO4zGcOrh%2Ba21dhQl130otwLqPOypafQ9CjUlUzB6CKcPwdVzoNVLoHUDeqPBXv51WRfG5q6k1q1zk0GYBkW5ivKmt6%2BPyYsLkp3PCCR%2F%2BsYv7UWA2waFbfCRekLQ13fGV0xNDq6Y2pFvd4pSZWqPzh%2F7aklLeeqLd%2BTN2lhx8YIbPXyTz4V5%2BeiadOU2zYXK%2B458uamEkHbLWC7Jdxfd%2B5JdrtyNzcrmVbF9%2BfzWxayw0jll8gmomm7Ot5mR%2F%2F%2F42uIXn%2F3wNyg7ga0aZNVTchJQ5hC8uAVXLOmdIbB6OcMKD3XVjG3IlodaEWi57Clr4P7Vs2U9tnR%2Bm6pm391B366AlreRZw0GtsFAN6B6BFedGpeFXWIwvTJm2q4cMG313YXJM7Lz6Z9w6qjV9kWXyVR2mYziKJVcsDhmPk85a4sk4SjdLI0%2Fv%2FYXAAAA%2F%2F8BAAD%2F%2F8gp0nafBAAA
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.twpornstars.com/zooe_moore
Certificate
IssuerLet's Encrypt
Subjectnellthirteenthoperative.com
Fingerprint65:5D:31:B4:45:43:67:D0:A9:DE:BA:83:89:58:57:56:4F:28:3C:6D
ValidityMon, 29 Apr 2024 13:05:42 GMT - Sun, 28 Jul 2024 13:05:41 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /impr.gif?sid=H4sIAAAAAAAC%2F1SSz4scxRvGqzd7%2Bx6%2BGnIQRJiDB5XsbndP90yPOYibuBJcsyGJ6MlQv3pSbnVXU9U9PdlTMCDR0xD8A3qf2SREgz%2F%2BAKPOBjwEhBlPe3CPXjwKuSozLo6%2Bl%2Fd963kLPu9T9cl%2BdUxCVPTowrtmT2lNN%2BJ1v%2FXKB0FwrrWt8mrYGiad653oXMsOXu911v1XW29Lvms2Qj%2Fw%2FcAPWlvKytQMN%2BYiVPGoF6z3%2FPUoXA%2FiCEP7395VHhz1IAbH5DSUmK0%2B8c5A8Qny7JsL0u2Wpjj7VlZpWhqLgXjwXr6bmzpHtixT6yHNH5xMw7jp1mOY%2FN4CF2bwzyBTM%2BL99Bgsf3ACCTY4WHAyDZmDif%2BhHkwg9QSKTsDNbSgxJQAXuLSDPLt%2Fydia3vxbpXN1Rlaf%2FQFVz8jqr2eQZ19tajVsXTW6KpXJHYZpAzWcQPUnKKpDlHsrUPUhePkxlPiZbDzbRp4d7DhtoMTRyzSkIuZRuBZ2unwtSmiwRiVP1sJe4su28HuSpQuDlJpApRNoOQJ1K6ich0p5qFIPVeEhE0ctHgRB1xec%2BkmP87boStYRfkC7aUADv5Og4vMdRiiLEbgegdtbKOwt7Kq70%2Fj09LKDrX6Au9HACQ%2BuJBiIBrUkqB1BTQlqRVCXBPWguSe0C11zX2hXseAkhye53YxN2d%2Bn90zZlzkBtSNY0ewXx%2BT5hY2%2F%2By9gVx61EsZjGqWSxb0wiXt%2BlIRp0u52aKcrO4zGcOrh%2Ba21dhQl130otwLqPOypafQ9CjUlUzB6CKcPwdVzoNVLoHUDeqPBXv51WRfG5q6k1q1zk0GYBkW5ivKmt6%2BPyYsLkp3PCCR%2F%2BsYv7UWA2waFbfCRekLQ13fGV0xNDq6Y2pFvd4pSZWqPzh%2F7aklLeeqLd%2BTN2lhx8YIbPXyTz4V5%2BeiadOU2zYXK%2B458uamEkHbLWC7Jdxfd%2B5JdrtyNzcrmVbF9%2BfzWxayw0jll8gmomm7Ot5mR%2F%2F%2F42uIXn%2F3wNyg7ga0aZNVTchJQ5hC8uAVXLOmdIbB6OcMKD3XVjG3IlodaEWi57Clr4P7Vs2U9tnR%2Bm6pm391B366AlreRZw0GtsFAN6B6BFedGpeFXWIwvTJm2q4cMG313YXJM7Lz6Z9w6qjV9kWXyVR2mYziKJVcsDhmPk85a4sk4SjdLI0%2Fv%2FYXAAAA%2F%2F8BAAD%2F%2F8gp0nafBAAA HTTP/1.1
Host: nellthirteenthoperative.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.twpornstars.com/
Cookie: u_pl=15413272; uid_id2=a2ad5c42-267c-48a1-aec8-2980e3d09ebf:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec8bc5a4feb5928590482f8376a67e6ba5=[5212672,5212671]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 01:50:13 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 31d6dab26426b3cbf3a9d4cc6e800a40
Strict-Transport-Security: max-age=0; includeSubdomains

cdn.creative-bars1.com/sb/chat/mob/ssp/1/js/jquery.min.js

188.114.96.1

200 OK

48 kB

URL GET HTTP/3
cdn.creative-bars1.com/sb/chat/mob/ssp/1/js/jquery.min.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.twpornstars.com/zooe_moore
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
48 kB (47823 bytes)
Hash
561acb3e541133bbdd2c0c19f8ee35a1
ffd1353cf3f77d25f801c84d8208613eb0d3d548
9fde6da568db31801e29243a903bf24f342256b41e3c01e7d018ff7c566ce7fc

HTTP Headers

GET /sb/chat/mob/ssp/1/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 04 May 2024 01:50:12 GMT
content-type: application/javascript
last-modified: Mon, 21 Feb 2022 08:25:09 GMT
etag: W/"62134c65-15d94"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 293556
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qWpCljVjbeicdkFIa%2FU2aBZUx8rJLRPdZEHYWnoWxmGFkTHCbWhTKNYxsYN2xktZMQHywVlkwlinWfs282gVfemHuQ7frUbGYDmNfLyQUJSNurj1okvDSqaIyWn%2BAxMDYN1Ygt0uCH28"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e4d6b23ae51c06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

142.250.74.131

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
142.250.74.131:443
ASN
#15169 GOOGLE

Requested by
https://www.twpornstars.com/zooe_moore
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.twpornstars.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 May 2024 06:08:19 GMT
expires: Sat, 03 May 2025 06:08:19 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
age: 70914
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/chat/mob/ssp/1/js/script.js

188.114.96.1

200 OK

183 B

URL GET HTTP/3
cdn.creative-bars1.com/sb/chat/mob/ssp/1/js/script.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.twpornstars.com/zooe_moore
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
ASCII text
Size
183 B (183 bytes)
Hash
4f5f05ab032dd8fc0db448fcf51a35e2
78f94f93fdb792d95ea3ac293ac1b8e3bc13d609
7fd8e9c0e5ca0c7123954a109fa8b7e8368c7e1262880925e2ac7b8c877a9e38

HTTP Headers

GET /sb/chat/mob/ssp/1/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.twpornstars.com
DNT: 1
Connection: keep-alive
Referer: https://www.twpornstars.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 04 May 2024 01:50:12 GMT
content-type: application/javascript
last-modified: Mon, 21 Feb 2022 08:25:08 GMT
etag: W/"62134c64-17e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 279382
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lK0Evw07F3ZshdqgavzKtfn45aMDdj8xEWOV7B0puhsKI6Hp%2FcgYpY0D8%2FaGgIKxpvUDx%2B5uDdJqolnJ8O2SgNF%2B4kBPYZzBAkn7hV7H2GWlSq7k2r3z77f1x%2FkTGwhl3mYwxq4ke77M"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e4d6b29af51c06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

syndication.realsrv.com/splash.php?idzone=3449269&cookieconsent=true

95.211.229.245

200 OK

2.9 kB

URL GET HTTP/1.1
syndication.realsrv.com/splash.php?idzone=3449269&cookieconsent=true
IP
95.211.229.245:443
ASN
#60781 LeaseWeb Netherlands B.V.

Requested by
https://www.twpornstars.com/zooe_moore
Certificate
IssuerLet's Encrypt
Subjectrealsrv.com
FingerprintD6:E9:CF:67:58:14:C0:E8:FF:A6:F9:E4:10:41:F9:BF:03:93:4D:1B
ValidityTue, 30 Apr 2024 07:54:23 GMT - Mon, 29 Jul 2024 07:54:22 GMT

File type
XML 1.0 document, ASCII text, with very long lines (1786)
Size
2.9 kB (2897 bytes)
Hash
2653657f6e2b85eb68f232e1ec945837
3c776ee55a27c1bffcc2031e9f9f588b32efe890
dc6976c0363c45ceacba00bc75fe2c0ec71389e639bcb11ec985f5aacf73732a

HTTP Headers

GET /splash.php?idzone=3449269&cookieconsent=true HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.twpornstars.com
DNT: 1
Connection: keep-alive
Referer: https://www.twpornstars.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 May 2024 01:50:20 GMT
Content-Type: text/xml;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Headers: X-CH-VALUES
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226635945cce7538.872931644099016508%22%3B%7D; expires=Mon, 04 May 2026 01:50:20 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-video%22%3A%22v4%7C%7CNOR%7C3449269%7C82481096%7C0%7C%7C508%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C%7C0%7Ctwpornstars.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C1714787420%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C44a5a503db2ed2b3c2ea0df336e1dce8%7Cok%22%7D; expires=Sun, 05 May 2024 01:50:20 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
Cache-Control: no-store
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: https://www.twpornstars.com
Access-Control-Allow-Credentials: true
Accept-CH: 
X-Robots-Tag: noindex, follow
Content-Encoding: gzip

s3t3d2y8.afcdn.net/images/close-icon-circle.png

185.76.9.21

200 OK

405 B

URL GET HTTP/2
s3t3d2y8.afcdn.net/images/close-icon-circle.png
IP
185.76.9.21:443
ASN
#60068 Datacamp Limited

Requested by
https://www.twpornstars.com/zooe_moore
Certificate
IssuerLet's Encrypt
Subjectafcdn.net
FingerprintCE:9F:A3:7C:BF:E1:80:9C:11:75:38:23:E8:D2:50:1A:E4:48:37:77
ValidityTue, 27 Feb 2024 16:27:12 GMT - Mon, 27 May 2024 16:27:11 GMT

File type
PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
Size
405 B (405 bytes)
Hash
bc8bf5d1633e548e9a178bf29be30b7b
bd290b6eabd73d2c95db053620797503e9178484
94f575abdb5c45476f9c2b62bbe06fbfacce9d25e95796ffcd07680bd7c6c0bb

HTTP Headers

GET /images/close-icon-circle.png HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.twpornstars.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 01:50:21 GMT
content-type: image/png
content-length: 405
last-modified: Tue, 25 Oct 2022 11:33:38 GMT
etag: "6357c992-195"
expires: Fri, 27 Oct 2023 07:10:07 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-cache-op: HIT
server: CDN77-Turbo
x-77-nzt: EQwBuUwJFAH32MOVAQ
x-77-nzt-ray: af5856301f5de4485d943566d8ad6002
x-accel-expires: @1719731205
x-accel-date: 1688195205
x-cache: HIT
x-age: 26592216
x-77-pop: stockholmSE
x-77-cache: HIT
x-77-age: 26592216
accept-ranges: bytes
X-Firefox-Spdy: h2

downstairsnegotiatebarren.com/sfp.js

104.21.35.227

200 OK

33 kB

URL GET HTTP/2
downstairsnegotiatebarren.com/sfp.js
IP
104.21.35.227:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.twpornstars.com/zooe_moore
Certificate
IssuerLet's Encrypt
Subjectdownstairsnegotiatebarren.com
Fingerprint5D:DB:CB:C6:CE:2A:8B:34:7D:BC:43:74:33:1D:5F:77:48:F7:BC:1B
ValidityThu, 02 May 2024 21:26:34 GMT - Wed, 31 Jul 2024 21:26:33 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Size
33 kB (32711 bytes)
Hash
f4a2f8f9f99541c6f105bbd0a025bd40
1f8e3eff12168fdd9e719adfc098d24a45b6916a
b717cb04231a10d425fd55b73c85a5407119c6826a8bac94142fddfff6958716

HTTP Headers

GET /sfp.js HTTP/1.1
Host: downstairsnegotiatebarren.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.twpornstars.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 01:50:11 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 51a150dffb8144efbedc3f75e0d4d84e
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sat, 04 May 2024 01:50:10 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5HleAdq%2BIBmkTvtjG%2Fm1BdfBfF4ivQkWMVXqWXIxzHauYGVMlnetHy70YVzb5JIP86QM%2Bbmpz8VbFAX0DNnsWQRqvu2Ewe4i%2FCzKQmYRRF6oWWFNatAT3HmuK1Ivt9znnbajs9QHzrZtDsVINLdR9Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e4d6a8dadfb51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/chat/mob/ssp/1/css/style.css

188.114.96.1

200 OK

4.6 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/chat/mob/ssp/1/css/style.css
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.twpornstars.com/zooe_moore
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
ASCII text, with very long lines (4886), with no line terminators
Size
4.6 kB (4617 bytes)
Hash
1230b98f01a549572edcd2bf3bdcb4ad
ac87a2a752ffb8b5167566183fddd531d7971be9
9a2954fc66ebbb9adf18c2ea4403d2a0a5dedf2928f9905e1fc656f5dc1b208d

HTTP Headers

GET /sb/chat/mob/ssp/1/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.twpornstars.com
DNT: 1
Connection: keep-alive
Referer: https://www.twpornstars.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 01:50:12 GMT
content-type: text/css
last-modified: Mon, 21 Feb 2022 08:25:04 GMT
etag: W/"62134c60-1209"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 289200
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5WM2N3O7Ov3BpFM1amyIF4W42Pr057mgiQcCaF5FwPK%2FPzOnNlUEfH1ctm54WGa9YXSxxh3bICRSTRzIPw5QSlIhrYHhHVhGeMKUFZ2RgvR89lNkrcPI6w83o4rnI4q2W0rB3%2BlalF96"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e4d6b1acb77131-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

nellthirteenthoperative.com/ren.gif?sid=H4sIAAAAAAAC%2F1SSz28bxRvGZ93cvocvVD0gISQfOABqnN31er2mB0RagipCU7VFcKKanZl1h8zurGZ2vU5OEZVQ4WRV%2FAGbx0mjQsWPP4ACTiUOlZBsTjmQIxeOSL2CbCIM7%2BV933nekT7vM%2FPJfnlKfJT05Mq7elcqRdc6Lbf5ygeed6m5KbNy2BxG4e0wuNQ0g9d7Yct9tfm2YNt6zXc91%2FVcr7khjUj0cG0uQuaPel6r57YCv%2BV1AgzNf3tbOrDUAR%2BckvOQfLbyxLkAySbI0m%2BuCLtd6PziW2mpaKENBvzovWw701WGdFkmxkGSHZ1NQ9vpxmPo7HCBCz34ZzCWM%2BL89BhxdnQGiXhwsOCMFUSGmP8P1WACoSaQdAKm70LyKQEYx7UtZOmDa9pUdOdvlc7VGVl59gdkNSMrv15Aln61ruSweVOrspA6sxgmNeRwAtmfIC%2BPUew2IKtjsOJjSP4zWXu2iSw92LJKQ%2FKTl6lPeYcF%2FqofdtlqEFFvlQoWrfq9yBVt7vZEnCwMknICmUygxAjUNlBaB6V0UCYOytxByk%2BazPO8rssZdaMeY23eFXHIXY92E496bhihZPMdRijyEZgagZk95GYP2%2FL%2BtHN%2Bet3ClD%2FA3qlhuQNbEAx4jUoQVJagogSVJKgKgmpQH3JlfVs%2F4MqWsXeW%2FbPcrse66O%2FTQ130RUZAzQiG1%2Fv5KXl%2BYePv7gvYFifNKGYdGiQi7vT8qNNzg8hPonY3pGFXhDHtwMqHlzdW20EQ3XYhbQPUOtiV0%2BB75HJKpojpMaw6BpPPgZYvgVY16J0au9nXRZVrk9mCGttiOgXXNfJiBcWOs69OyYsLkq3PCAR7%2BsYv7UWAmRq5qfGRfELQV%2FfGN3RFDm7oypJvt%2FJCpnKXzh%2F7ZkELce6Ld8ROpQ2%2FesWOHr7J5sK8fHRL2GKTZlxmfUu%2BXJecC7OhDRPku6v2fRFfL%2B2d9dJkZb55%2FfLG1TQ3wlqpswmonK7Pt5mR%2F%2F%2F42uIXX%2FzwN0gzgSlrpOVTchaQ%2Bhgs34PNl%2FRWExi1nIlzB1VZj40fLw%2BVJFBi2dO4hv1XHy%2FrsaHz21TW%2B%2FYe%2BqYBWtxFltYYmBoDVYOqEWx5blzkZokRq8Y4VqZxECuj7i9MnpGtT%2F%2BElSfNbrvt0rDX8bpdKrpx4EdJ6HFK%2FSD0w5C2UdhZ0vn81l8AAAD%2F%2FwEAAP%2F%2FSP0Hnp8EAAA%3D

192.243.61.227

200 OK

0 B

URL GET HTTP/1.1
nellthirteenthoperative.com/ren.gif?sid=H4sIAAAAAAAC%2F1SSz28bxRvGZ93cvocvVD0gISQfOABqnN31er2mB0RagipCU7VFcKKanZl1h8zurGZ2vU5OEZVQ4WRV%2FAGbx0mjQsWPP4ACTiUOlZBsTjmQIxeOSL2CbCIM7%2BV933nekT7vM%2FPJfnlKfJT05Mq7elcqRdc6Lbf5ygeed6m5KbNy2BxG4e0wuNQ0g9d7Yct9tfm2YNt6zXc91%2FVcr7khjUj0cG0uQuaPel6r57YCv%2BV1AgzNf3tbOrDUAR%2BckvOQfLbyxLkAySbI0m%2BuCLtd6PziW2mpaKENBvzovWw701WGdFkmxkGSHZ1NQ9vpxmPo7HCBCz34ZzCWM%2BL89BhxdnQGiXhwsOCMFUSGmP8P1WACoSaQdAKm70LyKQEYx7UtZOmDa9pUdOdvlc7VGVl59gdkNSMrv15Aln61ruSweVOrspA6sxgmNeRwAtmfIC%2BPUew2IKtjsOJjSP4zWXu2iSw92LJKQ%2FKTl6lPeYcF%2FqofdtlqEFFvlQoWrfq9yBVt7vZEnCwMknICmUygxAjUNlBaB6V0UCYOytxByk%2BazPO8rssZdaMeY23eFXHIXY92E496bhihZPMdRijyEZgagZk95GYP2%2FL%2BtHN%2Bet3ClD%2FA3qlhuQNbEAx4jUoQVJagogSVJKgKgmpQH3JlfVs%2F4MqWsXeW%2FbPcrse66O%2FTQ130RUZAzQiG1%2Fv5KXl%2BYePv7gvYFifNKGYdGiQi7vT8qNNzg8hPonY3pGFXhDHtwMqHlzdW20EQ3XYhbQPUOtiV0%2BB75HJKpojpMaw6BpPPgZYvgVY16J0au9nXRZVrk9mCGttiOgXXNfJiBcWOs69OyYsLkq3PCAR7%2BsYv7UWAmRq5qfGRfELQV%2FfGN3RFDm7oypJvt%2FJCpnKXzh%2F7ZkELce6Ld8ROpQ2%2FesWOHr7J5sK8fHRL2GKTZlxmfUu%2BXJecC7OhDRPku6v2fRFfL%2B2d9dJkZb55%2FfLG1TQ3wlqpswmonK7Pt5mR%2F%2F%2F42uIXX%2FzwN0gzgSlrpOVTchaQ%2Bhgs34PNl%2FRWExi1nIlzB1VZj40fLw%2BVJFBi2dO4hv1XHy%2FrsaHz21TW%2B%2FYe%2BqYBWtxFltYYmBoDVYOqEWx5blzkZokRq8Y4VqZxECuj7i9MnpGtT%2F%2BElSfNbrvt0rDX8bpdKrpx4EdJ6HFK%2FSD0w5C2UdhZ0vn81l8AAAD%2F%2FwEAAP%2F%2FSP0Hnp8EAAA%3D
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.twpornstars.com/zooe_moore
Certificate
IssuerLet's Encrypt
Subjectnellthirteenthoperative.com
Fingerprint65:5D:31:B4:45:43:67:D0:A9:DE:BA:83:89:58:57:56:4F:28:3C:6D
ValidityMon, 29 Apr 2024 13:05:42 GMT - Sun, 28 Jul 2024 13:05:41 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1SSz28bxRvGZ93cvocvVD0gISQfOABqnN31er2mB0RagipCU7VFcKKanZl1h8zurGZ2vU5OEZVQ4WRV%2FAGbx0mjQsWPP4ACTiUOlZBsTjmQIxeOSL2CbCIM7%2BV933nekT7vM%2FPJfnlKfJT05Mq7elcqRdc6Lbf5ygeed6m5KbNy2BxG4e0wuNQ0g9d7Yct9tfm2YNt6zXc91%2FVcr7khjUj0cG0uQuaPel6r57YCv%2BV1AgzNf3tbOrDUAR%2BckvOQfLbyxLkAySbI0m%2BuCLtd6PziW2mpaKENBvzovWw701WGdFkmxkGSHZ1NQ9vpxmPo7HCBCz34ZzCWM%2BL89BhxdnQGiXhwsOCMFUSGmP8P1WACoSaQdAKm70LyKQEYx7UtZOmDa9pUdOdvlc7VGVl59gdkNSMrv15Aln61ruSweVOrspA6sxgmNeRwAtmfIC%2BPUew2IKtjsOJjSP4zWXu2iSw92LJKQ%2FKTl6lPeYcF%2FqofdtlqEFFvlQoWrfq9yBVt7vZEnCwMknICmUygxAjUNlBaB6V0UCYOytxByk%2BazPO8rssZdaMeY23eFXHIXY92E496bhihZPMdRijyEZgagZk95GYP2%2FL%2BtHN%2Bet3ClD%2FA3qlhuQNbEAx4jUoQVJagogSVJKgKgmpQH3JlfVs%2F4MqWsXeW%2FbPcrse66O%2FTQ130RUZAzQiG1%2Fv5KXl%2BYePv7gvYFifNKGYdGiQi7vT8qNNzg8hPonY3pGFXhDHtwMqHlzdW20EQ3XYhbQPUOtiV0%2BB75HJKpojpMaw6BpPPgZYvgVY16J0au9nXRZVrk9mCGttiOgXXNfJiBcWOs69OyYsLkq3PCAR7%2BsYv7UWAmRq5qfGRfELQV%2FfGN3RFDm7oypJvt%2FJCpnKXzh%2F7ZkELce6Ld8ROpQ2%2FesWOHr7J5sK8fHRL2GKTZlxmfUu%2BXJecC7OhDRPku6v2fRFfL%2B2d9dJkZb55%2FfLG1TQ3wlqpswmonK7Pt5mR%2F%2F%2F42uIXX%2FzwN0gzgSlrpOVTchaQ%2Bhgs34PNl%2FRWExi1nIlzB1VZj40fLw%2BVJFBi2dO4hv1XHy%2FrsaHz21TW%2B%2FYe%2BqYBWtxFltYYmBoDVYOqEWx5blzkZokRq8Y4VqZxECuj7i9MnpGtT%2F%2BElSfNbrvt0rDX8bpdKrpx4EdJ6HFK%2FSD0w5C2UdhZ0vn81l8AAAD%2F%2FwEAAP%2F%2FSP0Hnp8EAAA%3D HTTP/1.1
Host: nellthirteenthoperative.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.twpornstars.com/
Cookie: u_pl=15413272; uid_id2=a2ad5c42-267c-48a1-aec8-2980e3d09ebf:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec8bc5a4feb5928590482f8376a67e6ba5=[5212672,5212671]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 01:50:12 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2853047a2428c59ac0f82ca59a8b0b1a
Strict-Transport-Security: max-age=0; includeSubdomains

www.twpornstars.com/build/index.636164b9.js

104.21.235.200

200 OK

15 kB

URL GET HTTP/3
www.twpornstars.com/build/index.636164b9.js
IP
104.21.235.200:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.twpornstars.com/zooe_moore
Certificate
IssuerGoogle Trust Services LLC
Subjecttwpornstars.com
FingerprintF5:FB:5D:9F:07:40:28:0F:39:69:15:12:96:70:A2:83:49:CB:41:1C
ValidityWed, 24 Apr 2024 17:05:35 GMT - Tue, 23 Jul 2024 17:05:34 GMT

File type
JavaScript source, ASCII text, with very long lines (14606), with no line terminators
Size
15 kB (14606 bytes)
Hash
c28d52d30d19cf7b54cfce5614a643d7
37c35b4e09cb39ea62817895f438048c7dee0c45
2a84fbb7ffb3f430699a70187566aa2d24e30159491b88313274759a2d3fa78c

HTTP Headers

GET /build/index.636164b9.js HTTP/1.1
Host: www.twpornstars.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.twpornstars.com/zooe_moore
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 04 May 2024 01:50:10 GMT
content-type: application/javascript
cache-control: max-age=315360000, public, immutable
etag: W/"65412065-390e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Tue, 31 Oct 2023 15:42:29 GMT
cf-cache-status: DYNAMIC
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9ot7QLA8QYJV3OrRsMMDvTe8XbW7cwyoMnkUMtccVoVT9F5xJO6YTaUTrKp6SEZ%2F%2FhqHyugOM8xwvv1KlM%2FB3UDvgARXclCHOzxKC6OfFDgRMTeKwh9pjpldJ8KgPl6hI8bGiScY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e4d6a38a026533-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400

www.twpornstars.com/zooe_moore

104.21.235.200

200 OK

64 kB

URL User Request GET HTTP/2
www.twpornstars.com/zooe_moore
IP
104.21.235.200:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjecttwpornstars.com
FingerprintF5:FB:5D:9F:07:40:28:0F:39:69:15:12:96:70:A2:83:49:CB:41:1C
ValidityWed, 24 Apr 2024 17:05:35 GMT - Tue, 23 Jul 2024 17:05:34 GMT

File type

Size
64 kB (63916 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /zooe_moore HTTP/1.1
Host: www.twpornstars.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 01:50:10 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HzNqmHf5r6jQqQWfjX2N0t3pasf5dm5c%2FMHsj5F7YLpneJz9tryX%2FBOVjVQdorjWsTCG7zbZ%2BueBLyuw330FjMNOQgervPRTicYlpVmkuVzX6Kd5G3E45JePTrjYa%2F2Rf68m%2FbSo"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e4d69f9a08dd3f-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.twpornstars.com/build/234.61c95dd6.js

104.21.235.200

200 OK

13 kB

URL GET HTTP/3
www.twpornstars.com/build/234.61c95dd6.js
IP
104.21.235.200:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.twpornstars.com/zooe_moore
Certificate
IssuerGoogle Trust Services LLC
Subjecttwpornstars.com
FingerprintF5:FB:5D:9F:07:40:28:0F:39:69:15:12:96:70:A2:83:49:CB:41:1C
ValidityWed, 24 Apr 2024 17:05:35 GMT - Tue, 23 Jul 2024 17:05:34 GMT

File type
JavaScript source, ASCII text, with very long lines (13241)
Size
13 kB (13311 bytes)
Hash
85ae003e483c2bbbbb5bcb092824aa99
46762a9bf6808ef1716eac71d4d8b845ce1ab2ab
9a14e3232aeb2d592ce1616914e100022d923406ecad03d18cd93f8d863265f5

HTTP Headers

GET /build/234.61c95dd6.js HTTP/1.1
Host: www.twpornstars.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.twpornstars.com/zooe_moore
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 04 May 2024 01:50:10 GMT
content-type: application/javascript
cache-control: max-age=315360000, public, immutable
etag: W/"65412065-33ff"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Tue, 31 Oct 2023 15:42:29 GMT
cf-cache-status: DYNAMIC
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PQYXO2igluXCC3s97hz6sWH%2FIpGP%2BSzmBNzqlO8n9q4U%2FdvHmfbef25vFoBGrGuikc6OIhY4wgcSvYAxKrkVJy9LcnkSisGXbu6mRkYVBR4R3J9I1luDYZWAmOu%2FS04ZLPCFVlb3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e4d6a37a016533-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400

nellthirteenthoperative.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2F1%2Fjs%2Fscript.js&l=382&fd=15

192.243.61.227

200 OK

0 B

URL GET HTTP/1.1
nellthirteenthoperative.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2F1%2Fjs%2Fscript.js&l=382&fd=15
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.twpornstars.com/zooe_moore
Certificate
IssuerLet's Encrypt
Subjectnellthirteenthoperative.com
Fingerprint65:5D:31:B4:45:43:67:D0:A9:DE:BA:83:89:58:57:56:4F:28:3C:6D
ValidityMon, 29 Apr 2024 13:05:42 GMT - Sun, 28 Jul 2024 13:05:41 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2F1%2Fjs%2Fscript.js&l=382&fd=15 HTTP/1.1
Host: nellthirteenthoperative.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.twpornstars.com/
Cookie: u_pl=15413272; uid_id2=a2ad5c42-267c-48a1-aec8-2980e3d09ebf:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec8bc5a4feb5928590482f8376a67e6ba5=[5212672,5212671]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 01:50:13 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

nellthirteenthoperative.com/pixel/sbs?c=1

192.243.61.227

200 OK

0 B

URL GET HTTP/1.1
nellthirteenthoperative.com/pixel/sbs?c=1
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.twpornstars.com/zooe_moore
Certificate
IssuerLet's Encrypt
Subjectnellthirteenthoperative.com
Fingerprint65:5D:31:B4:45:43:67:D0:A9:DE:BA:83:89:58:57:56:4F:28:3C:6D
ValidityMon, 29 Apr 2024 13:05:42 GMT - Sun, 28 Jul 2024 13:05:41 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbs?c=1 HTTP/1.1
Host: nellthirteenthoperative.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.twpornstars.com/
Cookie: u_pl=15413272; uid_id2=a2ad5c42-267c-48a1-aec8-2980e3d09ebf:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec8bc5a4feb5928590482f8376a67e6ba5=[5212672,5212671]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 01:50:13 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

www.twpornstars.com/favicon.ico

104.21.235.200

200 OK

1.2 kB

URL GET HTTP/3
www.twpornstars.com/favicon.ico
IP
104.21.235.200:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.twpornstars.com/zooe_moore
Certificate
IssuerGoogle Trust Services LLC
Subjecttwpornstars.com
FingerprintF5:FB:5D:9F:07:40:28:0F:39:69:15:12:96:70:A2:83:49:CB:41:1C
ValidityWed, 24 Apr 2024 17:05:35 GMT - Tue, 23 Jul 2024 17:05:34 GMT

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Size
1.2 kB (1150 bytes)
Hash
f570e4146c52b287b94576e925ab2eff
1e26f404aff555a187bb408581ece60d34edaa8a
fbdaaaccb6cbf0b4db431a606ad8e64203136e6b9eb4eeb56e568cf6759f5f0e

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.twpornstars.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.twpornstars.com/zooe_moore
Cookie: _ga_V4D62Y39MW=GS1.1.1714787410.1.0.1714787410.0.0.0; _ga=GA1.1.557921624.1714787411; a_delay=1714787410776; dom3ic8zudi28v8lr6fgphwffqoz0j6c=559e41eb-9b79-4ff4-9d75-9db451a471fe%3A2%3A1; sb_main_8bc5a4feb5928590482f8376a67e6ba5=1; sb_count_8bc5a4feb5928590482f8376a67e6ba5=1; pp_main_35fd862a211871130a720a8040aa9aa6=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 04 May 2024 01:50:12 GMT
content-type: image/x-icon
etag: W/"6399f613-47e"
last-modified: Wed, 14 Dec 2022 16:13:07 GMT
cf-cache-status: DYNAMIC
priority: u=6,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DItxFtfL3LsB0pVAoPIjxRcOYOD6Vf6dvYhwt6NQmwzhyOxVdsYyqOAO8VsVFqg4qdKCeKOpTUEc93jwA0EeJXqYFdeMa%2FLqcasn6%2Bu9UvC6mOSgtlsNpBs%2FrHQ%2BCf14m%2FZjkjIP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e4d6ae78856533-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400

www.twpornstars.com/build/runtime.602a9af0.js

104.21.235.200

200 OK

1.4 kB

URL GET HTTP/3
www.twpornstars.com/build/runtime.602a9af0.js
IP
104.21.235.200:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.twpornstars.com/zooe_moore
Certificate
IssuerGoogle Trust Services LLC
Subjecttwpornstars.com
FingerprintF5:FB:5D:9F:07:40:28:0F:39:69:15:12:96:70:A2:83:49:CB:41:1C
ValidityWed, 24 Apr 2024 17:05:35 GMT - Tue, 23 Jul 2024 17:05:34 GMT

File type
JavaScript source, ASCII text, with very long lines (1370), with no line terminators
Size
1.4 kB (1360 bytes)
Hash
69763ae9b88851deb0f4aeb9bf1dadd8
f2e9546d91429cd15aeae499294a05b2d3ff14a9
6ebd244d046a25a699cba828f4bc442ba8497b73d8914d089bce110c90c09e24

HTTP Headers

GET /build/runtime.602a9af0.js HTTP/1.1
Host: www.twpornstars.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.twpornstars.com/zooe_moore
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 04 May 2024 01:50:10 GMT
content-type: application/javascript
cache-control: max-age=315360000, public, immutable
etag: W/"65412065-550"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Tue, 31 Oct 2023 15:42:29 GMT
cf-cache-status: DYNAMIC
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bPw%2B%2BnPcXiOhHDqc3ozlAy7wXD%2BJ0lbpgy1saiHpaORb0k9%2FgAJX1M5oG7Xcy6WRpSxFRBSmJRIXtzUisXxoXP7Jlt8seQ2gKt7tXHaGTByUZPcjtF17RKvVlUBQgGZQQftH6IhP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e4d6a379fb6533-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400

cdn.barscreative1.com/sb/au/2f/33/17/2f3317da28d2a6ed09610d2d267aa136/1648542458.html

45.133.44.3

200 OK

3.0 kB

URL GET HTTP/2
cdn.barscreative1.com/sb/au/2f/33/17/2f3317da28d2a6ed09610d2d267aa136/1648542458.html
IP
45.133.44.3:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.twpornstars.com/zooe_moore
Certificate
IssuerLet's Encrypt
Subjectcdn.barscreative1.com
FingerprintF6:54:F4:B9:EB:AD:1E:FA:8F:76:B9:75:20:9B:41:57:32:37:94:E3
ValiditySun, 10 Mar 2024 03:01:32 GMT - Sat, 08 Jun 2024 03:01:31 GMT

File type
HTML document, ASCII text, with very long lines (3229), with no line terminators
Size
3.0 kB (2977 bytes)
Hash
0b579b1f5697d55d3bc0856975d08243
e68a8e8bc08f86086744aba736df40ca7bea6d01
8ac4909eb5c0efc3278c66a43990535925fb271226f96261415df027fe40cb0c

HTTP Headers

GET /sb/au/2f/33/17/2f3317da28d2a6ed09610d2d267aa136/1648542458.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.twpornstars.com
DNT: 1
Connection: keep-alive
Referer: https://www.twpornstars.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 01:50:12 GMT
content-type: text/html; charset=utf-8
server: nginx/1.21.6
last-modified: Tue, 29 Mar 2022 08:27:42 GMT
etag: W/"6242c2fe-ba1"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Sat, 04 May 2024 02:50:12 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2

shawljeans.com/pixel/purst?dl=0&th=0&sc=0&rs=1613&rd=1613&fd=914&bv=24.5.6485&tmpl=70

172.240.108.84

200 OK

0 B

URL GET HTTP/1.1
shawljeans.com/pixel/purst?dl=0&th=0&sc=0&rs=1613&rd=1613&fd=914&bv=24.5.6485&tmpl=70
IP
172.240.108.84:443
ASN
#7979 SERVERS-COM

Requested by
https://www.twpornstars.com/zooe_moore
Certificate
IssuerLet's Encrypt
Subjectshawljeans.com
Fingerprint1F:C5:DC:AD:2A:93:65:5A:75:50:F3:06:0B:16:9E:2D:D8:8C:57:E3
ValidityMon, 29 Apr 2024 12:59:15 GMT - Sun, 28 Jul 2024 12:59:14 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/purst?dl=0&th=0&sc=0&rs=1613&rd=1613&fd=914&bv=24.5.6485&tmpl=70 HTTP/1.1
Host: shawljeans.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.twpornstars.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 01:50:11 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

142.250.74.131

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
142.250.74.131:443
ASN
#15169 GOOGLE

Requested by
https://www.twpornstars.com/zooe_moore
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.twpornstars.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 30 Apr 2024 10:46:32 GMT
expires: Wed, 30 Apr 2025 10:46:32 GMT
cache-control: public, max-age=31536000
age: 313421
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

u3y8v8u4.aucdn.net/library/141372/1bb6f1b8759f0209e6b5a884c60236703d219a84.mp4

185.76.9.21

206 Partial Content

4.7 MB

URL GET HTTP/2
u3y8v8u4.aucdn.net/library/141372/1bb6f1b8759f0209e6b5a884c60236703d219a84.mp4
IP
185.76.9.21:443
ASN
#60068 Datacamp Limited

Requested by
https://www.twpornstars.com/zooe_moore
Certificate
IssuerLet's Encrypt
Subjectafcdn.net
FingerprintCE:9F:A3:7C:BF:E1:80:9C:11:75:38:23:E8:D2:50:1A:E4:48:37:77
ValidityTue, 27 Feb 2024 16:27:12 GMT - Mon, 27 May 2024 16:27:11 GMT

File type

Size
4.7 MB (4653056 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /library/141372/1bb6f1b8759f0209e6b5a884c60236703d219a84.mp4 HTTP/1.1
Host: u3y8v8u4.aucdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://www.twpornstars.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 206 Partial Content
date: Sat, 04 May 2024 01:50:21 GMT
content-type: video/mp4
content-length: 5942913
last-modified: Tue, 16 May 2023 15:35:27 GMT
etag: "6463a2bf-5aae81"
expires: Thu, 16 May 2024 10:01:08 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-cache-op: HIT
server: CDN77-Turbo
x-77-nzt: EQwBuUwJFAH38ezQAQ
x-77-nzt-ray: af5856301f5de4485d943566f4a93e03
x-accel-expires: @1715854060
x-accel-date: 1684318060
x-cache: HIT
x-age: 30469361
x-77-pop: stockholmSE
x-77-cache: HIT
x-77-age: 30469361
content-range: bytes 0-5942912/5942913
X-Firefox-Spdy: h2

static.cloudflareinsights.com/beacon.min.js/vedd3670a3b1c4e178fdfb0cc912d969e1713874337387

104.16.80.73

200 OK

19 kB

URL GET HTTP/2
static.cloudflareinsights.com/beacon.min.js/vedd3670a3b1c4e178fdfb0cc912d969e1713874337387
IP
104.16.80.73:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.twpornstars.com/zooe_moore
Certificate
IssuerGoogle Trust Services LLC
Subjectcloudflareinsights.com
Fingerprint73:92:5A:16:97:55:FC:A5:32:7C:F3:9D:0C:84:EF:F3:2F:AA:B5:00
ValiditySun, 10 Mar 2024 02:33:42 GMT - Sat, 08 Jun 2024 02:33:41 GMT

File type
JavaScript source, ASCII text, with very long lines (19189), with no line terminators
Size
19 kB (19189 bytes)
Hash
4c980ee97cb5c001b4d19e2895fa5603
2c6fe998aa7486c4becd74cf253bdd82666a64c3
d2e817d2c44b9cf45f0e45cfa351abba3203af38f5aa1c8576a2db69ebd15192

HTTP Headers

GET /beacon.min.js/vedd3670a3b1c4e178fdfb0cc912d969e1713874337387 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.twpornstars.com
DNT: 1
Connection: keep-alive
Referer: https://www.twpornstars.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 01:50:10 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/"2024.4.1"
last-modified: Tue, 23 Apr 2024 12:12:17 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e4d6a38c5eb4eb-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

www.twpornstars.com/build/755.1a058989.js

104.21.235.200

200 OK

86 kB

URL GET HTTP/3
www.twpornstars.com/build/755.1a058989.js
IP
104.21.235.200:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.twpornstars.com/zooe_moore
Certificate
IssuerGoogle Trust Services LLC
Subjecttwpornstars.com
FingerprintF5:FB:5D:9F:07:40:28:0F:39:69:15:12:96:70:A2:83:49:CB:41:1C
ValidityWed, 24 Apr 2024 17:05:35 GMT - Tue, 23 Jul 2024 17:05:34 GMT

File type
JavaScript source, ASCII text, with very long lines (65466)
Size
86 kB (85749 bytes)
Hash
affbe8acda8b1e956e8e16a1a2f34456
f922a64aaeba12c3efb26450618ce5e4aa25f2e4
5bdc905dcf38a6798384a3c8089387bca04d5bbcb4ebe79e4ed29dfd46de2d05

HTTP Headers

GET /build/755.1a058989.js HTTP/1.1
Host: www.twpornstars.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.twpornstars.com/zooe_moore
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 04 May 2024 01:50:10 GMT
content-type: application/javascript
cache-control: max-age=315360000, public, immutable
etag: W/"65412065-14ef5"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Tue, 31 Oct 2023 15:42:29 GMT
cf-cache-status: DYNAMIC
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QVFzthaZSjdZrpWewVnPqtLMsgkM3cWJp4GGYVCNmxwTCp6SWfb3naZCRUAMEdLoUwRMmXnfOYjCQy%2BSBW2rduFlP7HMVUFj6VIygxd9KBFEw3czOU5HWjSYXLjPvSHhj9eggaSw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e4d6a379fc6533-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400

www.twpornstars.com/cf-fonts/s/open-sans/5.0.20/latin/700/normal.woff2

104.21.235.200

200 OK

18 kB

URL GET HTTP/3
www.twpornstars.com/cf-fonts/s/open-sans/5.0.20/latin/700/normal.woff2
IP
104.21.235.200:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.twpornstars.com/zooe_moore
Certificate
IssuerGoogle Trust Services LLC
Subjecttwpornstars.com
FingerprintF5:FB:5D:9F:07:40:28:0F:39:69:15:12:96:70:A2:83:49:CB:41:1C
ValidityWed, 24 Apr 2024 17:05:35 GMT - Tue, 23 Jul 2024 17:05:34 GMT

File type
Web Open Font Format (Version 2), TrueType, length 18232, version 1.0
Size
18 kB (18232 bytes)
Hash
7271325623351f3cad9877d4dd9b2bf7
fa3143c5166730aff9832816864cd338d98e0606
023cf8b8a67fe94bcef10d2a02505f939fe00978a20638cc40de1d7842b3521c

HTTP Headers

GET /cf-fonts/s/open-sans/5.0.20/latin/700/normal.woff2 HTTP/1.1
Host: www.twpornstars.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.twpornstars.com/zooe_moore
Cookie: _ga_V4D62Y39MW=GS1.1.1714787410.1.0.1714787410.0.0.0; _ga=GA1.1.557921624.1714787411; a_delay=1714787410776
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 04 May 2024 01:50:10 GMT
content-length: 18232
cf-cache-status: HIT
cache-control: public, max-age=31536000, immutable
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dCLvwctMdbwzs1gB7dZP81qs3ngtlhREeuWyKE9K5qE0Fqzj04C8H4i%2BffOju0I6xezDU7yytdm7vDRH3JrCpqKoNCdgP8ffIIGfT%2FZWi6e54591Zt5%2BLFIGJ6SadyZ%2FGugrdYKW"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e4d6a65bc06533-LHR
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (23)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML