Report - top1pornmovies.sexjanet.com/

Report Overview

Visited public
2023-12-02 14:36:34
Tags
URL
top1pornmovies.sexjanet.com/
Finishing URL
eatcells.com/
IP / ASN
149.56.133.65
#16276 OVH SAS
Title
IO online multiplayer action game. Survive and grow eating other players cells.

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

134

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
maxcdn.bootstrapcdn.com	724	2012-05-25	2014-06-18 02:37:31	2023-12-02 05:09:23	2.2 kB	70 kB	104.18.11.207
cdn.cloudimagesb.com	23099	2020-10-06	2021-02-12 17:15:41	2023-12-02 07:44:55	5.6 kB	885 kB	45.133.44.9
xhamsterlive.com	20594	2015-03-30	2015-10-09 03:55:47	2023-11-28 04:59:09	436 B	592 B	104.18.63.125
lcdn.tsyndicate.com	12634	2017-03-08	2020-03-31 16:26:34	2023-12-01 19:52:58	2.5 kB	112 kB	8.247.217.249
cdn.creative-bars1.com	unknown	2022-11-01	2022-11-15 17:46:22	2023-12-02 12:14:56	22 kB	4.4 MB	172.64.109.10
www.googletagmanager.com	75	2011-11-11	2013-05-22 04:07:37	2023-12-02 07:32:34	1.8 kB	303 kB	142.250.74.168
rotateportion.com	unknown	unknown	No data	No data	3.1 kB	22 kB	192.243.61.227
comedianthirteenth.com	unknown	2022-02-25	2022-02-25 02:39:14	2023-11-19 22:46:24	4.2 kB	128 kB	192.243.61.225
sensualtestresume.com	unknown	unknown	No data	No data	3.1 kB	22 kB	173.233.139.164
pluralpeachy.com	unknown	unknown	No data	No data	3.0 kB	22 kB	173.233.137.60
skiofficerdemote.com	unknown	2023-11-28	2023-11-28 13:03:09	2023-12-01 18:13:41	3.7 kB	12 kB	173.233.139.164
cdn.yourwebbars.com	62037	2020-08-21	2021-01-29 18:47:27	2023-12-01 01:01:13	1.6 kB	5.0 kB	104.26.6.19
explosivegleameddesigner.com	unknown	2023-11-28	2023-11-28 12:48:47	2023-12-01 18:23:00	5.0 kB	12 kB	192.243.59.12
www.icone-png.com	unknown	2013-09-26	2017-01-31 14:45:07	2023-12-01 05:07:28	438 B	44 kB	194.150.236.240
top1pornmovies.sexjanet.com	unknown	unknown	2022-10-27 12:48:24	2023-02-19 15:41:48	14 kB	3.2 MB	51.195.137.224
i.jads.co	46788	2012-05-17	2019-12-04 09:50:06	2023-11-29 11:34:43	14 kB	4.4 MB	205.185.216.42
unfortunatecatch.com	unknown	2023-04-27	2023-04-27 14:06:17	2023-11-30 16:36:05	657 B	605 B	88.85.94.240
cdn.tsyndicate.com	16265	2017-03-08	2017-07-04 08:00:09	2023-12-01 18:41:17	1.4 kB	36 kB	8.247.218.249
pursuitperceptionforest.com	unknown	unknown	No data	No data	3.1 kB	22 kB	173.233.137.36
static-assets.highwebmedia.com	16059	2004-12-03	2021-01-19 22:46:26	2023-12-02 05:02:10	18 kB	2.7 MB	104.16.94.42
confrontbitterly.com	unknown	unknown	No data	No data	452 B	467 B	173.233.137.44
cbjpeg.stream.highwebmedia.com	23619	2004-12-03	2017-04-27 10:00:06	2023-12-01 20:20:11	1.1 kB	50 kB	131.153.81.178
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-12-02 07:24:06	1.6 kB	72 kB	142.250.74.131
static.eabids.com	134136	2021-03-08	2021-03-09 22:16:31	2023-11-20 18:25:20	6.0 kB	774 kB	217.22.19.195
proftrafficcounter.com	unknown	2023-11-16	2023-11-21 09:55:14	2023-12-02 05:19:04	1.0 kB	742 B	18.184.210.76
accommodationcarpetavid.com	unknown	unknown	No data	No data	3.7 kB	12 kB	173.233.139.164
chaturbate.com	6807	2011-02-26	2012-05-23 01:11:36	2023-12-01 13:49:01	5.4 kB	144 kB	104.18.100.40
valuermainly.com	unknown	2023-11-28	2023-11-28 18:29:43	2023-11-28 18:29:43	9.0 kB	39 kB	192.243.61.225
video.ktkjmp.com	23778	2020-08-07	2020-10-02 10:52:19	2023-12-01 18:25:10	454 B	1.0 kB	104.18.48.21
friendshipmale.com	unknown	2022-10-21	2022-10-21 14:15:25	2023-12-01 15:23:59	3.8 kB	314 kB	104.21.234.32
nationhandbook.com	unknown	2023-11-28	2023-11-28 12:44:59	2023-11-28 18:43:51	3.1 kB	22 kB	192.243.59.12
semicolonrichsieve.com	unknown	2023-11-28	2023-11-28 15:29:07	2023-11-28 22:56:45	5.4 kB	40 kB	173.233.137.44
crawledlikely.com	unknown	2023-11-28	2023-11-28 12:59:51	2023-11-30 22:23:08	3.1 kB	22 kB	192.243.61.227
creative.mnaspm.com	unknown	2022-07-05	2023-10-04 13:20:24	2023-12-02 05:33:19	2.1 kB	6.9 kB	104.18.59.150
go.mnaspm.com	unknown	2022-07-05	2023-10-04 13:16:29	2023-12-02 05:31:07	2.7 kB	2.5 kB	104.18.59.150
ocsp.r2m03.amazontrust.com	unknown	2007-05-11	2023-02-21 01:06:24	2023-12-02 10:34:02	350 B	942 B	143.204.53.97
pxl.tsyndicate.com	14763	2017-03-08	2017-07-05 15:51:06	2023-12-02 06:38:16	4.2 kB	712 B	136.243.134.97
biptolyla.com	319457	2022-01-09	2022-01-09 17:03:25	2023-11-27 15:58:47	3.2 kB	3.3 kB	188.72.219.36
impolitefreakish.com	unknown	2023-11-28	2023-11-28 18:29:43	2023-12-01 10:51:17	5.6 kB	13 kB	173.233.139.164
rotundfetch.com	unknown	unknown	No data	No data	4.1 kB	1.7 kB	173.233.137.44
bngpt.com	39180	2020-03-18	2017-02-01 06:03:52	2023-11-26 06:02:04	3.6 kB	5.2 kB	94.199.255.192
wheelstweakautopsy.com	unknown	2023-11-28	2023-11-28 22:56:38	2023-11-30 16:15:47	3.1 kB	22 kB	173.233.137.36
conqueredallrightswell.com	unknown	2023-11-14	2023-11-16 20:49:45	2023-12-02 11:37:48	2.6 kB	4.1 kB	192.243.61.225
realtime.pa.highwebmedia.com	24791	2004-12-03	2021-01-21 23:18:59	2023-12-01 21:48:24	1.3 kB	1.2 kB	143.204.55.28
poweredby.jads.co	30525	2012-05-17	2019-12-04 11:34:12	2023-12-02 04:15:06	21 kB	78 kB	185.94.236.246
tsyndicate.com	13042	2017-03-08	2017-03-16 10:04:54	2023-12-02 08:08:58	6.0 kB	20 kB	136.243.69.157
marbleapplicationsblushing.com	unknown	2023-11-28	2023-11-28 12:38:17	2023-12-01 21:50:59	3.0 kB	22 kB	192.243.59.20
dragnag.com	unknown	2023-11-28	2023-11-28 12:52:23	2023-11-29 05:37:34	3.0 kB	22 kB	192.243.61.225
go.eabids.com	58057	2021-03-08	2021-03-12 15:49:46	2023-11-20 22:56:26	8.7 kB	33 kB	217.22.19.194
divedresign.com	unknown	2023-11-28	2023-11-28 10:19:52	2023-12-02 11:35:45	2.3 kB	1.1 kB	192.243.59.13
eatcells.com	438054	2018-08-16	2018-08-23 02:04:03	2023-12-02 05:16:43	7.2 kB	534 kB	94.130.177.84
ajax.googleapis.com	12905	2005-01-25	2013-08-16 11:51:31	2023-12-02 08:02:56	494 B	31 kB	142.250.74.42
img.strpst.com	12993	2021-05-31	2021-06-03 10:45:56	2023-12-01 10:33:33	1.4 kB	26 kB	104.18.63.132
i.bngprm.com	unknown	2022-11-07	2022-11-11 00:27:29	2023-12-02 03:19:47	1.4 kB	376 kB	64.210.135.149
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-12-02 07:17:09	1.0 kB	3.7 kB	142.250.74.106
distancemedicalchristian.com	unknown	unknown	No data	No data	4.1 kB	1.7 kB	173.233.139.164
go.xlivrdr.com	unknown	2021-06-22	2021-07-02 12:51:24	2023-12-02 05:02:59	3.0 kB	7.9 kB	104.18.51.106
ocsp.usertrust.com	899	1997-12-05	2012-05-21 17:43:18	2023-12-02 05:10:22	684 B	2.0 kB	172.64.149.23

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-12-02	medium	marbleapplicationsblushing.com	Sinkholed
2023-12-02	medium	nationhandbook.com	Sinkholed
2023-12-02	medium	semicolonrichsieve.com	Sinkholed
2023-12-02	medium	marbleapplicationsblushing.com	Sinkholed
2023-12-02	medium	semicolonrichsieve.com	Sinkholed
2023-12-02	medium	nationhandbook.com	Sinkholed
2023-12-02	medium	rotateportion.com	Sinkholed
2023-12-02	medium	marbleapplicationsblushing.com	Sinkholed
2023-12-02	medium	rotateportion.com	Sinkholed
2023-12-02	medium	nationhandbook.com	Sinkholed
2023-12-02	medium	skiofficerdemote.com	Sinkholed
2023-12-02	medium	pursuitperceptionforest.com	Sinkholed
2023-12-02	medium	rotateportion.com	Sinkholed
2023-12-02	medium	crawledlikely.com	Sinkholed
2023-12-02	medium	pursuitperceptionforest.com	Sinkholed
2023-12-02	medium	crawledlikely.com	Sinkholed
2023-12-02	medium	accommodationcarpetavid.com	Sinkholed
2023-12-02	medium	skiofficerdemote.com	Sinkholed
2023-12-02	medium	wheelstweakautopsy.com	Sinkholed
2023-12-02	medium	pursuitperceptionforest.com	Sinkholed
2023-12-02	medium	wheelstweakautopsy.com	Sinkholed
2023-12-02	medium	valuermainly.com	Sinkholed
2023-12-02	medium	accommodationcarpetavid.com	Sinkholed
2023-12-02	medium	crawledlikely.com	Sinkholed
2023-12-02	medium	skiofficerdemote.com	Sinkholed
2023-12-02	medium	wheelstweakautopsy.com	Sinkholed
2023-12-02	medium	valuermainly.com	Sinkholed
2023-12-02	medium	pluralpeachy.com	Sinkholed
2023-12-02	medium	dragnag.com	Sinkholed
2023-12-02	medium	pluralpeachy.com	Sinkholed
2023-12-02	medium	accommodationcarpetavid.com	Sinkholed
2023-12-02	medium	dragnag.com	Sinkholed
2023-12-02	medium	valuermainly.com	Sinkholed
2023-12-02	medium	impolitefreakish.com	Sinkholed
2023-12-02	medium	explosivegleameddesigner.com	Sinkholed
2023-12-02	medium	valuermainly.com	Sinkholed
2023-12-02	medium	pluralpeachy.com	Sinkholed
2023-12-02	medium	impolitefreakish.com	Sinkholed
2023-12-02	medium	dragnag.com	Sinkholed
2023-12-02	medium	valuermainly.com	Sinkholed
2023-12-02	medium	explosivegleameddesigner.com	Sinkholed
2023-12-02	medium	divedresign.com	Sinkholed
2023-12-02	medium	sensualtestresume.com	Sinkholed
2023-12-02	medium	explosivegleameddesigner.com	Sinkholed
2023-12-02	medium	valuermainly.com	Sinkholed
2023-12-02	medium	sensualtestresume.com	Sinkholed
2023-12-02	medium	semicolonrichsieve.com	Sinkholed
2023-12-02	medium	impolitefreakish.com	Sinkholed
2023-12-02	medium	semicolonrichsieve.com	Sinkholed
2023-12-02	medium	valuermainly.com	Sinkholed
2023-12-02	medium	sensualtestresume.com	Sinkholed
2023-12-02	medium	semicolonrichsieve.com	Sinkholed
2023-12-02	medium	explosivegleameddesigner.com	Sinkholed
2023-12-02	medium	rotundfetch.com	Sinkholed
2023-12-02	medium	impolitefreakish.com	Sinkholed
2023-12-02	medium	accommodationcarpetavid.com	Sinkholed
2023-12-02	medium	impolitefreakish.com	Sinkholed
2023-12-02	medium	confrontbitterly.com	Sinkholed
2023-12-02	medium	skiofficerdemote.com	Sinkholed
2023-12-02	medium	divedresign.com	Sinkholed
2023-12-02	medium	rotundfetch.com	Sinkholed
2023-12-02	medium	distancemedicalchristian.com	Sinkholed
2023-12-02	medium	rotundfetch.com	Sinkholed
2023-12-02	medium	distancemedicalchristian.com	Sinkholed
2023-12-02	medium	distancemedicalchristian.com	Sinkholed
2023-12-02	medium	conqueredallrightswell.com	Sinkholed
2023-12-02	medium	conqueredallrightswell.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (22)

	URL	From	Size	First Seen	Last Seen
	www.googletagmanager.com/gtag/js?id=UA-136886237-1	ScriptElement	191 kB	2023-12-02	2023-12-02
Pretty URL www.googletagmanager.com/gtag/js?id=UA-136886237-1 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-02 15:36 Last Seen2023-12-02 15:36 Times Seen1 Hash f7f2439f49b914ddeef8526b19a9678b fefd4d707498363c863a7b52773438312ec6ee93 b4d9a53f22fd76b19780724a4e10b10224d33979012ad68abadc73d4635c835c Loading...

	eatcells.com/assets/js/new_main_out4.js?3512341123	ScriptElement	66 kB	2023-03-13	2025-03-14
Pretty URL eatcells.com/assets/js/new_main_out4.js?3512341123 IP 94.130.177.84 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 10:24 Last Seen2025-03-14 02:28 Times Seen371 Hash a09324e4f90b9d6437ded27984bfd1c9 654f526654aa638af0c7cfb378139b8bc0e9b25c 3fe37eefb8e3c4306bb7614aa524baba49a90960a7598053fee3f1d14af05fc7 Loading...

	eatcells.com/assets/js/new_quadtree.js	ScriptElement	3.6 kB	2023-03-13	2025-03-14
Pretty URL eatcells.com/assets/js/new_quadtree.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 10:24 Last Seen2025-03-14 02:28 Times Seen371 Hash 97535307fed0d8618244e4d8c19ee53f a58c1a5deed12f5c7898262e74c380377cdd95ba 51faf127356027d068fa984e84e4fe2dcbe3d748f73fc3fb7944310c08b8187e Loading...

		Size	First Seen	Last Seen
	#1 Eval - f32eeabb8e48be645803296426a0d2da	2.1 kB	2024-08-20 17:03	2024-08-20 17:03
Pretty Observations First Seen2024-08-20 17:03 Last Seen2024-08-20 17:03 Times Seen1 Hash f32eeabb8e48be645803296426a0d2da 32b41f3060e46cb4afb4c403177c2644cc4bab74 fa6e2c8021f2c314aebaa17609b06c16bdf25691532ac11bee81b86f34237b7a Loading...

	#2 Eval - db21d416c695bd459b7206da5ffc262e	2.1 kB	2024-08-20 17:03	2024-08-20 17:03
Pretty Observations First Seen2024-08-20 17:03 Last Seen2024-08-20 17:03 Times Seen1 Hash db21d416c695bd459b7206da5ffc262e d6bb4529e11e8cefe76dd1928e4e89add2af3332 8c3275ed137003ec7cd74685f847755ca7e8502184fe76e9f3f4c6b9f84808b7 Loading...

	#3 Eval - 6b4d1188fd7948bf8bc54cebc09321f1	2.1 kB	2024-08-20 17:03	2024-08-20 17:03
Pretty Observations First Seen2024-08-20 17:03 Last Seen2024-08-20 17:03 Times Seen1 Hash 6b4d1188fd7948bf8bc54cebc09321f1 8c5ea17f42df1935fd289d82a0881bbafb269f76 a54665eb2ddb2cb13314dba17f6fb930b99ba93f478c4586a1203603b4dc6c14 Loading...

	#4 Eval - d41d8cd98f00b204e9800998ecf8427e	0 B	0001-01-01 00:00	2025-05-11 19:19
Pretty Observations First Seen0001-01-01 00:00 Last Seen2025-05-11 19:19 Times Seen4656747 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	#5 Eval - 1e56c6bf2e56045b78d294e37735921b	2.1 kB	2024-08-20 17:03	2024-08-20 17:03
Pretty Observations First Seen2024-08-20 17:03 Last Seen2024-08-20 17:03 Times Seen1 Hash 1e56c6bf2e56045b78d294e37735921b 7c85f7d246d2e5feac8f100f66a81216e1f903d0 e71a2c0dbcae47c3df86d1d27369cd8be138f313f784af74d8319dccebea81de Loading...

	#6 Eval - f2b2e4d2b4587500181c5621412b01cf	2.1 kB	2024-08-20 17:03	2024-08-20 17:03
Pretty Observations First Seen2024-08-20 17:03 Last Seen2024-08-20 17:03 Times Seen1 Hash f2b2e4d2b4587500181c5621412b01cf 011152fbfc161c47314f8cdcbef60d1fbe13e10c b46eecffc447fe9d1e78f33434a2a8ccf12d0afa737fac15eb4c8fa71d30a071 Loading...

	#7 Eval - 5dc92eca69ae9044c19cb6789e3582b7	2.1 kB	2024-08-20 17:03	2024-08-20 17:03
Pretty Observations First Seen2024-08-20 17:03 Last Seen2024-08-20 17:03 Times Seen1 Hash 5dc92eca69ae9044c19cb6789e3582b7 31dcae60e297bd7b4d698eaa2d1f1db3ab0faf2e d704d54dcc1f12f71166e6c164ab22cdca3f08526d0a4d0ee90237279bc18963 Loading...

	#8 Eval - 127ac839a41bdd9ab92ad47b7411cdaf	29 B	2023-03-08 14:23	2025-05-06 08:36
Pretty Observations First Seen2023-03-08 14:23 Last Seen2025-05-06 08:36 Times Seen675 Hash 127ac839a41bdd9ab92ad47b7411cdaf c2f81b12778c909f055c3967caa638b643c4916a b2ebc210c5c379879d07a4a9e046a4ea803d56dcc91d533db817ec272cbcfaf4 Loading...

	#9 Eval - 3ff40593af6c0d12755fb43af3ed1aac	2.1 kB	2024-08-20 17:03	2024-08-20 17:03
Pretty Observations First Seen2024-08-20 17:03 Last Seen2024-08-20 17:03 Times Seen1 Hash 3ff40593af6c0d12755fb43af3ed1aac 8cd8f4a35cb01e81d4b92c264ba9f1e521e172e2 325678fcea40b7be8c54f80ff6d432f48cd6daed5ad1f5209c80eba176030920 Loading...

	#10 Eval - 32a5971df6119767d38dd5e26da60ffc	2.1 kB	2024-08-20 17:03	2024-08-20 17:03
Pretty Observations First Seen2024-08-20 17:03 Last Seen2024-08-20 17:03 Times Seen1 Hash 32a5971df6119767d38dd5e26da60ffc 9d9d351656843e34485745c88a3e5f6e09eae0db add8753c82c90b8cd666419a51ae4aadb7db47cc7249788599ca879a43a958da Loading...

	#11 Eval - 82e2e5e3f285b8305e18537f66123565	2.1 kB	2024-08-20 17:03	2024-08-20 17:03
Pretty Observations First Seen2024-08-20 17:03 Last Seen2024-08-20 17:03 Times Seen1 Hash 82e2e5e3f285b8305e18537f66123565 969e79a1a7dc0e07e5cd5289b86846e4ceee628c 8bdb2e9d8d22d7db464b2be307144935de97ec94996f5d900132c66dadca3d99 Loading...

	#12 Eval - 4f27f4693f2d4755c7822ffde0f1895d	2.2 kB	2024-08-20 17:03	2024-08-20 17:03
Pretty Observations First Seen2024-08-20 17:03 Last Seen2024-08-20 17:03 Times Seen1 Hash 4f27f4693f2d4755c7822ffde0f1895d 37da2af99ad632c1871f45b8ca473c987a7e842e 8d4e32115214389a0ea24a09b09bf34d28cd02b09388e6afac1aeaaabf29c0a3 Loading...

	#13 Eval - ccad8e32619f346e47dd50e66a948ff9	471 B	2023-12-02 15:36	2024-08-20 17:03
Pretty Observations First Seen2023-12-02 15:36 Last Seen2024-08-20 17:03 Times Seen6 Hash ccad8e32619f346e47dd50e66a948ff9 9610fc6f044b2b6461f03d165fde579cf2047308 20b9e36fccc08cc3bf2b4f943b8d6949ef14be4003b37c78f865e6ee1ccb9ce6 Loading...

	#14 Eval - c5341175c9055d2d7a36b0005df915c2	2.1 kB	2024-08-20 17:03	2024-08-20 17:03
Pretty Observations First Seen2024-08-20 17:03 Last Seen2024-08-20 17:03 Times Seen1 Hash c5341175c9055d2d7a36b0005df915c2 0b85660a49b01673e7a2084e90eed5b667816320 b574f6295385a08c7d76d26ef684a6ffc49e3dbf9fcf0ab6b7171d36be32a45d Loading...

	#15 Eval - c37f93bf2d705d3b99779482283039a6	2.1 kB	2024-08-20 17:03	2024-08-20 17:03
Pretty Observations First Seen2024-08-20 17:03 Last Seen2024-08-20 17:03 Times Seen1 Hash c37f93bf2d705d3b99779482283039a6 ab0d1ea23802e0759c7bd62891581d8f81eaf056 c60b2be09f7237b53b5e41530fc925ba20f3efdd66821b1015750a117a3dae6e Loading...

		Size	First Seen	Last Seen
	#1 Write - 7b5349bcac6022de93eae60b5604a7d3	119 B	2023-03-10 15:57	2024-10-20 08:28
Pretty Observations First Seen2023-03-10 15:57 Last Seen2024-10-20 08:28 Times Seen23 Hash 7b5349bcac6022de93eae60b5604a7d3 efaad82fb4a51d4ad7c657523c550ce06de52775 809801c5b749965720a9e10538e6eff769c0ec562807b5f87777d2d2d6212cfd Loading...

	#2 Write - 83c2dbb80a3461e3541e1541f4cca280	119 B	2023-03-09 13:01	2025-05-10 13:26
Pretty Observations First Seen2023-03-09 13:01 Last Seen2025-05-10 13:26 Times Seen153 Hash 83c2dbb80a3461e3541e1541f4cca280 06e6889dc4b59de8f5c49e7efee81f5a0bb65342 f0269fac99f83c88e6e872a4fde2b8c5ae918927d3a3da14ce60b58217b17ac3 Loading...

	#3 Write - 5661c36c40ddd9bcb7d9f7c3e0a5a958	119 B	2023-03-09 13:01	2025-03-18 10:28
Pretty Observations First Seen2023-03-09 13:01 Last Seen2025-03-18 10:28 Times Seen118 Hash 5661c36c40ddd9bcb7d9f7c3e0a5a958 48847368cfa687b113c903c8708a240024ffc78a d4e271f871e14934b7fa5d00ecdbd9efc0b4307aee2e8cfb388e7fb6e8aed4b1 Loading...

	#4 Write - f19cabe2082bbf34f6bd981973ad2b14	119 B	2023-03-09 13:01	2025-05-10 13:26
Pretty Observations First Seen2023-03-09 13:01 Last Seen2025-05-10 13:26 Times Seen115 Hash f19cabe2082bbf34f6bd981973ad2b14 7be76d136d74f0e167e8f2d18a1193fcb402a4e4 1c3016570b3f6ae04938fb53e0e158f55630662129f885e48ef872c6db5837f5 Loading...

HTTP Transactions (424)

URL IP Response Size

cdn.tsyndicate.com/sdk/v1/n.js

8.247.218.249

9.8 kB

URL
cdn.tsyndicate.com/sdk/v1/n.js
IP
8.247.218.249:0
ASN
#3356 LEVEL3

File type
ASCII text, with very long lines (25684)
Size
9.8 kB (9826 bytes)
Hash
aa836b5449ae803e0c786d31fcc44bc3
2721de555fafdc89c19be5acb28e499ed87c64ee
2bd40e9dedf191a3a5fd344c7ed519e397a7de0959c4011c32db6a90144bd4a2

HTTP Headers

GET /sdk/v1/n.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 01 Dec 2023 11:18:34 GMT
Content-Type: application/javascript
Content-Length: 9826
Connection: keep-alive
Server: nginx
Last-Modified: Fri, 01 Dec 2023 11:12:01 GMT
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"6569bf81-64a2"
Content-Encoding: gzip
Age: 98258
Accept-Ranges: bytes

cdn.tsyndicate.com/sdk/v1/bi.js

8.247.218.249

3.1 kB

URL
cdn.tsyndicate.com/sdk/v1/bi.js
IP
8.247.218.249:0
ASN
#3356 LEVEL3

File type
C source, ASCII text, with very long lines (7708)
Size
3.1 kB (3084 bytes)
Hash
132db549c9f97232cccb62af9f2156b9
27a33f324e81bb08d48875a20ef18d1f22d90af9
566f0492535dba4934209ea2b08a9ee357f4c7febf4defc717e0cb1d789bb0e5

HTTP Headers

GET /sdk/v1/bi.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 05 Oct 2023 12:40:37 GMT
Content-Type: application/javascript
Content-Length: 3084
Connection: keep-alive
Server: nginx
Last-Modified: Mon, 02 Oct 2023 10:01:05 GMT
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"651a94e1-1e65"
Content-Encoding: gzip
Age: 5018135
Accept-Ranges: bytes

ajax.googleapis.com/ajax/libs/jquery/2.1.4/jquery.min.js

142.250.74.42

30 kB

URL
ajax.googleapis.com/ajax/libs/jquery/2.1.4/jquery.min.js
IP
142.250.74.42:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (32025)
Size
30 kB (29725 bytes)
Hash
4a356126b9573eb7bd1e9a7494737410
8258d046f17dd3c15a5d3984e1868b7b5d1db329
22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5

HTTP Headers

GET /ajax/libs/jquery/2.1.4/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://top1pornmovies.sexjanet.com
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 29725
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 04:48:28 GMT
expires: Fri, 29 Nov 2024 04:48:28 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 208065
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

poweredby.jads.co/js/jads.js

185.94.236.246

178 B

URL
poweredby.jads.co/js/jads.js
IP
185.94.236.246:0
ASN
#42567 Mojohost B.v.

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
178 B (178 bytes)
Hash
cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d

HTTP Headers

GET /js/jads.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 02 Dec 2023 14:36:13 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: jads2.js

www.googletagmanager.com/gtag/js?id=UA-98275526-8

142.250.74.168

69 kB

URL
www.googletagmanager.com/gtag/js?id=UA-98275526-8
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (4179)
Size
69 kB (69025 bytes)
Hash
a510a5d15e69b09e4a01ceebdc102743
ff9f9fb3061904060e1a514a274c9e43e71fc382
041849bd16d317497eaf9dc293dac38614bc6f20d207d7aef23c8c8a70fed406

HTTP Headers

GET /gtag/js?id=UA-98275526-8 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 02 Dec 2023 14:36:13 GMT
expires: Sat, 02 Dec 2023 14:36:13 GMT
cache-control: private, max-age=900
last-modified: Sat, 02 Dec 2023 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 69025
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

top1pornmovies.sexjanet.com/s3/ad_oct20/0038.gif

51.195.137.224

83 kB

URL
top1pornmovies.sexjanet.com/s3/ad_oct20/0038.gif
IP
51.195.137.224:0
ASN
#16276 OVH SAS

File type
GIF image data, version 89a, 200 x 200\012- data
Size
83 kB (83256 bytes)
Hash
f1deddbc106cda34bbbaefe87a724374
2cfc8d996c0b811efaa60593bcedf01ef985a97d
5603f17e3d5a7ed0a1bdc46f93b9adf7ca4df26ba98fe5b5c9a6aa8d230b4d40

HTTP Headers

GET /s3/ad_oct20/0038.gif HTTP/1.1
Host: top1pornmovies.sexjanet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:13 GMT
Content-Type: image/gif
Content-Length: 83256
Connection: keep-alive
ratelimit-reset: 1
x-ratelimit-remaining-second: 241
x-ratelimit-limit-second: 250
ratelimit-limit: 250
ratelimit-remaining: 241
last-modified: Sun, 24 Sep 2023 12:58:30 GMT
x-rgw-object-type: Normal
etag: "f1deddbc106cda34bbbaefe87a724374"
x-proxy-cache: MISS
access-control-allow-origin: *
strict-transport-security: max-age=16000000; includeSubDomains; preload;
X-Cache: HIT
CF-Cache-Status: MISS
Vary: Accept-Encoding
CF-RAY: 82f3f6c3eca2653b-LHR
alt-svc: h3=":443"; ma=86400
X-Cache-Status: HIT
Cache-Control: max-age=14400, max-age=31536000
Accept-Ranges: bytes

cdn.tsyndicate.com/sdk/v1/n.v2.css

8.247.218.249

19 kB

URL
cdn.tsyndicate.com/sdk/v1/n.v2.css
IP
8.247.218.249:0
ASN
#3356 LEVEL3

File type
ASCII text, with very long lines (18851), with no line terminators
Size
19 kB (18851 bytes)
Hash
0413bcd2cf1b94ac7073acdc3e970189
bc3d6a81f224f61efdcea95f011b5e94dd2293a7
fe2a9355c46b40f92d6bf04355b97872297ba28f353c6086e8c83014e5052e8b

HTTP Headers

GET /sdk/v1/n.v2.css HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 01 Dec 2023 11:18:32 GMT
Content-Type: text/css
Content-Length: 18851
Connection: keep-alive
Server: nginx
Last-Modified: Fri, 01 Dec 2023 11:00:30 GMT
ETag: "6569bcce-49a3"
X-Robots-Tag: noindex, nofollow
Age: 98261
Accept-Ranges: bytes

top1pornmovies.sexjanet.com/viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b534b55565c4b5356525c5c5d545c4b5356525c5c5d545c3b5454553b02015d534a0e1403

51.195.137.224

97 kB

URL
top1pornmovies.sexjanet.com/viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b534b55565c4b5356525c5c5d545c4b5356525c5c5d545c3b5454553b02015d534a0e1403
IP
51.195.137.224:0
ASN
#16276 OVH SAS

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v70), quality = 90", baseline, precision 8, 854x1280, components 3\012- data
Size
97 kB (97208 bytes)
Hash
bc01ee1d75f51c4eee20392942c5f05f
795835ae1118345743fa8ccc558a87f3b862da4d
fbd36b318d8bda542970407e1e9c190cd39669ad3d82ca5b4ab7491084344e3c

HTTP Headers

GET /viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b534b55565c4b5356525c5c5d545c4b5356525c5c5d545c3b5454553b02015d534a0e1403 HTTP/1.1
Host: top1pornmovies.sexjanet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx
Date: Sat, 02 Dec 2023 14:36:13 GMT
Content-Length: 97208
Connection: keep-alive
Cache-Control: max-age=31418383

top1pornmovies.sexjanet.com/s3/ad_tube/p1114.jpg

51.195.137.224

23 kB

URL
top1pornmovies.sexjanet.com/s3/ad_tube/p1114.jpg
IP
51.195.137.224:0
ASN
#16276 OVH SAS

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 320x211, components 3\012- data
Size
23 kB (22688 bytes)
Hash
4892d252050f36e432526833bdb4393b
39e1715da8fb535675c92ade5b30204a5ddca5b9
cd7ce051f89e7b7c5c9933e01fe3c1a959494b56960ecb23b63839438b1ad61b

HTTP Headers

GET /s3/ad_tube/p1114.jpg HTTP/1.1
Host: top1pornmovies.sexjanet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:13 GMT
Content-Type: image/jpeg
Content-Length: 22688
Connection: keep-alive
ratelimit-reset: 1
x-ratelimit-remaining-second: 249
x-ratelimit-limit-second: 250
ratelimit-limit: 250
ratelimit-remaining: 249
last-modified: Sun, 24 Sep 2023 13:29:59 GMT
x-rgw-object-type: Normal
etag: "4892d252050f36e432526833bdb4393b"
x-proxy-cache: MISS
access-control-allow-origin: *
strict-transport-security: max-age=16000000; includeSubDomains; preload;
X-Cache: HIT
CF-Cache-Status: MISS
Vary: Accept-Encoding
CF-RAY: 82f44d062b4163ce-LHR
alt-svc: h2=":443"; ma=60
X-Cache-Status: MISS
Cache-Control: max-age=14400, max-age=31536000
Accept-Ranges: bytes

maxcdn.bootstrapcdn.com/bootswatch/3.3.7/fonts/glyphicons-halflings-regular.woff2

104.18.11.207

18 kB

URL
maxcdn.bootstrapcdn.com/bootswatch/3.3.7/fonts/glyphicons-halflings-regular.woff2
IP
104.18.11.207:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format (Version 2), TrueType, length 18028, version 1.589\012- data
Size
18 kB (18028 bytes)
Hash
448c34a56d699c29117adc64c43affeb
ca35b697d99cae4d1b60f2d60fcd37771987eb07
fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c

HTTP Headers

GET /bootswatch/3.3.7/fonts/glyphicons-halflings-regular.woff2 HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://top1pornmovies.sexjanet.com
DNT: 1
Connection: keep-alive
Referer: https://maxcdn.bootstrapcdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:13 GMT
content-type: font/woff2
content-length: 18028
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: "448c34a56d699c29117adc64c43affeb"
last-modified: Mon, 25 Jan 2021 22:04:28 GMT
cdn-cachedat: 10/31/2023 18:59:01
cdn-proxyver: 1.04
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 1049
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 26bbe149dba3e436e5837870d939e2b3
cdn-cache: HIT
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 82f44d06fff15687-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

top1pornmovies.sexjanet.com/s3/ad_tube/b188.jpg

51.195.137.224

39 kB

URL
top1pornmovies.sexjanet.com/s3/ad_tube/b188.jpg
IP
51.195.137.224:0
ASN
#16276 OVH SAS

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 320x357, components 3\012- data
Size
39 kB (39272 bytes)
Hash
a1c08f967b5759b785713eaa3bfff62d
36aa5887a34e09e4c36494c28b3d56fed934da1f
01519aedc53c89e9ea6493285cd147a32e53a3a9cace9efab2d621dc581ac0a9

HTTP Headers

GET /s3/ad_tube/b188.jpg HTTP/1.1
Host: top1pornmovies.sexjanet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:13 GMT
Content-Type: image/jpeg
Content-Length: 39272
Connection: keep-alive
ratelimit-limit: 250
ratelimit-remaining: 247
ratelimit-reset: 1
x-ratelimit-remaining-second: 247
x-ratelimit-limit-second: 250
last-modified: Sun, 24 Sep 2023 13:29:27 GMT
x-rgw-object-type: Normal
etag: "a1c08f967b5759b785713eaa3bfff62d"
x-proxy-cache: MISS
access-control-allow-origin: *
strict-transport-security: max-age=16000000; includeSubDomains; preload;
X-Cache: HIT
CF-Cache-Status: MISS
Vary: Accept-Encoding
CF-RAY: 82f44d063cafdcdf-LHR
alt-svc: h2=":443"; ma=60
X-Cache-Status: MISS
Cache-Control: max-age=14400, max-age=31536000
Accept-Ranges: bytes

top1pornmovies.sexjanet.com/viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b534b50505c4b51565551555557504b51565551555557503b5454573b5d0055544a0e1403

51.195.137.224

336 kB

URL
top1pornmovies.sexjanet.com/viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b534b50505c4b51565551555557504b51565551555557503b5454573b5d0055544a0e1403
IP
51.195.137.224:0
ASN
#16276 OVH SAS

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=16, height=4288, bps=0, PhotometricIntepretation=RGB, manufacturer=NIKON CORPORATION, model=NIKON D300S, orientation=upper-left, width=2848], baseline, precision 8, 850x1280, components 3\012- data
Size
336 kB (335861 bytes)
Hash
3030289ee5f93a400cb5487b0a16ecbd
365311df223dd29bc9a5545efb9a2ff4fbfa5496
06672d4f1c1c8fb1590976a7384ed1d2494293b37146f681be591385c23932fa

HTTP Headers

GET /viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b534b50505c4b51565551555557504b51565551555557503b5454573b5d0055544a0e1403 HTTP/1.1
Host: top1pornmovies.sexjanet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx
Date: Sat, 02 Dec 2023 14:36:13 GMT
Content-Length: 335861
Connection: keep-alive
Cache-Control: max-age=31418383

top1pornmovies.sexjanet.com/viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b514b50544b5750575c555455574b5750575c555455573b5454553b54535c504a0e1403

51.195.137.224

127 kB

URL
top1pornmovies.sexjanet.com/viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b514b50544b5750575c555455574b5750575c555455573b5454553b54535c504a0e1403
IP
51.195.137.224:0
ASN
#16276 OVH SAS

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 180x180, segment length 16, baseline, precision 8, 683x1024, components 3\012- data
Size
127 kB (126848 bytes)
Hash
641affc4a5da8b2b78a3a9eadaefce5c
c4e1ddf273b4e4ee4fa2eec9d4eaa95406f56e9b
0a94fa621027e14bb2fc6c588f78c8722a8d37472cb044e628cd22bd646a36e8

HTTP Headers

GET /viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b514b50544b5750575c555455574b5750575c555455573b5454553b54535c504a0e1403 HTTP/1.1
Host: top1pornmovies.sexjanet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx
Date: Sat, 02 Dec 2023 14:36:13 GMT
Content-Length: 126848
Connection: keep-alive
Cache-Control: max-age=31418383

top1pornmovies.sexjanet.com/s3/ad_tube/p112.jpg

51.195.137.224

58 kB

URL
top1pornmovies.sexjanet.com/s3/ad_tube/p112.jpg
IP
51.195.137.224:0
ASN
#16276 OVH SAS

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 320x426, components 3\012- data
Size
58 kB (57926 bytes)
Hash
73282dd85e5995d3ca3b9886235f5bee
a065620f46f4158f03d1223cc500c0f0cb1f3097
27abad677cc443644010eb331654dc4c2b133fb9708f2e579879e3175afc4c7c

HTTP Headers

GET /s3/ad_tube/p112.jpg HTTP/1.1
Host: top1pornmovies.sexjanet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:13 GMT
Content-Type: image/jpeg
Content-Length: 57926
Connection: keep-alive
ratelimit-limit: 250
ratelimit-remaining: 248
ratelimit-reset: 1
x-ratelimit-remaining-second: 248
x-ratelimit-limit-second: 250
last-modified: Sun, 24 Sep 2023 13:30:01 GMT
x-rgw-object-type: Normal
etag: "73282dd85e5995d3ca3b9886235f5bee"
x-proxy-cache: MISS
access-control-allow-origin: *
strict-transport-security: max-age=16000000; includeSubDomains; preload;
X-Cache: HIT
CF-Cache-Status: MISS
Vary: Accept-Encoding
CF-RAY: 82f44d06685788bc-LHR
alt-svc: h2=":443"; ma=60
X-Cache-Status: MISS
Cache-Control: max-age=14400, max-age=31536000
Accept-Ranges: bytes

go.eabids.com/banner.go?spaceid=5205655&keywords=&maincat=

217.22.19.194

1.3 kB

URL
go.eabids.com/banner.go?spaceid=5205655&keywords=&maincat=
IP
217.22.19.194:0
ASN
#42567 Mojohost B.v.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1290), with no line terminators
Size
1.3 kB (1290 bytes)
Hash
8c3db732492608844b1d3eb13dcef116
510616314dd62eb9dabdf0611009d5e769716722
1b70432a7ddab93609dbc4a059818db00e51f729fc1b507c1758958fdcdc871d

HTTP Headers

GET /banner.go?spaceid=5205655&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:13 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 1290
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Janon, 02 12 2023 14:36:13 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
Accept-Ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
X-Backend-Server: nl2-web-201

top1pornmovies.sexjanet.com/s3/ad_amt1_h_01/2155.jpg

51.195.137.224

31 kB

URL
top1pornmovies.sexjanet.com/s3/ad_amt1_h_01/2155.jpg
IP
51.195.137.224:0
ASN
#16276 OVH SAS

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 706x80, components 3\012- data
Size
31 kB (31228 bytes)
Hash
9b5191e4ecec625fd114ddf53a783598
f7400fb5735360e3463fc7a25c34fa5ffe544351
7c6c6d28fb2dd69548728bc25fe41e07e2b726f870a27d88b12bfa2667137c99

HTTP Headers

GET /s3/ad_amt1_h_01/2155.jpg HTTP/1.1
Host: top1pornmovies.sexjanet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:13 GMT
Content-Type: image/jpeg
Content-Length: 31228
Connection: keep-alive
ratelimit-limit: 250
ratelimit-remaining: 249
ratelimit-reset: 1
x-ratelimit-remaining-second: 249
x-ratelimit-limit-second: 250
last-modified: Sun, 24 Sep 2023 12:42:16 GMT
x-rgw-object-type: Normal
etag: "9b5191e4ecec625fd114ddf53a783598"
x-proxy-cache: MISS
access-control-allow-origin: *
strict-transport-security: max-age=16000000; includeSubDomains; preload;
X-Cache: HIT
CF-Cache-Status: MISS
Vary: Accept-Encoding
CF-RAY: 82f44d0718aa7792-LHR
alt-svc: h2=":443"; ma=60
X-Cache-Status: MISS
Cache-Control: max-age=14400, max-age=31536000
Accept-Ranges: bytes

top1pornmovies.sexjanet.com/loadeactrl?pid=41442&siteid=54790&spaceid=5141679

51.195.137.224

44 kB

URL
top1pornmovies.sexjanet.com/loadeactrl?pid=41442&siteid=54790&spaceid=5141679
IP
51.195.137.224:0
ASN
#16276 OVH SAS

File type
ASCII text, with very long lines (65536), with no line terminators
Size
44 kB (44147 bytes)
Hash
6413650f2311f700cc35787d4a34e6cc
872986832c048e278ee85d5d2a83ce161a80b2bf
67f20a82df22e13332c5b28cb1ba4c96dababe9d16be49f8f009d650e2d1f846

HTTP Headers

GET /loadeactrl?pid=41442&siteid=54790&spaceid=5141679 HTTP/1.1
Host: top1pornmovies.sexjanet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:13 GMT
Content-Type: application/javascript
Content-Length: 44147
Connection: keep-alive
Content-Encoding: gzip
Accept-Ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, GET, OPTIONS
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token,X-CSRFToken, Authorization
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Janon, 02 12 2023 14:36:13 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
X-Backend-Server: nl2-web-200

go.eabids.com/banner.go?spaceid=7648658&maincat=

217.22.19.194

1.3 kB

URL
go.eabids.com/banner.go?spaceid=7648658&maincat=
IP
217.22.19.194:0
ASN
#42567 Mojohost B.v.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1274), with no line terminators
Size
1.3 kB (1274 bytes)
Hash
492fb19fc71cb44212a17c1bab575b8b
19296182db641c9911377bfe7979cb605493dd8e
96fe58463d359ca9b6929cbbc06fdc5d0823715d29ffa99bd5fe6a04645888fc

HTTP Headers

GET /banner.go?spaceid=7648658&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:13 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 1274
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Janon, 02 12 2023 14:36:13 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
Accept-Ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
X-Backend-Server: nl2-web-201

tsyndicate.com/do2/8a1ffdf0e9574128855cae5f18a9abdb/dynamic?format=jsonp&extid={extid}&count=4&w=1280&h=1024&keywords=dating%2Cporn%20galleries%2Cporn%20pictures%2Cerotic%2Csex%2Cbdsm%2Csex%20galleries%2CFree%20Porn%20Tube%20Sites%20interacial%2Cblossom%2Cgalliers%2Cfucks%2Cfree%2Colder%2Clane%2Ctaboo%2Cperky%2Cmouth%2Cwhile%2Ceuropean%2Ckidde%2Cparis%2Cdrama%2Cimages%2Ctwat%2Cadmires%2Cshooting%2Cblaze%2Cmargera%2Ccompany%2Cvidoes%2Cpenetration%2Cnaked%2Cemo%2Clatina%2Cread%2Ccucko%2Cgave%2Cjesse%2Csisters%2Chot%2Cnot%2Cjuan%2Ccock%2Ckikis%2Cfilipinos%2Cshowing%2Cteacher%2Csweets%2Cmary%2Chandjob%2Cblowjob%2Cass%2Cthe%2Cmachines%2Cbig%2Cmovie%2Cfuck%2Csheril%2Ctop%2Cfacial%2Cminiskirt%2Cforced%2Ccore%2Cemmellyrose%2Cunderwear%2Cdeep%2Canimal%2Cbabysitter%2Charper%2Ccommunity%2Ctags%2Csoft%2Csublou%2Chairy%2Cneil%2Cnew%2Cselfies%2Ccum%2Cdavis%2Ctease%2Crita%2Cmagicmovies%2Ctwinks%2Corgies%2Cthis%2Cenv%2Cgallery%2Ctwo%2Cgay%2Creal%2Cten%2Core%2Cwoman%2Camuter%2Cchrintine%2Cdvd%2Cfranki%2Ckate%2Cstar%2Cmodel%2Cretro%2Ciphone%2Cfisher%2Cbedroom%2Cteid%2Cmulato%2Cmade%2Cinteracial%2Cblossom%2Cgalliers%2Cfucks%2Cfree%2Colder%2Clane%2Ctaboo%2Cperky%2Cmouth%2Cwhile%2Ceuropean%2Ckidde%2Cparis%2Cdrama%2Cimages%2Ctwat%2Cadmires%2Cshooting%2Cblaze%2Cmargera%2Ccompany%2Cvidoes%2Cpenetration%2Cnaked%2Cemo%2Clatina%2Cread%2Ccucko%2Cgave%2Cjesse%2Csisters%2Chot%2Cnot%2Cjuan%2Ccock%2Ckikis%2Cfilipinos%2Cshowing%2Cteacher%2Csweets%2Cmary%2Chandjob%2Cblowjob%2Cass%2Cthe%2Cmachines%2Cbig%2Cmovie%2Cfuck%2Csheril%2Ctop%2Cfacial%2Cminiskirt%2Cforced%2Ccore%2Cemmellyrose%2Cunderwear%2Cdeep%2Canimal%2Cbabysitter%2Charper%2Ccommunity%2Ctags%2Csoft%2Csublou%2Chairy%2Cneil%2Cnew%2Cselfies%2Ccum%2Cdavis%2Ctease%2Crita%2Cmagicmovies%2Ctwinks%2Corgies%2Cthis%2Cenv%2Cgallery%2Ctwo%2Cgay%2Creal%2Cten%2Core%2Cwoman%2Camuter%2Cchrintine%2Cdvd%2Cfranki%2Ckate%2Cstar%2Cmodel%2Cretro%2Ciphone%2Cfisher%2Cbedroom%2Cteid%2Cmulato%2Cmade%2CFree%20Sex%20Pics%2CPorn%20Pictures%20and%20XXX%20Galleries&adtype=toast&tz=0&callback=callback_8Wuic

136.243.69.157

7.7 kB

URL
tsyndicate.com/do2/8a1ffdf0e9574128855cae5f18a9abdb/dynamic?format=jsonp&extid={extid}&count=4&w=1280&h=1024&keywords=dating%2Cporn%20galleries%2Cporn%20pictures%2Cerotic%2Csex%2Cbdsm%2Csex%20galleries%2CFree%20Porn%20Tube%20Sites%20interacial%2Cblossom%2Cgalliers%2Cfucks%2Cfree%2Colder%2Clane%2Ctaboo%2Cperky%2Cmouth%2Cwhile%2Ceuropean%2Ckidde%2Cparis%2Cdrama%2Cimages%2Ctwat%2Cadmires%2Cshooting%2Cblaze%2Cmargera%2Ccompany%2Cvidoes%2Cpenetration%2Cnaked%2Cemo%2Clatina%2Cread%2Ccucko%2Cgave%2Cjesse%2Csisters%2Chot%2Cnot%2Cjuan%2Ccock%2Ckikis%2Cfilipinos%2Cshowing%2Cteacher%2Csweets%2Cmary%2Chandjob%2Cblowjob%2Cass%2Cthe%2Cmachines%2Cbig%2Cmovie%2Cfuck%2Csheril%2Ctop%2Cfacial%2Cminiskirt%2Cforced%2Ccore%2Cemmellyrose%2Cunderwear%2Cdeep%2Canimal%2Cbabysitter%2Charper%2Ccommunity%2Ctags%2Csoft%2Csublou%2Chairy%2Cneil%2Cnew%2Cselfies%2Ccum%2Cdavis%2Ctease%2Crita%2Cmagicmovies%2Ctwinks%2Corgies%2Cthis%2Cenv%2Cgallery%2Ctwo%2Cgay%2Creal%2Cten%2Core%2Cwoman%2Camuter%2Cchrintine%2Cdvd%2Cfranki%2Ckate%2Cstar%2Cmodel%2Cretro%2Ciphone%2Cfisher%2Cbedroom%2Cteid%2Cmulato%2Cmade%2Cinteracial%2Cblossom%2Cgalliers%2Cfucks%2Cfree%2Colder%2Clane%2Ctaboo%2Cperky%2Cmouth%2Cwhile%2Ceuropean%2Ckidde%2Cparis%2Cdrama%2Cimages%2Ctwat%2Cadmires%2Cshooting%2Cblaze%2Cmargera%2Ccompany%2Cvidoes%2Cpenetration%2Cnaked%2Cemo%2Clatina%2Cread%2Ccucko%2Cgave%2Cjesse%2Csisters%2Chot%2Cnot%2Cjuan%2Ccock%2Ckikis%2Cfilipinos%2Cshowing%2Cteacher%2Csweets%2Cmary%2Chandjob%2Cblowjob%2Cass%2Cthe%2Cmachines%2Cbig%2Cmovie%2Cfuck%2Csheril%2Ctop%2Cfacial%2Cminiskirt%2Cforced%2Ccore%2Cemmellyrose%2Cunderwear%2Cdeep%2Canimal%2Cbabysitter%2Charper%2Ccommunity%2Ctags%2Csoft%2Csublou%2Chairy%2Cneil%2Cnew%2Cselfies%2Ccum%2Cdavis%2Ctease%2Crita%2Cmagicmovies%2Ctwinks%2Corgies%2Cthis%2Cenv%2Cgallery%2Ctwo%2Cgay%2Creal%2Cten%2Core%2Cwoman%2Camuter%2Cchrintine%2Cdvd%2Cfranki%2Ckate%2Cstar%2Cmodel%2Cretro%2Ciphone%2Cfisher%2Cbedroom%2Cteid%2Cmulato%2Cmade%2CFree%20Sex%20Pics%2CPorn%20Pictures%20and%20XXX%20Galleries&adtype=toast&tz=0&callback=callback_8Wuic
IP
136.243.69.157:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with very long lines (14224), with no line terminators
Size
7.7 kB (7673 bytes)
Hash
0f823129518f8cf3a1ca9b122357b638
199733ba2cf8e544d14671f91343022e8e4c19e2
956fea62712d42305e0b11163541f1ce987f2f45bc3999d0dc209999b63212d1

HTTP Headers

GET /do2/8a1ffdf0e9574128855cae5f18a9abdb/dynamic?format=jsonp&extid={extid}&count=4&w=1280&h=1024&keywords=dating%2Cporn%20galleries%2Cporn%20pictures%2Cerotic%2Csex%2Cbdsm%2Csex%20galleries%2CFree%20Porn%20Tube%20Sites%20interacial%2Cblossom%2Cgalliers%2Cfucks%2Cfree%2Colder%2Clane%2Ctaboo%2Cperky%2Cmouth%2Cwhile%2Ceuropean%2Ckidde%2Cparis%2Cdrama%2Cimages%2Ctwat%2Cadmires%2Cshooting%2Cblaze%2Cmargera%2Ccompany%2Cvidoes%2Cpenetration%2Cnaked%2Cemo%2Clatina%2Cread%2Ccucko%2Cgave%2Cjesse%2Csisters%2Chot%2Cnot%2Cjuan%2Ccock%2Ckikis%2Cfilipinos%2Cshowing%2Cteacher%2Csweets%2Cmary%2Chandjob%2Cblowjob%2Cass%2Cthe%2Cmachines%2Cbig%2Cmovie%2Cfuck%2Csheril%2Ctop%2Cfacial%2Cminiskirt%2Cforced%2Ccore%2Cemmellyrose%2Cunderwear%2Cdeep%2Canimal%2Cbabysitter%2Charper%2Ccommunity%2Ctags%2Csoft%2Csublou%2Chairy%2Cneil%2Cnew%2Cselfies%2Ccum%2Cdavis%2Ctease%2Crita%2Cmagicmovies%2Ctwinks%2Corgies%2Cthis%2Cenv%2Cgallery%2Ctwo%2Cgay%2Creal%2Cten%2Core%2Cwoman%2Camuter%2Cchrintine%2Cdvd%2Cfranki%2Ckate%2Cstar%2Cmodel%2Cretro%2Ciphone%2Cfisher%2Cbedroom%2Cteid%2Cmulato%2Cmade%2Cinteracial%2Cblossom%2Cgalliers%2Cfucks%2Cfree%2Colder%2Clane%2Ctaboo%2Cperky%2Cmouth%2Cwhile%2Ceuropean%2Ckidde%2Cparis%2Cdrama%2Cimages%2Ctwat%2Cadmires%2Cshooting%2Cblaze%2Cmargera%2Ccompany%2Cvidoes%2Cpenetration%2Cnaked%2Cemo%2Clatina%2Cread%2Ccucko%2Cgave%2Cjesse%2Csisters%2Chot%2Cnot%2Cjuan%2Ccock%2Ckikis%2Cfilipinos%2Cshowing%2Cteacher%2Csweets%2Cmary%2Chandjob%2Cblowjob%2Cass%2Cthe%2Cmachines%2Cbig%2Cmovie%2Cfuck%2Csheril%2Ctop%2Cfacial%2Cminiskirt%2Cforced%2Ccore%2Cemmellyrose%2Cunderwear%2Cdeep%2Canimal%2Cbabysitter%2Charper%2Ccommunity%2Ctags%2Csoft%2Csublou%2Chairy%2Cneil%2Cnew%2Cselfies%2Ccum%2Cdavis%2Ctease%2Crita%2Cmagicmovies%2Ctwinks%2Corgies%2Cthis%2Cenv%2Cgallery%2Ctwo%2Cgay%2Creal%2Cten%2Core%2Cwoman%2Camuter%2Cchrintine%2Cdvd%2Cfranki%2Ckate%2Cstar%2Cmodel%2Cretro%2Ciphone%2Cfisher%2Cbedroom%2Cteid%2Cmulato%2Cmade%2CFree%20Sex%20Pics%2CPorn%20Pictures%20and%20XXX%20Galleries&adtype=toast&tz=0&callback=callback_8Wuic HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:13 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding, *
X-Api-Version: 2
X-Request-Id: 76f44df2425fb6c5
Set-Cookie: ts_uid=9e50ec66-cb3f-4867-99c0-b26e5309b680; expires=Sun, 02 Jun 2024 14:36:13 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
Content-Encoding: gzip

go.eabids.com/banner.go?spaceid=5675441&keywords=&maincat=

217.22.19.194

1.3 kB

URL
go.eabids.com/banner.go?spaceid=5675441&keywords=&maincat=
IP
217.22.19.194:0
ASN
#42567 Mojohost B.v.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1266), with no line terminators
Size
1.3 kB (1266 bytes)
Hash
3298c7a92bde7ef2662dc848fc8fc9ab
2ebcef56009e1cc890581bb93008b89eb97353f9
231acb240adf22d4be5c493198f3c39b380af34d5b923bfc8bf5943af9dd70b8

HTTP Headers

GET /banner.go?spaceid=5675441&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:13 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 1266
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Janon, 02 12 2023 14:36:13 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
Accept-Ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
X-Backend-Server: nl2-web-201

maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js

104.18.11.207

10 kB

URL
maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js
IP
104.18.11.207:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (32003)
Size
10 kB (10346 bytes)
Hash
c5b5b2fa19bd66ff23211d9f844e0131
791aa054a026bddc0de92bad6cf7a1c6e73713d5
2979f9a6e32fc42c3e7406339ee9fe76b31d1b52059776a02b4a7fa6a4fd280a

HTTP Headers

GET /bootstrap/3.3.6/js/bootstrap.min.js HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://top1pornmovies.sexjanet.com
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:12 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"c5b5b2fa19bd66ff23211d9f844e0131"
last-modified: Mon, 25 Jan 2021 22:03:59 GMT
cdn-cachedat: 10/31/2023 18:51:17
cdn-proxyver: 1.04
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 874
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 6b40953f5fa5ed3b53b3a5f5759b2f37
cdn-cache: HIT
cf-cache-status: MISS
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 82f44d042c8a5687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

top1pornmovies.sexjanet.com/viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b554b56505c4b52505c52535053534b52505c52535053533b5454553b5c5006524a0e1403

51.195.137.224

235 kB

URL
top1pornmovies.sexjanet.com/viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b554b56505c4b52505c52535053534b52505c52535053533b5454553b5c5006524a0e1403
IP
51.195.137.224:0
ASN
#16276 OVH SAS

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=5, xresolution=74, yresolution=82, resolutionunit=2, copyright=phil-flash], baseline, precision 8, 600x800, components 3\012- data
Size
235 kB (234617 bytes)
Hash
9606c18de5b3fc8bec6847ca045b3501
4faea038e6bb8965e73f6351553d7280f8537283
8adb25f81e137a28815149ba3688d75b12edc9bd8e9bfd2ce116d686890b3ffd

HTTP Headers

GET /viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b554b56505c4b52505c52535053534b52505c52535053533b5454553b5c5006524a0e1403 HTTP/1.1
Host: top1pornmovies.sexjanet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx
Date: Sat, 02 Dec 2023 14:36:13 GMT
Content-Length: 234617
Connection: keep-alive
Cache-Control: max-age=31418383

poweredby.jads.co/js/jads.js

185.94.236.246

178 B

URL
poweredby.jads.co/js/jads.js
IP
185.94.236.246:0
ASN
#42567 Mojohost B.v.

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
178 B (178 bytes)
Hash
cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d

HTTP Headers

GET /js/jads.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 02 Dec 2023 14:36:13 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: jads2.js

top1pornmovies.sexjanet.com/s3/ad_gam1_v_01/2534.jpg

51.195.137.224

50 kB

URL
top1pornmovies.sexjanet.com/s3/ad_gam1_v_01/2534.jpg
IP
51.195.137.224:0
ASN
#16276 OVH SAS

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 100x834, components 3\012- data
Size
50 kB (50143 bytes)
Hash
f56e67da3e8994437e7b864a76fba4b1
84e33d7eef56610b8b66149ed439c6a1a79b9704
ae9a861b7d2eb8e0177202937e02317ffaf803aca109b66eed1df51e755f5b28

HTTP Headers

GET /s3/ad_gam1_v_01/2534.jpg HTTP/1.1
Host: top1pornmovies.sexjanet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:13 GMT
Content-Type: image/jpeg
Content-Length: 50143
Connection: keep-alive
ratelimit-reset: 1
x-ratelimit-remaining-second: 247
x-ratelimit-limit-second: 250
ratelimit-limit: 250
ratelimit-remaining: 247
last-modified: Sun, 24 Sep 2023 12:56:45 GMT
x-rgw-object-type: Normal
etag: "f56e67da3e8994437e7b864a76fba4b1"
x-proxy-cache: MISS
access-control-allow-origin: *
strict-transport-security: max-age=16000000; includeSubDomains; preload;
X-Cache: HIT
CF-Cache-Status: MISS
Vary: Accept-Encoding
CF-RAY: 82f44d0798ff6412-LHR
alt-svc: h2=":443"; ma=60
X-Cache-Status: MISS
Cache-Control: max-age=14400, max-age=31536000
Accept-Ranges: bytes

poweredby.jads.co/js/jads.js

185.94.236.246

178 B

URL
poweredby.jads.co/js/jads.js
IP
185.94.236.246:0
ASN
#42567 Mojohost B.v.

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
178 B (178 bytes)
Hash
cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d

HTTP Headers

GET /js/jads.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 02 Dec 2023 14:36:13 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: jads2.js

poweredby.jads.co/js/jads.js

185.94.236.246

178 B

URL
poweredby.jads.co/js/jads.js
IP
185.94.236.246:0
ASN
#42567 Mojohost B.v.

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
178 B (178 bytes)
Hash
cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d

HTTP Headers

GET /js/jads.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 02 Dec 2023 14:36:13 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: jads2.js

poweredby.jads.co/js/jads.js

185.94.236.246

178 B

URL
poweredby.jads.co/js/jads.js
IP
185.94.236.246:0
ASN
#42567 Mojohost B.v.

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
178 B (178 bytes)
Hash
cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d

HTTP Headers

GET /js/jads.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 02 Dec 2023 14:36:13 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: jads2.js

poweredby.jads.co/js/jads.js

185.94.236.246

178 B

URL
poweredby.jads.co/js/jads.js
IP
185.94.236.246:0
ASN
#42567 Mojohost B.v.

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
178 B (178 bytes)
Hash
cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d

HTTP Headers

GET /js/jads.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 02 Dec 2023 14:36:13 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: jads2.js

top1pornmovies.sexjanet.com/s3/ad_oct20/0003.jpg

51.195.137.224

65 kB

URL
top1pornmovies.sexjanet.com/s3/ad_oct20/0003.jpg
IP
51.195.137.224:0
ASN
#16276 OVH SAS

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CC (Windows), datetime=2018:03:23 09:39:30], baseline, precision 8, 300x250, components 3\012- data
Size
65 kB (64921 bytes)
Hash
c83a64caef8b63e8bca0e63fb0a28e0e
356795b72a539b1fca1db4379c0d44cb12ec2f53
a5baa72be401b57ebeccb58284b2ee80f26b0afb5dbfa3b8932531cbe899ca12

HTTP Headers

GET /s3/ad_oct20/0003.jpg HTTP/1.1
Host: top1pornmovies.sexjanet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:13 GMT
Content-Type: image/jpeg
Content-Length: 64921
Connection: keep-alive
ratelimit-limit: 250
ratelimit-remaining: 239
ratelimit-reset: 1
x-ratelimit-remaining-second: 239
x-ratelimit-limit-second: 250
last-modified: Sun, 24 Sep 2023 12:58:26 GMT
x-rgw-object-type: Normal
etag: "c83a64caef8b63e8bca0e63fb0a28e0e"
x-proxy-cache: MISS
access-control-allow-origin: *
strict-transport-security: max-age=16000000; includeSubDomains; preload;
X-Cache: HIT
CF-Cache-Status: MISS
Vary: Accept-Encoding
CF-RAY: 82f444b08bf035dd-LHR
alt-svc: h3=":443"; ma=86400
X-Cache-Status: HIT
Cache-Control: max-age=14400, max-age=31536000
Accept-Ranges: bytes

tsyndicate.com/iframes2/3fc4ed41601444c280369de89c76b12c.html?categories=porn%20galleries%2C%20sex%20dating%2C%20sex%20galleries%2C%20porn%20video&keywords=Free%20Porn%20Tube%20Sites%20interacial%2Cblossom%2Cgalliers%2Cfucks%2Cfree%2Colder%2Clane%2Ctaboo%2Cperky%2Cmouth%2Cwhile%2Ceuropean%2Ckidde%2Cparis%2Cdrama%2Cimages%2Ctwat%2Cadmires%2Cshooting%2Cblaze%2Cmargera%2Ccompany%2Cvidoes%2Cpenetration%2Cnaked%2Cemo%2Clatina%2Cread%2Ccucko%2Cgave%2Cjesse%2Csisters%2Chot%2Cnot%2Cjuan%2Ccock%2Ckikis%2Cfilipinos%2Cshowing%2Cteacher%2Csweets%2Cmary%2Chandjob%2Cblowjob%2Cass%2Cthe%2Cmachines%2Cbig%2Cmovie%2Cfuck%2Csheril%2Ctop%2Cfacial%2Cminiskirt%2Cforced%2Ccore%2Cemmellyrose%2Cunderwear%2Cdeep%2Canimal%2Cbabysitter%2Charper%2Ccommunity%2Ctags%2Csoft%2Csublou%2Chairy%2Cneil%2Cnew%2Cselfies%2Ccum%2Cdavis%2Ctease%2Crita%2Cmagicmovies%2Ctwinks%2Corgies%2Cthis%2Cenv%2Cgallery%2Ctwo%2Cgay%2Creal%2Cten%2Core%2Cwoman%2Camuter%2Cchrintine%2Cdvd%2Cfranki%2Ckate%2Cstar%2Cmodel%2Cretro%2Ciphone%2Cfisher%2Cbedroom%2Cteid%2Cmulato%2Cmade%2Cinteracial%2Cblossom%&extid=%7Bextid%7D&adb=0&clientjs=1&w=1280&h=1024&tz=0

136.243.69.157

3.3 kB

URL
tsyndicate.com/iframes2/3fc4ed41601444c280369de89c76b12c.html?categories=porn%20galleries%2C%20sex%20dating%2C%20sex%20galleries%2C%20porn%20video&keywords=Free%20Porn%20Tube%20Sites%20interacial%2Cblossom%2Cgalliers%2Cfucks%2Cfree%2Colder%2Clane%2Ctaboo%2Cperky%2Cmouth%2Cwhile%2Ceuropean%2Ckidde%2Cparis%2Cdrama%2Cimages%2Ctwat%2Cadmires%2Cshooting%2Cblaze%2Cmargera%2Ccompany%2Cvidoes%2Cpenetration%2Cnaked%2Cemo%2Clatina%2Cread%2Ccucko%2Cgave%2Cjesse%2Csisters%2Chot%2Cnot%2Cjuan%2Ccock%2Ckikis%2Cfilipinos%2Cshowing%2Cteacher%2Csweets%2Cmary%2Chandjob%2Cblowjob%2Cass%2Cthe%2Cmachines%2Cbig%2Cmovie%2Cfuck%2Csheril%2Ctop%2Cfacial%2Cminiskirt%2Cforced%2Ccore%2Cemmellyrose%2Cunderwear%2Cdeep%2Canimal%2Cbabysitter%2Charper%2Ccommunity%2Ctags%2Csoft%2Csublou%2Chairy%2Cneil%2Cnew%2Cselfies%2Ccum%2Cdavis%2Ctease%2Crita%2Cmagicmovies%2Ctwinks%2Corgies%2Cthis%2Cenv%2Cgallery%2Ctwo%2Cgay%2Creal%2Cten%2Core%2Cwoman%2Camuter%2Cchrintine%2Cdvd%2Cfranki%2Ckate%2Cstar%2Cmodel%2Cretro%2Ciphone%2Cfisher%2Cbedroom%2Cteid%2Cmulato%2Cmade%2Cinteracial%2Cblossom%&extid=%7Bextid%7D&adb=0&clientjs=1&w=1280&h=1024&tz=0
IP
136.243.69.157:0
ASN
#24940 Hetzner Online GmbH

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4065)
Size
3.3 kB (3332 bytes)
Hash
7b2f36487d321a245310a46692f3b148
111f34da4ded2e445dd06861a852cda3be56fe24
a87dd5d90fbdb7b4f49e325fc38c54d582130ba2cb417a9d43b35900fa72f501

HTTP Headers

GET /iframes2/3fc4ed41601444c280369de89c76b12c.html?categories=porn%20galleries%2C%20sex%20dating%2C%20sex%20galleries%2C%20porn%20video&keywords=Free%20Porn%20Tube%20Sites%20interacial%2Cblossom%2Cgalliers%2Cfucks%2Cfree%2Colder%2Clane%2Ctaboo%2Cperky%2Cmouth%2Cwhile%2Ceuropean%2Ckidde%2Cparis%2Cdrama%2Cimages%2Ctwat%2Cadmires%2Cshooting%2Cblaze%2Cmargera%2Ccompany%2Cvidoes%2Cpenetration%2Cnaked%2Cemo%2Clatina%2Cread%2Ccucko%2Cgave%2Cjesse%2Csisters%2Chot%2Cnot%2Cjuan%2Ccock%2Ckikis%2Cfilipinos%2Cshowing%2Cteacher%2Csweets%2Cmary%2Chandjob%2Cblowjob%2Cass%2Cthe%2Cmachines%2Cbig%2Cmovie%2Cfuck%2Csheril%2Ctop%2Cfacial%2Cminiskirt%2Cforced%2Ccore%2Cemmellyrose%2Cunderwear%2Cdeep%2Canimal%2Cbabysitter%2Charper%2Ccommunity%2Ctags%2Csoft%2Csublou%2Chairy%2Cneil%2Cnew%2Cselfies%2Ccum%2Cdavis%2Ctease%2Crita%2Cmagicmovies%2Ctwinks%2Corgies%2Cthis%2Cenv%2Cgallery%2Ctwo%2Cgay%2Creal%2Cten%2Core%2Cwoman%2Camuter%2Cchrintine%2Cdvd%2Cfranki%2Ckate%2Cstar%2Cmodel%2Cretro%2Ciphone%2Cfisher%2Cbedroom%2Cteid%2Cmulato%2Cmade%2Cinteracial%2Cblossom%&extid=%7Bextid%7D&adb=0&clientjs=1&w=1280&h=1024&tz=0 HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:13 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding, *
X-Api-Version: 2
Link: <http://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script, <https://lcdn.tsyndicate.com/images/c/8/7579c785f2986f8f47a7044d6cb2da7ef887eb/main.jpg>; rel=preload; as=image
X-Request-Id: f52369b8f995b15f
Set-Cookie: ts_uid=57ac9856-c1cf-46e8-b337-0788f4e2bad7; expires=Sun, 02 Jun 2024 14:36:13 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
Content-Encoding: gzip

poweredby.jads.co/js/jads.js

185.94.236.246

178 B

URL
poweredby.jads.co/js/jads.js
IP
185.94.236.246:0
ASN
#42567 Mojohost B.v.

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
178 B (178 bytes)
Hash
cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d

HTTP Headers

GET /js/jads.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 02 Dec 2023 14:36:13 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: jads2.js

top1pornmovies.sexjanet.com/viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b514b5656524b515d5d54535751544b515d5d54535751543b5454553b570106024a0e1403

51.195.137.224

141 kB

URL
top1pornmovies.sexjanet.com/viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b514b5656524b515d5d54535751544b515d5d54535751543b5454553b570106024a0e1403
IP
51.195.137.224:0
ASN
#16276 OVH SAS

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 1x1, segment length 16, baseline, precision 8, 1024x683, components 3\012- data
Size
141 kB (141187 bytes)
Hash
cf5de43ee34908cfcf05866bad1165d4
cb3a8762ed9ac40372c824647bc59a2e99e10e63
a6f85d2ec2938c99c97926f8190e09b68c7c5ac6a6603e070a29467c9e1052d1

HTTP Headers

GET /viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b514b5656524b515d5d54535751544b515d5d54535751543b5454553b570106024a0e1403 HTTP/1.1
Host: top1pornmovies.sexjanet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx
Date: Sat, 02 Dec 2023 14:36:13 GMT
Content-Length: 141187
Connection: keep-alive
Cache-Control: max-age=31418383

top1pornmovies.sexjanet.com/s3/ad_tf1/4361.jpg

51.195.137.224

51 kB

URL
top1pornmovies.sexjanet.com/s3/ad_tf1/4361.jpg
IP
51.195.137.224:0
ASN
#16276 OVH SAS

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 100x984, components 3\012- data
Size
51 kB (51190 bytes)
Hash
e1b5c3cce880592268e17467ac90d554
75f92ae0be75d32422d8283f7d9a5869eea9bb19
3bcd8a9f90a1fc109936bb72827f5e3fc5fd2a0a64a74c8caaf3edd5b2172956

HTTP Headers

GET /s3/ad_tf1/4361.jpg HTTP/1.1
Host: top1pornmovies.sexjanet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:13 GMT
Content-Type: image/jpeg
Content-Length: 51190
Connection: keep-alive
ratelimit-reset: 1
x-ratelimit-remaining-second: 249
x-ratelimit-limit-second: 250
ratelimit-limit: 250
ratelimit-remaining: 249
last-modified: Sun, 24 Sep 2023 13:12:00 GMT
x-rgw-object-type: Normal
etag: "e1b5c3cce880592268e17467ac90d554"
x-proxy-cache: MISS
access-control-allow-origin: *
strict-transport-security: max-age=16000000; includeSubDomains; preload;
X-Cache: HIT
CF-Cache-Status: MISS
Vary: Accept-Encoding
CF-RAY: 82f44d083947491c-LHR
alt-svc: h2=":443"; ma=60
X-Cache-Status: MISS
Cache-Control: max-age=14400, max-age=31536000
Accept-Ranges: bytes

top1pornmovies.sexjanet.com/s3/ad_tube/b1173.jpg

51.195.137.224

39 kB

URL
top1pornmovies.sexjanet.com/s3/ad_tube/b1173.jpg
IP
51.195.137.224:0
ASN
#16276 OVH SAS

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 320x320, components 3\012- data
Size
39 kB (38752 bytes)
Hash
42f6f9b262522edc6a85489d4d4966f9
af5cb00accea4a1271f9a1274dbc23d790648b19
ec599a173c2264dd327f9a48f5b4d10fdfc000c961a9013eacb10c7087f3c643

HTTP Headers

GET /s3/ad_tube/b1173.jpg HTTP/1.1
Host: top1pornmovies.sexjanet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:13 GMT
Content-Type: image/jpeg
Content-Length: 38752
Connection: keep-alive
ratelimit-limit: 250
ratelimit-remaining: 248
ratelimit-reset: 1
x-ratelimit-remaining-second: 248
x-ratelimit-limit-second: 250
last-modified: Sun, 24 Sep 2023 13:29:17 GMT
x-rgw-object-type: Normal
etag: "42f6f9b262522edc6a85489d4d4966f9"
x-proxy-cache: MISS
access-control-allow-origin: *
strict-transport-security: max-age=16000000; includeSubDomains; preload;
X-Cache: HIT
CF-Cache-Status: MISS
Vary: Accept-Encoding
CF-RAY: 82f44d0858d323c4-LHR
alt-svc: h2=":443"; ma=60
X-Cache-Status: MISS
Cache-Control: max-age=14400, max-age=31536000
Accept-Ranges: bytes

www.googletagmanager.com/gtag/js?id=G-6R2F2JRCJE&l=dataLayer&cx=c

142.250.74.168

81 kB

URL
www.googletagmanager.com/gtag/js?id=G-6R2F2JRCJE&l=dataLayer&cx=c
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (5955)
Size
81 kB (81231 bytes)
Hash
1492811a80e7092643354ed3f2e181ea
24d2fa866373a943c6e43c0fb1cff0a2b667a7d8
f74104e266de71f1bd3e9a42ebb632661c319227358904039b01f8b9a50dc21a

HTTP Headers

GET /gtag/js?id=G-6R2F2JRCJE&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 02 Dec 2023 14:36:13 GMT
expires: Sat, 02 Dec 2023 14:36:13 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 81231
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

comedianthirteenth.com/539d71c7c61ed9e36ed1dd6ab6acffc8/invoke.js

192.243.61.225

11 kB

URL
comedianthirteenth.com/539d71c7c61ed9e36ed1dd6ab6acffc8/invoke.js
IP
192.243.61.225:0
ASN
#39572 DataWeb Global Group B.V.

File type
exported SGML document, ASCII text, with very long lines (29668), with no line terminators
Size
11 kB (10946 bytes)
Hash
2776efd2d07c58758fe99fca29f26084
c09fb72dac3c37d11cd5cc92e86a1b0870ba3046
0d9e488d17d169a3b3ea3d967cd68a5ee667cc0975cc10436fda95a8314ced0b

HTTP Headers

GET /539d71c7c61ed9e36ed1dd6ab6acffc8/invoke.js HTTP/1.1
Host: comedianthirteenth.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 14:36:13 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a9b9bede9e80b472a758b3f84d8f1c52
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

top1pornmovies.sexjanet.com/viewImage3?data=0c101014175e4b4b100c11090649145d4a1c0c07000a4a070b094b054b28563c0e25282b020e1c21301436201d2234090217354b5454544b5053514b5153574b53535d3b555454544a0e1403

51.195.137.224

110 kB

URL
top1pornmovies.sexjanet.com/viewImage3?data=0c101014175e4b4b100c11090649145d4a1c0c07000a4a070b094b054b28563c0e25282b020e1c21301436201d2234090217354b5454544b5053514b5153574b53535d3b555454544a0e1403
IP
51.195.137.224:0
ASN
#16276 OVH SAS

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 750x1000, components 3\012- data
Size
110 kB (110224 bytes)
Hash
46bf6ff6bc8b9d3fec96726f33d829e4
dcab7c95df1c90e8faebfd084b7cc66d72312053
02a871b2ab7682195b93f33f3d9455ed4e180acfeb0960eae54bb03c6b65b1d6

HTTP Headers

GET /viewImage3?data=0c101014175e4b4b100c11090649145d4a1c0c07000a4a070b094b054b28563c0e25282b020e1c21301436201d2234090217354b5454544b5053514b5153574b53535d3b555454544a0e1403 HTTP/1.1
Host: top1pornmovies.sexjanet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx
Date: Sat, 02 Dec 2023 14:36:13 GMT
Content-Length: 110224
Connection: keep-alive
Cache-Control: max-age=31418383

top1pornmovies.sexjanet.com/s3/wc_oct20/0017.jpeg

51.195.137.224

59 kB

URL
top1pornmovies.sexjanet.com/s3/wc_oct20/0017.jpeg
IP
51.195.137.224:0
ASN
#16276 OVH SAS

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=704, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=604], baseline, precision 8, 200x200, components 3\012- data
Size
59 kB (58566 bytes)
Hash
4a7c1d0647e7c2602ed3c14afaf55e4a
c82ada1453ef49528cc650c0a559359317a83efd
412d457cc926d876047e89553dc62c34f971eee0b1bd6cf62a5ab6622be67219

HTTP Headers

GET /s3/wc_oct20/0017.jpeg HTTP/1.1
Host: top1pornmovies.sexjanet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:13 GMT
Content-Type: image/jpeg
Content-Length: 58566
Connection: keep-alive
ratelimit-limit: 250
ratelimit-remaining: 245
ratelimit-reset: 1
x-ratelimit-remaining-second: 245
x-ratelimit-limit-second: 250
last-modified: Sun, 24 Sep 2023 13:43:08 GMT
x-rgw-object-type: Normal
etag: "4a7c1d0647e7c2602ed3c14afaf55e4a"
x-proxy-cache: MISS
access-control-allow-origin: *
strict-transport-security: max-age=16000000; includeSubDomains; preload;
X-Cache: HIT
CF-Cache-Status: MISS
Vary: Accept-Encoding
CF-RAY: 82f301ec3dde24e4-LHR
alt-svc: h3=":443"; ma=86400
X-Cache-Status: HIT
Cache-Control: max-age=14400, max-age=31536000
Accept-Ranges: bytes

top1pornmovies.sexjanet.com/viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b514b56575d4b555154545d5c50574b555154545d5c50573b5454553b5c0656554a0e1403

51.195.137.224

127 kB

URL
top1pornmovies.sexjanet.com/viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b514b56575d4b555154545d5c50574b555154545d5c50573b5454553b5c0656554a0e1403
IP
51.195.137.224:0
ASN
#16276 OVH SAS

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=18, description= , manufacturer=SONY, model=DSC-W290, orientation=upper-left, xresolution=278, yresolution=286, resolutionunit=2, datetime=2009:02:11 21:10:56], baseline, precision 8, 768x1024, components 3\012- data
Size
127 kB (126862 bytes)
Hash
543236eab3a54c5275503b53863844c3
1ee0c85528144117242580346712e4474127f5eb
54b4e745f73c895c85bfdd80cc5d9f521dd2e063ab092ff4933f1bf03afcc177

HTTP Headers

GET /viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b514b56575d4b555154545d5c50574b555154545d5c50573b5454553b5c0656554a0e1403 HTTP/1.1
Host: top1pornmovies.sexjanet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx
Date: Sat, 02 Dec 2023 14:36:13 GMT
Content-Length: 126862
Connection: keep-alive
Cache-Control: max-age=31418383

poweredby.jads.co/js/jads2.js

185.94.236.246

1.7 kB

URL
poweredby.jads.co/js/jads2.js
IP
185.94.236.246:0
ASN
#42567 Mojohost B.v.

File type
ASCII text, with very long lines (3758), with no line terminators
Size
1.7 kB (1719 bytes)
Hash
bc8141c4650030c41f6a98026b12ce80
af5618f7e467a207d4c64627be580283ab5640cd
5ad0b5133e45b32908a388c8c6dcfca2c23d1d9d3e2ed6a839a742bab1ffde51

HTTP Headers

GET /js/jads2.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://top1pornmovies.sexjanet.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:13 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 20 Sep 2023 21:26:09 GMT
Transfer-Encoding: chunked
Connection: close
ETag: W/"650b6371-eae"
Content-Encoding: gzip

top1pornmovies.sexjanet.com/viewImage3?data=0c1010145e4b4b0d4a17011c114a070b094b17011c1149100c110906174b505c4b565455555656535d4b555c49565c541c5551534a0e1403

51.195.137.224

167 B

URL
top1pornmovies.sexjanet.com/viewImage3?data=0c1010145e4b4b0d4a17011c114a070b094b17011c1149100c110906174b505c4b565455555656535d4b555c49565c541c5551534a0e1403
IP
51.195.137.224:0
ASN
#16276 OVH SAS

File type
PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Size
167 B (167 bytes)
Hash
353b078eb77e5ee068e83b7503f3c75b
d0b2207fea4313a3ea391b94880f1d01e5ab1c89
297488a03131e435cb999248b75ed4ac78ae3bbf4c3366d8d57c821b2548dd8d

HTTP Headers

GET /viewImage3?data=0c1010145e4b4b0d4a17011c114a070b094b17011c1149100c110906174b505c4b565455555656535d4b555c49565c541c5551534a0e1403 HTTP/1.1
Host: top1pornmovies.sexjanet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx
Date: Sat, 02 Dec 2023 14:36:13 GMT
Transfer-Encoding: chunked
Connection: keep-alive

static.eabids.com/data/bannerpools/112022/33849.gif

217.22.19.195

15 kB

URL
static.eabids.com/data/bannerpools/112022/33849.gif
IP
217.22.19.195:0
ASN
#42567 Mojohost B.v.

File type
GIF image data, version 89a, 120 x 600\012- data
Size
15 kB (15244 bytes)
Hash
ed8b8cb97a52ec5f7d61e50b8b1a8054
b29f6d66b571da60b20273d19e02b39f7d0912b9
edad7f3bfa624a658e8edcacdf65a13170a33e8874586da56fa8fcce768bce37

HTTP Headers

GET /data/bannerpools/112022/33849.gif HTTP/1.1
Host: static.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://go.eabids.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:13 GMT
Content-Type: image/gif
Content-Length: 15244
Last-Modified: Thu, 28 Apr 2022 13:46:27 GMT
Connection: keep-alive
ETag: "626a9ab3-3b8c"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Backend-Server: nl2-static-222
Accept-Ranges: bytes

top1pornmovies.sexjanet.com/viewImage3?data=0c101014175e4b4b100c1109064914524a1c0c07000a4a070b094b054b091402082917030626251708343d2e26172c3e501e254b5454544b5051534b52535c4b5057523b555454544a0e1403

51.195.137.224

167 B

URL
top1pornmovies.sexjanet.com/viewImage3?data=0c101014175e4b4b100c1109064914524a1c0c07000a4a070b094b054b091402082917030626251708343d2e26172c3e501e254b5454544b5051534b52535c4b5057523b555454544a0e1403
IP
51.195.137.224:0
ASN
#16276 OVH SAS

File type
PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Size
167 B (167 bytes)
Hash
353b078eb77e5ee068e83b7503f3c75b
d0b2207fea4313a3ea391b94880f1d01e5ab1c89
297488a03131e435cb999248b75ed4ac78ae3bbf4c3366d8d57c821b2548dd8d

HTTP Headers

GET /viewImage3?data=0c101014175e4b4b100c1109064914524a1c0c07000a4a070b094b054b091402082917030626251708343d2e26172c3e501e254b5454544b5051534b52535c4b5057523b555454544a0e1403 HTTP/1.1
Host: top1pornmovies.sexjanet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx
Date: Sat, 02 Dec 2023 14:36:13 GMT
Transfer-Encoding: chunked
Connection: keep-alive

static.eabids.com/data/bannerpools/112022/34093.gif

217.22.19.195

24 kB

URL
static.eabids.com/data/bannerpools/112022/34093.gif
IP
217.22.19.195:0
ASN
#42567 Mojohost B.v.

File type
GIF image data, version 89a, 160 x 600\012- data
Size
24 kB (24324 bytes)
Hash
325fa577b032b0847fc13b9e86108bb3
8b2055b70855093d31bb9a71fc29f6becfff2878
9c9efc00b6329d620dd00042411429159a663a3f3ecad450a3de2702e03a327c

HTTP Headers

GET /data/bannerpools/112022/34093.gif HTTP/1.1
Host: static.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://go.eabids.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:13 GMT
Content-Type: image/gif
Content-Length: 24324
Last-Modified: Thu, 28 Apr 2022 13:46:35 GMT
Connection: keep-alive
ETag: "626a9abb-5f04"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Backend-Server: nl2-static-222
Accept-Ranges: bytes

top1pornmovies.sexjanet.com/s3/ad_amt1_h_01/3963.jpg

51.195.137.224

28 kB

URL
top1pornmovies.sexjanet.com/s3/ad_amt1_h_01/3963.jpg
IP
51.195.137.224:0
ASN
#16276 OVH SAS

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 706x80, components 3\012- data
Size
28 kB (28142 bytes)
Hash
b196c6bcbfddfc48a882b3adbff20ede
a1dacb714dcd558999758ba0c6ea556c8cbf4cb8
80459fe7fd97757330aa0114c36fa08704a54c0f8f7951a9983fb5e17dc60309

HTTP Headers

GET /s3/ad_amt1_h_01/3963.jpg HTTP/1.1
Host: top1pornmovies.sexjanet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:13 GMT
Content-Type: image/jpeg
Content-Length: 28142
Connection: keep-alive
ratelimit-reset: 1
x-ratelimit-remaining-second: 248
x-ratelimit-limit-second: 250
ratelimit-limit: 250
ratelimit-remaining: 248
last-modified: Sun, 24 Sep 2023 12:46:43 GMT
x-rgw-object-type: Normal
etag: "b196c6bcbfddfc48a882b3adbff20ede"
x-proxy-cache: MISS
access-control-allow-origin: *
strict-transport-security: max-age=16000000; includeSubDomains; preload;
X-Cache: HIT
CF-Cache-Status: MISS
Vary: Accept-Encoding
CF-RAY: 82f44d09b9707306-LHR
alt-svc: h2=":443"; ma=60
X-Cache-Status: MISS
Cache-Control: max-age=14400, max-age=31536000
Accept-Ranges: bytes

top1pornmovies.sexjanet.com/s3/ad_vc_gam2/banner-00208.gif

51.195.137.224

862 kB

URL
top1pornmovies.sexjanet.com/s3/ad_vc_gam2/banner-00208.gif
IP
51.195.137.224:0
ASN
#16276 OVH SAS

File type
GIF image data, version 89a, 160 x 600\012- data
Size
862 kB (862431 bytes)
Hash
9e8e1c396e96a30bc6a62d6674803c18
fad672d8a1f122d250aa171d8d2cb6eaa0a10d27
496a08d6948384677c131c34fd5fd0aeb2f207295e331b47c6e1e779c831a6d8

HTTP Headers

GET /s3/ad_vc_gam2/banner-00208.gif HTTP/1.1
Host: top1pornmovies.sexjanet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:13 GMT
Content-Type: image/gif
Content-Length: 862431
Connection: keep-alive
ratelimit-reset: 1
x-ratelimit-remaining-second: 243
x-ratelimit-limit-second: 250
ratelimit-limit: 250
ratelimit-remaining: 243
last-modified: Sun, 24 Sep 2023 13:30:42 GMT
x-rgw-object-type: Normal
etag: "9e8e1c396e96a30bc6a62d6674803c18"
x-proxy-cache: REVALIDATED
access-control-allow-origin: *
strict-transport-security: max-age=16000000; includeSubDomains; preload;
X-Cache: REVALIDATED
CF-Cache-Status: MISS
Vary: Accept-Encoding
CF-RAY: 82f412088d1160ef-LHR
alt-svc: h3=":443"; ma=86400
X-Cache-Status: HIT
Cache-Control: max-age=14400, max-age=31536000
Accept-Ranges: bytes

top1pornmovies.sexjanet.com/cdn-v3/xo-data/am1/223.jpg

51.195.137.224

46 kB

URL
top1pornmovies.sexjanet.com/cdn-v3/xo-data/am1/223.jpg
IP
51.195.137.224:0
ASN
#16276 OVH SAS

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 100x953, components 3\012- data
Size
46 kB (45470 bytes)
Hash
a8ab0ac86c4a9b334b689dfa2971600d
debbbe8e8f04efe96e3810173709d09a817f1f28
c9387ef093e082ad16b636f9b949698103ba1337754759438db65d98f8aee1f1

HTTP Headers

GET /cdn-v3/xo-data/am1/223.jpg HTTP/1.1
Host: top1pornmovies.sexjanet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Cookie: _subid=s8hnpaculu4k; 61f26=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjhcIjoxNzAxNTI3ODcyfSxcImNhbXBhaWduc1wiOntcIjRcIjoxNzAxNTI3ODcyfSxcInRpbWVcIjoxNzAxNTI3ODcyfSJ9.EOMBSpvvFimsZrrWXxORtilYa-IOOIZ1sKQXcZCSDN4; _token=uuid_s8hnpaculu4k_s8hnpaculu4k656b4140372231.21744996
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:13 GMT
Content-Type: image/jpeg
Content-Length: 45470
Connection: keep-alive
ratelimit-limit: 250
ratelimit-remaining: 249
ratelimit-reset: 1
x-ratelimit-remaining-second: 249
x-ratelimit-limit-second: 250
last-modified: Tue, 26 Sep 2023 19:54:11 GMT
x-rgw-object-type: Normal
etag: "a8ab0ac86c4a9b334b689dfa2971600d"
x-proxy-cache: MISS
access-control-allow-origin: *
strict-transport-security: max-age=16000000; includeSubDomains; preload;
X-CDN: cdn-v3
Vary: Accept-Encoding
alt-svc: h2=":443"; ma=60
X-Cache-Status: HIT, MISS
Cache-Control: max-age=14400, max-age=31536000
Accept-Ranges: bytes

top1pornmovies.sexjanet.com/viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b554b5655524b5c565651515c54514b5c565651515c54513b5454553b5d5306024a0e1403

51.195.137.224

112 kB

URL
top1pornmovies.sexjanet.com/viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b554b5655524b5c565651515c54514b5c565651515c54513b5454553b5d5306024a0e1403
IP
51.195.137.224:0
ASN
#16276 OVH SAS

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 240x240, segment length 16, baseline, precision 8, 683x1024, components 3\012- data
Size
112 kB (112072 bytes)
Hash
7337b93b028828816268ee501d4d6fda
b7f8d6b4c93ced2852f515f79f013409749271aa
36bd6945689e62ed95a20ae380256e74e13d1c92df1767c77587294dd9541a65

HTTP Headers

GET /viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b554b5655524b5c565651515c54514b5c565651515c54513b5454553b5d5306024a0e1403 HTTP/1.1
Host: top1pornmovies.sexjanet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx
Date: Sat, 02 Dec 2023 14:36:13 GMT
Content-Length: 112072
Connection: keep-alive
Cache-Control: max-age=31418383

static.eabids.com/data/bannerpools/112022/33917.jpg

217.22.19.195

73 kB

URL
static.eabids.com/data/bannerpools/112022/33917.jpg
IP
217.22.19.195:0
ASN
#42567 Mojohost B.v.

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 300x250, components 3\012- data
Size
73 kB (72951 bytes)
Hash
7878e459e3a341049fb57b8637109839
7daa564cfe7d1b477ab10b7f000c9f895c39c93e
bcb79d540ab4c28441231cb3361d5abe00192dc661eba30ad9d9cd482ac08fc8

HTTP Headers

GET /data/bannerpools/112022/33917.jpg HTTP/1.1
Host: static.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://go.eabids.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:13 GMT
Content-Type: image/jpeg
Content-Length: 72951
Last-Modified: Thu, 28 Apr 2022 13:46:07 GMT
Connection: keep-alive
ETag: "626a9a9f-11cf7"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Backend-Server: nl2-static-221
Accept-Ranges: bytes

top1pornmovies.sexjanet.com/s3/wc_oct20/0012.jpeg

51.195.137.224

11 kB

URL
top1pornmovies.sexjanet.com/s3/wc_oct20/0012.jpeg
IP
51.195.137.224:0
ASN
#16276 OVH SAS

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 200x200, components 3\012- data
Size
11 kB (11155 bytes)
Hash
d93987863cb6612ae5ad208d09b09e4c
ffbc3f65f0ea68239f812c590b78ab60bb07badd
f91137f2dd60c35e9557f51502a96e7650da6113921bfeaf1e81cbc88ad9f24f

HTTP Headers

GET /s3/wc_oct20/0012.jpeg HTTP/1.1
Host: top1pornmovies.sexjanet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:13 GMT
Content-Type: image/jpeg
Content-Length: 11155
Connection: keep-alive
ratelimit-reset: 1
x-ratelimit-remaining-second: 239
x-ratelimit-limit-second: 250
ratelimit-limit: 250
ratelimit-remaining: 239
last-modified: Sun, 24 Sep 2023 13:43:08 GMT
x-rgw-object-type: Normal
etag: "d93987863cb6612ae5ad208d09b09e4c"
x-proxy-cache: REVALIDATED
access-control-allow-origin: *
strict-transport-security: max-age=16000000; includeSubDomains; preload;
X-Cache: HIT
CF-Cache-Status: MISS
Vary: Accept-Encoding
CF-RAY: 82f42288df73dd75-LHR
alt-svc: h3=":443"; ma=86400
X-Cache-Status: HIT
Cache-Control: max-age=14400, max-age=31536000
Accept-Ranges: bytes

top1pornmovies.sexjanet.com/s3/gam_oct20/0075.gif

51.195.137.224

420 kB

URL
top1pornmovies.sexjanet.com/s3/gam_oct20/0075.gif
IP
51.195.137.224:0
ASN
#16276 OVH SAS

File type
GIF image data, version 89a, 300 x 250\012- data
Size
420 kB (420159 bytes)
Hash
9489303f636edff9b22cb815a1cc3e12
c92709040c2463e6372b89bb7c829bd422f2c24a
892fdb17dc219ccce5ee65a9a35f50b97876ead02cfb8c60fa330476dc73153e

HTTP Headers

GET /s3/gam_oct20/0075.gif HTTP/1.1
Host: top1pornmovies.sexjanet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:13 GMT
Content-Type: image/gif
Content-Length: 420159
Connection: keep-alive
ratelimit-reset: 1
x-ratelimit-remaining-second: 247
x-ratelimit-limit-second: 250
ratelimit-limit: 250
ratelimit-remaining: 247
last-modified: Sun, 24 Sep 2023 13:42:42 GMT
x-rgw-object-type: Normal
etag: "9489303f636edff9b22cb815a1cc3e12"
x-proxy-cache: MISS
access-control-allow-origin: *
strict-transport-security: max-age=16000000; includeSubDomains; preload;
X-Cache: HIT
CF-Cache-Status: MISS
Vary: Accept-Encoding
CF-RAY: 82f3d43e5bc17743-LHR
alt-svc: h3=":443"; ma=86400
X-Cache-Status: REVALIDATED
Cache-Control: max-age=14400, max-age=31536000
Accept-Ranges: bytes

top1pornmovies.sexjanet.com/s3/ad_amt1_v-01/1527.jpg

51.195.137.224

27 kB

URL
top1pornmovies.sexjanet.com/s3/ad_amt1_v-01/1527.jpg
IP
51.195.137.224:0
ASN
#16276 OVH SAS

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 59x600, components 3\012- data
Size
27 kB (26798 bytes)
Hash
68bbfeda07f10ed9192ed9665617cb2f
0939aab54f3561d67201e0f97dfc9aa21bb1ab69
3e94113a4000e23934e733410fadba96f6386bc9b2f097211eecc7dbd649bd31

HTTP Headers

GET /s3/ad_amt1_v-01/1527.jpg HTTP/1.1
Host: top1pornmovies.sexjanet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:13 GMT
Content-Type: image/jpeg
Content-Length: 26798
Connection: keep-alive
ratelimit-limit: 250
ratelimit-remaining: 248
ratelimit-reset: 1
x-ratelimit-remaining-second: 248
x-ratelimit-limit-second: 250
last-modified: Sun, 24 Sep 2023 12:49:17 GMT
x-rgw-object-type: Normal
etag: "68bbfeda07f10ed9192ed9665617cb2f"
x-proxy-cache: MISS
access-control-allow-origin: *
strict-transport-security: max-age=16000000; includeSubDomains; preload;
X-Cache: MISS
CF-Cache-Status: MISS
Vary: Accept-Encoding
CF-RAY: 82f44d08ae85dc6f-LHR
alt-svc: h2=":443"; ma=60
X-Cache-Status: MISS
Cache-Control: max-age=14400, max-age=31536000
Accept-Ranges: bytes

poweredby.jads.co/js/jads2.js

185.94.236.246

1.7 kB

URL
poweredby.jads.co/js/jads2.js
IP
185.94.236.246:0
ASN
#42567 Mojohost B.v.

File type
ASCII text, with very long lines (3758), with no line terminators
Size
1.7 kB (1719 bytes)
Hash
bc8141c4650030c41f6a98026b12ce80
af5618f7e467a207d4c64627be580283ab5640cd
5ad0b5133e45b32908a388c8c6dcfca2c23d1d9d3e2ed6a839a742bab1ffde51

HTTP Headers

GET /js/jads2.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://top1pornmovies.sexjanet.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:13 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 20 Sep 2023 21:26:09 GMT
Transfer-Encoding: chunked
Connection: close
ETag: W/"650b6371-eae"
Content-Encoding: gzip

poweredby.jads.co/js/jads2.js

185.94.236.246

1.7 kB

URL
poweredby.jads.co/js/jads2.js
IP
185.94.236.246:0
ASN
#42567 Mojohost B.v.

File type
ASCII text, with very long lines (3758), with no line terminators
Size
1.7 kB (1719 bytes)
Hash
bc8141c4650030c41f6a98026b12ce80
af5618f7e467a207d4c64627be580283ab5640cd
5ad0b5133e45b32908a388c8c6dcfca2c23d1d9d3e2ed6a839a742bab1ffde51

HTTP Headers

GET /js/jads2.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://top1pornmovies.sexjanet.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:13 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 20 Sep 2023 21:26:09 GMT
Transfer-Encoding: chunked
Connection: close
ETag: W/"650b6371-eae"
Content-Encoding: gzip

poweredby.jads.co/js/jads2.js

185.94.236.246

1.7 kB

URL
poweredby.jads.co/js/jads2.js
IP
185.94.236.246:0
ASN
#42567 Mojohost B.v.

File type
ASCII text, with very long lines (3758), with no line terminators
Size
1.7 kB (1719 bytes)
Hash
bc8141c4650030c41f6a98026b12ce80
af5618f7e467a207d4c64627be580283ab5640cd
5ad0b5133e45b32908a388c8c6dcfca2c23d1d9d3e2ed6a839a742bab1ffde51

HTTP Headers

GET /js/jads2.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://top1pornmovies.sexjanet.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:14 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 20 Sep 2023 21:26:09 GMT
Transfer-Encoding: chunked
Connection: close
ETag: W/"650b6371-eae"
Content-Encoding: gzip

poweredby.jads.co/js/jads2.js

185.94.236.246

1.7 kB

URL
poweredby.jads.co/js/jads2.js
IP
185.94.236.246:0
ASN
#42567 Mojohost B.v.

File type
ASCII text, with very long lines (3758), with no line terminators
Size
1.7 kB (1719 bytes)
Hash
bc8141c4650030c41f6a98026b12ce80
af5618f7e467a207d4c64627be580283ab5640cd
5ad0b5133e45b32908a388c8c6dcfca2c23d1d9d3e2ed6a839a742bab1ffde51

HTTP Headers

GET /js/jads2.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://top1pornmovies.sexjanet.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:14 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 20 Sep 2023 21:26:09 GMT
Transfer-Encoding: chunked
Connection: close
ETag: W/"650b6371-eae"
Content-Encoding: gzip

poweredby.jads.co/js/jads2.js

185.94.236.246

1.7 kB

URL
poweredby.jads.co/js/jads2.js
IP
185.94.236.246:0
ASN
#42567 Mojohost B.v.

File type
ASCII text, with very long lines (3758), with no line terminators
Size
1.7 kB (1719 bytes)
Hash
bc8141c4650030c41f6a98026b12ce80
af5618f7e467a207d4c64627be580283ab5640cd
5ad0b5133e45b32908a388c8c6dcfca2c23d1d9d3e2ed6a839a742bab1ffde51

HTTP Headers

GET /js/jads2.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://top1pornmovies.sexjanet.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:14 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 20 Sep 2023 21:26:09 GMT
Transfer-Encoding: chunked
Connection: close
ETag: W/"650b6371-eae"
Content-Encoding: gzip

poweredby.jads.co/js/jads2.js

185.94.236.246

1.7 kB

URL
poweredby.jads.co/js/jads2.js
IP
185.94.236.246:0
ASN
#42567 Mojohost B.v.

File type
ASCII text, with very long lines (3758), with no line terminators
Size
1.7 kB (1719 bytes)
Hash
bc8141c4650030c41f6a98026b12ce80
af5618f7e467a207d4c64627be580283ab5640cd
5ad0b5133e45b32908a388c8c6dcfca2c23d1d9d3e2ed6a839a742bab1ffde51

HTTP Headers

GET /js/jads2.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://top1pornmovies.sexjanet.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:14 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 20 Sep 2023 21:26:09 GMT
Transfer-Encoding: chunked
Connection: close
ETag: W/"650b6371-eae"
Content-Encoding: gzip

lcdn.tsyndicate.com/sdk/v1/b.b.js

8.247.217.249

2.6 kB

URL
lcdn.tsyndicate.com/sdk/v1/b.b.js
IP
8.247.217.249:0
ASN
#3356 LEVEL3

File type
ASCII text, with very long lines (2590)
Size
2.6 kB (2640 bytes)
Hash
b0a8eae036a72f605538b002e33f7023
5916ea9eeb0b676d6f44637601c40d0dc69542d1
7b9affd37cf01ac1a4c5f4a4ccb1936f0412ff771fb24e36a55682d2bf0ac554

HTTP Headers

GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://tsyndicate.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 02 Aug 2023 21:23:32 GMT
Content-Type: application/javascript
Content-Length: 2640
Connection: keep-alive
Server: nginx
Last-Modified: Tue, 25 Jul 2023 12:28:26 GMT
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"64bfbfea-1f37"
Content-Encoding: gzip
Age: 10516362
Accept-Ranges: bytes

comedianthirteenth.com/c515a1f4fc3a36b04275034bdcef5c99/invoke.js

192.243.61.225

11 kB

URL
comedianthirteenth.com/c515a1f4fc3a36b04275034bdcef5c99/invoke.js
IP
192.243.61.225:0
ASN
#39572 DataWeb Global Group B.V.

File type
exported SGML document, ASCII text, with very long lines (29632), with no line terminators
Size
11 kB (10937 bytes)
Hash
506c509836c7d089e74f2e280688a43b
7d143a4754340d120179556935bb0c42071aa037
8c7a4ab9266858abe363ddf6353ab389f819f49e091498c34908bd48128e51f5

HTTP Headers

GET /c515a1f4fc3a36b04275034bdcef5c99/invoke.js HTTP/1.1
Host: comedianthirteenth.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 14:36:14 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: bc3614a623c2c2ad80b05654ea72b064
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

img.strpst.com/thumbs/1701527730/137789481_webp

104.18.63.132

12 kB

URL
img.strpst.com/thumbs/1701527730/137789481_webp
IP
104.18.63.132:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 640x360, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
12 kB (12396 bytes)
Hash
278ac7a3ec9c4786fba834f100fe96d4
69bdce03a060ecf366e0fcc59b5eb4e4e60bf0bf
12e893b61bc92bd03dfa6b79f750d823773a7a5457fa533c00b22810c04c3871

HTTP Headers

GET /thumbs/1701527730/137789481_webp HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:14 GMT
content-type: image/webp
content-length: 12396
etag: "278ac7a3ec9c4786fba834f100fe96d4"
last-modified: Sat, 02 Dec 2023 14:34:46 GMT
cache-control: public, max-age=1800, s-maxage=1800
access-control-allow-origin: *
access-control-allow-methods: GET
cf-cache-status: HIT
age: 5
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f44d0dcdbeb515-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

poweredby.jads.co/adshow.php?adzone=910220

185.94.236.246

1.9 kB

URL
poweredby.jads.co/adshow.php?adzone=910220
IP
185.94.236.246:0
ASN
#42567 Mojohost B.v.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (424), with CRLF, LF line terminators
Size
1.9 kB (1887 bytes)
Hash
dee269c573368692f4547fab368751ec
eb62bd3b10c880c0ddda1ddc7b985703dc9cdddd
bb5cf210778217194faaeea1375113664e3af529c22bbb39b01314ce32d31d3d

HTTP Headers

GET /adshow.php?adzone=910220 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:14 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=ac23f32445ea077f1f9cda847455e3de; expires=Sun, 01-Dec-2024 14:36:14 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps22340=1; expires=Sun, 03-Dec-2023 14:36:14 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
imps22340=1; expires=Sun, 03-Dec-2023 14:36:14 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
imps22340=1; expires=Sun, 03-Dec-2023 14:36:14 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
imps161=1; expires=Sun, 03-Dec-2023 14:36:14 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
imps61=1; expires=Sun, 03-Dec-2023 14:36:14 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YTo1OntpOjYyMzI2NjtpOjE3MDE3ODY5NzQ7aTo1OTI5NzQ7aToxNzAxNzg2OTc0O2k6NTkyOTc4O2k6MTcwMTc4Njk3NDtpOjExOTY3MTg7aToxNzAxNzg2OTc0O2k6MTE5Njk0MztpOjE3MDE3ODY5NzQ7fQ%3D%3D; expires=Tue, 05-Dec-2023 14:36:14 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Tue, 05-Dec-2023 14:36:14 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip

poweredby.jads.co/adshow.php?adzone=910220

185.94.236.246

1.9 kB

URL
poweredby.jads.co/adshow.php?adzone=910220
IP
185.94.236.246:0
ASN
#42567 Mojohost B.v.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (424), with CRLF, LF line terminators
Size
1.9 kB (1890 bytes)
Hash
9c004f67d14ac10463b7235a24789fd8
cf27d2843d0494ec2dfc6e67e4622505a4df8678
226a8cbcc29be944f3de0df6441fe413db67ce2a3b544442c9d6c9b3f379dbe6

HTTP Headers

GET /adshow.php?adzone=910220 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:14 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=ac23f32445ea077f1f9cda847455e3de; expires=Sun, 01-Dec-2024 14:36:14 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps22340=1; expires=Sun, 03-Dec-2023 14:36:14 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
imps22340=1; expires=Sun, 03-Dec-2023 14:36:14 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
imps22340=1; expires=Sun, 03-Dec-2023 14:36:14 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
imps161=1; expires=Sun, 03-Dec-2023 14:36:14 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
imps61=1; expires=Sun, 03-Dec-2023 14:36:14 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YTo1OntpOjYyMzI2NjtpOjE3MDE3ODY5NzQ7aTo1OTI5NzQ7aToxNzAxNzg2OTc0O2k6NTkyOTc4O2k6MTcwMTc4Njk3NDtpOjExOTY3MTg7aToxNzAxNzg2OTc0O2k6MTE5Njk0MztpOjE3MDE3ODY5NzQ7fQ%3D%3D; expires=Tue, 05-Dec-2023 14:36:14 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Tue, 05-Dec-2023 14:36:14 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip

img.strpst.com/thumbs/1701527730/135419928_webp

104.18.63.132

5.9 kB

URL
img.strpst.com/thumbs/1701527730/135419928_webp
IP
104.18.63.132:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 480x360, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
5.9 kB (5866 bytes)
Hash
b70fff335e888f42d21a7de7a01536a9
c2f4fdf77f9e0b04df1d47df7a39398a2d327021
0e21af78716742f4efced21118e48c09af3a92fde98c11c3604d8764e0ebcc31

HTTP Headers

GET /thumbs/1701527730/135419928_webp HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:14 GMT
content-type: image/webp
content-length: 5866
etag: "b70fff335e888f42d21a7de7a01536a9"
last-modified: Sat, 02 Dec 2023 14:35:00 GMT
cache-control: public, max-age=1800, s-maxage=1800
access-control-allow-origin: *
access-control-allow-methods: GET
cf-cache-status: HIT
age: 26
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f44d0e1e06b515-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.r2m03.amazontrust.com/

143.204.53.97

471 B

URL
ocsp.r2m03.amazontrust.com/
IP
143.204.53.97:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
5b7b378f2f2e1279be0c0f57ceb0cf93
f03e52739a3a7e746036c3b8b7c42015632a931a
a801964dabaa860b97b788b0dd71cc601c6b38279cf522be462c816352ce1265

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Sat, 02 Dec 2023 14:36:14 GMT
Last-Modified: Sat, 02 Dec 2023 13:06:06 GMT
Server: ECAcc (ska/F6BD)
X-Cache: Miss from cloudfront
Via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: bFaI4Q3OX_7eAXJnlC4chd5aqXn-I21Bi9zrPJqPex1N3Q6rYlQKfg==
Age: 5408

img.strpst.com/thumbs/1701527700/135419928_webp

104.18.63.132

5.9 kB

URL
img.strpst.com/thumbs/1701527700/135419928_webp
IP
104.18.63.132:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 480x360, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
5.9 kB (5928 bytes)
Hash
089778b564b73f4062c99ff4eae0e638
cf1a74652c9aa3c66652f5278ccd882185b337d6
6fa7accf9b057a92839b59bb090f57c05f9f3efc8b4203114b7cb69d9913d02e

HTTP Headers

GET /thumbs/1701527700/135419928_webp HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:14 GMT
content-type: image/webp
content-length: 5928
etag: "089778b564b73f4062c99ff4eae0e638"
last-modified: Sat, 02 Dec 2023 14:33:58 GMT
cache-control: public, max-age=1800, s-maxage=1800
access-control-allow-origin: *
access-control-allow-methods: GET
cf-cache-status: HIT
accept-ranges: bytes
set-cookie: __cflb=04dToQv5W8HjTXzSaiRCikG6ujPhqh8QxiuPicbysr; SameSite=None; Secure; path=/; expires=Sun, 03-Dec-23 14:36:14 GMT; HttpOnly
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f44d0e0df8b515-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

poweredby.jads.co/adshow.php?adzone=645821

185.94.236.246

1.7 kB

URL
poweredby.jads.co/adshow.php?adzone=645821
IP
185.94.236.246:0
ASN
#42567 Mojohost B.v.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (402), with CRLF, LF line terminators
Size
1.7 kB (1663 bytes)
Hash
9c98e5bb5bbe9f67e825718dfcb11bae
549ec6398364c4fa49e21435a74afd692d634c98
17431944875f79c53ad662ad5e40e44e38777b89a5c58e22e93ea66284fa99a4

HTTP Headers

GET /adshow.php?adzone=645821 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:14 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=ac23f32445ea077f1f9cda847455e3de; expires=Sun, 01-Dec-2024 14:36:14 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps154=1; expires=Sun, 03-Dec-2023 14:36:14 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YToxOntpOjU2MDYwODtpOjE3MDE3ODY5NzQ7fQ%3D%3D; expires=Tue, 05-Dec-2023 14:36:14 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Tue, 05-Dec-2023 14:36:14 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip

go.xlivrdr.com/api/models/ts?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&memberId=buP337LQNXs-_ARkcNw_aG2hGZYQzEdoHGg4zeSyDv4I17DfV8VE9VZqEmFSiXuGgp_1Uy0GIxTpGxjm-OKV-99cQON4PRjNxy_-SYa9MgUojPWOeA_gUIDRUi&p1=4359552&sourceId=349005&tag=men%2Ftwinks&isNew=1

104.18.51.106

2.3 kB

URL
go.xlivrdr.com/api/models/ts?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&memberId=buP337LQNXs-_ARkcNw_aG2hGZYQzEdoHGg4zeSyDv4I17DfV8VE9VZqEmFSiXuGgp_1Uy0GIxTpGxjm-OKV-99cQON4PRjNxy_-SYa9MgUojPWOeA_gUIDRUi&p1=4359552&sourceId=349005&tag=men%2Ftwinks&isNew=1
IP
104.18.51.106:0
ASN
#13335 CLOUDFLARENET

File type
JSON data\012- , ASCII text, with very long lines (1208), with no line terminators
Size
2.3 kB (2291 bytes)
Hash
8de58414f3f15fd4cbcbcc5d2184bad3
f30c5122a947e3533a1f3ee482692dd319200eaf
2f2319ae260c86d2817e6c2bdd0b00e0f435ffff14261dc8b5d45e2a5543fb98

HTTP Headers

GET /api/models/ts?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&memberId=buP337LQNXs-_ARkcNw_aG2hGZYQzEdoHGg4zeSyDv4I17DfV8VE9VZqEmFSiXuGgp_1Uy0GIxTpGxjm-OKV-99cQON4PRjNxy_-SYa9MgUojPWOeA_gUIDRUi&p1=4359552&sourceId=349005&tag=men%2Ftwinks&isNew=1 HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://top1pornmovies.sexjanet.com
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:13 GMT
content-type: application/json
access-control-allow-origin: http://top1pornmovies.sexjanet.com
access-control-allow-credentials: true
vary: Origin, Accept-Encoding
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64
cf-cache-status: DYNAMIC
set-cookie: __cflb=02DiuDFRFiBZBvMSLtrtWofa23shHb53UXPoNXafK3byW; SameSite=None; Secure; path=/; expires=Sun, 03-Dec-23 14:36:13 GMT; HttpOnly
server: cloudflare
cf-ray: 82f44d0a5f1256b5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

lcdn.tsyndicate.com/images/c/8/7579c785f2986f8f47a7044d6cb2da7ef887eb/main.jpg

8.247.217.249

13 kB

URL
lcdn.tsyndicate.com/images/c/8/7579c785f2986f8f47a7044d6cb2da7ef887eb/main.jpg
IP
8.247.217.249:0
ASN
#3356 LEVEL3

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 300x250, components 3\012- data
Size
13 kB (13354 bytes)
Hash
8ffa08aef3987f33360b04707abdf5bd
3b1423fb53c50d7827f8ff75989ca78ea5d2d1b6
00bba09b28c84e952ed0296af710e27c79745c11af8c4259b815e0dfe29385df

HTTP Headers

GET /images/c/8/7579c785f2986f8f47a7044d6cb2da7ef887eb/main.jpg HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://tsyndicate.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:14 GMT
content-type: image/jpeg
content-length: 13354
server: nginx
last-modified: Sat, 06 Aug 2022 09:18:12 GMT
x-robots-tag: noindex, nofollow
vary: Accept-Encoding
etag: W/"62ee31d4-34b2"
content-encoding: gzip
age: 10134458
accept-ranges: bytes
X-Firefox-Spdy: h2

proftrafficcounter.com/stats

18.184.210.76

40 B

URL
proftrafficcounter.com/stats
IP
18.184.210.76:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
c8dae155a1f6c6ea9448504c7d47684e
d472ff95d8a3dbd18151aa047c9c9e922be99275
ed1a808bcbe71539e098e86f119129f900139b17fcc87514fca41762f34118c4

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://top1pornmovies.sexjanet.com
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:14 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://top1pornmovies.sexjanet.com
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=c183314b-18db-4311-b819-cf40836c4c8a:2:1; expires=Tue, 29 Nov 2033 14:36:14 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

poweredby.jads.co/adshow.php?adzone=962243

185.94.236.246

1.7 kB

URL
poweredby.jads.co/adshow.php?adzone=962243
IP
185.94.236.246:0
ASN
#42567 Mojohost B.v.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (427), with CRLF, LF line terminators
Size
1.7 kB (1745 bytes)
Hash
8bfdffe5279f612b602edc2a756d1b5e
c0d37122a50c25b7aaea1dd807f5f5323ffadbce
dd7738e4d6c4c86e6ffcb8e9604a7e66204c7108d5ab8b21e4b14654d4b3838e

HTTP Headers

GET /adshow.php?adzone=962243 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:14 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=ac23f32445ea077f1f9cda847455e3de; expires=Sun, 01-Dec-2024 14:36:14 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps43654=1; expires=Sun, 03-Dec-2023 14:36:14 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
imps43654=1; expires=Sun, 03-Dec-2023 14:36:14 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YToyOntpOjEyMDQzNTM7aToxNzAxNzg2OTc0O2k6MTIwNDM1NztpOjE3MDE3ODY5NzQ7fQ%3D%3D; expires=Tue, 05-Dec-2023 14:36:14 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Tue, 05-Dec-2023 14:36:14 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip

marbleapplicationsblushing.com/d8/29/41/d82941888ca80b5e024c4d0a7cab0440.js

192.243.59.20

15 kB

URL
marbleapplicationsblushing.com/d8/29/41/d82941888ca80b5e024c4d0a7cab0440.js
IP
192.243.59.20:0
ASN
#39572 DataWeb Global Group B.V.

File type
ASCII text, with very long lines (42789), with no line terminators
Size
15 kB (15430 bytes)
Hash
cfe2cc6b41799869c57be8fbd8e509c1
fdb3c0914c4bcb675adb2be20dd746ad07635702
08be119b5bf6f1ff92c09fefec0f508374327afdac9782e84c26572ceeecf98a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /d8/29/41/d82941888ca80b5e024c4d0a7cab0440.js HTTP/1.1
Host: marbleapplicationsblushing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 02 Dec 2023 14:36:14 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 47e3813133a5f19658d90140192e3c77
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

go.eabids.com/banner.go?spaceid=5675442&keywords=&maincat=

217.22.19.194

1.3 kB

URL
go.eabids.com/banner.go?spaceid=5675442&keywords=&maincat=
IP
217.22.19.194:0
ASN
#42567 Mojohost B.v.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1290), with no line terminators
Size
1.3 kB (1290 bytes)
Hash
c4f6fbf7c22e21caf7a1d195799b923e
96c1184be90f04959b4eedec74ffdb65a98bf093
9ca9925ca8a904baad8cad427d80a49a6b99ac5187f23e0909599d0ba47ba103

HTTP Headers

GET /banner.go?spaceid=5675442&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:14 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 1290
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Janon, 02 12 2023 14:36:14 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
Accept-Ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
X-Backend-Server: nl2-web-201

go.eabids.com/banner.go?spaceid=5675443&keywords=&maincat=

217.22.19.194

737 B

URL
go.eabids.com/banner.go?spaceid=5675443&keywords=&maincat=
IP
217.22.19.194:0
ASN
#42567 Mojohost B.v.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (737), with no line terminators
Size
737 B (737 bytes)
Hash
79e13adb4fd0e46c0f0cd7fef127a4e7
17495b9972468908d4e2a95aab92926e1205af52
352d4e96861701939b8e79f9dfb49ef3ccd7669ff1168410a79015ffb34853f0

HTTP Headers

GET /banner.go?spaceid=5675443&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:14 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 737
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Janon, 02 12 2023 14:36:14 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
Accept-Ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
X-Backend-Server: nl2-web-200

go.eabids.com/banner.go?spaceid=7648656&maincat=

217.22.19.194

1.2 kB

URL
go.eabids.com/banner.go?spaceid=7648656&maincat=
IP
217.22.19.194:0
ASN
#42567 Mojohost B.v.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1242), with no line terminators
Size
1.2 kB (1242 bytes)
Hash
7ea2e23133f5ca9ee2976ca9a2355292
a58a6955ec80a211c2edf483df50a44e5672abe9
d41f34b186069ad43d2a99279dad76735599821659fc02f93c2f26ed9a5729fb

HTTP Headers

GET /banner.go?spaceid=7648656&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:14 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 1242
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Janon, 02 12 2023 14:36:14 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
Accept-Ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
X-Backend-Server: nl2-web-201

go.eabids.com/banner.go?spaceid=5675443&keywords=&maincat=

217.22.19.194

1.2 kB

URL
go.eabids.com/banner.go?spaceid=5675443&keywords=&maincat=
IP
217.22.19.194:0
ASN
#42567 Mojohost B.v.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1242), with no line terminators
Size
1.2 kB (1242 bytes)
Hash
0169fd4492cec0930e5ac4c3de06dd8c
3bd291c638902794c70c7c4f692660a17fd9a17c
c0e8ea6835c60bada491d8e022be910147cfa2dcc5bfe85aa8905e4a919f93d2

HTTP Headers

GET /banner.go?spaceid=5675443&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:14 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 1242
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Janon, 02 12 2023 14:36:14 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
Accept-Ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
X-Backend-Server: nl2-web-201

cdn.tsyndicate.com/sdk/v1/bi.js

8.247.218.249

3.1 kB

URL
cdn.tsyndicate.com/sdk/v1/bi.js
IP
8.247.218.249:0
ASN
#3356 LEVEL3

File type
C source, ASCII text, with very long lines (7708)
Size
3.1 kB (3084 bytes)
Hash
132db549c9f97232cccb62af9f2156b9
27a33f324e81bb08d48875a20ef18d1f22d90af9
566f0492535dba4934209ea2b08a9ee357f4c7febf4defc717e0cb1d789bb0e5

HTTP Headers

GET /sdk/v1/bi.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 05 Oct 2023 12:40:37 GMT
Content-Type: application/javascript
Content-Length: 3084
Connection: keep-alive
Server: nginx
Last-Modified: Mon, 02 Oct 2023 10:01:05 GMT
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"651a94e1-1e65"
Content-Encoding: gzip
Age: 5018137
Accept-Ranges: bytes

proftrafficcounter.com/stats

18.184.210.76

40 B

URL
proftrafficcounter.com/stats
IP
18.184.210.76:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
c8dae155a1f6c6ea9448504c7d47684e
d472ff95d8a3dbd18151aa047c9c9e922be99275
ed1a808bcbe71539e098e86f119129f900139b17fcc87514fca41762f34118c4

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://top1pornmovies.sexjanet.com
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Cookie: uid_id2=c183314b-18db-4311-b819-cf40836c4c8a:2:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:14 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://top1pornmovies.sexjanet.com
vary: Origin
access-control-allow-credentials: true
X-Firefox-Spdy: h2

poweredby.jads.co/adshow.php?adzone=961903

185.94.236.246

1.6 kB

URL
poweredby.jads.co/adshow.php?adzone=961903
IP
185.94.236.246:0
ASN
#42567 Mojohost B.v.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (427), with CRLF, LF line terminators
Size
1.6 kB (1608 bytes)
Hash
198057b3082f873cd77db8ce75f6f241
b88c0169fde65187c559fb8fb001063407fd43a8
3f63e937165a17a16527822dd51b31f3a1b30fbbc7909832cf39242d814061d0

HTTP Headers

GET /adshow.php?adzone=961903 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:14 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=ac23f32445ea077f1f9cda847455e3de; expires=Sun, 01-Dec-2024 14:36:14 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps43654=1; expires=Sun, 03-Dec-2023 14:36:14 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
imps42805=1; expires=Sun, 03-Dec-2023 14:36:14 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YToyOntpOjEyMDQzNTg7aToxNzAxNzg2OTc0O2k6MTE4ODIzMztpOjE3MDE3ODY5NzQ7fQ%3D%3D; expires=Tue, 05-Dec-2023 14:36:14 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Tue, 05-Dec-2023 14:36:14 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip

poweredby.jads.co/js/jads.js

185.94.236.246

178 B

URL
poweredby.jads.co/js/jads.js
IP
185.94.236.246:0
ASN
#42567 Mojohost B.v.

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
178 B (178 bytes)
Hash
cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d

HTTP Headers

GET /js/jads.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 02 Dec 2023 14:36:14 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: jads2.js

maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css

104.18.11.207

20 kB

URL
maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css
IP
104.18.11.207:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65371)
Size
20 kB (20350 bytes)
Hash
2f624089c65f12185e79925bc5a7fc42
8eb176c70b9cfa6871b76d6dc98fb526e7e9b3de
eece6e0c65b7007ab0eb1b4998d36dafe381449525824349128efc3f86f4c91c

HTTP Headers

GET /bootstrap/3.3.6/css/bootstrap.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://top1pornmovies.sexjanet.com
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:12 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"2f624089c65f12185e79925bc5a7fc42"
last-modified: Mon, 25 Jan 2021 22:03:59 GMT
cdn-cachedat: 10/31/2023 18:48:20
cdn-proxyver: 1.04
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 755
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 39425bcc68868716b921fcfb1ac01ef7
cdn-cache: HIT
cf-cache-status: MISS
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 82f44d042c865687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

poweredby.jads.co/js/jads.js

185.94.236.246

178 B

URL
poweredby.jads.co/js/jads.js
IP
185.94.236.246:0
ASN
#42567 Mojohost B.v.

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
178 B (178 bytes)
Hash
cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d

HTTP Headers

GET /js/jads.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 02 Dec 2023 14:36:14 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: jads2.js

poweredby.jads.co/js/jads.js

185.94.236.246

178 B

URL
poweredby.jads.co/js/jads.js
IP
185.94.236.246:0
ASN
#42567 Mojohost B.v.

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
178 B (178 bytes)
Hash
cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d

HTTP Headers

GET /js/jads.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 02 Dec 2023 14:36:14 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: jads2.js

top1pornmovies.sexjanet.com/viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b554b56555c4b555c5253555354554b555c5253555354553b5454553b075c015d4a0e1403

51.195.137.224

11 kB

URL
top1pornmovies.sexjanet.com/viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b554b56555c4b555c5253555354554b555c5253555354553b5454553b075c015d4a0e1403
IP
51.195.137.224:0
ASN
#16276 OVH SAS

File type
gzip compressed data, max speed, from Unix\012- data
Size
11 kB (10943 bytes)
Hash
7fb64cc02d670ba267116f8f1783c5ab
d398316d0824ab28a0460d8b6ec5320d1749dc19
153fe2955fff05a73bf6666bbea9532642dfb31555c035c39d25ab9f216876e7

HTTP Headers

GET /viewImage3?data=0c101014175e4b4b07000a0d4a140b160a140d07174a070b094b55565c544b554b56555c4b555c5253555354554b555c5253555354553b5454553b075c015d4a0e1403 HTTP/1.1
Host: top1pornmovies.sexjanet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx
Date: Sat, 02 Dec 2023 14:36:13 GMT
Content-Length: 233361
Connection: keep-alive
Cache-Control: max-age=31418383

pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0WYwSEmDEcyZlqYGUNDTAsaNnLUaJHDRpgZLcbUoBEjTJgyZmrIyDFGxMMwdXrqEHEDZ40yM8bcaCFjjI0yJ8mQodEChxkZZFqQqTFDjFccOW7AMCPGJ0QydhbWiAEjBo6HcOqU1XGDRo4cFSHCgbOQBo62Nh7OgTNRB40ZNVTScChiTBu-OmrgqHHDxtuzZig-FOPGzULENGOEfdjGDUaGeG3AgFv6tI2ZeevIYfP5xo3Jrx_WkZERDR06cOboePHCTBo3ZMaEaTPHBZs0dsq8GPPGjXE5bYKckf5DOZ0yZ97IydPjTJ08c7jUgQFDho0xz8es-ZKGTA8zUtzkuQInyZI5ZySRBxxXlJFFFW-cNMQSODxhhxo2aPGFFEbEkUQcRmDRQh5hJBHEFziMAYURQYTxhBphtYDHHUzU0YIabNywxgxMyGEFFHGwwdEbNVAxhQxonEGEEESUccMMMCCJhhA3HIHHGzZc0YYTM6zhBA1r0JBEEUac4UQaZaQBQw1RfHFGFUkQIUUVaajHnnsGDfYGHfTZd1hiM9XgZnvvLQdHGGmc4UadPUhGmWVmkfFGGxnR8QYcMcAhnhttvGEHmM3NUQYeaoThRhl0uEAdow95t9AWMsjQxWaZ6QCDC209JIcdkCGpWx1pZERZRDngFlMMY4SEUhk4tCDGDDMsBcNtVtFQhgwdkXGDWWlAJgJeLuTwKg0yuNAQDWbJQZ-12GrrArfezmRWHWFk1MQbeqTBBhthvFADrCCgcMVxit4xBwhOUAECW7DuAMK-bthAg8F4KGzwrAyNCWsKIBxRhnxvvCBDW-yxFQMIRqQhB05v4PECW_fCYNYYQongxBNmifcFyxm9bBYbLRfhRKJl2PHFyLQxRNltM1jGnqyCLiSDZDc8dJDPYsixEA6XPf1FpWQojYMNeZEhxxufPfSGQobB9TUeeaglK069_QbHcC84CqmkclBqKaYuaMqpp6CKuugLZt2RUQwy_GUWGoO3B65gs2b0NR1hOCpHC3W4kQYdTNngQnKExzxH4zoge2SqMPxFg9MtH_QF57xZxChDYjUkg21Hus4b7G3pRDtiMszwExk_lzHYF5FTFLvutvkuQs_Es4EQHWRvMQMNq0IkRmEiHGQGUGxMBBfOC63W2Gkw9KFAQA%3D%3D&s=091dc038911dbdbcaa52aa9a8df51c3fd13a5d5e8aa3f0726b048de467e5ece31701527773&w=t&r=1&d=347&priv=true

136.243.134.97

24 B

URL
pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0WYwSEmDEcyZlqYGUNDTAsaNnLUaJHDRpgZLcbUoBEjTJgyZmrIyDFGxMMwdXrqEHEDZ40yM8bcaCFjjI0yJ8mQodEChxkZZFqQqTFDjFccOW7AMCPGJ0QydhbWiAEjBo6HcOqU1XGDRo4cFSHCgbOQBo62Nh7OgTNRB40ZNVTScChiTBu-OmrgqHHDxtuzZig-FOPGzULENGOEfdjGDUaGeG3AgFv6tI2ZeevIYfP5xo3Jrx_WkZERDR06cOboePHCTBo3ZMaEaTPHBZs0dsq8GPPGjXE5bYKckf5DOZ0yZ97IydPjTJ08c7jUgQFDho0xz8es-ZKGTA8zUtzkuQInyZI5ZySRBxxXlJFFFW-cNMQSODxhhxo2aPGFFEbEkUQcRmDRQh5hJBHEFziMAYURQYTxhBphtYDHHUzU0YIabNywxgxMyGEFFHGwwdEbNVAxhQxonEGEEESUccMMMCCJhhA3HIHHGzZc0YYTM6zhBA1r0JBEEUac4UQaZaQBQw1RfHFGFUkQIUUVaajHnnsGDfYGHfTZd1hiM9XgZnvvLQdHGGmc4UadPUhGmWVmkfFGGxnR8QYcMcAhnhttvGEHmM3NUQYeaoThRhl0uEAdow95t9AWMsjQxWaZ6QCDC209JIcdkCGpWx1pZERZRDngFlMMY4SEUhk4tCDGDDMsBcNtVtFQhgwdkXGDWWlAJgJeLuTwKg0yuNAQDWbJQZ-12GrrArfezmRWHWFk1MQbeqTBBhthvFADrCCgcMVxit4xBwhOUAECW7DuAMK-bthAg8F4KGzwrAyNCWsKIBxRhnxvvCBDW-yxFQMIRqQhB05v4PECW_fCYNYYQongxBNmifcFyxm9bBYbLRfhRKJl2PHFyLQxRNltM1jGnqyCLiSDZDc8dJDPYsixEA6XPf1FpWQojYMNeZEhxxufPfSGQobB9TUeeaglK069_QbHcC84CqmkclBqKaYuaMqpp6CKuugLZt2RUQwy_GUWGoO3B65gs2b0NR1hOCpHC3W4kQYdTNngQnKExzxH4zoge2SqMPxFg9MtH_QF57xZxChDYjUkg21Hus4b7G3pRDtiMszwExk_lzHYF5FTFLvutvkuQs_Es4EQHWRvMQMNq0IkRmEiHGQGUGxMBBfOC63W2Gkw9KFAQA%3D%3D&s=091dc038911dbdbcaa52aa9a8df51c3fd13a5d5e8aa3f0726b048de467e5ece31701527773&w=t&r=1&d=347&priv=true
IP
136.243.134.97:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with no line terminators
Size
24 B (24 bytes)
Hash
0959ba36d476b6dc1994ba3c678b07c4
d30b94da72daa02766965206a85b7e0356375f5e
897410b87e27e3dfba3a7d6caab315a5e69cc941bb96d91fc74878a9b051843a

HTTP Headers

GET /api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0WYwSEmDEcyZlqYGUNDTAsaNnLUaJHDRpgZLcbUoBEjTJgyZmrIyDFGxMMwdXrqEHEDZ40yM8bcaCFjjI0yJ8mQodEChxkZZFqQqTFDjFccOW7AMCPGJ0QydhbWiAEjBo6HcOqU1XGDRo4cFSHCgbOQBo62Nh7OgTNRB40ZNVTScChiTBu-OmrgqHHDxtuzZig-FOPGzULENGOEfdjGDUaGeG3AgFv6tI2ZeevIYfP5xo3Jrx_WkZERDR06cOboePHCTBo3ZMaEaTPHBZs0dsq8GPPGjXE5bYKckf5DOZ0yZ97IydPjTJ08c7jUgQFDho0xz8es-ZKGTA8zUtzkuQInyZI5ZySRBxxXlJFFFW-cNMQSODxhhxo2aPGFFEbEkUQcRmDRQh5hJBHEFziMAYURQYTxhBphtYDHHUzU0YIabNywxgxMyGEFFHGwwdEbNVAxhQxonEGEEESUccMMMCCJhhA3HIHHGzZc0YYTM6zhBA1r0JBEEUac4UQaZaQBQw1RfHFGFUkQIUUVaajHnnsGDfYGHfTZd1hiM9XgZnvvLQdHGGmc4UadPUhGmWVmkfFGGxnR8QYcMcAhnhttvGEHmM3NUQYeaoThRhl0uEAdow95t9AWMsjQxWaZ6QCDC209JIcdkCGpWx1pZERZRDngFlMMY4SEUhk4tCDGDDMsBcNtVtFQhgwdkXGDWWlAJgJeLuTwKg0yuNAQDWbJQZ-12GrrArfezmRWHWFk1MQbeqTBBhthvFADrCCgcMVxit4xBwhOUAECW7DuAMK-bthAg8F4KGzwrAyNCWsKIBxRhnxvvCBDW-yxFQMIRqQhB05v4PECW_fCYNYYQongxBNmifcFyxm9bBYbLRfhRKJl2PHFyLQxRNltM1jGnqyCLiSDZDc8dJDPYsixEA6XPf1FpWQojYMNeZEhxxufPfSGQobB9TUeeaglK069_QbHcC84CqmkclBqKaYuaMqpp6CKuugLZt2RUQwy_GUWGoO3B65gs2b0NR1hOCpHC3W4kQYdTNngQnKExzxH4zoge2SqMPxFg9MtH_QF57xZxChDYjUkg21Hus4b7G3pRDtiMszwExk_lzHYF5FTFLvutvkuQs_Es4EQHWRvMQMNq0IkRmEiHGQGUGxMBBfOC63W2Gkw9KFAQA%3D%3D&s=091dc038911dbdbcaa52aa9a8df51c3fd13a5d5e8aa3f0726b048de467e5ece31701527773&w=t&r=1&d=347&priv=true HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://tsyndicate.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:14 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 24
Connection: keep-alive
X-Robots-Tag: noindex, nofollow

go.xlivrdr.com/api/models/ts?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&memberId=jYjZUhw35sIVmaMLcfNeKycpGI4Tyjdbf5k9iJ1Hfk1GoUg07gZCqDw5UbZjrpf6leV0NBLpYOgQvfUe83Vbs1Dt5luSFjXBQgYzkocRaM7pjyc7tA_gUIDRUi&p1=4359552&sourceId=349005&tag=men%2Ftwinks&isNew=1

104.18.51.106

2.3 kB

URL
go.xlivrdr.com/api/models/ts?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&memberId=jYjZUhw35sIVmaMLcfNeKycpGI4Tyjdbf5k9iJ1Hfk1GoUg07gZCqDw5UbZjrpf6leV0NBLpYOgQvfUe83Vbs1Dt5luSFjXBQgYzkocRaM7pjyc7tA_gUIDRUi&p1=4359552&sourceId=349005&tag=men%2Ftwinks&isNew=1
IP
104.18.51.106:0
ASN
#13335 CLOUDFLARENET

File type
JSON data\012- , ASCII text, with very long lines (1208), with no line terminators
Size
2.3 kB (2266 bytes)
Hash
3a9e5be19fd22d38a6e4d79f3e0055b5
21ad8d8969f41c32e7ca685e2e35d9b3597dedcd
ece268cdc1ff6db0d361d8c6c3a2dd7f55c5a179f0f77f303e43105afb364524

HTTP Headers

GET /api/models/ts?userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&memberId=jYjZUhw35sIVmaMLcfNeKycpGI4Tyjdbf5k9iJ1Hfk1GoUg07gZCqDw5UbZjrpf6leV0NBLpYOgQvfUe83Vbs1Dt5luSFjXBQgYzkocRaM7pjyc7tA_gUIDRUi&p1=4359552&sourceId=349005&tag=men%2Ftwinks&isNew=1 HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://top1pornmovies.sexjanet.com
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:13 GMT
content-type: application/json
access-control-allow-origin: http://top1pornmovies.sexjanet.com
access-control-allow-credentials: true
vary: Origin, Accept-Encoding
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64
cf-cache-status: DYNAMIC
set-cookie: __cflb=02DiuDFRFiBZBvMSLtrt9a1bWqoF8S1xaVGcfSdNAsFvC; SameSite=None; Secure; path=/; expires=Sun, 03-Dec-23 14:36:13 GMT; HttpOnly
server: cloudflare
cf-ray: 82f44d0a5f1056b5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

136.243.69.157

3.4 kB

URL
tsyndicate.com/iframes2/3fc4ed41601444c280369de89c76b12c.html?categories=porn%20galleries%2C%20sex%20dating%2C%20sex%20galleries%2C%20porn%20video&keywords=Free%20Porn%20Tube%20Sites%20interacial%2Cblossom%2Cgalliers%2Cfucks%2Cfree%2Colder%2Clane%2Ctaboo%2Cperky%2Cmouth%2Cwhile%2Ceuropean%2Ckidde%2Cparis%2Cdrama%2Cimages%2Ctwat%2Cadmires%2Cshooting%2Cblaze%2Cmargera%2Ccompany%2Cvidoes%2Cpenetration%2Cnaked%2Cemo%2Clatina%2Cread%2Ccucko%2Cgave%2Cjesse%2Csisters%2Chot%2Cnot%2Cjuan%2Ccock%2Ckikis%2Cfilipinos%2Cshowing%2Cteacher%2Csweets%2Cmary%2Chandjob%2Cblowjob%2Cass%2Cthe%2Cmachines%2Cbig%2Cmovie%2Cfuck%2Csheril%2Ctop%2Cfacial%2Cminiskirt%2Cforced%2Ccore%2Cemmellyrose%2Cunderwear%2Cdeep%2Canimal%2Cbabysitter%2Charper%2Ccommunity%2Ctags%2Csoft%2Csublou%2Chairy%2Cneil%2Cnew%2Cselfies%2Ccum%2Cdavis%2Ctease%2Crita%2Cmagicmovies%2Ctwinks%2Corgies%2Cthis%2Cenv%2Cgallery%2Ctwo%2Cgay%2Creal%2Cten%2Core%2Cwoman%2Camuter%2Cchrintine%2Cdvd%2Cfranki%2Ckate%2Cstar%2Cmodel%2Cretro%2Ciphone%2Cfisher%2Cbedroom%2Cteid%2Cmulato%2Cmade%2Cinteracial%2Cblossom%&extid=%7Bextid%7D&adb=0&clientjs=1&w=1280&h=1024&tz=0
IP
136.243.69.157:0
ASN
#24940 Hetzner Online GmbH

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4037)
Size
3.4 kB (3373 bytes)
Hash
7bde527224b9567e28bacdc91ea9bd26
e60dd416b1f6cd58b8b37af07fabc8e07448ba5a
48f43bacc5855b8c5bc4129260e783b8f4668a7b07c108a2e78d64ee90fe1953

HTTP Headers

GET /iframes2/3fc4ed41601444c280369de89c76b12c.html?categories=porn%20galleries%2C%20sex%20dating%2C%20sex%20galleries%2C%20porn%20video&keywords=Free%20Porn%20Tube%20Sites%20interacial%2Cblossom%2Cgalliers%2Cfucks%2Cfree%2Colder%2Clane%2Ctaboo%2Cperky%2Cmouth%2Cwhile%2Ceuropean%2Ckidde%2Cparis%2Cdrama%2Cimages%2Ctwat%2Cadmires%2Cshooting%2Cblaze%2Cmargera%2Ccompany%2Cvidoes%2Cpenetration%2Cnaked%2Cemo%2Clatina%2Cread%2Ccucko%2Cgave%2Cjesse%2Csisters%2Chot%2Cnot%2Cjuan%2Ccock%2Ckikis%2Cfilipinos%2Cshowing%2Cteacher%2Csweets%2Cmary%2Chandjob%2Cblowjob%2Cass%2Cthe%2Cmachines%2Cbig%2Cmovie%2Cfuck%2Csheril%2Ctop%2Cfacial%2Cminiskirt%2Cforced%2Ccore%2Cemmellyrose%2Cunderwear%2Cdeep%2Canimal%2Cbabysitter%2Charper%2Ccommunity%2Ctags%2Csoft%2Csublou%2Chairy%2Cneil%2Cnew%2Cselfies%2Ccum%2Cdavis%2Ctease%2Crita%2Cmagicmovies%2Ctwinks%2Corgies%2Cthis%2Cenv%2Cgallery%2Ctwo%2Cgay%2Creal%2Cten%2Core%2Cwoman%2Camuter%2Cchrintine%2Cdvd%2Cfranki%2Ckate%2Cstar%2Cmodel%2Cretro%2Ciphone%2Cfisher%2Cbedroom%2Cteid%2Cmulato%2Cmade%2Cinteracial%2Cblossom%&extid=%7Bextid%7D&adb=0&clientjs=1&w=1280&h=1024&tz=0 HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:15 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding, *
X-Api-Version: 2
Link: <http://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
X-Request-Id: 0ce2e149ae7bfa8d
Set-Cookie: ts_uid=0b25031c-7df2-4c22-a0e9-6feb1b80da9a; expires=Sun, 02 Jun 2024 14:36:15 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
Content-Encoding: gzip

i.jads.co/network/user500/22340-1505050832.jpg

205.185.216.42

27 kB

URL
i.jads.co/network/user500/22340-1505050832.jpg
IP
205.185.216.42:0
ASN
#20446 STACKPATH-CDN

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 125x125, components 3\012- data
Size
27 kB (26560 bytes)
Hash
bed7929bdf7525a5b1c67f4ba1379f86
aec311c85ab8b39878a25a4d76a25e3a1c2f4249
7b0975c9d2c93e1b595753bc0fc6b3cff54d9d3a5d9bcbd2da0fc2d2eea25f0c

HTTP Headers

GET /network/user500/22340-1505050832.jpg HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://poweredby.jads.co/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 02 Dec 2023 14:36:15 GMT
Connection: Keep-Alive
ETag: "1505050832"
Cache-Control: max-age=10518099
Content-Length: 26560
Content-Type: image/jpeg
Last-Modified: Sun, 10 Sep 2017 13:40:32 GMT
Accept-Ranges: bytes
X-HW: 1701527775.dop223.sk1.t,1701527775.cds239.sk1.c

i.jads.co/network/user500/22340-1516649183.gif

205.185.216.42

113 kB

URL
i.jads.co/network/user500/22340-1516649183.gif
IP
205.185.216.42:0
ASN
#20446 STACKPATH-CDN

File type
GIF image data, version 89a, 125 x 125\012- data
Size
113 kB (113308 bytes)
Hash
5973aed991a65a527f6072fe6f1ec8e1
66263d97a123af21466c1f8139bf6f2e418e3c8e
0a86a396c2888c2b3e9d7602b70550b084ae8172cedbb25b2d11c2d6ae75bfbc

HTTP Headers

GET /network/user500/22340-1516649183.gif HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://poweredby.jads.co/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 02 Dec 2023 14:36:15 GMT
Connection: Keep-Alive
ETag: "1516649183"
Cache-Control: max-age=10551392
Content-Length: 113308
Content-Type: image/gif
Last-Modified: Mon, 22 Jan 2018 19:26:23 GMT
Accept-Ranges: bytes
X-HW: 1701527775.dop225.sk1.t,1701527775.cds247.sk1.c

i.jads.co/network/user1037/1-1620069847-0968771001620069847.gif

205.185.216.42

50 kB

URL
i.jads.co/network/user1037/1-1620069847-0968771001620069847.gif
IP
205.185.216.42:0
ASN
#20446 STACKPATH-CDN

File type
GIF image data, version 89a, 125 x 125\012- data
Size
50 kB (50338 bytes)
Hash
21892ef883fe75929e3423c0658aa2e6
fff21726101b8ec646dae1dde41917a8275c9fd4
7d1d01037bbb70b1c3a52399183d14f158b4ba1d8beeb8154ca766f44a59cab6

HTTP Headers

GET /network/user1037/1-1620069847-0968771001620069847.gif HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://poweredby.jads.co/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 02 Dec 2023 14:36:15 GMT
Connection: Keep-Alive
ETag: "1620069847"
Cache-Control: max-age=31350986
Content-Length: 50338
Content-Type: image/gif
Last-Modified: Mon, 03 May 2021 19:24:07 GMT
Accept-Ranges: bytes
X-HW: 1701527775.dop223.sk1.t,1701527775.cds255.sk1.c

i.jads.co/network/user500/22340-1505050793.jpg

205.185.216.42

22 kB

URL
i.jads.co/network/user500/22340-1505050793.jpg
IP
205.185.216.42:0
ASN
#20446 STACKPATH-CDN

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 125x125, components 3\012- data
Size
22 kB (21977 bytes)
Hash
59bbbaf19fd3045edb3562338755664d
f4162992d9ef2fbf1cb2b6ae8208273c461de0b7
9f2c06880bb817b9dc2bd6309ee4893900177f5f745f5854938a270ef0b71ca1

HTTP Headers

GET /network/user500/22340-1505050793.jpg HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://poweredby.jads.co/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 02 Dec 2023 14:36:15 GMT
Connection: Keep-Alive
ETag: "1505050793"
Cache-Control: max-age=11331928
Content-Length: 21977
Content-Type: image/jpeg
Last-Modified: Sun, 10 Sep 2017 13:39:53 GMT
Accept-Ranges: bytes
X-HW: 1701527775.dop231.sk1.t,1701527775.cds203.sk1.c

i.jads.co/network/user500/25313-1554995837-0242531001554995837.gif

205.185.216.42

70 kB

URL
i.jads.co/network/user500/25313-1554995837-0242531001554995837.gif
IP
205.185.216.42:0
ASN
#20446 STACKPATH-CDN

File type
GIF image data, version 89a, 160 x 600\012- data
Size
70 kB (70056 bytes)
Hash
97ad8acd5ce123647a7c82374954eab4
9349e56bd07174460e93701d19b137f0a8594584
e0c6380b0745a43cee8b1faa2048ac13c961cd1638e0879902b5023ec8e6f74f

HTTP Headers

GET /network/user500/25313-1554995837-0242531001554995837.gif HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://poweredby.jads.co/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 02 Dec 2023 14:36:15 GMT
Connection: Keep-Alive
ETag: "1554995837"
Cache-Control: max-age=13173198
Content-Length: 70056
Content-Type: image/gif
Last-Modified: Thu, 11 Apr 2019 15:17:17 GMT
Accept-Ranges: bytes
X-HW: 1701527775.dop225.sk1.t,1701527775.cds246.sk1.c

i.jads.co/network/user1037/91-1485116233.gif

205.185.216.42

99 kB

URL
i.jads.co/network/user1037/91-1485116233.gif
IP
205.185.216.42:0
ASN
#20446 STACKPATH-CDN

File type
GIF image data, version 89a, 160 x 600\012- data
Size
99 kB (98655 bytes)
Hash
46e374a5bcf002d8ad58ae2720576f73
abca072586036bb28ba10ac5ae4b3222335134bb
3679b4611886311a520a0cad4428d904cca4f2dce5d0b675ae729a87663ec3be

HTTP Headers

GET /network/user1037/91-1485116233.gif HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://poweredby.jads.co/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 02 Dec 2023 14:36:15 GMT
Connection: Keep-Alive
ETag: "1485116233"
Cache-Control: max-age=10796391
Content-Length: 98655
Content-Type: image/gif
Last-Modified: Sun, 22 Jan 2017 20:17:13 GMT
Accept-Ranges: bytes
X-HW: 1701527775.dop223.sk1.t,1701527775.cds241.sk1.c

i.jads.co/network/user500/25313-1554995841-0087288001554995841.gif

205.185.216.10

97 kB

URL
i.jads.co/network/user500/25313-1554995841-0087288001554995841.gif
IP
205.185.216.10:0
ASN
#20446 STACKPATH-CDN

File type
GIF image data, version 89a, 160 x 600\012- data
Size
97 kB (96553 bytes)
Hash
5f10db83e739316ae5d4835bb7c5d63f
b79b820debf946bb7fa57aa8b245d05a268a3c0d
b0d9c921586ace071c4ca7ba385d2e25bdc0acf627e16d452929735b8d256e8d

HTTP Headers

GET /network/user500/25313-1554995841-0087288001554995841.gif HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://poweredby.jads.co/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 02 Dec 2023 14:36:15 GMT
Connection: Keep-Alive
ETag: "1554995841"
Cache-Control: max-age=17666820
Content-Length: 96553
Content-Type: image/gif
Last-Modified: Thu, 11 Apr 2019 15:17:21 GMT
Accept-Ranges: bytes
X-HW: 1701527775.dop207.sk1.t,1701527775.cds245.sk1.c

i.jads.co/ads/user73355/ad1891073-1700351600.jpg

205.185.216.42

26 kB

URL
i.jads.co/ads/user73355/ad1891073-1700351600.jpg
IP
205.185.216.42:0
ASN
#20446 STACKPATH-CDN

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 160x600, components 3\012- data
Size
26 kB (26493 bytes)
Hash
382f220acc7ddc16f8bceb1f8938fe1d
57f2f1b3d15aeaf2404cd489656b6ed5ade3a1c5
89c603e7b5d1b41dffc4cf146c9ecd7d2fbfb624a9f8b591330a0412666b83c7

HTTP Headers

GET /ads/user73355/ad1891073-1700351600.jpg HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://poweredby.jads.co/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 02 Dec 2023 14:36:15 GMT
Connection: Keep-Alive
ETag: "1700351600"
Cache-Control: max-age=30359988
Content-Length: 26493
Content-Type: image/jpeg
Last-Modified: Sat, 18 Nov 2023 23:53:20 GMT
Accept-Ranges: bytes
X-HW: 1701527775.dop225.sk1.t,1701527775.cds253.sk1.c

i.jads.co/ads/user73355/ad1891072-1700351627.jpg

205.185.216.42

23 kB

URL
i.jads.co/ads/user73355/ad1891072-1700351627.jpg
IP
205.185.216.42:0
ASN
#20446 STACKPATH-CDN

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 160x600, components 3\012- data
Size
23 kB (22773 bytes)
Hash
eeeefb3f19b31f84337382fabd167dfb
37d2c124a46e8e8a6ff4b361294ac6d0add72d5a
28903761d2777789f9609b28998fac4b6cee0c830924612f8c3faeebb9c4fba5

HTTP Headers

GET /ads/user73355/ad1891072-1700351627.jpg HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://poweredby.jads.co/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 02 Dec 2023 14:36:15 GMT
Connection: Keep-Alive
ETag: "1700351627"
Cache-Control: max-age=30359988
Content-Length: 22773
Content-Type: image/jpeg
Last-Modified: Sat, 18 Nov 2023 23:53:47 GMT
Accept-Ranges: bytes
X-HW: 1701527775.dop231.sk1.t,1701527775.cds216.sk1.c

i.jads.co/network/user500/22340-1516649183.gif

205.185.216.42

113 kB

URL
i.jads.co/network/user500/22340-1516649183.gif
IP
205.185.216.42:0
ASN
#20446 STACKPATH-CDN

File type
GIF image data, version 89a, 125 x 125\012- data
Size
113 kB (113308 bytes)
Hash
5973aed991a65a527f6072fe6f1ec8e1
66263d97a123af21466c1f8139bf6f2e418e3c8e
0a86a396c2888c2b3e9d7602b70550b084ae8172cedbb25b2d11c2d6ae75bfbc

HTTP Headers

GET /network/user500/22340-1516649183.gif HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://poweredby.jads.co/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 02 Dec 2023 14:36:15 GMT
Connection: Keep-Alive
ETag: "1516649183"
Cache-Control: max-age=10551392
Content-Length: 113308
Content-Type: image/gif
Last-Modified: Mon, 22 Jan 2018 19:26:23 GMT
Accept-Ranges: bytes
X-HW: 1701527775.dop225.sk1.t,1701527775.cds247.sk1.c

i.jads.co/network/user500/22340-1505050793.jpg

205.185.216.42

22 kB

URL
i.jads.co/network/user500/22340-1505050793.jpg
IP
205.185.216.42:0
ASN
#20446 STACKPATH-CDN

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 125x125, components 3\012- data
Size
22 kB (21977 bytes)
Hash
59bbbaf19fd3045edb3562338755664d
f4162992d9ef2fbf1cb2b6ae8208273c461de0b7
9f2c06880bb817b9dc2bd6309ee4893900177f5f745f5854938a270ef0b71ca1

HTTP Headers

GET /network/user500/22340-1505050793.jpg HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://poweredby.jads.co/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 02 Dec 2023 14:36:15 GMT
Connection: Keep-Alive
ETag: "1505050793"
Cache-Control: max-age=11331928
Content-Length: 21977
Content-Type: image/jpeg
Last-Modified: Sun, 10 Sep 2017 13:39:53 GMT
Accept-Ranges: bytes
X-HW: 1701527775.dop223.sk1.t,1701527775.cds203.sk1.c

bngpt.com/promo.php?c=688955&subid=2|159344|113814|no|112022|40568593|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|91.90.42.154|0|0|0|0|3143242&subid2=113814&type=banner&size=300x250&name=st_true;st_dali;st_random_all;on_off;st_x2;double2;how_long;st-double-penetration

94.199.255.192

0 B

URL
bngpt.com/promo.php?c=688955&subid=2|159344|113814|no|112022|40568593|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|91.90.42.154|0|0|0|0|3143242&subid2=113814&type=banner&size=300x250&name=st_true;st_dali;st_random_all;on_off;st_x2;double2;how_long;st-double-penetration
IP
94.199.255.192:0
ASN
#48684 Viking Host B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /promo.php?c=688955&subid=2|159344|113814|no|112022|40568593|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|91.90.42.154|0|0|0|0|3143242&subid2=113814&type=banner&size=300x250&name=st_true;st_dali;st_random_all;on_off;st_x2;double2;how_long;st-double-penetration HTTP/1.1
Host: bngpt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://go.eabids.com/
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
content-length: 0
location: https://bngpt.com/promo.php?c=688955&subid=2|159344|113814|no|112022|40568593|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|91.90.42.154|0|0|0|0|3143242&subid2=113814&type=banner&size=300x250&name=st_true;st_dali;st_random_all;on_off;st_x2;double2;how_long;st-double-penetration

static.eabids.com/data/bannerpools/112022/33807.jpg

217.22.19.195

17 kB

URL
static.eabids.com/data/bannerpools/112022/33807.jpg
IP
217.22.19.195:0
ASN
#42567 Mojohost B.v.

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 300x250, components 3\012- data
Size
17 kB (17139 bytes)
Hash
5cdf4fdb75c84c7fe9c95a9c43d4558d
d615fb1c007bcc0995b1bc72fe21a47e98f6094f
9e1ca0a8aa682706ecff90fe20dba9c9c9188160b26af5d87bed3763663cfaea

HTTP Headers

GET /data/bannerpools/112022/33807.jpg HTTP/1.1
Host: static.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://go.eabids.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:15 GMT
Content-Type: image/jpeg
Content-Length: 17139
Last-Modified: Thu, 28 Apr 2022 13:46:32 GMT
Connection: keep-alive
ETag: "626a9ab8-42f3"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Backend-Server: nl2-static-221
Accept-Ranges: bytes

i.jads.co/network/user500/22340-1505050832.jpg

205.185.216.10

27 kB

URL
i.jads.co/network/user500/22340-1505050832.jpg
IP
205.185.216.10:0
ASN
#20446 STACKPATH-CDN

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 125x125, components 3\012- data
Size
27 kB (26560 bytes)
Hash
bed7929bdf7525a5b1c67f4ba1379f86
aec311c85ab8b39878a25a4d76a25e3a1c2f4249
7b0975c9d2c93e1b595753bc0fc6b3cff54d9d3a5d9bcbd2da0fc2d2eea25f0c

HTTP Headers

GET /network/user500/22340-1505050832.jpg HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://poweredby.jads.co/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 02 Dec 2023 14:36:15 GMT
Connection: Keep-Alive
ETag: "1505050832"
Cache-Control: max-age=10518099
Content-Length: 26560
Content-Type: image/jpeg
Last-Modified: Sun, 10 Sep 2017 13:40:32 GMT
Accept-Ranges: bytes
X-HW: 1701527775.dop207.sk1.t,1701527775.cds239.sk1.c

i.jads.co/network/user1037/1-1620069847-0968771001620069847.gif

205.185.216.42

50 kB

URL
i.jads.co/network/user1037/1-1620069847-0968771001620069847.gif
IP
205.185.216.42:0
ASN
#20446 STACKPATH-CDN

File type
GIF image data, version 89a, 125 x 125\012- data
Size
50 kB (50338 bytes)
Hash
21892ef883fe75929e3423c0658aa2e6
fff21726101b8ec646dae1dde41917a8275c9fd4
7d1d01037bbb70b1c3a52399183d14f158b4ba1d8beeb8154ca766f44a59cab6

HTTP Headers

GET /network/user1037/1-1620069847-0968771001620069847.gif HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://poweredby.jads.co/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 02 Dec 2023 14:36:15 GMT
Connection: Keep-Alive
ETag: "1620069847"
Cache-Control: max-age=31350986
Content-Length: 50338
Content-Type: image/gif
Last-Modified: Mon, 03 May 2021 19:24:07 GMT
Accept-Ranges: bytes
X-HW: 1701527775.dop231.sk1.t,1701527775.cds255.sk1.c

static.eabids.com/data/bannerpools/112022/33787.jpg

217.22.19.195

71 kB

URL
static.eabids.com/data/bannerpools/112022/33787.jpg
IP
217.22.19.195:0
ASN
#42567 Mojohost B.v.

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 300x250, components 3\012- data
Size
71 kB (70871 bytes)
Hash
387373380dcfc61ada03ef6a4b0ac0c6
3ade6f37b9d601e7fbfc2a65532bcc11fab48f1e
0edc5f4b7e5596c6f319965a15888ec3886b848df46d4f1d440cc28806e7c8d1

HTTP Headers

GET /data/bannerpools/112022/33787.jpg HTTP/1.1
Host: static.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://go.eabids.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:15 GMT
Content-Type: image/jpeg
Content-Length: 70871
Last-Modified: Thu, 28 Apr 2022 13:46:29 GMT
Connection: keep-alive
ETag: "626a9ab5-114d7"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Backend-Server: nl2-static-222
Accept-Ranges: bytes

static.eabids.com/data/bannerpools/112022/33914.jpg

217.22.19.195

56 kB

URL
static.eabids.com/data/bannerpools/112022/33914.jpg
IP
217.22.19.195:0
ASN
#42567 Mojohost B.v.

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 300x250, components 3\012- data
Size
56 kB (55763 bytes)
Hash
0d73f84edb500eb29390381ce09c3ab8
a0bceb870344cbf828a3fce11e84db7764890018
bf65716b37bab758fda7e676423a92d5861292cd369402cc1359f8597049e477

HTTP Headers

GET /data/bannerpools/112022/33914.jpg HTTP/1.1
Host: static.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://go.eabids.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:15 GMT
Content-Type: image/jpeg
Content-Length: 55763
Last-Modified: Thu, 28 Apr 2022 13:46:23 GMT
Connection: keep-alive
ETag: "626a9aaf-d9d3"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Backend-Server: nl2-static-224
Accept-Ranges: bytes

friendshipmale.com/sfp.js

104.21.234.32

28 kB

URL
friendshipmale.com/sfp.js
IP
104.21.234.32:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Size
28 kB (27568 bytes)
Hash
924e967bca1d599992556a8d139b1c5a
222b09dbf164ddc03d39100fd0524a22018d28b2
ac84c2f8288b59f8e04ba77287ce696052bfeee0d462a566d94dc305df646c95

HTTP Headers

GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 02 Dec 2023 14:36:15 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: max-age=14400
X-Request-ID: 563bfab9a5c03896cd1cef009e4a5176
Strict-Transport-Security: max-age=0; includeSubdomains
CF-Cache-Status: EXPIRED
Last-Modified: Sat, 02 Dec 2023 14:36:14 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vQV0a51FdfkYXdKoPwCNeKsX4LxdXYobGHHFXQbUnYCNO4giaQ5ZFpyXggM07oeVoiCIBd5iPXDqnq0WNqfSfqTbV%2BWyJZHoVg6yYgQl5VTUDG1MDY3%2BkYlaAYZE9nJ0%2BAJ%2BeVA%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 82f44d112fe6b51b-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

i.jads.co/network/user500/25313-1554995841-0794293001554995841.gif

205.185.216.42

102 kB

URL
i.jads.co/network/user500/25313-1554995841-0794293001554995841.gif
IP
205.185.216.42:0
ASN
#20446 STACKPATH-CDN

File type
GIF image data, version 89a, 160 x 600\012- data
Size
102 kB (102513 bytes)
Hash
514c9b51c2b4d688a11b2dcc5c8e02e3
2782f479d6b207e35d1691da672394401143b0df
0fe77f5a52b2c06fe19cee3b40d320825e27a84ff9afd60c098041bfc99a8c7b

HTTP Headers

GET /network/user500/25313-1554995841-0794293001554995841.gif HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://poweredby.jads.co/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 02 Dec 2023 14:36:15 GMT
Connection: Keep-Alive
ETag: "1554995841"
Cache-Control: max-age=18780522
Content-Length: 102513
Content-Type: image/gif
Last-Modified: Thu, 11 Apr 2019 15:17:21 GMT
Accept-Ranges: bytes
X-HW: 1701527775.dop225.sk1.t,1701527775.cds242.sk1.c

i.jads.co/network/user500/42805-1620418850-0607635001620418850.png

205.185.216.42

7.7 kB

URL
i.jads.co/network/user500/42805-1620418850-0607635001620418850.png
IP
205.185.216.42:0
ASN
#20446 STACKPATH-CDN

File type
PNG image data, 160 x 600, 8-bit/color RGBA, non-interlaced\012- data
Size
7.7 kB (7705 bytes)
Hash
7cd81fe0477f9fbe340eee458eee3a3b
7b58a4ec5462d217efda00ca795cb41d39f8e70d
6174409bb6401d82a0cf95e277502c3f920d1859466e0a93e8ba653054ee962a

HTTP Headers

GET /network/user500/42805-1620418850-0607635001620418850.png HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://poweredby.jads.co/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 02 Dec 2023 14:36:15 GMT
Connection: Keep-Alive
ETag: "1620418850"
Cache-Control: max-age=11410369
Content-Length: 7705
Content-Type: image/png
Last-Modified: Fri, 07 May 2021 20:20:50 GMT
Accept-Ranges: bytes
X-HW: 1701527775.dop223.sk1.t,1701527775.cds258.sk1.c

lcdn.tsyndicate.com/sdk/v1/b.b.js

8.247.217.249

2.6 kB

URL
lcdn.tsyndicate.com/sdk/v1/b.b.js
IP
8.247.217.249:0
ASN
#3356 LEVEL3

File type
ASCII text, with very long lines (2590)
Size
2.6 kB (2640 bytes)
Hash
b0a8eae036a72f605538b002e33f7023
5916ea9eeb0b676d6f44637601c40d0dc69542d1
7b9affd37cf01ac1a4c5f4a4ccb1936f0412ff771fb24e36a55682d2bf0ac554

HTTP Headers

GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://tsyndicate.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 02 Aug 2023 21:23:32 GMT
Content-Type: application/javascript
Content-Length: 2640
Connection: keep-alive
Server: nginx
Last-Modified: Tue, 25 Jul 2023 12:28:26 GMT
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"64bfbfea-1f37"
Content-Encoding: gzip
Age: 10516363
Accept-Ranges: bytes

nationhandbook.com/28/85/33/28853392a76a14b1426991b6def2243b.js

192.243.59.12

15 kB

URL
nationhandbook.com/28/85/33/28853392a76a14b1426991b6def2243b.js
IP
192.243.59.12:0
ASN
#39572 DataWeb Global Group B.V.

File type
ASCII text, with very long lines (42831), with no line terminators
Size
15 kB (15432 bytes)
Hash
4d9e6ff75139f05fd2784d1892f2f884
acbce0e3f0624c79850ba728ab0e19ee9cbbf7c6
5aea1632e353c1f1775339c257eff95a01a2e4b8a5fb1c4c9b7aea4ed07fdea9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /28/85/33/28853392a76a14b1426991b6def2243b.js HTTP/1.1
Host: nationhandbook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 02 Dec 2023 14:36:15 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d2767bf6775cdd24b948259bdf1914d8
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

lcdn.tsyndicate.com/images/3/b/4e35a5958cfa2c43dbb54b8cd867cde434e12d/main.jpg

8.247.217.249

17 kB

URL
lcdn.tsyndicate.com/images/3/b/4e35a5958cfa2c43dbb54b8cd867cde434e12d/main.jpg
IP
8.247.217.249:0
ASN
#3356 LEVEL3

File type
JPEG image data, baseline, precision 8, 300x250, components 3\012- data
Size
17 kB (16708 bytes)
Hash
ff62e7dd502dd1578801693cfe7e62fd
bcb86027bd0e9f16e5cde04ac947e42010d4d38b
7a083db91500b97bbb77349aec3b1c3b36bf4ed582210daedc83a067e82c1386

HTTP Headers

GET /images/3/b/4e35a5958cfa2c43dbb54b8cd867cde434e12d/main.jpg HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://tsyndicate.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:15 GMT
content-type: image/jpeg
content-length: 16708
server: nginx
last-modified: Fri, 16 Sep 2022 14:08:18 GMT
x-robots-tag: noindex, nofollow
vary: Accept-Encoding
etag: W/"63248352-426a"
content-encoding: gzip
age: 10134457
accept-ranges: bytes
X-Firefox-Spdy: h2

i.jads.co/network/user500/33261-1578041695-0492553001578041695.png

205.185.216.42

9.9 kB

URL
i.jads.co/network/user500/33261-1578041695-0492553001578041695.png
IP
205.185.216.42:0
ASN
#20446 STACKPATH-CDN

File type
PNG image data, 468 x 60, 8-bit/color RGBA, non-interlaced\012- data
Size
9.9 kB (9929 bytes)
Hash
c41645988ff97df6dc5c57b2cb76d146
b3b57f2b490076f3a1f3dd30ddaa950cfc1e4c97
9d92d08fe102c2a4b71df0dc2ba73f116ff31f76552e8ce3b6652a8273620328

HTTP Headers

GET /network/user500/33261-1578041695-0492553001578041695.png HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://poweredby.jads.co/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 02 Dec 2023 14:36:15 GMT
Connection: Keep-Alive
ETag: "1578041695"
Cache-Control: max-age=3813023
Content-Length: 9929
Content-Type: image/png
Last-Modified: Fri, 03 Jan 2020 08:54:55 GMT
Accept-Ranges: bytes
X-HW: 1701527775.dop225.sk1.t,1701527775.cds261.sk1.c

comedianthirteenth.com/11115435c35e6b966b90a5f936e0edcc/invoke.js

192.243.61.225

11 kB

URL
comedianthirteenth.com/11115435c35e6b966b90a5f936e0edcc/invoke.js
IP
192.243.61.225:0
ASN
#39572 DataWeb Global Group B.V.

File type
exported SGML document, ASCII text, with very long lines (29629), with no line terminators
Size
11 kB (10942 bytes)
Hash
f43f0effe31b63a0cc48d6ee9563ead1
8c9831e9ba273b88dcf6891a6fbc78d4b0d10716
5a3e8e3682c51184079717553531541465933e86f9554793004042f13a13ec74

HTTP Headers

GET /11115435c35e6b966b90a5f936e0edcc/invoke.js HTTP/1.1
Host: comedianthirteenth.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 14:36:15 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e19f97e3359f1e89cc1e63295a26e102
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

poweredby.jads.co/js/jads2.js

185.94.236.246

1.7 kB

URL
poweredby.jads.co/js/jads2.js
IP
185.94.236.246:0
ASN
#42567 Mojohost B.v.

File type
ASCII text, with very long lines (3758), with no line terminators
Size
1.7 kB (1719 bytes)
Hash
bc8141c4650030c41f6a98026b12ce80
af5618f7e467a207d4c64627be580283ab5640cd
5ad0b5133e45b32908a388c8c6dcfca2c23d1d9d3e2ed6a839a742bab1ffde51

HTTP Headers

GET /js/jads2.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://top1pornmovies.sexjanet.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:15 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 20 Sep 2023 21:26:09 GMT
Transfer-Encoding: chunked
Connection: close
ETag: W/"650b6371-eae"
Content-Encoding: gzip

poweredby.jads.co/js/jads2.js

185.94.236.246

1.7 kB

URL
poweredby.jads.co/js/jads2.js
IP
185.94.236.246:0
ASN
#42567 Mojohost B.v.

File type
ASCII text, with very long lines (3758), with no line terminators
Size
1.7 kB (1719 bytes)
Hash
bc8141c4650030c41f6a98026b12ce80
af5618f7e467a207d4c64627be580283ab5640cd
5ad0b5133e45b32908a388c8c6dcfca2c23d1d9d3e2ed6a839a742bab1ffde51

HTTP Headers

GET /js/jads2.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://top1pornmovies.sexjanet.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:15 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 20 Sep 2023 21:26:09 GMT
Transfer-Encoding: chunked
Connection: close
ETag: W/"650b6371-eae"
Content-Encoding: gzip

poweredby.jads.co/js/jads2.js

185.94.236.246

1.7 kB

URL
poweredby.jads.co/js/jads2.js
IP
185.94.236.246:0
ASN
#42567 Mojohost B.v.

File type
ASCII text, with very long lines (3758), with no line terminators
Size
1.7 kB (1719 bytes)
Hash
bc8141c4650030c41f6a98026b12ce80
af5618f7e467a207d4c64627be580283ab5640cd
5ad0b5133e45b32908a388c8c6dcfca2c23d1d9d3e2ed6a839a742bab1ffde51

HTTP Headers

GET /js/jads2.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://top1pornmovies.sexjanet.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:15 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 20 Sep 2023 21:26:09 GMT
Transfer-Encoding: chunked
Connection: close
ETag: W/"650b6371-eae"
Content-Encoding: gzip

pxl.tsyndicate.com/api/v1/elapsedtime?f=banner%20300x250&sc=3fc4ed41601444c280369de89c76b12c&hn=top1pornmovies.sexjanet.com&et=193

136.243.134.97

0 B

URL
pxl.tsyndicate.com/api/v1/elapsedtime?f=banner%20300x250&sc=3fc4ed41601444c280369de89c76b12c&hn=top1pornmovies.sexjanet.com&et=193
IP
136.243.134.97:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /api/v1/elapsedtime?f=banner%20300x250&sc=3fc4ed41601444c280369de89c76b12c&hn=top1pornmovies.sexjanet.com&et=193 HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:15 GMT
Content-Length: 0
Connection: keep-alive
X-Robots-Tag: noindex, nofollow

ocsp.usertrust.com/

172.64.149.23

472 B

URL
ocsp.usertrust.com/
IP
172.64.149.23:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
187d0e0ed082339d9d51fdf35d537bae
7df78b485c0c8fb4ec0798ff00e2251a37d8291a
1ad4689cac6ce528e424f17d8e906194329df937a5b1db74f515cc930ffc6b38

HTTP Headers

POST / HTTP/1.1
Host: ocsp.usertrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 02 Dec 2023 14:36:15 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 29 Nov 2023 17:58:55 GMT
Expires: Wed, 06 Dec 2023 17:58:54 GMT
Etag: "7df78b485c0c8fb4ec0798ff00e2251a37d8291a"
Cache-Control: max-age=603471,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 1430
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 82f44d155fa75690-OSL

friendshipmale.com/sfp.js

104.21.234.32

28 kB

URL
friendshipmale.com/sfp.js
IP
104.21.234.32:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Size
28 kB (27568 bytes)
Hash
924e967bca1d599992556a8d139b1c5a
222b09dbf164ddc03d39100fd0524a22018d28b2
ac84c2f8288b59f8e04ba77287ce696052bfeee0d462a566d94dc305df646c95

HTTP Headers

GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 02 Dec 2023 14:36:15 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: max-age=14400
X-Request-ID: f54f017014dd3d2b196a39aabfa67810
Strict-Transport-Security: max-age=0; includeSubdomains
CF-Cache-Status: EXPIRED
Last-Modified: Sat, 02 Dec 2023 14:36:15 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CIa%2B221VzUDgC%2B6KJOSyu7c65kgM7a0%2BVlcNxJ3ZtfdjOdc3jJAxAVXQxZ5fScLlSt6PjZMV7DKc68LaJIFbQ7X6alvxKPAC29Un10vdRAJmyVLauoz7jqB8mc%2B%2FrUKftFEJxxA%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 82f44d14dc77b51b-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

semicolonrichsieve.com/d8/29/41/d82941888ca80b5e024c4d0a7cab0440.js

173.233.137.44

15 kB

URL
semicolonrichsieve.com/d8/29/41/d82941888ca80b5e024c4d0a7cab0440.js
IP
173.233.137.44:0
ASN
#7979 SERVERS-COM

File type
ASCII text, with very long lines (42765), with no line terminators
Size
15 kB (15417 bytes)
Hash
5c34aa121e9cdd77b77fa3fd60992ef8
ac7cb5689367113ca246a583a85864e1e6b4624e
6b35fd50eb305f8abf4730f551ccf486d43779b86e6481e9544dc7e103097af7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /d8/29/41/d82941888ca80b5e024c4d0a7cab0440.js HTTP/1.1
Host: semicolonrichsieve.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 14:36:15 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 79a5ebd33f185179d8bb0b2babde2df1
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

poweredby.jads.co/js/jads.js

185.94.236.246

178 B

URL
poweredby.jads.co/js/jads.js
IP
185.94.236.246:0
ASN
#42567 Mojohost B.v.

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
178 B (178 bytes)
Hash
cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d

HTTP Headers

GET /js/jads.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 02 Dec 2023 14:36:15 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: jads2.js

lcdn.tsyndicate.com/images/3/b/4e35a5958cfa2c43dbb54b8cd867cde434e12d/main.mp4

8.247.217.249

72 kB

URL
lcdn.tsyndicate.com/images/3/b/4e35a5958cfa2c43dbb54b8cd867cde434e12d/main.mp4
IP
8.247.217.249:0
ASN
#3356 LEVEL3

File type
ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Size
72 kB (71726 bytes)
Hash
9397d0081e43e28c2672af2d2aa5cb2e
402e166f9fd6808a50c721f27973aa3f4af81276
27ede6f57e904e3615ae3d97c6c310eb2ed2cbaa08185308f518275d4f5e3c3b

HTTP Headers

GET /images/3/b/4e35a5958cfa2c43dbb54b8cd867cde434e12d/main.mp4 HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: http://tsyndicate.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 206 Partial Content
date: Sat, 02 Dec 2023 14:36:15 GMT
content-type: video/mp4
content-length: 71726
server: nginx
last-modified: Fri, 16 Sep 2022 14:08:18 GMT
etag: "63248352-1182e"
x-robots-tag: noindex, nofollow
age: 9946415
content-range: bytes 0-71725/71726
X-Firefox-Spdy: h2

poweredby.jads.co/adshow.php?adzone=940998

185.94.236.246

1.7 kB

URL
poweredby.jads.co/adshow.php?adzone=940998
IP
185.94.236.246:0
ASN
#42567 Mojohost B.v.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (419), with CRLF, LF line terminators
Size
1.7 kB (1671 bytes)
Hash
ee1add6a44c99f3bcc6826fc6da3c314
9dc0ac704b236c8fa1b083e4c330c34458698dfa
71a0388c9a73ab605ad09edc43feb6074bf0081b3e9943dc0eada8c8b8ff757c

HTTP Headers

GET /adshow.php?adzone=940998 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:15 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=20910565125142ac30e85fa1faa69a3c; expires=Sun, 01-Dec-2024 14:36:15 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps22340=1; expires=Sun, 03-Dec-2023 14:36:15 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YToxOntpOjU5Mjk3MjtpOjE3MDE3ODY5NzU7fQ%3D%3D; expires=Tue, 05-Dec-2023 14:36:15 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Tue, 05-Dec-2023 14:36:15 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip

pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zCyGKGRNjBowbMFpEhCGjBY0YYnK0EAPDjJgWM3DUCHNDDI4yOWDQFPEwTJ0xGcXUIBNDhpkwJckcVEnDxskWOKLaaDHThtEaNWbQEHNDBk-IZOwsrBEDRgwcD-HUEbPwBo0cOSpChANnIQ0cZm08nANnog4aM2rkqEHDoYgxberqqCHzhg20YM1QfCjGjZuFgU_GyEHjYRs3GBnGtQEj7efQNgjLrSOHDeYbN2RafVjHq46BdOjAmaPjxQszadyQGROmzRwXbNLYKfNizBs3wOW0CXKG-Q_idMqceSMnT48zdfLM4VIHBkkbY5KPWfMlDZkeWugkIXNniJQabq7kMaIHB5sYaoyRhR1MTPHEEHbIUUYZTWAxxgxvUPEGHEhcIQYRTdQQRRJmSNFEEUfMwUYNc-RBRRFF3IBHDlVM0UYYRlARnBR4XDHHHFFMYYcYQRCWRxF0ODGFHLCR0UIOczgRQx1XWOGEGmZcUYQMQsxxgx1uTBEDHi1IEcQXZ1SRBBFSVJEGeebJYINBfL1BR3vvASYYYTWgeR5xiYWRxhluwNkDYzU4hsNXZLzRRkZ0TBgDHNy50cYbdqRRxnFzlIGHGmG4UQYdLjh36EPYLbSFDDJ0QZlkOsDgglkPyWGHYh7RVkcaGcEghgw1wDBDDGO0cAMZZpREwxikigQDTi3YYEYZYqCEFxlh5BDGV2koJkJcLuTkAg0yuNAQDV_J0Z612GrLrbeEfVXHtLc18YYeabDBRhgv1LAqCChcEVyhd8wBghNUgFDWqjuAoK8bThWMR8IguMoQDPbCkAIIR5Sx3hsvyGCWeWXFAIIRaShoxht4vFBWxF-NAdRtTjzxFXdfqJxRy1-xsbIIRThBaBl2fKGgawwFGtsMj5nXKp8L4YrDDQ8d1LMYciwUVdM8f_EoGUnjYINcZMjxBmYPvaHQX2l5jUceY7VaBqq46dbbC4nCsWijj0Y6qQuVXprppp0a-sJXd2RUFF5foSE4SeDu5WpGXtMRRqJytFCHG2nQ0YKuLgxX1MtzLK6DDCeRxJjWTd980Beae2XRoQyB1JAMsN1gGB1t2BaD6zXADluupPVEhs-TwvHF4xThrrvsD1UdBhsI0TH2FlqZqpFfIhx0VB1sTJSWzQuVdlhoMPShQEA%3D&s=5317ec085005b11a9b0dc3b572b1a01074bf5d9a5e3cd0f018640616cd45ac4a1701527775&w=t&r=1&d=68&priv=true

136.243.134.97

24 B

URL
pxl.tsyndicate.com/api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zCyGKGRNjBowbMFpEhCGjBY0YYnK0EAPDjJgWM3DUCHNDDI4yOWDQFPEwTJ0xGcXUIBNDhpkwJckcVEnDxskWOKLaaDHThtEaNWbQEHNDBk-IZOwsrBEDRgwcD-HUEbPwBo0cOSpChANnIQ0cZm08nANnog4aM2rkqEHDoYgxberqqCHzhg20YM1QfCjGjZuFgU_GyEHjYRs3GBnGtQEj7efQNgjLrSOHDeYbN2RafVjHq46BdOjAmaPjxQszadyQGROmzRwXbNLYKfNizBs3wOW0CXKG-Q_idMqceSMnT48zdfLM4VIHBkkbY5KPWfMlDZkeWugkIXNniJQabq7kMaIHB5sYaoyRhR1MTPHEEHbIUUYZTWAxxgxvUPEGHEhcIQYRTdQQRRJmSNFEEUfMwUYNc-RBRRFF3IBHDlVM0UYYRlARnBR4XDHHHFFMYYcYQRCWRxF0ODGFHLCR0UIOczgRQx1XWOGEGmZcUYQMQsxxgx1uTBEDHi1IEcQXZ1SRBBFSVJEGeebJYINBfL1BR3vvASYYYTWgeR5xiYWRxhluwNkDYzU4hsNXZLzRRkZ0TBgDHNy50cYbdqRRxnFzlIGHGmG4UQYdLjh36EPYLbSFDDJ0QZlkOsDgglkPyWGHYh7RVkcaGcEghgw1wDBDDGO0cAMZZpREwxikigQDTi3YYEYZYqCEFxlh5BDGV2koJkJcLuTkAg0yuNAQDV_J0Z612GrLrbeEfVXHtLc18YYeabDBRhgv1LAqCChcEVyhd8wBghNUgFDWqjuAoK8bThWMR8IguMoQDPbCkAIIR5Sx3hsvyGCWeWXFAIIRaShoxht4vFBWxF-NAdRtTjzxFXdfqJxRy1-xsbIIRThBaBl2fKGgawwFGtsMj5nXKp8L4YrDDQ8d1LMYciwUVdM8f_EoGUnjYINcZMjxBmYPvaHQX2l5jUceY7VaBqq46dbbC4nCsWijj0Y6qQuVXprppp0a-sJXd2RUFF5foSE4SeDu5WpGXtMRRqJytFCHG2nQ0YKuLgxX1MtzLK6DDCeRxJjWTd980Beae2XRoQyB1JAMsN1gGB1t2BaD6zXADluupPVEhs-TwvHF4xThrrvsD1UdBhsI0TH2FlqZqpFfIhx0VB1sTJSWzQuVdlhoMPShQEA%3D&s=5317ec085005b11a9b0dc3b572b1a01074bf5d9a5e3cd0f018640616cd45ac4a1701527775&w=t&r=1&d=68&priv=true
IP
136.243.134.97:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with no line terminators
Size
24 B (24 bytes)
Hash
0959ba36d476b6dc1994ba3c678b07c4
d30b94da72daa02766965206a85b7e0356375f5e
897410b87e27e3dfba3a7d6caab315a5e69cc941bb96d91fc74878a9b051843a

HTTP Headers

GET /api/v1/p/p.js?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zCyGKGRNjBowbMFpEhCGjBY0YYnK0EAPDjJgWM3DUCHNDDI4yOWDQFPEwTJ0xGcXUIBNDhpkwJckcVEnDxskWOKLaaDHThtEaNWbQEHNDBk-IZOwsrBEDRgwcD-HUEbPwBo0cOSpChANnIQ0cZm08nANnog4aM2rkqEHDoYgxberqqCHzhg20YM1QfCjGjZuFgU_GyEHjYRs3GBnGtQEj7efQNgjLrSOHDeYbN2RafVjHq46BdOjAmaPjxQszadyQGROmzRwXbNLYKfNizBs3wOW0CXKG-Q_idMqceSMnT48zdfLM4VIHBkkbY5KPWfMlDZkeWugkIXNniJQabq7kMaIHB5sYaoyRhR1MTPHEEHbIUUYZTWAxxgxvUPEGHEhcIQYRTdQQRRJmSNFEEUfMwUYNc-RBRRFF3IBHDlVM0UYYRlARnBR4XDHHHFFMYYcYQRCWRxF0ODGFHLCR0UIOczgRQx1XWOGEGmZcUYQMQsxxgx1uTBEDHi1IEcQXZ1SRBBFSVJEGeebJYINBfL1BR3vvASYYYTWgeR5xiYWRxhluwNkDYzU4hsNXZLzRRkZ0TBgDHNy50cYbdqRRxnFzlIGHGmG4UQYdLjh36EPYLbSFDDJ0QZlkOsDgglkPyWGHYh7RVkcaGcEghgw1wDBDDGO0cAMZZpREwxikigQDTi3YYEYZYqCEFxlh5BDGV2koJkJcLuTkAg0yuNAQDV_J0Z612GrLrbeEfVXHtLc18YYeabDBRhgv1LAqCChcEVyhd8wBghNUgFDWqjuAoK8bThWMR8IguMoQDPbCkAIIR5Sx3hsvyGCWeWXFAIIRaShoxht4vFBWxF-NAdRtTjzxFXdfqJxRy1-xsbIIRThBaBl2fKGgawwFGtsMj5nXKp8L4YrDDQ8d1LMYciwUVdM8f_EoGUnjYINcZMjxBmYPvaHQX2l5jUceY7VaBqq46dbbC4nCsWijj0Y6qQuVXprppp0a-sJXd2RUFF5foSE4SeDu5WpGXtMRRqJytFCHG2nQ0YKuLgxX1MtzLK6DDCeRxJjWTd980Beae2XRoQyB1JAMsN1gGB1t2BaD6zXADluupPVEhs-TwvHF4xThrrvsD1UdBhsI0TH2FlqZqpFfIhx0VB1sTJSWzQuVdlhoMPShQEA%3D&s=5317ec085005b11a9b0dc3b572b1a01074bf5d9a5e3cd0f018640616cd45ac4a1701527775&w=t&r=1&d=68&priv=true HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://tsyndicate.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:15 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 24
Connection: keep-alive
X-Robots-Tag: noindex, nofollow

comedianthirteenth.com/539d71c7c61ed9e36ed1dd6ab6acffc8/invoke.js

192.243.61.225

11 kB

URL
comedianthirteenth.com/539d71c7c61ed9e36ed1dd6ab6acffc8/invoke.js
IP
192.243.61.225:0
ASN
#39572 DataWeb Global Group B.V.

File type
exported SGML document, ASCII text, with very long lines (29659), with no line terminators
Size
11 kB (10945 bytes)
Hash
cdff23bee11aa36d2f46602400b5f6fa
5c0b9ce3a62eda85da4ffb9023d82b1db955c72e
f45e4a698b3d6499f7377ba453b9a9cd4e84b2c24a24e291bc2d62ad49361b70

HTTP Headers

GET /539d71c7c61ed9e36ed1dd6ab6acffc8/invoke.js HTTP/1.1
Host: comedianthirteenth.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 14:36:15 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b30d97d4bb04c1ee068c1dfc886176a0
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

192.243.59.20

0 B

URL
marbleapplicationsblushing.com/watch.1292659461209.js?key=539d71c7c61ed9e36ed1dd6ab6acffc8&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%2C%22porn%22%2C%22pictures%22%2C%22and%22%2C%22xxx%22%2C%22galleries%22%5D&refer=http%3A%2F%2Ftop1pornmovies.sexjanet.com%2F&tz=0&dev=e&res=14.3093&uuid=
IP
192.243.59.20:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1292659461209.js?key=539d71c7c61ed9e36ed1dd6ab6acffc8&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%2C%22porn%22%2C%22pictures%22%2C%22and%22%2C%22xxx%22%2C%22galleries%22%5D&refer=http%3A%2F%2Ftop1pornmovies.sexjanet.com%2F&tz=0&dev=e&res=14.3093&uuid= HTTP/1.1
Host: marbleapplicationsblushing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://top1pornmovies.sexjanet.com
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Sat, 02 Dec 2023 14:36:15 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://top1pornmovies.sexjanet.com
Access-Control-Allow-Origin: http://top1pornmovies.sexjanet.com
Access-Control-Allow-Credentials: true
Location: https://marbleapplicationsblushing.com/watch.1292659461209.js?key=539d71c7c61ed9e36ed1dd6ab6acffc8&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%2C%22porn%22%2C%22pictures%22%2C%22and%22%2C%22xxx%22%2C%22galleries%22%5D&refer=http%3A%2F%2Ftop1pornmovies.sexjanet.com%2F&tz=0&dev=e&res=14.3093&uuid=&shu=b897162371008d95ca640770566f9dd7b9b34195b9e8ab344fe68764f8030be32c249bcf90a633a0b6c614a21a86d460a304b139c8c39f2c0f3c075496b0145a1db146f43dfb52c80b77951bce220ce6dd755a&pst=1701527835&rmtc=t
Set-Cookie: u_pl=17743402; expires=Sun, 03 Dec 2023 14:36:15 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzc0MzQwMiwiayI6IjUzOWQ3MWM3YzYxZWQ5ZTM2ZWQxZGQ2YWI2YWNmZmM4Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNTAzNjQ5LCJwaWQiOjI4ODQzNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjo1LCJwdCI6NCwicGsiOiJ4M2J0dWpzdWsiLCJjcGtzIjp7IjI5IjoiZDgyOTQxODg4Y2E4MGI1ZTAyNGM0ZDBhN2NhYjA0NDAifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly90b3AxcG9ybm1vdmllcy5zZXhqYW5ldC5jb20vIiwiYXIiOltdfX0.1HCEvnPrw8aw4oGMBn0zQSZghV1ECQgmUdSYy5NDJqc; expires=Sat, 02 Dec 2023 14:37:15 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 97beebe6021f20a01dcbda02d473ca5f
Strict-Transport-Security: max-age=0; includeSubdomains

poweredby.jads.co/adshow.php?adzone=941000

185.94.236.246

1.8 kB

URL
poweredby.jads.co/adshow.php?adzone=941000
IP
185.94.236.246:0
ASN
#42567 Mojohost B.v.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1600), with CRLF, LF line terminators
Size
1.8 kB (1842 bytes)
Hash
e466f2ba84c717bd197c3fdb522716b3
e67fa182d1298d9c88ef0f0b0c3a7168e4e9574b
9afe56a90c07469776bc9cfd278f88da4e14a393558e567adcd799f67d316b7b

HTTP Headers

GET /adshow.php?adzone=941000 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:15 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=20910565125142ac30e85fa1faa69a3c; expires=Sun, 01-Dec-2024 14:36:15 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps42=1; expires=Sun, 03-Dec-2023 14:36:15 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YToxOntpOjE2ODM0MjI7aToxNzAxNzg2OTc1O30%3D; expires=Tue, 05-Dec-2023 14:36:15 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Tue, 05-Dec-2023 14:36:15 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip

semicolonrichsieve.com/watch.325768529902.js?key=539d71c7c61ed9e36ed1dd6ab6acffc8&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%2C%22porn%22%2C%22pictures%22%2C%22and%22%2C%22xxx%22%2C%22galleries%22%5D&refer=http%3A%2F%2Ftop1pornmovies.sexjanet.com%2F&tz=0&dev=e&res=14.3093&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1

173.233.137.44

0 B

URL
semicolonrichsieve.com/watch.325768529902.js?key=539d71c7c61ed9e36ed1dd6ab6acffc8&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%2C%22porn%22%2C%22pictures%22%2C%22and%22%2C%22xxx%22%2C%22galleries%22%5D&refer=http%3A%2F%2Ftop1pornmovies.sexjanet.com%2F&tz=0&dev=e&res=14.3093&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1
IP
173.233.137.44:0
ASN
#7979 SERVERS-COM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.325768529902.js?key=539d71c7c61ed9e36ed1dd6ab6acffc8&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%2C%22porn%22%2C%22pictures%22%2C%22and%22%2C%22xxx%22%2C%22galleries%22%5D&refer=http%3A%2F%2Ftop1pornmovies.sexjanet.com%2F&tz=0&dev=e&res=14.3093&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1 HTTP/1.1
Host: semicolonrichsieve.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://top1pornmovies.sexjanet.com
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 14:36:15 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://top1pornmovies.sexjanet.com
Access-Control-Allow-Origin: http://top1pornmovies.sexjanet.com
Access-Control-Allow-Credentials: true
Location: https://semicolonrichsieve.com/watch.325768529902.js?key=539d71c7c61ed9e36ed1dd6ab6acffc8&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%2C%22porn%22%2C%22pictures%22%2C%22and%22%2C%22xxx%22%2C%22galleries%22%5D&refer=http%3A%2F%2Ftop1pornmovies.sexjanet.com%2F&tz=0&dev=e&res=14.3093&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1&shu=373601f76f3097492dcd67e235babb65bebef08ef70f830d15003f37d072df69902a5779f1db8091ee787a7a72062f5e5742a3a939f4ea2f6bba4b3b6958e49279ca9ff8f4e6ebaa0304d7a25f9b63cd8a90e5af2e2775a95d4549b331457189&pst=1701527835&rmtc=t
Set-Cookie: u_pl=17743402; expires=Sun, 03 Dec 2023 14:36:15 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzc0MzQwMiwiayI6IjUzOWQ3MWM3YzYxZWQ5ZTM2ZWQxZGQ2YWI2YWNmZmM4Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNTAzNjQ5LCJwaWQiOjI4ODQzNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjo1LCJwdCI6NCwicGsiOiJ4M2J0dWpzdWsiLCJjcGtzIjp7IjI5IjoiZDgyOTQxODg4Y2E4MGI1ZTAyNGM0ZDBhN2NhYjA0NDAifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly90b3AxcG9ybm1vdmllcy5zZXhqYW5ldC5jb20vIiwiYXIiOltdfX0.1HCEvnPrw8aw4oGMBn0zQSZghV1ECQgmUdSYy5NDJqc; expires=Sat, 02 Dec 2023 14:37:15 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 391c24177886fa37ecc759e88eeac5dc
Strict-Transport-Security: max-age=0; includeSubdomains

192.243.59.12

0 B

URL
nationhandbook.com/watch.1065192560500.js?key=c515a1f4fc3a36b04275034bdcef5c99&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%2C%22porn%22%2C%22pictures%22%2C%22and%22%2C%22xxx%22%2C%22galleries%22%5D&refer=http%3A%2F%2Ftop1pornmovies.sexjanet.com%2F&tz=0&dev=e&res=14.3093&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1
IP
192.243.59.12:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1065192560500.js?key=c515a1f4fc3a36b04275034bdcef5c99&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%2C%22porn%22%2C%22pictures%22%2C%22and%22%2C%22xxx%22%2C%22galleries%22%5D&refer=http%3A%2F%2Ftop1pornmovies.sexjanet.com%2F&tz=0&dev=e&res=14.3093&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1 HTTP/1.1
Host: nationhandbook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://top1pornmovies.sexjanet.com
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Sat, 02 Dec 2023 14:36:15 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://top1pornmovies.sexjanet.com
Access-Control-Allow-Origin: http://top1pornmovies.sexjanet.com
Access-Control-Allow-Credentials: true
Location: https://nationhandbook.com/watch.1065192560500.js?key=c515a1f4fc3a36b04275034bdcef5c99&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%2C%22porn%22%2C%22pictures%22%2C%22and%22%2C%22xxx%22%2C%22galleries%22%5D&refer=http%3A%2F%2Ftop1pornmovies.sexjanet.com%2F&tz=0&dev=e&res=14.3093&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1&shu=9b439166308aab858442903fb1b79e58a2109a021413475b7d2754be12b394bcbd1d72008e0a65e1716916a24fa9fe5629dd89a9ccc6966f5790e9085d2fb9dd00eff0f341caa6855670ced498d415b35bae829f3886533faf66a65558cd28&pst=1701527835&rmtc=t
Set-Cookie: u_pl=17763945; expires=Sun, 03 Dec 2023 14:36:15 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzc2Mzk0NSwiayI6ImM1MTVhMWY0ZmMzYTM2YjA0Mjc1MDM0YmRjZWY1Yzk5Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxOTU5OTYyLCJwaWQiOjI4ODQzNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjo1LCJwdCI6NCwicGsiOiJ3YWN0dWZ6ZGFkIiwiY3BrcyI6eyIyOSI6IjI4ODUzMzkyYTc2YTE0YjE0MjY5OTFiNmRlZjIyNDNiIn0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwOi8vdG9wMXBvcm5tb3ZpZXMuc2V4amFuZXQuY29tLyIsImFyIjpbXX19.Du9Io3LnbF9sicBMzPzyvlfEIneCKTcxC8ZoFUOazUc; expires=Sat, 02 Dec 2023 14:37:15 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d794352175bad96b474d5015461f90db
Strict-Transport-Security: max-age=0; includeSubdomains

rotateportion.com/8f/9f/c6/8f9fc67e3b5b368f1c72c9bed43a0f41.js

192.243.61.227

15 kB

URL
rotateportion.com/8f/9f/c6/8f9fc67e3b5b368f1c72c9bed43a0f41.js
IP
192.243.61.227:0
ASN
#39572 DataWeb Global Group B.V.

File type
ASCII text, with very long lines (42837), with no line terminators
Size
15 kB (15433 bytes)
Hash
a45b689663d6cb25d3c1e96a19890fd3
1f2bbce12819f42526ff1543e985e83306526b30
8d60bfb721234b4d81228323cb1c82bb446c28e9d468872b91b379735749f706

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /8f/9f/c6/8f9fc67e3b5b368f1c72c9bed43a0f41.js HTTP/1.1
Host: rotateportion.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 14:36:15 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0968497801ff30c56a60bbc8c172f6a2
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

i.jads.co/network/user500/22340-1505050768.gif

205.185.216.42

35 kB

URL
i.jads.co/network/user500/22340-1505050768.gif
IP
205.185.216.42:0
ASN
#20446 STACKPATH-CDN

File type
GIF image data, version 89a, 250 x 250\012- data
Size
35 kB (35352 bytes)
Hash
8a365e3fc36a4703a10e22dd7de1a328
bf26a92e9997d7c104f1f3862e00c4cf40ec935d
46e089a4f33c86c97749805aeece7d16581472181f7846aec07d24b8856252c1

HTTP Headers

GET /network/user500/22340-1505050768.gif HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://poweredby.jads.co/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 02 Dec 2023 14:36:16 GMT
Connection: Keep-Alive
ETag: "1505050768"
Cache-Control: max-age=14678665
Content-Length: 35352
Content-Type: image/gif
Last-Modified: Sun, 10 Sep 2017 13:39:28 GMT
Accept-Ranges: bytes
X-HW: 1701527776.dop225.sk1.t,1701527776.cds213.sk1.c

i.jads.co/1x1.gif

205.185.216.10

28 kB

URL
i.jads.co/1x1.gif
IP
205.185.216.10:0
ASN
#20446 STACKPATH-CDN

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 250x250, components 3\012- data
Size
28 kB (27460 bytes)
Hash
2acfb73fd2df022a7dad5595adef5bda
939b803ea641bd427b7599f92a816262e7a5bf48
3d4610a2ab69d08e54685d0d3cfcf03ec663bacff8cc89a1e0a2904a7769e641

HTTP Headers

GET /1x1.gif HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://poweredby.jads.co/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 02 Dec 2023 14:36:16 GMT
Connection: Keep-Alive
ETag: "1478208967"
Cache-Control: max-age=18749920
Content-Length: 27460
Content-Type: image/jpeg
Last-Modified: Thu, 03 Nov 2016 21:36:07 GMT
Accept-Ranges: bytes
X-HW: 1701527776.dop207.sk1.t,1701527776.cds217.sk1.c

i.jads.co/network/user1037/42-1688927188-0262966001688927188.gif

205.185.216.42

129 kB

URL
i.jads.co/network/user1037/42-1688927188-0262966001688927188.gif
IP
205.185.216.42:0
ASN
#20446 STACKPATH-CDN

File type
GIF image data, version 89a, 250 x 250\012- data
Size
129 kB (129148 bytes)
Hash
c74036976f355462580c618bde1972ce
5cf7350afd17a4646583a01bda48cc7db9f3ab11
468e3b79344f5192fd5244e1122d92aa9ba318cd666a4a23f56cafff7137bdbe

HTTP Headers

GET /network/user1037/42-1688927188-0262966001688927188.gif HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://poweredby.jads.co/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 02 Dec 2023 14:36:16 GMT
Connection: Keep-Alive
ETag: "1688927188"
Cache-Control: max-age=18962627
Content-Length: 129148
Content-Type: image/gif
Last-Modified: Sun, 09 Jul 2023 18:26:28 GMT
Accept-Ranges: bytes
X-HW: 1701527776.dop223.sk1.t,1701527776.cds250.sk1.c

pxl.tsyndicate.com/api/v1/elapsedtime?f=banner%20300x250&sc=3fc4ed41601444c280369de89c76b12c&hn=top1pornmovies.sexjanet.com&et=193

136.243.134.97

0 B

URL
pxl.tsyndicate.com/api/v1/elapsedtime?f=banner%20300x250&sc=3fc4ed41601444c280369de89c76b12c&hn=top1pornmovies.sexjanet.com&et=193
IP
136.243.134.97:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /api/v1/elapsedtime?f=banner%20300x250&sc=3fc4ed41601444c280369de89c76b12c&hn=top1pornmovies.sexjanet.com&et=193 HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:16 GMT
Content-Length: 0
Connection: keep-alive
X-Robots-Tag: noindex, nofollow

poweredby.jads.co/js/jads2.js

185.94.236.246

1.7 kB

URL
poweredby.jads.co/js/jads2.js
IP
185.94.236.246:0
ASN
#42567 Mojohost B.v.

File type
ASCII text, with very long lines (3758), with no line terminators
Size
1.7 kB (1719 bytes)
Hash
bc8141c4650030c41f6a98026b12ce80
af5618f7e467a207d4c64627be580283ab5640cd
5ad0b5133e45b32908a388c8c6dcfca2c23d1d9d3e2ed6a839a742bab1ffde51

HTTP Headers

GET /js/jads2.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://top1pornmovies.sexjanet.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:16 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 20 Sep 2023 21:26:09 GMT
Transfer-Encoding: chunked
Connection: close
ETag: W/"650b6371-eae"
Content-Encoding: gzip

comedianthirteenth.com/c515a1f4fc3a36b04275034bdcef5c99/invoke.js

192.243.61.225

11 kB

URL
comedianthirteenth.com/c515a1f4fc3a36b04275034bdcef5c99/invoke.js
IP
192.243.61.225:0
ASN
#39572 DataWeb Global Group B.V.

File type
exported SGML document, ASCII text, with very long lines (29629), with no line terminators
Size
11 kB (10939 bytes)
Hash
109c37547f1a47a4771459b3e86f992d
a0fcae3f0ad0385e59b3783f2989ca4cbbdd5c0b
0bbfafec119f1382f61935a8d567c619d9c26155df560d358dc0d0d10a6e6c35

HTTP Headers

GET /c515a1f4fc3a36b04275034bdcef5c99/invoke.js HTTP/1.1
Host: comedianthirteenth.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 14:36:16 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 54aae44746d5d0f864a6900b53d9837a
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

marbleapplicationsblushing.com/watch.1292659461209.js?key=539d71c7c61ed9e36ed1dd6ab6acffc8&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%2C%22porn%22%2C%22pictures%22%2C%22and%22%2C%22xxx%22%2C%22galleries%22%5D&refer=http%3A%2F%2Ftop1pornmovies.sexjanet.com%2F&tz=0&dev=e&res=14.3093&uuid=&shu=b897162371008d95ca640770566f9dd7b9b34195b9e8ab344fe68764f8030be32c249bcf90a633a0b6c614a21a86d460a304b139c8c39f2c0f3c075496b0145a1db146f43dfb52c80b77951bce220ce6dd755a&pst=1701527835&rmtc=t

192.243.59.20

2.4 kB

URL
marbleapplicationsblushing.com/watch.1292659461209.js?key=539d71c7c61ed9e36ed1dd6ab6acffc8&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%2C%22porn%22%2C%22pictures%22%2C%22and%22%2C%22xxx%22%2C%22galleries%22%5D&refer=http%3A%2F%2Ftop1pornmovies.sexjanet.com%2F&tz=0&dev=e&res=14.3093&uuid=&shu=b897162371008d95ca640770566f9dd7b9b34195b9e8ab344fe68764f8030be32c249bcf90a633a0b6c614a21a86d460a304b139c8c39f2c0f3c075496b0145a1db146f43dfb52c80b77951bce220ce6dd755a&pst=1701527835&rmtc=t
IP
192.243.59.20:0
ASN
#39572 DataWeb Global Group B.V.

File type
HTML document text\012- HTML document, ASCII text, with very long lines (3103)
Size
2.4 kB (2394 bytes)
Hash
2b1788727889bd7cae805e703d5bb8a6
7f9725d341e4688c19179c3f4b2df11702dc5d01
80ed13ecf005b456ca2673703cd2e6e09971b6c7792d996cf96c0a377e7b5030

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1292659461209.js?key=539d71c7c61ed9e36ed1dd6ab6acffc8&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%2C%22porn%22%2C%22pictures%22%2C%22and%22%2C%22xxx%22%2C%22galleries%22%5D&refer=http%3A%2F%2Ftop1pornmovies.sexjanet.com%2F&tz=0&dev=e&res=14.3093&uuid=&shu=b897162371008d95ca640770566f9dd7b9b34195b9e8ab344fe68764f8030be32c249bcf90a633a0b6c614a21a86d460a304b139c8c39f2c0f3c075496b0145a1db146f43dfb52c80b77951bce220ce6dd755a&pst=1701527835&rmtc=t HTTP/1.1
Host: marbleapplicationsblushing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://top1pornmovies.sexjanet.com
Referer: http://top1pornmovies.sexjanet.com/
DNT: 1
Connection: keep-alive
Cookie: u_pl=17743402; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzc0MzQwMiwiayI6IjUzOWQ3MWM3YzYxZWQ5ZTM2ZWQxZGQ2YWI2YWNmZmM4Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNTAzNjQ5LCJwaWQiOjI4ODQzNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjo1LCJwdCI6NCwicGsiOiJ4M2J0dWpzdWsiLCJjcGtzIjp7IjI5IjoiZDgyOTQxODg4Y2E4MGI1ZTAyNGM0ZDBhN2NhYjA0NDAifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly90b3AxcG9ybm1vdmllcy5zZXhqYW5ldC5jb20vIiwiYXIiOltdfX0.1HCEvnPrw8aw4oGMBn0zQSZghV1ECQgmUdSYy5NDJqc
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 02 Dec 2023 14:36:16 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://top1pornmovies.sexjanet.com
Access-Control-Allow-Origin: http://top1pornmovies.sexjanet.com
Access-Control-Allow-Credentials: true
Set-Cookie: iprc9b70e4519600582a19a6958cf6e53a94=3569681; expires=Sat, 02 Dec 2023 18:36:16 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 03 Dec 2023 14:36:16 GMT; secure; SameSite=None
uncs=1; expires=Sun, 03 Dec 2023 14:36:16 GMT; secure; SameSite=None
pdhtkv5=true; expires=Sun, 03 Dec 2023 14:36:16 GMT; secure; SameSite=None
uncs5=1; expires=Sun, 03 Dec 2023 14:36:16 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 6e3c0585f865e0608772ce7603720d24
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

192.243.61.227

0 B

URL
rotateportion.com/watch.816365185873.js?key=11115435c35e6b966b90a5f936e0edcc&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%2C%22porn%22%2C%22pictures%22%2C%22and%22%2C%22xxx%22%2C%22galleries%22%5D&refer=http%3A%2F%2Ftop1pornmovies.sexjanet.com%2F&tz=0&dev=e&res=14.3093&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1
IP
192.243.61.227:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.816365185873.js?key=11115435c35e6b966b90a5f936e0edcc&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%2C%22porn%22%2C%22pictures%22%2C%22and%22%2C%22xxx%22%2C%22galleries%22%5D&refer=http%3A%2F%2Ftop1pornmovies.sexjanet.com%2F&tz=0&dev=e&res=14.3093&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1 HTTP/1.1
Host: rotateportion.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://top1pornmovies.sexjanet.com
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 14:36:16 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://top1pornmovies.sexjanet.com
Access-Control-Allow-Origin: http://top1pornmovies.sexjanet.com
Access-Control-Allow-Credentials: true
Location: https://rotateportion.com/watch.816365185873.js?key=11115435c35e6b966b90a5f936e0edcc&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%2C%22porn%22%2C%22pictures%22%2C%22and%22%2C%22xxx%22%2C%22galleries%22%5D&refer=http%3A%2F%2Ftop1pornmovies.sexjanet.com%2F&tz=0&dev=e&res=14.3093&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1&shu=d156de63d8c8af11449ed7b1b29280223c0157dab0221507c2946ab5597b2475f423bcf52f6df2d49b249970b9b45b708d494caf6480c02c96653fe6d640987e1586f6dd09beb87b9458540939424bf31e5581f0bea784d7b2ebd6258a9e4cb55b1ed3&pst=1701527836&rmtc=t
Set-Cookie: u_pl=17763957; expires=Sun, 03 Dec 2023 14:36:16 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzc2Mzk1NywiayI6IjExMTE1NDM1YzM1ZTZiOTY2YjkwYTVmOTM2ZTBlZGNjIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxOTU5OTYxLCJwaWQiOjI4ODQzNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjo1LCJwdCI6NCwicGsiOiJkNXdyanVydCIsImNwa3MiOnsiMjkiOiI4ZjlmYzY3ZTNiNWIzNjhmMWM3MmM5YmVkNDNhMGY0MSJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cDovL3RvcDFwb3JubW92aWVzLnNleGphbmV0LmNvbS8iLCJhciI6W119fQ.9LfKaLaGzJMdyf2clAdjqu4Ue4HGL_OZVtnjKJKJg6I; expires=Sat, 02 Dec 2023 14:37:16 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1cb596bd58d5e66054db5df94d437df6
Strict-Transport-Security: max-age=0; includeSubdomains

friendshipmale.com/sfp.js

104.21.234.32

28 kB

URL
friendshipmale.com/sfp.js
IP
104.21.234.32:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Size
28 kB (27568 bytes)
Hash
924e967bca1d599992556a8d139b1c5a
222b09dbf164ddc03d39100fd0524a22018d28b2
ac84c2f8288b59f8e04ba77287ce696052bfeee0d462a566d94dc305df646c95

HTTP Headers

GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 02 Dec 2023 14:36:16 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: max-age=14400
X-Request-ID: 56d1315232790f8311e7c6b86cd7d869
Strict-Transport-Security: max-age=0; includeSubdomains
CF-Cache-Status: EXPIRED
Last-Modified: Sat, 02 Dec 2023 14:36:15 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BN9BHjoGKP7BzpBgE5JrqXPQbjPaJbMpqeSBrevMQMJBUpQJszkgoU0Zs8JbO0oB5PxntPCn7dbIHyQbqb6PwrwY%2BkJVDg%2FG5BYknwC%2FlKTNv9lErVoeSudkmljdee6JC3gpkL4%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 82f44d17ffdcb51b-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

94.199.255.192

2.9 kB

URL
bngpt.com/promo.php?c=688955&subid=2|159344|113814|no|112022|40568593|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|91.90.42.154|0|0|0|0|3143242&subid2=113814&type=banner&size=300x250&name=st_true;st_dali;st_random_all;on_off;st_x2;double2;how_long;st-double-penetration
IP
94.199.255.192:0
ASN
#48684 Viking Host B.V.

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (3173)
Size
2.9 kB (2886 bytes)
Hash
05004f4e2ccc7feb8536223fb99394e7
bca7c7a4fdab31cb9387bdb1c6c7e2d315e7271a
502edacca170269dc08bf98824358d66170d751c711860ca60670fc890ca7308

HTTP Headers

GET /promo.php?c=688955&subid=2|159344|113814|no|112022|40568593|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|91.90.42.154|0|0|0|0|3143242&subid2=113814&type=banner&size=300x250&name=st_true;st_dali;st_random_all;on_off;st_x2;double2;how_long;st-double-penetration HTTP/1.1
Host: bngpt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://go.eabids.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 02 Dec 2023 14:36:15 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: 
expires: Sat, 02 Dec 2023 14:36:14 GMT
x-bcs: ded7384
strict-transport-security: max-age=0;
cache-control: no-cache, public
content-encoding: gzip
x-bc-bl: 102
X-Firefox-Spdy: h2

friendshipmale.com/sfp.js

104.21.234.32

28 kB

URL
friendshipmale.com/sfp.js
IP
104.21.234.32:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Size
28 kB (27568 bytes)
Hash
924e967bca1d599992556a8d139b1c5a
222b09dbf164ddc03d39100fd0524a22018d28b2
ac84c2f8288b59f8e04ba77287ce696052bfeee0d462a566d94dc305df646c95

HTTP Headers

GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 02 Dec 2023 14:36:16 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: max-age=14400
X-Request-ID: dcbb53d5efb39f57afceb15db00fe22a
Strict-Transport-Security: max-age=0; includeSubdomains
CF-Cache-Status: EXPIRED
Last-Modified: Sat, 02 Dec 2023 14:36:15 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V8qPwviUToQvXfXIjuuF8bbqJuw8kR05BspqLzaza%2FBHf3YkP%2Buj4lKc1hZll1XdgYdg3hyPoBqcKYYv6fab9%2FmNfWdwvRaYpTnjSKFBFin4VBFaxPzBrbaEIy%2Fxhp%2BPOI%2Bt7qo%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 82f44d186fc756ba-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

nationhandbook.com/watch.1065192560500.js?key=c515a1f4fc3a36b04275034bdcef5c99&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%2C%22porn%22%2C%22pictures%22%2C%22and%22%2C%22xxx%22%2C%22galleries%22%5D&refer=http%3A%2F%2Ftop1pornmovies.sexjanet.com%2F&tz=0&dev=e&res=14.3093&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1&shu=9b439166308aab858442903fb1b79e58a2109a021413475b7d2754be12b394bcbd1d72008e0a65e1716916a24fa9fe5629dd89a9ccc6966f5790e9085d2fb9dd00eff0f341caa6855670ced498d415b35bae829f3886533faf66a65558cd28&pst=1701527835&rmtc=t

192.243.59.12

2.1 kB

URL
nationhandbook.com/watch.1065192560500.js?key=c515a1f4fc3a36b04275034bdcef5c99&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%2C%22porn%22%2C%22pictures%22%2C%22and%22%2C%22xxx%22%2C%22galleries%22%5D&refer=http%3A%2F%2Ftop1pornmovies.sexjanet.com%2F&tz=0&dev=e&res=14.3093&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1&shu=9b439166308aab858442903fb1b79e58a2109a021413475b7d2754be12b394bcbd1d72008e0a65e1716916a24fa9fe5629dd89a9ccc6966f5790e9085d2fb9dd00eff0f341caa6855670ced498d415b35bae829f3886533faf66a65558cd28&pst=1701527835&rmtc=t
IP
192.243.59.12:0
ASN
#39572 DataWeb Global Group B.V.

File type
HTML document, ASCII text, with very long lines (2574)
Size
2.1 kB (2074 bytes)
Hash
1e517b776f95597cb6831052cd311add
eb725975a380d10d26ebf6e005a16261807c54fa
9fa96368baef42d0ea0bf862e63eee062fb45bb9c0331723813f452b38c724cb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1065192560500.js?key=c515a1f4fc3a36b04275034bdcef5c99&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%2C%22porn%22%2C%22pictures%22%2C%22and%22%2C%22xxx%22%2C%22galleries%22%5D&refer=http%3A%2F%2Ftop1pornmovies.sexjanet.com%2F&tz=0&dev=e&res=14.3093&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1&shu=9b439166308aab858442903fb1b79e58a2109a021413475b7d2754be12b394bcbd1d72008e0a65e1716916a24fa9fe5629dd89a9ccc6966f5790e9085d2fb9dd00eff0f341caa6855670ced498d415b35bae829f3886533faf66a65558cd28&pst=1701527835&rmtc=t HTTP/1.1
Host: nationhandbook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://top1pornmovies.sexjanet.com
Referer: http://top1pornmovies.sexjanet.com/
DNT: 1
Connection: keep-alive
Cookie: u_pl=17763945; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzc2Mzk0NSwiayI6ImM1MTVhMWY0ZmMzYTM2YjA0Mjc1MDM0YmRjZWY1Yzk5Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxOTU5OTYyLCJwaWQiOjI4ODQzNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjo1LCJwdCI6NCwicGsiOiJ3YWN0dWZ6ZGFkIiwiY3BrcyI6eyIyOSI6IjI4ODUzMzkyYTc2YTE0YjE0MjY5OTFiNmRlZjIyNDNiIn0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwOi8vdG9wMXBvcm5tb3ZpZXMuc2V4amFuZXQuY29tLyIsImFyIjpbXX19.Du9Io3LnbF9sicBMzPzyvlfEIneCKTcxC8ZoFUOazUc
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 02 Dec 2023 14:36:16 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://top1pornmovies.sexjanet.com
Access-Control-Allow-Origin: http://top1pornmovies.sexjanet.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=c183314b-18db-4311-b819-cf40836c4c8a:2:1; expires=Sat, 09 Dec 2023 14:36:16 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 03 Dec 2023 14:36:16 GMT; secure; SameSite=None
uncs=1; expires=Sun, 03 Dec 2023 14:36:16 GMT; secure; SameSite=None
pdhtkv5=true; expires=Sun, 03 Dec 2023 14:36:16 GMT; secure; SameSite=None
uncs5=1; expires=Sun, 03 Dec 2023 14:36:16 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 60cfaecc83c42d4d3c2a5adade639014
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

ocsp.usertrust.com/

172.64.149.23

471 B

URL
ocsp.usertrust.com/
IP
172.64.149.23:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
ce4b0360d6191d984d24329262cc12f7
b45439715cc5505e34ead1f1ba16f84ef78bbf6a
03e7bb998a6d3d9d3f3603d6c8bb06000bc35c1f5fadfe55ab2137e7e4602b83

HTTP Headers

POST / HTTP/1.1
Host: ocsp.usertrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 02 Dec 2023 14:36:16 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 01 Dec 2023 20:45:01 GMT
Expires: Fri, 08 Dec 2023 20:45:00 GMT
Etag: "b45439715cc5505e34ead1f1ba16f84ef78bbf6a"
Cache-Control: max-age=604054,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 1112
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 82f44d199ca65690-OSL

poweredby.jads.co/adshow.php?adzone=941000

185.94.236.246

1.8 kB

URL
poweredby.jads.co/adshow.php?adzone=941000
IP
185.94.236.246:0
ASN
#42567 Mojohost B.v.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1600), with CRLF, LF line terminators
Size
1.8 kB (1837 bytes)
Hash
290f169f45cbc89d8e4d0ebd211fbd67
3859b73c3abfcc596c8fc728935e178d42398d4b
5a20fbb9cd65bd88c7f04eef5f358a61aa82a114c331499a8e0b5579e9527f5c

HTTP Headers

GET /adshow.php?adzone=941000 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:16 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=20910565125142ac30e85fa1faa69a3c; expires=Sun, 01-Dec-2024 14:36:15 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps8605=1; expires=Sun, 03-Dec-2023 14:36:16 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YToxOntpOjg4NDM5ODtpOjE3MDE3ODY5NzU7fQ%3D%3D; expires=Tue, 05-Dec-2023 14:36:15 GMT; Max-Age=259199; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Tue, 05-Dec-2023 14:36:15 GMT; Max-Age=259199; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip

go.eabids.com/banner.go?spaceid=7648657&maincat=

217.22.19.194

1.2 kB

URL
go.eabids.com/banner.go?spaceid=7648657&maincat=
IP
217.22.19.194:0
ASN
#42567 Mojohost B.v.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1242), with no line terminators
Size
1.2 kB (1242 bytes)
Hash
6fcc370edc7257d9c8018cada2a41e12
c1d73eea352676e2e9e576a30cec82f87ed9edd5
8ab0c62552eeaa71c20d933b8d1c4f95ced7b2d524d60a6154c85eae39915b93

HTTP Headers

GET /banner.go?spaceid=7648657&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:16 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 1242
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Janon, 02 12 2023 14:36:16 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
Accept-Ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
X-Backend-Server: nl2-web-201

poweredby.jads.co/adshow.php?adzone=941000

185.94.236.246

1.7 kB

URL
poweredby.jads.co/adshow.php?adzone=941000
IP
185.94.236.246:0
ASN
#42567 Mojohost B.v.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (422), with CRLF, LF line terminators
Size
1.7 kB (1667 bytes)
Hash
057c268eae721f06ded86a99929ed51d
f8ca32ff5d6d46098fdf04b0b3556db07266d5bd
9c1ee10dd9d2da2030826a800fa104459619aa35e1b2c6971124d8c37fe992a3

HTTP Headers

GET /adshow.php?adzone=941000 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:16 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=20910565125142ac30e85fa1faa69a3c; expires=Sun, 01-Dec-2024 14:36:15 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps161=1; expires=Sun, 03-Dec-2023 14:36:16 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YToxOntpOjExOTY3Mjg7aToxNzAxNzg2OTc1O30%3D; expires=Tue, 05-Dec-2023 14:36:15 GMT; Max-Age=259199; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Tue, 05-Dec-2023 14:36:15 GMT; Max-Age=259199; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip

i.bngprm.com/banners/300x250/ST_random_all/no.gif

64.210.135.149

132 kB

URL
i.bngprm.com/banners/300x250/ST_random_all/no.gif
IP
64.210.135.149:0
ASN
#30361 SWIFTWILL2

File type
GIF image data, version 89a, 300 x 250\012- data
Size
132 kB (131662 bytes)
Hash
cd505b2b0532eaf2ddfc32e85f47bd0b
ee492ad2a56f104ff9248a63bf254129b06b0919
872ba1e840f0914fd1e479f93ab7ec1b8415cb9639ebf1ef585230f20d4ab369

HTTP Headers

GET /banners/300x250/ST_random_all/no.gif HTTP/1.1
Host: i.bngprm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bngpt.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:16 GMT
content-type: image/gif
content-length: 131662
last-modified: Wed, 20 May 2020 10:39:45 GMT
cache-control: max-age=2592000
x-bcs-o: 1
expires: Sat, 11 Dec 2021 10:28:51 GMT
x-o1-bcs-ban: EXPIRED
access-control-allow-origin: *
access-control-allow-methods: GET
accept-ranges: bytes
x-cdn-diag: ams5-7740-4-48838-h-0-0---;7734-25-6612----0-0-1
X-Firefox-Spdy: h2

skiofficerdemote.com/sbar.json?key=d82941888ca80b5e024c4d0a7cab0440&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1

173.233.139.164

4.2 kB

URL
skiofficerdemote.com/sbar.json?key=d82941888ca80b5e024c4d0a7cab0440&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1
IP
173.233.139.164:0
ASN
#7979 SERVERS-COM

File type
JSON data\012- , ASCII text, with very long lines (5995), with no line terminators
Size
4.2 kB (4228 bytes)
Hash
58b71da4a1060c9eeb922dd88d400807
0c91d5742a706993a2ac5aadf3ff4e0527563aa4
b9ec5e72794527b0aa6d43dd80375d8b7b3d4f14a9367308787c326ae18f77ef

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sbar.json?key=d82941888ca80b5e024c4d0a7cab0440&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1 HTTP/1.1
Host: skiofficerdemote.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://top1pornmovies.sexjanet.com
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 14:36:16 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://top1pornmovies.sexjanet.com
Access-Control-Allow-Origin: http://top1pornmovies.sexjanet.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17787248; expires=Sun, 03 Dec 2023 14:36:16 GMT; secure; SameSite=None
uid_id2=c183314b-18db-4311-b819-cf40836c4c8a:2:1; expires=Sat, 09 Dec 2023 14:36:16 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 03 Dec 2023 14:36:16 GMT; secure; SameSite=None
uncs=1; expires=Sun, 03 Dec 2023 14:36:16 GMT; secure; SameSite=None
pdhtkv29=true; expires=Sun, 03 Dec 2023 14:36:16 GMT; secure; SameSite=None
uncs29=1; expires=Sun, 03 Dec 2023 14:36:16 GMT; secure; SameSite=None
slecd82941888ca80b5e024c4d0a7cab0440=[4714200]; expires=Sat, 02 Dec 2023 14:36:21 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8447c444ff5fdf27c3f9dee094b0d0f3
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

comedianthirteenth.com/11115435c35e6b966b90a5f936e0edcc/invoke.js

192.243.61.225

11 kB

URL
comedianthirteenth.com/11115435c35e6b966b90a5f936e0edcc/invoke.js
IP
192.243.61.225:0
ASN
#39572 DataWeb Global Group B.V.

File type
exported SGML document, ASCII text, with very long lines (29644), with no line terminators
Size
11 kB (10946 bytes)
Hash
cf06582c21d39860511be0b44b9207cc
e46613d295b455e7318b2b1fef5a1be30e6b1774
6ebd564e466dfadb0682501ea979fbce049b6bc74d4dd3634452906b171d8c98

HTTP Headers

GET /11115435c35e6b966b90a5f936e0edcc/invoke.js HTTP/1.1
Host: comedianthirteenth.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 14:36:16 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e23e282b5e286bd6e58f2de1649fcf25
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

pursuitperceptionforest.com/d8/29/41/d82941888ca80b5e024c4d0a7cab0440.js

173.233.137.36

15 kB

URL
pursuitperceptionforest.com/d8/29/41/d82941888ca80b5e024c4d0a7cab0440.js
IP
173.233.137.36:0
ASN
#7979 SERVERS-COM

File type
ASCII text, with very long lines (42789), with no line terminators
Size
15 kB (15424 bytes)
Hash
30bb0fd178feb6f2d55b40fb625c9e8e
49638b796c965750b1797138e2ab16232640afbe
444c47c2580a52f7d666604c894d550a600eb0450cde7838aff95afb70745149

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /d8/29/41/d82941888ca80b5e024c4d0a7cab0440.js HTTP/1.1
Host: pursuitperceptionforest.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 14:36:16 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f5f4a5c6fb55cb2719fe18458f7c25bd
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

i.jads.co/1x1.gif

205.185.216.42

28 kB

URL
i.jads.co/1x1.gif
IP
205.185.216.42:0
ASN
#20446 STACKPATH-CDN

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 250x250, components 3\012- data
Size
28 kB (27460 bytes)
Hash
2acfb73fd2df022a7dad5595adef5bda
939b803ea641bd427b7599f92a816262e7a5bf48
3d4610a2ab69d08e54685d0d3cfcf03ec663bacff8cc89a1e0a2904a7769e641

HTTP Headers

GET /1x1.gif HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://poweredby.jads.co/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 02 Dec 2023 14:36:16 GMT
Connection: Keep-Alive
ETag: "1478208967"
Cache-Control: max-age=18749920
Content-Length: 27460
Content-Type: image/jpeg
Last-Modified: Thu, 03 Nov 2016 21:36:07 GMT
Accept-Ranges: bytes
X-HW: 1701527776.dop225.sk1.t,1701527776.cds213.sk1.c

i.jads.co/network/user47819/8605-1583019933-0770893001583019933.gif

205.185.216.42

711 kB

URL
i.jads.co/network/user47819/8605-1583019933-0770893001583019933.gif
IP
205.185.216.42:0
ASN
#20446 STACKPATH-CDN

File type
GIF image data, version 89a, 250 x 250\012- data
Size
711 kB (711003 bytes)
Hash
5e7254a66113022c0fd65a2d5070b3a7
169bb6176e1d5cdd21cda631cc0b467916289e19
44c1e3c9379b41feca5e134a70bf08bf336f99b495fa748a0ebe20b07ddc4fe3

HTTP Headers

GET /network/user47819/8605-1583019933-0770893001583019933.gif HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://poweredby.jads.co/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 02 Dec 2023 14:36:16 GMT
Connection: Keep-Alive
ETag: "1583019933"
Cache-Control: max-age=27774606
Content-Length: 711003
Content-Type: image/gif
Last-Modified: Sat, 29 Feb 2020 23:45:33 GMT
Accept-Ranges: bytes
X-HW: 1701527776.dop223.sk1.t,1701527776.cds203.sk1.c

i.jads.co/network/user1037/1-1621483200-0734682001621483200.gif

205.185.216.10

40 kB

URL
i.jads.co/network/user1037/1-1621483200-0734682001621483200.gif
IP
205.185.216.10:0
ASN
#20446 STACKPATH-CDN

File type
GIF image data, version 89a, 250 x 250\012- data
Size
40 kB (39983 bytes)
Hash
b36345b7f286b840911ad3ff6f2a5f48
99202769ae0f312e50818d11ca83df459ffb4e50
d415a2f565a7372d5a5479d2992448524dcc6a1396783e1cdf71fa0b59850b52

HTTP Headers

GET /network/user1037/1-1621483200-0734682001621483200.gif HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://poweredby.jads.co/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 02 Dec 2023 14:36:16 GMT
Connection: Keep-Alive
ETag: "1621483200"
Cache-Control: max-age=16602101
Content-Length: 39983
Content-Type: image/gif
Last-Modified: Thu, 20 May 2021 04:00:00 GMT
Accept-Ranges: bytes
X-HW: 1701527776.dop207.sk1.t,1701527776.cds232.sk1.c

rotateportion.com/watch.816365185873.js?key=11115435c35e6b966b90a5f936e0edcc&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%2C%22porn%22%2C%22pictures%22%2C%22and%22%2C%22xxx%22%2C%22galleries%22%5D&refer=http%3A%2F%2Ftop1pornmovies.sexjanet.com%2F&tz=0&dev=e&res=14.3093&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1&shu=d156de63d8c8af11449ed7b1b29280223c0157dab0221507c2946ab5597b2475f423bcf52f6df2d49b249970b9b45b708d494caf6480c02c96653fe6d640987e1586f6dd09beb87b9458540939424bf31e5581f0bea784d7b2ebd6258a9e4cb55b1ed3&pst=1701527836&rmtc=t

192.243.61.227

2.1 kB

URL
rotateportion.com/watch.816365185873.js?key=11115435c35e6b966b90a5f936e0edcc&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%2C%22porn%22%2C%22pictures%22%2C%22and%22%2C%22xxx%22%2C%22galleries%22%5D&refer=http%3A%2F%2Ftop1pornmovies.sexjanet.com%2F&tz=0&dev=e&res=14.3093&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1&shu=d156de63d8c8af11449ed7b1b29280223c0157dab0221507c2946ab5597b2475f423bcf52f6df2d49b249970b9b45b708d494caf6480c02c96653fe6d640987e1586f6dd09beb87b9458540939424bf31e5581f0bea784d7b2ebd6258a9e4cb55b1ed3&pst=1701527836&rmtc=t
IP
192.243.61.227:0
ASN
#39572 DataWeb Global Group B.V.

File type
HTML document, ASCII text, with very long lines (2573)
Size
2.1 kB (2075 bytes)
Hash
ae201d0cf4d98d7f0e2d4b5eede0bf60
58d01d716ec7f1d5d3bc64f583c97eb3a2eb508d
a8908c966427a50ac8f977b7c6c88f6c30b709ffd919472c2839ff1930267692

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.816365185873.js?key=11115435c35e6b966b90a5f936e0edcc&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%2C%22porn%22%2C%22pictures%22%2C%22and%22%2C%22xxx%22%2C%22galleries%22%5D&refer=http%3A%2F%2Ftop1pornmovies.sexjanet.com%2F&tz=0&dev=e&res=14.3093&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1&shu=d156de63d8c8af11449ed7b1b29280223c0157dab0221507c2946ab5597b2475f423bcf52f6df2d49b249970b9b45b708d494caf6480c02c96653fe6d640987e1586f6dd09beb87b9458540939424bf31e5581f0bea784d7b2ebd6258a9e4cb55b1ed3&pst=1701527836&rmtc=t HTTP/1.1
Host: rotateportion.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://top1pornmovies.sexjanet.com
Referer: http://top1pornmovies.sexjanet.com/
DNT: 1
Connection: keep-alive
Cookie: u_pl=17763957; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzc2Mzk1NywiayI6IjExMTE1NDM1YzM1ZTZiOTY2YjkwYTVmOTM2ZTBlZGNjIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxOTU5OTYxLCJwaWQiOjI4ODQzNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjo1LCJwdCI6NCwicGsiOiJkNXdyanVydCIsImNwa3MiOnsiMjkiOiI4ZjlmYzY3ZTNiNWIzNjhmMWM3MmM5YmVkNDNhMGY0MSJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cDovL3RvcDFwb3JubW92aWVzLnNleGphbmV0LmNvbS8iLCJhciI6W119fQ.9LfKaLaGzJMdyf2clAdjqu4Ue4HGL_OZVtnjKJKJg6I
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 14:36:16 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://top1pornmovies.sexjanet.com
Access-Control-Allow-Origin: http://top1pornmovies.sexjanet.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=c183314b-18db-4311-b819-cf40836c4c8a:2:1; expires=Sat, 09 Dec 2023 14:36:16 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 03 Dec 2023 14:36:16 GMT; secure; SameSite=None
uncs=1; expires=Sun, 03 Dec 2023 14:36:16 GMT; secure; SameSite=None
pdhtkv5=true; expires=Sun, 03 Dec 2023 14:36:16 GMT; secure; SameSite=None
uncs5=1; expires=Sun, 03 Dec 2023 14:36:16 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 3bc7e889efada819a4269272b695ee87
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

static.eabids.com/data/bannerpools/112022/33917.jpg

217.22.19.195

73 kB

URL
static.eabids.com/data/bannerpools/112022/33917.jpg
IP
217.22.19.195:0
ASN
#42567 Mojohost B.v.

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 300x250, components 3\012- data
Size
73 kB (72951 bytes)
Hash
7878e459e3a341049fb57b8637109839
7daa564cfe7d1b477ab10b7f000c9f895c39c93e
bcb79d540ab4c28441231cb3361d5abe00192dc661eba30ad9d9cd482ac08fc8

HTTP Headers

GET /data/bannerpools/112022/33917.jpg HTTP/1.1
Host: static.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://go.eabids.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:16 GMT
Content-Type: image/jpeg
Content-Length: 72951
Last-Modified: Thu, 28 Apr 2022 13:46:07 GMT
Connection: keep-alive
ETag: "626a9a9f-11cf7"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Backend-Server: nl2-static-221
Accept-Ranges: bytes

go.eabids.com/banner.go?spaceid=5675443&keywords=&maincat=

217.22.19.194

695 B

URL
go.eabids.com/banner.go?spaceid=5675443&keywords=&maincat=
IP
217.22.19.194:0
ASN
#42567 Mojohost B.v.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (695), with no line terminators
Size
695 B (695 bytes)
Hash
a6a785cd5803e2dbf6380401565846f2
396eec8f0e8997e3d559dc5d05ca88d293be878c
595d22469af75d7f3cce94481f5da70ffb18f43903752167b728b36e9526970e

HTTP Headers

GET /banner.go?spaceid=5675443&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:16 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 695
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Janon, 02 12 2023 14:36:16 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
Accept-Ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
X-Backend-Server: nl2-web-201

go.eabids.com/banner.go?spaceid=5675441&keywords=&maincat=

217.22.19.194

712 B

URL
go.eabids.com/banner.go?spaceid=5675441&keywords=&maincat=
IP
217.22.19.194:0
ASN
#42567 Mojohost B.v.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (712), with no line terminators
Size
712 B (712 bytes)
Hash
3e77e769a95383b36127978f6ac2ea08
7ec0d4ef1e3f457397944c37d6f82991d7bade24
48ce6c60724eb1c6f03fc1afca6e2f89ba95cf01df2502d3575ceb355e668650

HTTP Headers

GET /banner.go?spaceid=5675441&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:16 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 712
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Janon, 02 12 2023 14:36:16 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
Accept-Ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
X-Backend-Server: nl2-web-201

crawledlikely.com/28/85/33/28853392a76a14b1426991b6def2243b.js

192.243.61.227

15 kB

URL
crawledlikely.com/28/85/33/28853392a76a14b1426991b6def2243b.js
IP
192.243.61.227:0
ASN
#39572 DataWeb Global Group B.V.

File type
ASCII text, with very long lines (42837), with no line terminators
Size
15 kB (15437 bytes)
Hash
9b90153ce42c49a03d4ee2e865b0dabe
f37554a1ad2c60d75a369ce1a72dfcdb4c674bf7
ecd9a920aa7e07463345674adcef1acf72439d66d5335cfb6411e73cd7e4d768

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /28/85/33/28853392a76a14b1426991b6def2243b.js HTTP/1.1
Host: crawledlikely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 14:36:16 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 183ef3437b990c96620a5b167bb66277
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

go.eabids.com/banner.go?spaceid=5675443&keywords=&maincat=

217.22.19.194

1.2 kB

URL
go.eabids.com/banner.go?spaceid=5675443&keywords=&maincat=
IP
217.22.19.194:0
ASN
#42567 Mojohost B.v.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1242), with no line terminators
Size
1.2 kB (1242 bytes)
Hash
8601788915a8e91eaba52bd33230d9f3
f29bf9a9fee5a81675bb41b349519008f779f310
e7c43c1bc941bb967293e550e071fe2e5ead134b68c9c6df044b654d4a715f7f

HTTP Headers

GET /banner.go?spaceid=5675443&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:16 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 1242
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Janon, 02 12 2023 14:36:16 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
Accept-Ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
X-Backend-Server: nl2-web-200

go.eabids.com/banner.go?spaceid=5675445&keywords=&maincat=

217.22.19.194

1.3 kB

URL
go.eabids.com/banner.go?spaceid=5675445&keywords=&maincat=
IP
217.22.19.194:0
ASN
#42567 Mojohost B.v.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1270), with no line terminators
Size
1.3 kB (1270 bytes)
Hash
6ed0a30a46ea676af41a978dc4a42682
43392fb93dbb4ace5f31a02b78021ae38b5764a0
b3952d4a44fbedc4d33a93f4509183677b5819d5dd0123cf5bfbced312c76640

HTTP Headers

GET /banner.go?spaceid=5675445&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:16 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 1270
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Janon, 02 12 2023 14:36:16 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
Accept-Ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
X-Backend-Server: nl2-web-201

173.233.137.36

0 B

URL
pursuitperceptionforest.com/watch.1463404258379.js?key=539d71c7c61ed9e36ed1dd6ab6acffc8&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%2C%22porn%22%2C%22pictures%22%2C%22and%22%2C%22xxx%22%2C%22galleries%22%5D&refer=http%3A%2F%2Ftop1pornmovies.sexjanet.com%2F&tz=0&dev=e&res=14.3093&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1
IP
173.233.137.36:0
ASN
#7979 SERVERS-COM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1463404258379.js?key=539d71c7c61ed9e36ed1dd6ab6acffc8&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%2C%22porn%22%2C%22pictures%22%2C%22and%22%2C%22xxx%22%2C%22galleries%22%5D&refer=http%3A%2F%2Ftop1pornmovies.sexjanet.com%2F&tz=0&dev=e&res=14.3093&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1 HTTP/1.1
Host: pursuitperceptionforest.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://top1pornmovies.sexjanet.com
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 14:36:16 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://top1pornmovies.sexjanet.com
Access-Control-Allow-Origin: http://top1pornmovies.sexjanet.com
Access-Control-Allow-Credentials: true
Location: https://pursuitperceptionforest.com/watch.1463404258379.js?key=539d71c7c61ed9e36ed1dd6ab6acffc8&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%2C%22porn%22%2C%22pictures%22%2C%22and%22%2C%22xxx%22%2C%22galleries%22%5D&refer=http%3A%2F%2Ftop1pornmovies.sexjanet.com%2F&tz=0&dev=e&res=14.3093&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1&shu=e2fbe08f28c841358585725649fe8eb33afb96182c66b44c4113de31bfe3765f33f0545820938f7a7302171fc14f8471d2bee1aea3528eba4b603d79d6d302b2b5c11cba73c7456813d5fa8b3278b438e7b865fbacdcb372966c7ee036cb&pst=1701527836&rmtc=t
Set-Cookie: u_pl=17743402; expires=Sun, 03 Dec 2023 14:36:16 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzc0MzQwMiwiayI6IjUzOWQ3MWM3YzYxZWQ5ZTM2ZWQxZGQ2YWI2YWNmZmM4Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNTAzNjQ5LCJwaWQiOjI4ODQzNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjo1LCJwdCI6NCwicGsiOiJ4M2J0dWpzdWsiLCJjcGtzIjp7IjI5IjoiZDgyOTQxODg4Y2E4MGI1ZTAyNGM0ZDBhN2NhYjA0NDAifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly90b3AxcG9ybm1vdmllcy5zZXhqYW5ldC5jb20vIiwiYXIiOltdfX0.1HCEvnPrw8aw4oGMBn0zQSZghV1ECQgmUdSYy5NDJqc; expires=Sat, 02 Dec 2023 14:37:16 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 5be4eefaf914c4730b59ecefc97f57b7
Strict-Transport-Security: max-age=0; includeSubdomains

poweredby.jads.co/js/jads.js

185.94.236.246

178 B

URL
poweredby.jads.co/js/jads.js
IP
185.94.236.246:0
ASN
#42567 Mojohost B.v.

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
178 B (178 bytes)
Hash
cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d

HTTP Headers

GET /js/jads.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 02 Dec 2023 14:36:16 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: jads2.js

cdn.cloudimagesb.com/cti/bb/16/b7/bb16b71b76fc43a6abd135721b32a822/1658915518.png

45.133.44.9

145 kB

URL
cdn.cloudimagesb.com/cti/bb/16/b7/bb16b71b76fc43a6abd135721b32a822/1658915518.png
IP
45.133.44.9:0
ASN
#39572 DataWeb Global Group B.V.

File type
PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced\012- data
Size
145 kB (145012 bytes)
Hash
620dee7dda3ab0a55fef5e66735e48e1
c03458e7950bed758e4352ec7a78bb434a3164b1
8552142726040854ba6a1d57037aa513e8cb424e3e5b96f017fb742f7c9255c3

HTTP Headers

GET /cti/bb/16/b7/bb16b71b76fc43a6abd135721b32a822/1658915518.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:16 GMT
content-type: image/png
content-length: 145012
server: nginx/1.21.6
last-modified: Wed, 27 Jul 2022 09:52:06 GMT
etag: "62e10ac6-23674"
expires: Mon, 04 Dec 2023 14:36:16 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

poweredby.jads.co/js/jads.js

185.94.236.246

178 B

URL
poweredby.jads.co/js/jads.js
IP
185.94.236.246:0
ASN
#42567 Mojohost B.v.

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
178 B (178 bytes)
Hash
cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d

HTTP Headers

GET /js/jads.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 02 Dec 2023 14:36:16 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: jads2.js

comedianthirteenth.com/539d71c7c61ed9e36ed1dd6ab6acffc8/invoke.js

192.243.61.225

11 kB

URL
comedianthirteenth.com/539d71c7c61ed9e36ed1dd6ab6acffc8/invoke.js
IP
192.243.61.225:0
ASN
#39572 DataWeb Global Group B.V.

File type
exported SGML document, ASCII text, with very long lines (29626), with no line terminators
Size
11 kB (10937 bytes)
Hash
b751668ebed4a7a429a5c0f5c0117fa5
9dfab5cc4b2faceefe9c2db22922bf71e930bdab
1016a1b0c509211f2d8ee012d8f11b496e2fd81be5cac44b2610d33b068f9657

HTTP Headers

GET /539d71c7c61ed9e36ed1dd6ab6acffc8/invoke.js HTTP/1.1
Host: comedianthirteenth.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 14:36:16 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 89e74e2fdc3de77591899d2ff5dd4d89
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

tsyndicate.com/iframes2/3fc4ed41601444c280369de89c76b12c.html?extid={extid}&categories=sex+galleries,porn+video,sex+dating,porn+galleries

136.243.69.157

2.8 kB

URL
tsyndicate.com/iframes2/3fc4ed41601444c280369de89c76b12c.html?extid={extid}&categories=sex+galleries,porn+video,sex+dating,porn+galleries
IP
136.243.69.157:0
ASN
#24940 Hetzner Online GmbH

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4512)
Size
2.8 kB (2785 bytes)
Hash
20b9f14f881ca880ca69ea4ce1c66ce6
b6f7918d04b3b7603f208ba999703e6d7b9af238
c656fa0a2d9ae119e9f0a00017c69f7edf53b8f2c9acf4df11de031687d01704

HTTP Headers

GET /iframes2/3fc4ed41601444c280369de89c76b12c.html?extid={extid}&categories=sex+galleries,porn+video,sex+dating,porn+galleries HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:16 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding, *
X-Api-Version: 2
Link: <http://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
X-Request-Id: 4e2630f9769a777a
Set-Cookie: ts_uid=88fa22ea-4765-4881-8413-db594f52e20c; expires=Sun, 02 Jun 2024 14:36:16 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
bfq=APeIECNCx5YZMGbcmEGDRhcWIsYU3BLjoYgyE2PcgBHDRgwaGm106aMg; expires=Sun, 03 Dec 2023 14:36:16 GMT; domain=.tsyndicate.com; path=/; secure; SameSite=None
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
Content-Encoding: gzip

friendshipmale.com/sfp.js

104.21.234.32

28 kB

URL
friendshipmale.com/sfp.js
IP
104.21.234.32:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Size
28 kB (27568 bytes)
Hash
924e967bca1d599992556a8d139b1c5a
222b09dbf164ddc03d39100fd0524a22018d28b2
ac84c2f8288b59f8e04ba77287ce696052bfeee0d462a566d94dc305df646c95

HTTP Headers

GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 02 Dec 2023 14:36:16 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: max-age=14400
X-Request-ID: 7bf240592cda265b5ed207af4375c31d
Strict-Transport-Security: max-age=0; includeSubdomains
CF-Cache-Status: EXPIRED
Last-Modified: Sat, 02 Dec 2023 14:36:16 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XxGCh%2FU1c7wCiOp5AnTOmeBe8B8yv9g8vb3XBUHiONLCTaXw%2B1S2I37totPHuyBvgw3Q9KcCTAg6j17ElMV1p4kb3rmB8G12c43MxRP6GEQm4DZ0P7t%2Bp%2BcT%2FyqFBMGh9xmQWoc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 82f44d1d5d88b51b-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

cdn.cloudimagesb.com/cti/bb/16/b7/bb16b71b76fc43a6abd135721b32a822/1658915518.png

45.133.44.9

145 kB

URL
cdn.cloudimagesb.com/cti/bb/16/b7/bb16b71b76fc43a6abd135721b32a822/1658915518.png
IP
45.133.44.9:0
ASN
#39572 DataWeb Global Group B.V.

File type
PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced\012- data
Size
145 kB (145012 bytes)
Hash
620dee7dda3ab0a55fef5e66735e48e1
c03458e7950bed758e4352ec7a78bb434a3164b1
8552142726040854ba6a1d57037aa513e8cb424e3e5b96f017fb742f7c9255c3

HTTP Headers

GET /cti/bb/16/b7/bb16b71b76fc43a6abd135721b32a822/1658915518.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:16 GMT
content-type: image/png
content-length: 145012
server: nginx/1.21.6
last-modified: Wed, 27 Jul 2022 09:52:06 GMT
etag: "62e10ac6-23674"
expires: Mon, 04 Dec 2023 14:36:16 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

cdn.cloudimagesb.com/bi/c7/e3/29/c7e329b99c3aec7c5b5a40f7930a40db/1688137312.jpg

45.133.44.9

62 kB

URL
cdn.cloudimagesb.com/bi/c7/e3/29/c7e329b99c3aec7c5b5a40f7930a40db/1688137312.jpg
IP
45.133.44.9:0
ASN
#39572 DataWeb Global Group B.V.

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=176, yresolution=184, resolutionunit=2], baseline, precision 8, 300x250, components 3\012- data
Size
62 kB (61911 bytes)
Hash
41f8d94e1ec4474106f9ecfa001de090
1478ba5efd6da33e0b2344763d350d1052993adb
161e915e63e7e11f851c9cce0d4e3e54567a3185b75717aeb66027bf131e48b0

HTTP Headers

GET /bi/c7/e3/29/c7e329b99c3aec7c5b5a40f7930a40db/1688137312.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:17 GMT
content-type: image/jpeg
content-length: 61911
server: nginx/1.21.6
last-modified: Fri, 30 Jun 2023 15:02:00 GMT
etag: "649eee68-f1d7"
expires: Mon, 04 Dec 2023 14:36:17 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

192.243.61.227

0 B

URL
crawledlikely.com/watch.1553139178981.js?key=c515a1f4fc3a36b04275034bdcef5c99&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%2C%22porn%22%2C%22pictures%22%2C%22and%22%2C%22xxx%22%2C%22galleries%22%5D&refer=http%3A%2F%2Ftop1pornmovies.sexjanet.com%2F&tz=0&dev=e&res=14.3093&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1
IP
192.243.61.227:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1553139178981.js?key=c515a1f4fc3a36b04275034bdcef5c99&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%2C%22porn%22%2C%22pictures%22%2C%22and%22%2C%22xxx%22%2C%22galleries%22%5D&refer=http%3A%2F%2Ftop1pornmovies.sexjanet.com%2F&tz=0&dev=e&res=14.3093&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1 HTTP/1.1
Host: crawledlikely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://top1pornmovies.sexjanet.com
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 14:36:17 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://top1pornmovies.sexjanet.com
Access-Control-Allow-Origin: http://top1pornmovies.sexjanet.com
Access-Control-Allow-Credentials: true
Location: https://crawledlikely.com/watch.1553139178981.js?key=c515a1f4fc3a36b04275034bdcef5c99&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%2C%22porn%22%2C%22pictures%22%2C%22and%22%2C%22xxx%22%2C%22galleries%22%5D&refer=http%3A%2F%2Ftop1pornmovies.sexjanet.com%2F&tz=0&dev=e&res=14.3093&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1&shu=be99eb2139b9a9c0278e46f2b9b07d80089db5900ac900b37ce07b0d124561f2f4f0ff5573b44d3bf1b4cb79a5a281d653d56d48e3c5139dcd22d20d9311509c58e5028a055f20adc748dc5bb9ea949e67f98258b60f77942f3ce408e017&pst=1701527837&rmtc=t
Set-Cookie: u_pl=17763945; expires=Sun, 03 Dec 2023 14:36:17 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzc2Mzk0NSwiayI6ImM1MTVhMWY0ZmMzYTM2YjA0Mjc1MDM0YmRjZWY1Yzk5Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxOTU5OTYyLCJwaWQiOjI4ODQzNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjo1LCJwdCI6NCwicGsiOiJ3YWN0dWZ6ZGFkIiwiY3BrcyI6eyIyOSI6IjI4ODUzMzkyYTc2YTE0YjE0MjY5OTFiNmRlZjIyNDNiIn0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwOi8vdG9wMXBvcm5tb3ZpZXMuc2V4amFuZXQuY29tLyIsImFyIjpbXX19.Du9Io3LnbF9sicBMzPzyvlfEIneCKTcxC8ZoFUOazUc; expires=Sat, 02 Dec 2023 14:37:17 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 226600089db5d485c25b603c57a4f7f1
Strict-Transport-Security: max-age=0; includeSubdomains

accommodationcarpetavid.com/sbar.json?key=28853392a76a14b1426991b6def2243b&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1

173.233.139.164

4.3 kB

URL
accommodationcarpetavid.com/sbar.json?key=28853392a76a14b1426991b6def2243b&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1
IP
173.233.139.164:0
ASN
#7979 SERVERS-COM

File type
JSON data\012- , ASCII text, with very long lines (6017), with no line terminators
Size
4.3 kB (4327 bytes)
Hash
9bcdc304df9648d21e156e034fd138ee
d47142771626c1ba911acf7fa587300a738543be
a05898f000970b4d931752242e61957a8b04e248d09a3bb7a2b78a4edeaa3398

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sbar.json?key=28853392a76a14b1426991b6def2243b&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1 HTTP/1.1
Host: accommodationcarpetavid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://top1pornmovies.sexjanet.com
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 14:36:17 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://top1pornmovies.sexjanet.com
Access-Control-Allow-Origin: http://top1pornmovies.sexjanet.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17787246; expires=Sun, 03 Dec 2023 14:36:16 GMT; secure; SameSite=None
uid_id2=c183314b-18db-4311-b819-cf40836c4c8a:2:1; expires=Sat, 09 Dec 2023 14:36:16 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 03 Dec 2023 14:36:17 GMT; secure; SameSite=None
uncs=1; expires=Sun, 03 Dec 2023 14:36:17 GMT; secure; SameSite=None
pdhtkv29=true; expires=Sun, 03 Dec 2023 14:36:17 GMT; secure; SameSite=None
uncs29=1; expires=Sun, 03 Dec 2023 14:36:17 GMT; secure; SameSite=None
slec28853392a76a14b1426991b6def2243b=[4714200]; expires=Sat, 02 Dec 2023 14:36:22 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 69e70aae33bb69d4d538bce12241f7b1
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

skiofficerdemote.com/ren.gif?sid=H4sIAAAAAAAC%2F1SSz4scRRTHq9f1FMQfiOBBGFBQwZ2tnunJ9iQHY4wJwZjEJJKr9atnK1vd1VR1T0%2F2IIsByXG8efDQ853dLGoUc%2FCkEpn1IgtCxoMu4uJfIIoQ8CazO7L4DvV%2BfN7hve%2BrD0blPglRsr3Lb9l1bQxb7jRp46XrOpO28o2L1xohbdKTjes6Ox6dbAxmj%2BufCGmnSV9unFNizS63aEhpSMPGWe1UYgfLBxQ6v9sNm13ajFrNsBNh4P6f%2BzKAZwFkf588BS2nj67%2BcA9aTJClX55Rfq2w%2BStvpKVhhXXoy%2B13srXMVhnSozBxAZJse94N66eEfLQAm23PN4Dtb842ANdTEvwcgmfb8zHB%2B1uHk3IDlYHLY6j6EygzgWYTCHsLWj4ggJC4eAlZeueidRW7eUjZjE7J4sO%2FoaspWfztaWTpF6eNHjSuWlMW2mYeg6SGHkygexPk5Q6K9QC62oEo3oeWP5LlhxeQpZuXvLHQcu8FEcbtdhjxpTCWfClqh%2BESj8PukkgiGrePi0jE7EAirSfQyQRGDcH8AkofoNQByiRAmQdI5V6DdboJpSsJT9rtOBJCtNtCdOLjsiPbUZxQlGK2wxBFPoQwQwi3gdxtYE0P4crv4FdreLkAX0xJ8PYG%2BrJGpQgqT1AxgkoTVAVB1a%2B3pPEtX9%2BRxpc8nPvW3LfrsS16I7Zli57KCJgbjvJ98uRMwOBxnWNN7TVk3OpGYRzHgsWUdxRtRSKSlK0IxmkUUXhdQ%2FsFMB9gXU%2FJM3%2BNkOspWUy%2BAmc78GYHQj8BVj4HVo1XWhRsdRzFFOvZ51z6tMeM8c1MFZC2Rl4sorgZjMw%2Befbgkuf%2B%2BAVK7J469s2N9%2F759XkIVyN3NW7o7wl65vb4iq3I5hVbeXLvUl7oVK%2Bz2ZWvFqxQi5%2B%2BqW5W1snzZ%2Fzwk9fEDMzCu9eULy6wTOqs58lnp7WUyp21Tijy7Xl%2FXfHLpV89XbqszC9cfv3s%2BTR3ynttswmYfvDufQg9JY99%2FfHB%2F31x%2FwS0m8CVNdJyl8wN2u5A5Bvw%2Be6p%2F2reEjhz1MPzAFVZj12LHxWNJjDqKGe8hldHEnC1e%2F%2FPQzbyt9FzAVhxC1lao%2B9q9E0NZobw5SPjIne7r%2F7UPjBwE4y5ccEmN858eCit13sN1UloomhL8aTLkxVGZTeJupx1Q7XCOyxE4adq7dTv%2FwIAAP%2F%2FAQAA%2F%2F8igZ1IlwQAAA%3D%3D

173.233.139.164

7 B

URL
skiofficerdemote.com/ren.gif?sid=H4sIAAAAAAAC%2F1SSz4scRRTHq9f1FMQfiOBBGFBQwZ2tnunJ9iQHY4wJwZjEJJKr9atnK1vd1VR1T0%2F2IIsByXG8efDQ853dLGoUc%2FCkEpn1IgtCxoMu4uJfIIoQ8CazO7L4DvV%2BfN7hve%2BrD0blPglRsr3Lb9l1bQxb7jRp46XrOpO28o2L1xohbdKTjes6Ox6dbAxmj%2BufCGmnSV9unFNizS63aEhpSMPGWe1UYgfLBxQ6v9sNm13ajFrNsBNh4P6f%2BzKAZwFkf588BS2nj67%2BcA9aTJClX55Rfq2w%2BStvpKVhhXXoy%2B13srXMVhnSozBxAZJse94N66eEfLQAm23PN4Dtb842ANdTEvwcgmfb8zHB%2B1uHk3IDlYHLY6j6EygzgWYTCHsLWj4ggJC4eAlZeueidRW7eUjZjE7J4sO%2FoaspWfztaWTpF6eNHjSuWlMW2mYeg6SGHkygexPk5Q6K9QC62oEo3oeWP5LlhxeQpZuXvLHQcu8FEcbtdhjxpTCWfClqh%2BESj8PukkgiGrePi0jE7EAirSfQyQRGDcH8AkofoNQByiRAmQdI5V6DdboJpSsJT9rtOBJCtNtCdOLjsiPbUZxQlGK2wxBFPoQwQwi3gdxtYE0P4crv4FdreLkAX0xJ8PYG%2BrJGpQgqT1AxgkoTVAVB1a%2B3pPEtX9%2BRxpc8nPvW3LfrsS16I7Zli57KCJgbjvJ98uRMwOBxnWNN7TVk3OpGYRzHgsWUdxRtRSKSlK0IxmkUUXhdQ%2FsFMB9gXU%2FJM3%2BNkOspWUy%2BAmc78GYHQj8BVj4HVo1XWhRsdRzFFOvZ51z6tMeM8c1MFZC2Rl4sorgZjMw%2Befbgkuf%2B%2BAVK7J469s2N9%2F759XkIVyN3NW7o7wl65vb4iq3I5hVbeXLvUl7oVK%2Bz2ZWvFqxQi5%2B%2BqW5W1snzZ%2Fzwk9fEDMzCu9eULy6wTOqs58lnp7WUyp21Tijy7Xl%2FXfHLpV89XbqszC9cfv3s%2BTR3ynttswmYfvDufQg9JY99%2FfHB%2F31x%2FwS0m8CVNdJyl8wN2u5A5Bvw%2Be6p%2F2reEjhz1MPzAFVZj12LHxWNJjDqKGe8hldHEnC1e%2F%2FPQzbyt9FzAVhxC1lao%2B9q9E0NZobw5SPjIne7r%2F7UPjBwE4y5ccEmN858eCit13sN1UloomhL8aTLkxVGZTeJupx1Q7XCOyxE4adq7dTv%2FwIAAP%2F%2FAQAA%2F%2F8igZ1IlwQAAA%3D%3D
IP
173.233.139.164:0
ASN
#7979 SERVERS-COM

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1SSz4scRRTHq9f1FMQfiOBBGFBQwZ2tnunJ9iQHY4wJwZjEJJKr9atnK1vd1VR1T0%2F2IIsByXG8efDQ853dLGoUc%2FCkEpn1IgtCxoMu4uJfIIoQ8CazO7L4DvV%2BfN7hve%2BrD0blPglRsr3Lb9l1bQxb7jRp46XrOpO28o2L1xohbdKTjes6Ox6dbAxmj%2BufCGmnSV9unFNizS63aEhpSMPGWe1UYgfLBxQ6v9sNm13ajFrNsBNh4P6f%2BzKAZwFkf588BS2nj67%2BcA9aTJClX55Rfq2w%2BStvpKVhhXXoy%2B13srXMVhnSozBxAZJse94N66eEfLQAm23PN4Dtb842ANdTEvwcgmfb8zHB%2B1uHk3IDlYHLY6j6EygzgWYTCHsLWj4ggJC4eAlZeueidRW7eUjZjE7J4sO%2FoaspWfztaWTpF6eNHjSuWlMW2mYeg6SGHkygexPk5Q6K9QC62oEo3oeWP5LlhxeQpZuXvLHQcu8FEcbtdhjxpTCWfClqh%2BESj8PukkgiGrePi0jE7EAirSfQyQRGDcH8AkofoNQByiRAmQdI5V6DdboJpSsJT9rtOBJCtNtCdOLjsiPbUZxQlGK2wxBFPoQwQwi3gdxtYE0P4crv4FdreLkAX0xJ8PYG%2BrJGpQgqT1AxgkoTVAVB1a%2B3pPEtX9%2BRxpc8nPvW3LfrsS16I7Zli57KCJgbjvJ98uRMwOBxnWNN7TVk3OpGYRzHgsWUdxRtRSKSlK0IxmkUUXhdQ%2FsFMB9gXU%2FJM3%2BNkOspWUy%2BAmc78GYHQj8BVj4HVo1XWhRsdRzFFOvZ51z6tMeM8c1MFZC2Rl4sorgZjMw%2Befbgkuf%2B%2BAVK7J469s2N9%2F759XkIVyN3NW7o7wl65vb4iq3I5hVbeXLvUl7oVK%2Bz2ZWvFqxQi5%2B%2BqW5W1snzZ%2Fzwk9fEDMzCu9eULy6wTOqs58lnp7WUyp21Tijy7Xl%2FXfHLpV89XbqszC9cfv3s%2BTR3ynttswmYfvDufQg9JY99%2FfHB%2F31x%2FwS0m8CVNdJyl8wN2u5A5Bvw%2Be6p%2F2reEjhz1MPzAFVZj12LHxWNJjDqKGe8hldHEnC1e%2F%2FPQzbyt9FzAVhxC1lao%2B9q9E0NZobw5SPjIne7r%2F7UPjBwE4y5ccEmN858eCit13sN1UloomhL8aTLkxVGZTeJupx1Q7XCOyxE4adq7dTv%2FwIAAP%2F%2FAQAA%2F%2F8igZ1IlwQAAA%3D%3D HTTP/1.1
Host: skiofficerdemote.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Cookie: u_pl=17787248; uid_id2=c183314b-18db-4311-b819-cf40836c4c8a:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 14:36:17 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 64da737af618242afdb11bec5d61545f
Strict-Transport-Security: max-age=0; includeSubdomains

cdn.cloudimagesb.com/bi/af/b7/8e/afb78e9e9caab125658a6c150ba489b1/1688139489.jpg

45.133.44.9

72 kB

URL
cdn.cloudimagesb.com/bi/af/b7/8e/afb78e9e9caab125658a6c150ba489b1/1688139489.jpg
IP
45.133.44.9:0
ASN
#39572 DataWeb Global Group B.V.

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=176, yresolution=184, resolutionunit=2], baseline, precision 8, 300x250, components 3\012- data
Size
72 kB (72442 bytes)
Hash
6558c1b066d51ae9dcd0fb710976fd47
1b8b413e0f86a8fbcac1fd51498d53c1d252716a
48fb2ec1ca6adf7bfb49073cd801e7333777ba7a77cf434887bcb782e22ea11c

HTTP Headers

GET /bi/af/b7/8e/afb78e9e9caab125658a6c150ba489b1/1688139489.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:17 GMT
content-type: image/jpeg
content-length: 72442
server: nginx/1.21.6
last-modified: Fri, 30 Jun 2023 15:38:18 GMT
etag: "649ef6ea-11afa"
expires: Mon, 04 Dec 2023 14:36:17 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

chaturbate.com/in/?tour=dTm0&campaign=Q2cRU&track=e.iframe.NO&disable_sound=1&mobileRedirect=auto&embed_video_only=1&id=2|164978|113814|no|94553|40900043|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|91.90.42.154|0|0|0|0|3143242

104.18.100.40

0 B

URL
chaturbate.com/in/?tour=dTm0&campaign=Q2cRU&track=e.iframe.NO&disable_sound=1&mobileRedirect=auto&embed_video_only=1&id=2|164978|113814|no|94553|40900043|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|91.90.42.154|0|0|0|0|3143242
IP
104.18.100.40:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/?tour=dTm0&campaign=Q2cRU&track=e.iframe.NO&disable_sound=1&mobileRedirect=auto&embed_video_only=1&id=2|164978|113814|no|94553|40900043|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|91.90.42.154|0|0|0|0|3143242 HTTP/1.1
Host: chaturbate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://go.eabids.com/
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Date: Sat, 02 Dec 2023 14:36:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: private
Location: https://chaturbate.com:443/in/?tour=dTm0&campaign=Q2cRU&track=e.iframe.NO&disable_sound=1&mobileRedirect=auto&embed_video_only=1&id=2|164978|113814|no|94553|40900043|5675443|1|0|46|50304|,,,,,|4|0|0|1,6,24|0|0|en|1|91.90.42.154|0|0|0|0|3143242
CF-Cache-Status: DYNAMIC
Set-Cookie: __cf_bm=QPvy6N2IJxL9YSnt8lu7mmdT_4i69Y3Q_sGiuTFVOvk-1701527777-0-AVm6aIHrXW01anT76G0yc+oJRX8fDa6TLZvfYPgrKzlvwPnduit+Lj6Ot6FoydCvflVXubPm2kerSvN1j4ffbVY=; path=/; expires=Sat, 02-Dec-23 15:06:17 GMT; domain=.chaturbate.com; HttpOnly; SameSite=None
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hQWgML07wP%2FE%2Bgag8UZ%2BYlU%2FXmlsrBASCOOA9pXsX%2BETlKUqTJcOMo8MMJ1YRr%2FSytUviGQfc6T2I7RFm%2F0rmvoObKNxWkILgQh6Scp1zw6diU4EftpxGvVTUzUL0GiX"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 82f44d1eec5256bf-OSL
alt-svc: h3=":443"; ma=86400

chaturbate.com/in/?tour=dTm0&campaign=Q2cRU&track=e.iframe.NO&disable_sound=1&mobileRedirect=auto&embed_video_only=1&id=2|164978|7017784|no|94553|40900043|5675441|1|0|46|50304|,,,,,|4|0|0|1,2,3,6,12,13,19,21,26|0|0|en|1|91.90.42.154|0|0|0|0|3143242

104.18.100.40

0 B

URL
chaturbate.com/in/?tour=dTm0&campaign=Q2cRU&track=e.iframe.NO&disable_sound=1&mobileRedirect=auto&embed_video_only=1&id=2|164978|7017784|no|94553|40900043|5675441|1|0|46|50304|,,,,,|4|0|0|1,2,3,6,12,13,19,21,26|0|0|en|1|91.90.42.154|0|0|0|0|3143242
IP
104.18.100.40:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/?tour=dTm0&campaign=Q2cRU&track=e.iframe.NO&disable_sound=1&mobileRedirect=auto&embed_video_only=1&id=2|164978|7017784|no|94553|40900043|5675441|1|0|46|50304|,,,,,|4|0|0|1,2,3,6,12,13,19,21,26|0|0|en|1|91.90.42.154|0|0|0|0|3143242 HTTP/1.1
Host: chaturbate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://go.eabids.com/
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Date: Sat, 02 Dec 2023 14:36:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: private
Location: https://chaturbate.com:443/in/?tour=dTm0&campaign=Q2cRU&track=e.iframe.NO&disable_sound=1&mobileRedirect=auto&embed_video_only=1&id=2|164978|7017784|no|94553|40900043|5675441|1|0|46|50304|,,,,,|4|0|0|1,2,3,6,12,13,19,21,26|0|0|en|1|91.90.42.154|0|0|0|0|3143242
CF-Cache-Status: DYNAMIC
Set-Cookie: __cf_bm=tRbMOadAmPhVqTejlcltl2cW.8GFxNskz7usXKvZ_tQ-1701527777-0-AWzxQk800xa2ycym2jDFAATldzXiDNkwft/pWcHrAIA3GPrS9Sx1yABWGUotQWv3N0waIW0m3Y9VcO080wgfz+M=; path=/; expires=Sat, 02-Dec-23 15:06:17 GMT; domain=.chaturbate.com; HttpOnly; SameSite=None
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WS%2BvdJdSHezXpyScHi0d4eBX%2B46O9xbDcRQYbomJ5r7oL%2FUPyTyXJ6MEB9aDUiPFzzkrczwvaYbRFsX8%2FhMODcmg5mTAhIfYEX2u41GtEQqKS%2FUJLVZmydqIR%2BODgFPl"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 82f44d1f0947b527-OSL
alt-svc: h3=":443"; ma=86400

friendshipmale.com/sfp.js

104.21.234.32

28 kB

URL
friendshipmale.com/sfp.js
IP
104.21.234.32:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Size
28 kB (27568 bytes)
Hash
924e967bca1d599992556a8d139b1c5a
222b09dbf164ddc03d39100fd0524a22018d28b2
ac84c2f8288b59f8e04ba77287ce696052bfeee0d462a566d94dc305df646c95

HTTP Headers

GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 02 Dec 2023 14:36:17 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: max-age=14400
X-Request-ID: b5d41ec0a7ff07d1392560efb5161089
Strict-Transport-Security: max-age=0; includeSubdomains
CF-Cache-Status: EXPIRED
Last-Modified: Sat, 02 Dec 2023 14:36:17 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=49WEHjmWImKR%2BwKRWUw2VOSFaldNqvIgwlp%2Fi4mcSDpy0g9VzGIMyUAktp5aBaXdj2WJMPkytbQxtlPxVeQe7d35hVeHTS3hscHz%2BwxgpJ4Pov0aKhS7lPYQo9kyQtlfYvfFjhk%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 82f44d1ede9656ba-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

go.eabids.com/banner.go?spaceid=7648657&maincat=

217.22.19.194

1.2 kB

URL
go.eabids.com/banner.go?spaceid=7648657&maincat=
IP
217.22.19.194:0
ASN
#42567 Mojohost B.v.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1242), with no line terminators
Size
1.2 kB (1242 bytes)
Hash
9d38a89b558f94d36231df16f221cb12
6061abf6bee4fbbf8c4cb1d75a88fcc4546d06b9
4cf998172c7fbab2668fa2f5efda7bf23ef41164fe73d1c1e34c5fb07142771b

HTTP Headers

GET /banner.go?spaceid=7648657&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:17 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 1242
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Janon, 02 12 2023 14:36:17 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
Accept-Ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
X-Backend-Server: nl2-web-201

wheelstweakautopsy.com/8f/9f/c6/8f9fc67e3b5b368f1c72c9bed43a0f41.js

173.233.137.36

15 kB

URL
wheelstweakautopsy.com/8f/9f/c6/8f9fc67e3b5b368f1c72c9bed43a0f41.js
IP
173.233.137.36:0
ASN
#7979 SERVERS-COM

File type
ASCII text, with very long lines (42759), with no line terminators
Size
15 kB (15406 bytes)
Hash
dadb9ee08619ffd55ca73e3d72c3c86f
8a7f912290e9c9e8a1b7d46fbb790085d9acb862
926afefc2715a59edcbbd025620151792a0e73b6fc79033822eabf05a13c189d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /8f/9f/c6/8f9fc67e3b5b368f1c72c9bed43a0f41.js HTTP/1.1
Host: wheelstweakautopsy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 14:36:17 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d2c153ff5c3741570d16bd11caeb111f
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

go.eabids.com/banner.go?spaceid=7648657&maincat=

217.22.19.194

740 B

URL
go.eabids.com/banner.go?spaceid=7648657&maincat=
IP
217.22.19.194:0
ASN
#42567 Mojohost B.v.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (740), with no line terminators
Size
740 B (740 bytes)
Hash
4a8ac5276adb00fbce38d1ef3928a3d1
932af51c961395b32c697153b5f84a4ecb45e398
5b86b30d2322510158704706863638c1d8f10c5655394f47f67e430c553a9394

HTTP Headers

GET /banner.go?spaceid=7648657&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:17 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 740
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Janon, 02 12 2023 14:36:17 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
Accept-Ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
X-Backend-Server: nl2-web-201

go.eabids.com/banner.go?spaceid=5675445&keywords=&maincat=

217.22.19.194

738 B

URL
go.eabids.com/banner.go?spaceid=5675445&keywords=&maincat=
IP
217.22.19.194:0
ASN
#42567 Mojohost B.v.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (738), with no line terminators
Size
738 B (738 bytes)
Hash
5a41e6cea25ce389d7a77435ada71271
c329b458e2ded060163c7ca25ba45fade6314be5
2dbc3c8ab6830ec23ddea6898898603e19370f60a2723644838a1ba97aaa0b32

HTTP Headers

GET /banner.go?spaceid=5675445&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:17 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 738
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Janon, 02 12 2023 14:36:17 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
Accept-Ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
X-Backend-Server: nl2-web-201

static.eabids.com/data/bannerpools/112022/33807.jpg

217.22.19.195

17 kB

URL
static.eabids.com/data/bannerpools/112022/33807.jpg
IP
217.22.19.195:0
ASN
#42567 Mojohost B.v.

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 300x250, components 3\012- data
Size
17 kB (17139 bytes)
Hash
5cdf4fdb75c84c7fe9c95a9c43d4558d
d615fb1c007bcc0995b1bc72fe21a47e98f6094f
9e1ca0a8aa682706ecff90fe20dba9c9c9188160b26af5d87bed3763663cfaea

HTTP Headers

GET /data/bannerpools/112022/33807.jpg HTTP/1.1
Host: static.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://go.eabids.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:17 GMT
Content-Type: image/jpeg
Content-Length: 17139
Last-Modified: Thu, 28 Apr 2022 13:46:32 GMT
Connection: keep-alive
ETag: "626a9ab8-42f3"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Backend-Server: nl2-static-221
Accept-Ranges: bytes

pursuitperceptionforest.com/watch.1463404258379.js?key=539d71c7c61ed9e36ed1dd6ab6acffc8&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%2C%22porn%22%2C%22pictures%22%2C%22and%22%2C%22xxx%22%2C%22galleries%22%5D&refer=http%3A%2F%2Ftop1pornmovies.sexjanet.com%2F&tz=0&dev=e&res=14.3093&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1&shu=e2fbe08f28c841358585725649fe8eb33afb96182c66b44c4113de31bfe3765f33f0545820938f7a7302171fc14f8471d2bee1aea3528eba4b603d79d6d302b2b5c11cba73c7456813d5fa8b3278b438e7b865fbacdcb372966c7ee036cb&pst=1701527836&rmtc=t

173.233.137.36

2.1 kB

URL
pursuitperceptionforest.com/watch.1463404258379.js?key=539d71c7c61ed9e36ed1dd6ab6acffc8&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%2C%22porn%22%2C%22pictures%22%2C%22and%22%2C%22xxx%22%2C%22galleries%22%5D&refer=http%3A%2F%2Ftop1pornmovies.sexjanet.com%2F&tz=0&dev=e&res=14.3093&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1&shu=e2fbe08f28c841358585725649fe8eb33afb96182c66b44c4113de31bfe3765f33f0545820938f7a7302171fc14f8471d2bee1aea3528eba4b603d79d6d302b2b5c11cba73c7456813d5fa8b3278b438e7b865fbacdcb372966c7ee036cb&pst=1701527836&rmtc=t
IP
173.233.137.36:0
ASN
#7979 SERVERS-COM

File type
HTML document, ASCII text, with very long lines (2579)
Size
2.1 kB (2080 bytes)
Hash
64637299de753a513fe08d7233c89881
1bc8c6a964493d573f0d1843f5d13ff7639f9b38
07bbe252476ce10ff1ef3e745d383196f648135d22cf338a5ff442d4b795b86e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1463404258379.js?key=539d71c7c61ed9e36ed1dd6ab6acffc8&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%2C%22porn%22%2C%22pictures%22%2C%22and%22%2C%22xxx%22%2C%22galleries%22%5D&refer=http%3A%2F%2Ftop1pornmovies.sexjanet.com%2F&tz=0&dev=e&res=14.3093&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1&shu=e2fbe08f28c841358585725649fe8eb33afb96182c66b44c4113de31bfe3765f33f0545820938f7a7302171fc14f8471d2bee1aea3528eba4b603d79d6d302b2b5c11cba73c7456813d5fa8b3278b438e7b865fbacdcb372966c7ee036cb&pst=1701527836&rmtc=t HTTP/1.1
Host: pursuitperceptionforest.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://top1pornmovies.sexjanet.com
Referer: http://top1pornmovies.sexjanet.com/
DNT: 1
Connection: keep-alive
Cookie: u_pl=17743402; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzc0MzQwMiwiayI6IjUzOWQ3MWM3YzYxZWQ5ZTM2ZWQxZGQ2YWI2YWNmZmM4Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNTAzNjQ5LCJwaWQiOjI4ODQzNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjo1LCJwdCI6NCwicGsiOiJ4M2J0dWpzdWsiLCJjcGtzIjp7IjI5IjoiZDgyOTQxODg4Y2E4MGI1ZTAyNGM0ZDBhN2NhYjA0NDAifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly90b3AxcG9ybm1vdmllcy5zZXhqYW5ldC5jb20vIiwiYXIiOltdfX0.1HCEvnPrw8aw4oGMBn0zQSZghV1ECQgmUdSYy5NDJqc
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 14:36:17 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://top1pornmovies.sexjanet.com
Access-Control-Allow-Origin: http://top1pornmovies.sexjanet.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=c183314b-18db-4311-b819-cf40836c4c8a:2:1; expires=Sat, 09 Dec 2023 14:36:17 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 03 Dec 2023 14:36:17 GMT; secure; SameSite=None
uncs=1; expires=Sun, 03 Dec 2023 14:36:17 GMT; secure; SameSite=None
pdhtkv5=true; expires=Sun, 03 Dec 2023 14:36:17 GMT; secure; SameSite=None
uncs5=1; expires=Sun, 03 Dec 2023 14:36:17 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: bacbff3fbf0d175c0f100bd942e3e7d5
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

poweredby.jads.co/js/jads2.js

185.94.236.246

1.7 kB

URL
poweredby.jads.co/js/jads2.js
IP
185.94.236.246:0
ASN
#42567 Mojohost B.v.

File type
ASCII text, with very long lines (3758), with no line terminators
Size
1.7 kB (1719 bytes)
Hash
bc8141c4650030c41f6a98026b12ce80
af5618f7e467a207d4c64627be580283ab5640cd
5ad0b5133e45b32908a388c8c6dcfca2c23d1d9d3e2ed6a839a742bab1ffde51

HTTP Headers

GET /js/jads2.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://top1pornmovies.sexjanet.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:17 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 20 Sep 2023 21:26:09 GMT
Transfer-Encoding: chunked
Connection: close
ETag: W/"650b6371-eae"
Content-Encoding: gzip

static.eabids.com/data/bannerpools/112022/33914.jpg

217.22.19.195

56 kB

URL
static.eabids.com/data/bannerpools/112022/33914.jpg
IP
217.22.19.195:0
ASN
#42567 Mojohost B.v.

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 300x250, components 3\012- data
Size
56 kB (55763 bytes)
Hash
0d73f84edb500eb29390381ce09c3ab8
a0bceb870344cbf828a3fce11e84db7764890018
bf65716b37bab758fda7e676423a92d5861292cd369402cc1359f8597049e477

HTTP Headers

GET /data/bannerpools/112022/33914.jpg HTTP/1.1
Host: static.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://go.eabids.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:17 GMT
Content-Type: image/jpeg
Content-Length: 55763
Last-Modified: Thu, 28 Apr 2022 13:46:23 GMT
Connection: keep-alive
ETag: "626a9aaf-d9d3"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Backend-Server: nl2-static-222
Accept-Ranges: bytes

lcdn.tsyndicate.com/sdk/v1/b.b.js

8.247.217.249

2.6 kB

URL
lcdn.tsyndicate.com/sdk/v1/b.b.js
IP
8.247.217.249:0
ASN
#3356 LEVEL3

File type
ASCII text, with very long lines (2590)
Size
2.6 kB (2640 bytes)
Hash
b0a8eae036a72f605538b002e33f7023
5916ea9eeb0b676d6f44637601c40d0dc69542d1
7b9affd37cf01ac1a4c5f4a4ccb1936f0412ff771fb24e36a55682d2bf0ac554

HTTP Headers

GET /sdk/v1/b.b.js HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://tsyndicate.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 02 Aug 2023 21:23:32 GMT
Content-Type: application/javascript
Content-Length: 2640
Connection: keep-alive
Server: nginx
Last-Modified: Tue, 25 Jul 2023 12:28:26 GMT
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
ETag: W/"64bfbfea-1f37"
Content-Encoding: gzip
Age: 10516365
Accept-Ranges: bytes

173.233.137.36

0 B

URL
wheelstweakautopsy.com/watch.642354604750.js?key=11115435c35e6b966b90a5f936e0edcc&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%2C%22porn%22%2C%22pictures%22%2C%22and%22%2C%22xxx%22%2C%22galleries%22%5D&refer=http%3A%2F%2Ftop1pornmovies.sexjanet.com%2F&tz=0&dev=e&res=14.3093&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1
IP
173.233.137.36:0
ASN
#7979 SERVERS-COM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.642354604750.js?key=11115435c35e6b966b90a5f936e0edcc&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%2C%22porn%22%2C%22pictures%22%2C%22and%22%2C%22xxx%22%2C%22galleries%22%5D&refer=http%3A%2F%2Ftop1pornmovies.sexjanet.com%2F&tz=0&dev=e&res=14.3093&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1 HTTP/1.1
Host: wheelstweakautopsy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://top1pornmovies.sexjanet.com
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 14:36:17 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://top1pornmovies.sexjanet.com
Access-Control-Allow-Origin: http://top1pornmovies.sexjanet.com
Access-Control-Allow-Credentials: true
Location: https://wheelstweakautopsy.com/watch.642354604750.js?key=11115435c35e6b966b90a5f936e0edcc&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%2C%22porn%22%2C%22pictures%22%2C%22and%22%2C%22xxx%22%2C%22galleries%22%5D&refer=http%3A%2F%2Ftop1pornmovies.sexjanet.com%2F&tz=0&dev=e&res=14.3093&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1&shu=b34408c26cbb2fba08800245938d60487a45595807f796aee8edd42676f51fd43d12fce123cab91b4b86644d9410a10af02503ce84faa1c2fcca1676cd7a68b140aa27a4dc71026e1ad733914fba0465a988c1604fc2ba9760876e67dba1cc2bcc8182&pst=1701527837&rmtc=t
Set-Cookie: u_pl=17763957; expires=Sun, 03 Dec 2023 14:36:17 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzc2Mzk1NywiayI6IjExMTE1NDM1YzM1ZTZiOTY2YjkwYTVmOTM2ZTBlZGNjIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxOTU5OTYxLCJwaWQiOjI4ODQzNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjo1LCJwdCI6NCwicGsiOiJkNXdyanVydCIsImNwa3MiOnsiMjkiOiI4ZjlmYzY3ZTNiNWIzNjhmMWM3MmM5YmVkNDNhMGY0MSJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cDovL3RvcDFwb3JubW92aWVzLnNleGphbmV0LmNvbS8iLCJhciI6W119fQ.9LfKaLaGzJMdyf2clAdjqu4Ue4HGL_OZVtnjKJKJg6I; expires=Sat, 02 Dec 2023 14:37:17 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c48a2f450f2208c40d3cd328301950d3
Strict-Transport-Security: max-age=0; includeSubdomains

poweredby.jads.co/js/jads2.js

185.94.236.246

1.7 kB

URL
poweredby.jads.co/js/jads2.js
IP
185.94.236.246:0
ASN
#42567 Mojohost B.v.

File type
ASCII text, with very long lines (3758), with no line terminators
Size
1.7 kB (1719 bytes)
Hash
bc8141c4650030c41f6a98026b12ce80
af5618f7e467a207d4c64627be580283ab5640cd
5ad0b5133e45b32908a388c8c6dcfca2c23d1d9d3e2ed6a839a742bab1ffde51

HTTP Headers

GET /js/jads2.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://top1pornmovies.sexjanet.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:17 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 20 Sep 2023 21:26:09 GMT
Transfer-Encoding: chunked
Connection: close
ETag: W/"650b6371-eae"
Content-Encoding: gzip

comedianthirteenth.com/11115435c35e6b966b90a5f936e0edcc/invoke.js

192.243.61.225

11 kB

URL
comedianthirteenth.com/11115435c35e6b966b90a5f936e0edcc/invoke.js
IP
192.243.61.225:0
ASN
#39572 DataWeb Global Group B.V.

File type
exported SGML document, ASCII text, with very long lines (29611), with no line terminators
Size
11 kB (10938 bytes)
Hash
55e195d3cf77ce7f47dcbd913fd9f511
869d0b2706101d9f74f2aecfe71be8ee903b4e13
3b12e48bbbeb19b208c5f465e66bbe767826892b45ddb8a7fcb34f9bc00c7cdd

HTTP Headers

GET /11115435c35e6b966b90a5f936e0edcc/invoke.js HTTP/1.1
Host: comedianthirteenth.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 14:36:17 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b36906ea830fa7a9c42af5cbc3e4ad4e
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

valuermainly.com/sbar.json?key=d82941888ca80b5e024c4d0a7cab0440&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1

192.243.61.225

4.3 kB

URL
valuermainly.com/sbar.json?key=d82941888ca80b5e024c4d0a7cab0440&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1
IP
192.243.61.225:0
ASN
#39572 DataWeb Global Group B.V.

File type
JSON data\012- , ASCII text, with very long lines (6017), with no line terminators
Size
4.3 kB (4349 bytes)
Hash
66942071750093de7d9626e504556157
16e7197582cb5566bdc6859713853f4177bb7bec
43e06aaf2cd7f074e2386758a18c0784382d50df117cc4cd46bd44424350b64d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sbar.json?key=d82941888ca80b5e024c4d0a7cab0440&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1 HTTP/1.1
Host: valuermainly.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://top1pornmovies.sexjanet.com
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 14:36:17 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://top1pornmovies.sexjanet.com
Access-Control-Allow-Origin: http://top1pornmovies.sexjanet.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17787248; expires=Sun, 03 Dec 2023 14:36:17 GMT; secure; SameSite=None
uid_id2=c183314b-18db-4311-b819-cf40836c4c8a:2:1; expires=Sat, 09 Dec 2023 14:36:17 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 03 Dec 2023 14:36:17 GMT; secure; SameSite=None
uncs=1; expires=Sun, 03 Dec 2023 14:36:17 GMT; secure; SameSite=None
pdhtkv29=true; expires=Sun, 03 Dec 2023 14:36:17 GMT; secure; SameSite=None
uncs29=1; expires=Sun, 03 Dec 2023 14:36:17 GMT; secure; SameSite=None
slecd82941888ca80b5e024c4d0a7cab0440=[4714200]; expires=Sat, 02 Dec 2023 14:36:22 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0ffb72de64651b4f275a3c2beebd0a1e
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

accommodationcarpetavid.com/ren.gif?sid=H4sIAAAAAAAC%2F1SST2hc1RfH7%2Btvfqsi%2FsGNQmFAQQUzef9mMtMurLW2FGsT20q23n9vcjt33n3c%2B968SRYSLEiX486Fi5fvJA3VInbhSqUycSMBoeNCgxhw50oEoeBOJhkJnsU9fz5ncc733A%2B3ikMSoKAHK2%2BbDaU1XWw2%2FPrLqyoVpnT1azfrgd%2Fwz9VXVdqKz9WHs8cOzgZ%2Bs%2BG%2FUr8sec8shn7g%2B4Ef1C8pKxMzXDyiUNn9TtDo%2BI04bATNGEP739wVHhz1IAaH5BkoMf3%2F2vcPoPgEaf%2BLi9L1cpO9%2Bma%2F0DQ3FgOx%2B27aS02Zon8SJtZDku7Ou2HclJCPT8Gku%2FMNYAbbsw3A1JR4PwVg6e58TLDBzvGkTEOmYOI0ysEEUk%2Bg6ATc3IYSjwjABa4tI%2B3fvWZsSdePKZ3RKak9%2FguqnJLar88i7X9%2BQath%2FYbRRa5M6jBMKqjhBKo7QVbsId%2FwoMo98PwDKPEDWXx8FWl%2Fe9lpAyUOXuRBO4qCmC0EbcEW4igIFlg76CzwJPbbUYvHvE2PJFJqApVMoOUI1J1C4TwUykOReCgyD31xUKfNTuL7SwlLoqgdc86jiPNmuyWaIorbiY%2BCz3YYIc9G4HoEbjeR2U301Ai2%2BBZurYITNbh8Srx3NjEQFUpJUDqCkhKUiqDMCcpBtSO0C111V2hXsGDuw7mPqrHJu1t0x%2BRdmRJQO9rKDsnTMwG9J1WKnjyoh%2B12M4o6IV1q0SBmQRy2Op2AtYRMwjCOGJyqoNwpUOdhQ03Jmd%2BfR6ampJZ8CUb34PQeuHoKtDgDWo6XQh90bRy3fWyk98p1zhuZsSmEqZDlNeTr3pY%2BJM8dXfHyHz9D8v3zp7%2B%2B9f7fv7wAbitktsIt9R1BV98ZXzcl2b5uSkceLGe56qsNOrvwjZzmsvbpW3K9NFZcuehG917nMzAL79%2BULr9KU6HSriOfXVBCSHvJWC7JN1fcqmQrhVu7UNi0yK6uvHHpSj%2Bz0jll0gmoevTeQ3A1JU989cnR333p8CyUncAWFfrFPpkblNkDzzbhsv3z%2F9acIbD6pIdlHsqiGtuQnRS1ItDyJKesgpMnEjC5%2F%2FDPY7bl7qBrPdD8NtJ%2BhYGtMNAVqB7BFf8b55ndf%2B3H6MjAtDdm2nrbTFv90bG0Th3UZTPxE%2BmHkiUdlixRX3SSuMNoJ5BLrEkD5G4qe%2Bd%2F%2BwcAAP%2F%2FAQAA%2F%2F%2BHgqxskwQAAA%3D%3D

173.233.139.164

7 B

URL
accommodationcarpetavid.com/ren.gif?sid=H4sIAAAAAAAC%2F1SST2hc1RfH7%2Btvfqsi%2FsGNQmFAQQUzef9mMtMurLW2FGsT20q23n9vcjt33n3c%2B968SRYSLEiX486Fi5fvJA3VInbhSqUycSMBoeNCgxhw50oEoeBOJhkJnsU9fz5ncc733A%2B3ikMSoKAHK2%2BbDaU1XWw2%2FPrLqyoVpnT1azfrgd%2Fwz9VXVdqKz9WHs8cOzgZ%2Bs%2BG%2FUr8sec8shn7g%2B4Ef1C8pKxMzXDyiUNn9TtDo%2BI04bATNGEP739wVHhz1IAaH5BkoMf3%2F2vcPoPgEaf%2BLi9L1cpO9%2Bma%2F0DQ3FgOx%2B27aS02Zon8SJtZDku7Ou2HclJCPT8Gku%2FMNYAbbsw3A1JR4PwVg6e58TLDBzvGkTEOmYOI0ysEEUk%2Bg6ATc3IYSjwjABa4tI%2B3fvWZsSdePKZ3RKak9%2FguqnJLar88i7X9%2BQath%2FYbRRa5M6jBMKqjhBKo7QVbsId%2FwoMo98PwDKPEDWXx8FWl%2Fe9lpAyUOXuRBO4qCmC0EbcEW4igIFlg76CzwJPbbUYvHvE2PJFJqApVMoOUI1J1C4TwUykOReCgyD31xUKfNTuL7SwlLoqgdc86jiPNmuyWaIorbiY%2BCz3YYIc9G4HoEbjeR2U301Ai2%2BBZurYITNbh8Srx3NjEQFUpJUDqCkhKUiqDMCcpBtSO0C111V2hXsGDuw7mPqrHJu1t0x%2BRdmRJQO9rKDsnTMwG9J1WKnjyoh%2B12M4o6IV1q0SBmQRy2Op2AtYRMwjCOGJyqoNwpUOdhQ03Jmd%2BfR6ampJZ8CUb34PQeuHoKtDgDWo6XQh90bRy3fWyk98p1zhuZsSmEqZDlNeTr3pY%2BJM8dXfHyHz9D8v3zp7%2B%2B9f7fv7wAbitktsIt9R1BV98ZXzcl2b5uSkceLGe56qsNOrvwjZzmsvbpW3K9NFZcuehG917nMzAL79%2BULr9KU6HSriOfXVBCSHvJWC7JN1fcqmQrhVu7UNi0yK6uvHHpSj%2Bz0jll0gmoevTeQ3A1JU989cnR333p8CyUncAWFfrFPpkblNkDzzbhsv3z%2F9acIbD6pIdlHsqiGtuQnRS1ItDyJKesgpMnEjC5%2F%2FDPY7bl7qBrPdD8NtJ%2BhYGtMNAVqB7BFf8b55ndf%2B3H6MjAtDdm2nrbTFv90bG0Th3UZTPxE%2BmHkiUdlixRX3SSuMNoJ5BLrEkD5G4qe%2Bd%2F%2BwcAAP%2F%2FAQAA%2F%2F%2BHgqxskwQAAA%3D%3D
IP
173.233.139.164:0
ASN
#7979 SERVERS-COM

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1SST2hc1RfH7%2Btvfqsi%2FsGNQmFAQQUzef9mMtMurLW2FGsT20q23n9vcjt33n3c%2B968SRYSLEiX486Fi5fvJA3VInbhSqUycSMBoeNCgxhw50oEoeBOJhkJnsU9fz5ncc733A%2B3ikMSoKAHK2%2BbDaU1XWw2%2FPrLqyoVpnT1azfrgd%2Fwz9VXVdqKz9WHs8cOzgZ%2Bs%2BG%2FUr8sec8shn7g%2B4Ef1C8pKxMzXDyiUNn9TtDo%2BI04bATNGEP739wVHhz1IAaH5BkoMf3%2F2vcPoPgEaf%2BLi9L1cpO9%2Bma%2F0DQ3FgOx%2B27aS02Zon8SJtZDku7Ou2HclJCPT8Gku%2FMNYAbbsw3A1JR4PwVg6e58TLDBzvGkTEOmYOI0ysEEUk%2Bg6ATc3IYSjwjABa4tI%2B3fvWZsSdePKZ3RKak9%2FguqnJLar88i7X9%2BQath%2FYbRRa5M6jBMKqjhBKo7QVbsId%2FwoMo98PwDKPEDWXx8FWl%2Fe9lpAyUOXuRBO4qCmC0EbcEW4igIFlg76CzwJPbbUYvHvE2PJFJqApVMoOUI1J1C4TwUykOReCgyD31xUKfNTuL7SwlLoqgdc86jiPNmuyWaIorbiY%2BCz3YYIc9G4HoEbjeR2U301Ai2%2BBZurYITNbh8Srx3NjEQFUpJUDqCkhKUiqDMCcpBtSO0C111V2hXsGDuw7mPqrHJu1t0x%2BRdmRJQO9rKDsnTMwG9J1WKnjyoh%2B12M4o6IV1q0SBmQRy2Op2AtYRMwjCOGJyqoNwpUOdhQ03Jmd%2BfR6ampJZ8CUb34PQeuHoKtDgDWo6XQh90bRy3fWyk98p1zhuZsSmEqZDlNeTr3pY%2BJM8dXfHyHz9D8v3zp7%2B%2B9f7fv7wAbitktsIt9R1BV98ZXzcl2b5uSkceLGe56qsNOrvwjZzmsvbpW3K9NFZcuehG917nMzAL79%2BULr9KU6HSriOfXVBCSHvJWC7JN1fcqmQrhVu7UNi0yK6uvHHpSj%2Bz0jll0gmoevTeQ3A1JU989cnR333p8CyUncAWFfrFPpkblNkDzzbhsv3z%2F9acIbD6pIdlHsqiGtuQnRS1ItDyJKesgpMnEjC5%2F%2FDPY7bl7qBrPdD8NtJ%2BhYGtMNAVqB7BFf8b55ndf%2B3H6MjAtDdm2nrbTFv90bG0Th3UZTPxE%2BmHkiUdlixRX3SSuMNoJ5BLrEkD5G4qe%2Bd%2F%2BwcAAP%2F%2FAQAA%2F%2F%2BHgqxskwQAAA%3D%3D HTTP/1.1
Host: accommodationcarpetavid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Cookie: u_pl=17787246; uid_id2=c183314b-18db-4311-b819-cf40836c4c8a:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 14:36:17 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b9a1ce51c24d7e896890c330ce975e98
Strict-Transport-Security: max-age=0; includeSubdomains

crawledlikely.com/watch.1553139178981.js?key=c515a1f4fc3a36b04275034bdcef5c99&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%2C%22porn%22%2C%22pictures%22%2C%22and%22%2C%22xxx%22%2C%22galleries%22%5D&refer=http%3A%2F%2Ftop1pornmovies.sexjanet.com%2F&tz=0&dev=e&res=14.3093&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1&shu=be99eb2139b9a9c0278e46f2b9b07d80089db5900ac900b37ce07b0d124561f2f4f0ff5573b44d3bf1b4cb79a5a281d653d56d48e3c5139dcd22d20d9311509c58e5028a055f20adc748dc5bb9ea949e67f98258b60f77942f3ce408e017&pst=1701527837&rmtc=t

192.243.61.227

2.0 kB

URL
crawledlikely.com/watch.1553139178981.js?key=c515a1f4fc3a36b04275034bdcef5c99&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%2C%22porn%22%2C%22pictures%22%2C%22and%22%2C%22xxx%22%2C%22galleries%22%5D&refer=http%3A%2F%2Ftop1pornmovies.sexjanet.com%2F&tz=0&dev=e&res=14.3093&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1&shu=be99eb2139b9a9c0278e46f2b9b07d80089db5900ac900b37ce07b0d124561f2f4f0ff5573b44d3bf1b4cb79a5a281d653d56d48e3c5139dcd22d20d9311509c58e5028a055f20adc748dc5bb9ea949e67f98258b60f77942f3ce408e017&pst=1701527837&rmtc=t
IP
192.243.61.227:0
ASN
#39572 DataWeb Global Group B.V.

File type
HTML document, ASCII text, with very long lines (2538)
Size
2.0 kB (2049 bytes)
Hash
3c2e0df44bbc79248331f756e36e798d
851b9df78df59ec862daae3ba72e7ced69a2d8a0
a3d7d43cb710b8dc306c303324d08eaaa9e946809f192625f93847fa0f5d3662

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1553139178981.js?key=c515a1f4fc3a36b04275034bdcef5c99&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%2C%22porn%22%2C%22pictures%22%2C%22and%22%2C%22xxx%22%2C%22galleries%22%5D&refer=http%3A%2F%2Ftop1pornmovies.sexjanet.com%2F&tz=0&dev=e&res=14.3093&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1&shu=be99eb2139b9a9c0278e46f2b9b07d80089db5900ac900b37ce07b0d124561f2f4f0ff5573b44d3bf1b4cb79a5a281d653d56d48e3c5139dcd22d20d9311509c58e5028a055f20adc748dc5bb9ea949e67f98258b60f77942f3ce408e017&pst=1701527837&rmtc=t HTTP/1.1
Host: crawledlikely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://top1pornmovies.sexjanet.com
Referer: http://top1pornmovies.sexjanet.com/
DNT: 1
Connection: keep-alive
Cookie: u_pl=17763945; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzc2Mzk0NSwiayI6ImM1MTVhMWY0ZmMzYTM2YjA0Mjc1MDM0YmRjZWY1Yzk5Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxOTU5OTYyLCJwaWQiOjI4ODQzNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjo1LCJwdCI6NCwicGsiOiJ3YWN0dWZ6ZGFkIiwiY3BrcyI6eyIyOSI6IjI4ODUzMzkyYTc2YTE0YjE0MjY5OTFiNmRlZjIyNDNiIn0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwOi8vdG9wMXBvcm5tb3ZpZXMuc2V4amFuZXQuY29tLyIsImFyIjpbXX19.Du9Io3LnbF9sicBMzPzyvlfEIneCKTcxC8ZoFUOazUc
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 14:36:17 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://top1pornmovies.sexjanet.com
Access-Control-Allow-Origin: http://top1pornmovies.sexjanet.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=c183314b-18db-4311-b819-cf40836c4c8a:2:1; expires=Sat, 09 Dec 2023 14:36:17 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 03 Dec 2023 14:36:17 GMT; secure; SameSite=None
uncs=1; expires=Sun, 03 Dec 2023 14:36:17 GMT; secure; SameSite=None
pdhtkv5=true; expires=Sun, 03 Dec 2023 14:36:17 GMT; secure; SameSite=None
uncs5=1; expires=Sun, 03 Dec 2023 14:36:17 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 5576ab5c3048097ab11338429d32c8c4
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

go.xlivrdr.com/smartpop/0344371630277140d4e6e843762bdf964d4ae7bf351771961595fbde6c2ada11?userId=d100f7df1b38527c59f2a01ce658dbfb8b696949c12c1469164f408167d4a1ca&sourceId=477848&memberId=F7dSn9yoBDtw0ZqlHnT-q4Lg0wAMBU4elDCgMQG1y4rLPH67YnuCQ784slOaXxoWQFZJWYhvYY3Gl2EK5jIEyvFsoWG5ZJvmF4DnePFDp-8YBrZ4_gUIDRUi&p1=4359545

104.18.51.106

0 B

URL
go.xlivrdr.com/smartpop/0344371630277140d4e6e843762bdf964d4ae7bf351771961595fbde6c2ada11?userId=d100f7df1b38527c59f2a01ce658dbfb8b696949c12c1469164f408167d4a1ca&sourceId=477848&memberId=F7dSn9yoBDtw0ZqlHnT-q4Lg0wAMBU4elDCgMQG1y4rLPH67YnuCQ784slOaXxoWQFZJWYhvYY3Gl2EK5jIEyvFsoWG5ZJvmF4DnePFDp-8YBrZ4_gUIDRUi&p1=4359545
IP
104.18.51.106:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /smartpop/0344371630277140d4e6e843762bdf964d4ae7bf351771961595fbde6c2ada11?userId=d100f7df1b38527c59f2a01ce658dbfb8b696949c12c1469164f408167d4a1ca&sourceId=477848&memberId=F7dSn9yoBDtw0ZqlHnT-q4Lg0wAMBU4elDCgMQG1y4rLPH67YnuCQ784slOaXxoWQFZJWYhvYY3Gl2EK5jIEyvFsoWG5ZJvmF4DnePFDp-8YBrZ4_gUIDRUi&p1=4359545 HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://tsyndicate.com/
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Date: Sat, 02 Dec 2023 14:36:17 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 02 Dec 2023 15:36:17 GMT
Location: https://go.xlivrdr.com/smartpop/0344371630277140d4e6e843762bdf964d4ae7bf351771961595fbde6c2ada11?userId=d100f7df1b38527c59f2a01ce658dbfb8b696949c12c1469164f408167d4a1ca&sourceId=477848&memberId=F7dSn9yoBDtw0ZqlHnT-q4Lg0wAMBU4elDCgMQG1y4rLPH67YnuCQ784slOaXxoWQFZJWYhvYY3Gl2EK5jIEyvFsoWG5ZJvmF4DnePFDp-8YBrZ4_gUIDRUi&p1=4359545
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 82f44d220ac256c4-OSL
alt-svc: h3=":443"; ma=86400

friendshipmale.com/sfp.js

104.21.234.32

28 kB

URL
friendshipmale.com/sfp.js
IP
104.21.234.32:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Size
28 kB (27568 bytes)
Hash
924e967bca1d599992556a8d139b1c5a
222b09dbf164ddc03d39100fd0524a22018d28b2
ac84c2f8288b59f8e04ba77287ce696052bfeee0d462a566d94dc305df646c95

HTTP Headers

GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 02 Dec 2023 14:36:17 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: max-age=14400
X-Request-ID: 402f5379b381079c9ee537d3454d8998
Strict-Transport-Security: max-age=0; includeSubdomains
CF-Cache-Status: EXPIRED
Last-Modified: Sat, 02 Dec 2023 14:36:17 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lEYWwyP00%2Fe427tiNXUF7PskgiRLSWAIC3B2%2BmJGm1%2BsDhAY3Fd3lH%2Bw%2FvNjAuCo60NOtKmnSAbA0m%2BnAE0%2BR63Ve%2FHefKPcTpvvi6ZGHMya%2FPV7wYRmY4cHmzj5X9DjpOT9XqY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 82f44d217a47b51b-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

bngpt.com/promo.php?c=688955&subid=2|159343|14904110|no|112022|40568594|7648657|1|0|46|50304|,,,,,|4|0|0|3,4,6|0|0|en|1|91.90.42.154|0|0|0|0|3143242&subid2=14904110&type=banner&size=300x250&name=st_true;st_dali;st_random_all;on_off;st_x2;double2;how_long;st-double-penetration

94.199.255.192

0 B

URL
bngpt.com/promo.php?c=688955&subid=2|159343|14904110|no|112022|40568594|7648657|1|0|46|50304|,,,,,|4|0|0|3,4,6|0|0|en|1|91.90.42.154|0|0|0|0|3143242&subid2=14904110&type=banner&size=300x250&name=st_true;st_dali;st_random_all;on_off;st_x2;double2;how_long;st-double-penetration
IP
94.199.255.192:0
ASN
#48684 Viking Host B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /promo.php?c=688955&subid=2|159343|14904110|no|112022|40568594|7648657|1|0|46|50304|,,,,,|4|0|0|3,4,6|0|0|en|1|91.90.42.154|0|0|0|0|3143242&subid2=14904110&type=banner&size=300x250&name=st_true;st_dali;st_random_all;on_off;st_x2;double2;how_long;st-double-penetration HTTP/1.1
Host: bngpt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://go.eabids.com/
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
content-length: 0
location: https://bngpt.com/promo.php?c=688955&subid=2|159343|14904110|no|112022|40568594|7648657|1|0|46|50304|,,,,,|4|0|0|3,4,6|0|0|en|1|91.90.42.154|0|0|0|0|3143242&subid2=14904110&type=banner&size=300x250&name=st_true;st_dali;st_random_all;on_off;st_x2;double2;how_long;st-double-penetration

poweredby.jads.co/adshow.php?adzone=941000

185.94.236.246

1.8 kB

URL
poweredby.jads.co/adshow.php?adzone=941000
IP
185.94.236.246:0
ASN
#42567 Mojohost B.v.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1600), with CRLF, LF line terminators
Size
1.8 kB (1841 bytes)
Hash
328dc628b0e9e9c7151bc47c56e2ea1b
19b20c326df699199548b96fcb414413eb14d342
601fbd2313a8f4e5ae5dabe8782993c3485e6c91038c283e89e7b8cea2bcb2e4

HTTP Headers

GET /adshow.php?adzone=941000 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=ff7b2aec969fb54c11adab4580190e2a; expires=Sun, 01-Dec-2024 14:36:17 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps42=1; expires=Sun, 03-Dec-2023 14:36:17 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YToxOntpOjE2ODM0MjI7aToxNzAxNzg2OTc3O30%3D; expires=Tue, 05-Dec-2023 14:36:17 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Tue, 05-Dec-2023 14:36:17 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip

poweredby.jads.co/adshow.php?adzone=941000

185.94.236.246

1.7 kB

URL
poweredby.jads.co/adshow.php?adzone=941000
IP
185.94.236.246:0
ASN
#42567 Mojohost B.v.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (422), with CRLF, LF line terminators
Size
1.7 kB (1667 bytes)
Hash
7480462e40c79892231a26678ef15d6d
ac67af9325b41b031c66c6be7b70ddc604618fd0
daf8ff2acd70a177d0b54298488a75b69ff15b0c85be9a7c26dc32c477ba965c

HTTP Headers

GET /adshow.php?adzone=941000 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=ff7b2aec969fb54c11adab4580190e2a; expires=Sun, 01-Dec-2024 14:36:17 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps42=1; expires=Sun, 03-Dec-2023 14:36:17 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YToxOntpOjE2ODM0MjI7aToxNzAxNzg2OTc3O30%3D; expires=Tue, 05-Dec-2023 14:36:17 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Tue, 05-Dec-2023 14:36:17 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip

bngpt.com/promo.php?c=688955&subid=2|159343|449252|no|112022|40568594|5675445|1|0|46|50304|,,,,,|4|0|0|21,4,25|0|0|en|1|91.90.42.154|0|0|0|0|3143242&subid2=449252&type=banner&size=300x250&name=st_true;st_dali;st_random_all;on_off;st_x2;double2;how_long;st-double-penetration

94.199.255.192

0 B

URL
bngpt.com/promo.php?c=688955&subid=2|159343|449252|no|112022|40568594|5675445|1|0|46|50304|,,,,,|4|0|0|21,4,25|0|0|en|1|91.90.42.154|0|0|0|0|3143242&subid2=449252&type=banner&size=300x250&name=st_true;st_dali;st_random_all;on_off;st_x2;double2;how_long;st-double-penetration
IP
94.199.255.192:0
ASN
#48684 Viking Host B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /promo.php?c=688955&subid=2|159343|449252|no|112022|40568594|5675445|1|0|46|50304|,,,,,|4|0|0|21,4,25|0|0|en|1|91.90.42.154|0|0|0|0|3143242&subid2=449252&type=banner&size=300x250&name=st_true;st_dali;st_random_all;on_off;st_x2;double2;how_long;st-double-penetration HTTP/1.1
Host: bngpt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://go.eabids.com/
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
content-length: 0
location: https://bngpt.com/promo.php?c=688955&subid=2|159343|449252|no|112022|40568594|5675445|1|0|46|50304|,,,,,|4|0|0|21,4,25|0|0|en|1|91.90.42.154|0|0|0|0|3143242&subid2=449252&type=banner&size=300x250&name=st_true;st_dali;st_random_all;on_off;st_x2;double2;how_long;st-double-penetration

static.eabids.com/data/bannerpools/112022/33917.jpg

217.22.19.195

73 kB

URL
static.eabids.com/data/bannerpools/112022/33917.jpg
IP
217.22.19.195:0
ASN
#42567 Mojohost B.v.

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 300x250, components 3\012- data
Size
73 kB (72951 bytes)
Hash
7878e459e3a341049fb57b8637109839
7daa564cfe7d1b477ab10b7f000c9f895c39c93e
bcb79d540ab4c28441231cb3361d5abe00192dc661eba30ad9d9cd482ac08fc8

HTTP Headers

GET /data/bannerpools/112022/33917.jpg HTTP/1.1
Host: static.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://go.eabids.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:17 GMT
Content-Type: image/jpeg
Content-Length: 72951
Last-Modified: Thu, 28 Apr 2022 13:46:07 GMT
Connection: keep-alive
ETag: "626a9a9f-11cf7"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Backend-Server: nl2-static-221
Accept-Ranges: bytes

biptolyla.com/auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R

188.72.219.36

162 B

URL
biptolyla.com/auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R
IP
188.72.219.36:0
ASN
#35415 Webzilla B.V.

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
162 B (162 bytes)
Hash
4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

HTTP Headers

GET /auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R HTTP/1.1
Host: biptolyla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 02 Dec 2023 14:36:17 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://biptolyla.com/auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Content-Type-Options: nosniff

skiofficerdemote.com/sbar.json?key=28853392a76a14b1426991b6def2243b&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1

173.233.139.164

4.2 kB

URL
skiofficerdemote.com/sbar.json?key=28853392a76a14b1426991b6def2243b&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1
IP
173.233.139.164:0
ASN
#7979 SERVERS-COM

File type
JSON data\012- , ASCII text, with very long lines (6193), with no line terminators
Size
4.2 kB (4202 bytes)
Hash
47dfa0bd1313d1ba6cef92a64c1d64ba
e26d8702a000f0b276ee0fe22bcf8cceda925d95
a243e0bc7723c9a7bf1f4c2d398e8b7cadfb2ec32a1aafa605bc46f8bb928beb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sbar.json?key=28853392a76a14b1426991b6def2243b&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1 HTTP/1.1
Host: skiofficerdemote.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://top1pornmovies.sexjanet.com
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Cookie: u_pl=17787248; uid_id2=c183314b-18db-4311-b819-cf40836c4c8a:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 14:36:17 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://top1pornmovies.sexjanet.com
Access-Control-Allow-Origin: http://top1pornmovies.sexjanet.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17787248,17787246; expires=Sun, 03 Dec 2023 14:36:17 GMT; secure; SameSite=None
uid_id2=c183314b-18db-4311-b819-cf40836c4c8a:2:1; expires=Sat, 09 Dec 2023 14:36:17 GMT; secure; SameSite=None
uncs=2; expires=Sun, 03 Dec 2023 14:36:17 GMT; secure; SameSite=None
uncs29=2; expires=Sun, 03 Dec 2023 14:36:17 GMT; secure; SameSite=None
slec28853392a76a14b1426991b6def2243b=[4714200]; expires=Sat, 02 Dec 2023 14:36:22 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f3ba9f7edf313a84e4054adbcb735608
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

cdn.cloudimagesb.com/bi/4b/5d/01/4b5d0146104fa7390587fd9918896340/1612443381.jpg

45.133.44.9

72 kB

URL
cdn.cloudimagesb.com/bi/4b/5d/01/4b5d0146104fa7390587fd9918896340/1612443381.jpg
IP
45.133.44.9:0
ASN
#39572 DataWeb Global Group B.V.

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 21.1 (Macintosh), datetime=2021:01:29 19:09:03 DIY-Thermocam raw data\012- (Lepton 2.x), scale 9040-30828, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration: offset 699743131325982629626180169367552.000000, slope 75634503011564814891309072384.000000], progressive, precision 8, 300x250, components 3\012- data
Size
72 kB (71702 bytes)
Hash
14107f4f7b232737929e42903724ed4d
431fd956d274ec97bce49efe36a846839f41e4ac
bda8b7040dc1a34e843b45baf1e1044a70bf4b55e0280bb768a353d3e26a5474

HTTP Headers

GET /bi/4b/5d/01/4b5d0146104fa7390587fd9918896340/1612443381.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:17 GMT
content-type: image/jpeg
content-length: 71702
server: nginx/1.21.6
last-modified: Thu, 04 Feb 2021 12:56:29 GMT
etag: "601beefd-11816"
expires: Mon, 04 Dec 2023 14:36:17 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

104.18.51.106

0 B

URL
go.xlivrdr.com/smartpop/0344371630277140d4e6e843762bdf964d4ae7bf351771961595fbde6c2ada11?userId=d100f7df1b38527c59f2a01ce658dbfb8b696949c12c1469164f408167d4a1ca&sourceId=477848&memberId=F7dSn9yoBDtw0ZqlHnT-q4Lg0wAMBU4elDCgMQG1y4rLPH67YnuCQ784slOaXxoWQFZJWYhvYY3Gl2EK5jIEyvFsoWG5ZJvmF4DnePFDp-8YBrZ4_gUIDRUi&p1=4359545
IP
104.18.51.106:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /smartpop/0344371630277140d4e6e843762bdf964d4ae7bf351771961595fbde6c2ada11?userId=d100f7df1b38527c59f2a01ce658dbfb8b696949c12c1469164f408167d4a1ca&sourceId=477848&memberId=F7dSn9yoBDtw0ZqlHnT-q4Lg0wAMBU4elDCgMQG1y4rLPH67YnuCQ784slOaXxoWQFZJWYhvYY3Gl2EK5jIEyvFsoWG5ZJvmF4DnePFDp-8YBrZ4_gUIDRUi&p1=4359545 HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://tsyndicate.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 302 Found
date: Sat, 02 Dec 2023 14:36:17 GMT
content-length: 0
location: https://creative.mnaspm.com/widgets/v4/Universal?action=sbSignupWithModel&campaignId=0344371630277140d4e6e843762bdf964d4ae7bf351771961595fbde6c2ada11&campaignType=smartpop&creativeId=d61a8beea3946d486612a3452b3d53ba84299ee51efd9260534d85230347af08&iterationId=765917&masterSmartpopId=1914&memberId=F7dSn9yoBDtw0ZqlHnT-q4Lg0wAMBU4elDCgMQG1y4rLPH67YnuCQ784slOaXxoWQFZJWYhvYY3Gl2EK5jIEyvFsoWG5ZJvmF4DnePFDp-8YBrZ4_gUIDRUi&mlView=1&p1=4359545&quality=240p&ruleId=17&smartpopId=1793&sourceId=477848&usePreroll=0&userId=d100f7df1b38527c59f2a01ce658dbfb8b696949c12c1469164f408167d4a1ca&variationId=32246&webp=1
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64
cf-cache-status: DYNAMIC
set-cookie: _var=887637.32246_OWQzYzU1NjU=; Path=/; Expires=Mon, 01 Jan 2024 14:36:17 GMT; HttpOnly; SameSite=Strict
__cflb=0H28upDCGznfDm9XVDQgYY38nUsBbmdeqmEpMB5HfhW; SameSite=None; Secure; path=/; expires=Sun, 03-Dec-23 14:36:17 GMT; HttpOnly
server: cloudflare
cf-ray: 82f44d23da0e5684-OSL
alt-svc: h3=":443"; ma=86400

wheelstweakautopsy.com/watch.642354604750.js?key=11115435c35e6b966b90a5f936e0edcc&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%2C%22porn%22%2C%22pictures%22%2C%22and%22%2C%22xxx%22%2C%22galleries%22%5D&refer=http%3A%2F%2Ftop1pornmovies.sexjanet.com%2F&tz=0&dev=e&res=14.3093&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1&shu=b34408c26cbb2fba08800245938d60487a45595807f796aee8edd42676f51fd43d12fce123cab91b4b86644d9410a10af02503ce84faa1c2fcca1676cd7a68b140aa27a4dc71026e1ad733914fba0465a988c1604fc2ba9760876e67dba1cc2bcc8182&pst=1701527837&rmtc=t

173.233.137.36

2.1 kB

URL
wheelstweakautopsy.com/watch.642354604750.js?key=11115435c35e6b966b90a5f936e0edcc&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%2C%22porn%22%2C%22pictures%22%2C%22and%22%2C%22xxx%22%2C%22galleries%22%5D&refer=http%3A%2F%2Ftop1pornmovies.sexjanet.com%2F&tz=0&dev=e&res=14.3093&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1&shu=b34408c26cbb2fba08800245938d60487a45595807f796aee8edd42676f51fd43d12fce123cab91b4b86644d9410a10af02503ce84faa1c2fcca1676cd7a68b140aa27a4dc71026e1ad733914fba0465a988c1604fc2ba9760876e67dba1cc2bcc8182&pst=1701527837&rmtc=t
IP
173.233.137.36:0
ASN
#7979 SERVERS-COM

File type
HTML document, ASCII text, with very long lines (2584)
Size
2.1 kB (2090 bytes)
Hash
74828091e9972fc555919af5cd05dd2d
d18ec3cc3f32cc04a8ecd1f72c45c00d952e2c48
aa0c03c644e5c2568937cb5ca1dd1bb0ac6f0002e08cb7c2b53d923e8a831982

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.642354604750.js?key=11115435c35e6b966b90a5f936e0edcc&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%2C%22porn%22%2C%22pictures%22%2C%22and%22%2C%22xxx%22%2C%22galleries%22%5D&refer=http%3A%2F%2Ftop1pornmovies.sexjanet.com%2F&tz=0&dev=e&res=14.3093&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1&shu=b34408c26cbb2fba08800245938d60487a45595807f796aee8edd42676f51fd43d12fce123cab91b4b86644d9410a10af02503ce84faa1c2fcca1676cd7a68b140aa27a4dc71026e1ad733914fba0465a988c1604fc2ba9760876e67dba1cc2bcc8182&pst=1701527837&rmtc=t HTTP/1.1
Host: wheelstweakautopsy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://top1pornmovies.sexjanet.com
Referer: http://top1pornmovies.sexjanet.com/
DNT: 1
Connection: keep-alive
Cookie: u_pl=17763957; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzc2Mzk1NywiayI6IjExMTE1NDM1YzM1ZTZiOTY2YjkwYTVmOTM2ZTBlZGNjIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxOTU5OTYxLCJwaWQiOjI4ODQzNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjo1LCJwdCI6NCwicGsiOiJkNXdyanVydCIsImNwa3MiOnsiMjkiOiI4ZjlmYzY3ZTNiNWIzNjhmMWM3MmM5YmVkNDNhMGY0MSJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cDovL3RvcDFwb3JubW92aWVzLnNleGphbmV0LmNvbS8iLCJhciI6W119fQ.9LfKaLaGzJMdyf2clAdjqu4Ue4HGL_OZVtnjKJKJg6I
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 14:36:17 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://top1pornmovies.sexjanet.com
Access-Control-Allow-Origin: http://top1pornmovies.sexjanet.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=c183314b-18db-4311-b819-cf40836c4c8a:2:1; expires=Sat, 09 Dec 2023 14:36:17 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 03 Dec 2023 14:36:17 GMT; secure; SameSite=None
uncs=1; expires=Sun, 03 Dec 2023 14:36:17 GMT; secure; SameSite=None
pdhtkv5=true; expires=Sun, 03 Dec 2023 14:36:17 GMT; secure; SameSite=None
uncs5=1; expires=Sun, 03 Dec 2023 14:36:17 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2ae872de6549c6040b90bab6d91652e8
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

comedianthirteenth.com/c515a1f4fc3a36b04275034bdcef5c99/invoke.js

192.243.61.225

11 kB

URL
comedianthirteenth.com/c515a1f4fc3a36b04275034bdcef5c99/invoke.js
IP
192.243.61.225:0
ASN
#39572 DataWeb Global Group B.V.

File type
exported SGML document, ASCII text, with very long lines (29626), with no line terminators
Size
11 kB (10938 bytes)
Hash
3ba6b78a1579f2862a724b9273d9a262
46245c08a714dc4b6112598567c054ac7ee5f807
2d5311307d2a130d026b9188fe1df0de33e59aef7a993c24f9a30105e1b2238f

HTTP Headers

GET /c515a1f4fc3a36b04275034bdcef5c99/invoke.js HTTP/1.1
Host: comedianthirteenth.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 14:36:17 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: close
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ff3002284a3a8bb50adcc176e7b6379a
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

cdn.cloudimagesb.com/bi/da/60/56/da6056ad53a271a52852ca80442c262c/1644668521.jpg

45.133.44.9

88 kB

URL
cdn.cloudimagesb.com/bi/da/60/56/da6056ad53a271a52852ca80442c262c/1644668521.jpg
IP
45.133.44.9:0
ASN
#39572 DataWeb Global Group B.V.

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CC 2019 (Windows), datetime=2022:02:11 13:45:36], baseline, precision 8, 300x250, components 3 DIY-Thermocam raw data\012- (Lepton 2.x), scale 28533-25152, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration: offset 3941601085084650795278811529216.000000, slope 70601787325807459463814184960.000000\012- data
Size
88 kB (88214 bytes)
Hash
0291e607582e9666ca6763203a801a71
40fe34d6200f68f5f491586dfa55138352447c85
cf8ee2492f7c2f02a20256367289d25d652ddcc063ad79ef7862fb250ee57f48

HTTP Headers

GET /bi/da/60/56/da6056ad53a271a52852ca80442c262c/1644668521.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:17 GMT
content-type: image/jpeg
content-length: 88214
server: nginx/1.21.6
last-modified: Sat, 12 Feb 2022 12:22:09 GMT
etag: "6207a671-15896"
expires: Mon, 04 Dec 2023 14:36:17 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

i.jads.co/1x1.gif

205.185.216.42

28 kB

URL
i.jads.co/1x1.gif
IP
205.185.216.42:0
ASN
#20446 STACKPATH-CDN

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 250x250, components 3\012- data
Size
28 kB (27460 bytes)
Hash
2acfb73fd2df022a7dad5595adef5bda
939b803ea641bd427b7599f92a816262e7a5bf48
3d4610a2ab69d08e54685d0d3cfcf03ec663bacff8cc89a1e0a2904a7769e641

HTTP Headers

GET /1x1.gif HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://poweredby.jads.co/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 02 Dec 2023 14:36:17 GMT
Connection: Keep-Alive
ETag: "1478208967"
Cache-Control: max-age=18749919
Content-Length: 27460
Content-Type: image/jpeg
Last-Modified: Thu, 03 Nov 2016 21:36:07 GMT
Accept-Ranges: bytes
X-HW: 1701527776.dop225.sk1.t,1701527777.cds213.sk1.c

i.jads.co/network/user1037/42-1688927188-0262966001688927188.gif

205.185.216.42

129 kB

URL
i.jads.co/network/user1037/42-1688927188-0262966001688927188.gif
IP
205.185.216.42:0
ASN
#20446 STACKPATH-CDN

File type
GIF image data, version 89a, 250 x 250\012- data
Size
129 kB (129148 bytes)
Hash
c74036976f355462580c618bde1972ce
5cf7350afd17a4646583a01bda48cc7db9f3ab11
468e3b79344f5192fd5244e1122d92aa9ba318cd666a4a23f56cafff7137bdbe

HTTP Headers

GET /network/user1037/42-1688927188-0262966001688927188.gif HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://poweredby.jads.co/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 02 Dec 2023 14:36:17 GMT
Connection: Keep-Alive
ETag: "1688927188"
Cache-Control: max-age=18962626
Content-Length: 129148
Content-Type: image/gif
Last-Modified: Sun, 09 Jul 2023 18:26:28 GMT
Accept-Ranges: bytes
X-HW: 1701527777.dop223.sk1.t,1701527777.cds250.sk1.c

valuermainly.com/ren.gif?sid=H4sIAAAAAAAC%2F1SSzYscxRvHq%2FPb3ymIL4jgQRhQUMGdrZ7pyfYkB2OMCcGYxCSSq%2FXWs5Wp7mqquqcne9BgQHIcbx489HxnN4saxRw8qURmvciCkPGgi7jgPyCKEPAmszuy%2BBzqefk8h%2Bf5PvX%2BuNwjIUq2e%2BkNu66NYSudJm28cE1n0la%2BceFqI6RNeqJxTWfHohON4fxxg%2BMh7TTpi42zSvTtSouGlIY0bJzRTiV2uLJPofO73bDZpc2o1Qw7EYbuv7kvA3gWQA72yBPQcvb%2Fte%2FvQYspsvSL08r3C5u%2F9FpaGlZYh4HceivrZ7bKkB6GiQuQZFuLblg%2FI%2BTDI7DZ1mID2MHGfANwPSPBTyF4trUYE3yweTApN1AZuDyKajCFMlNoNoWwt6DlAwIIiQsXkaV3LlhXsRsHlM3pjCw9%2FAu6mpGlX59Eln5%2Byuhh44o1ZaFt5jFMaujhFLo3RV5uo1gPoKttiOI9aPkDWXl4Hlm6cdEbCy13nxNh3G6HEV8OY8mXo3YYLvM47C6LJKJx%2B5iIRMz2JdJ6Cp1MYdQIzB9B6QOUOkCZBCjzAKncbbBON6F0NeFJux1HQoh2W4hOfEx2ZDuKE4pSzHcYochHEGYE4W4idzfR1yO48lv4tRpeLsEXMxK8%2BS4GskalCCpPUDGCShNUBUE1qDel8S1f35HGlzxc%2BNbCt%2BuJLXpjtmmLnsoImBuN8z3y%2BFzA4FGdo692GzJudaMwjmPBYso7irYiEUnKVgXjNIoovK6h%2FREwH2Bdz8hTf46R6xlZSr4EZ9vwZhtCPwZWPgNWTVZbFGxtEsUU69lnXPq0x4zxzUwVkLZGXiyhuBGMzR55ev%2BSZ3%2F%2FGUrsnDz69fV3%2Fv7lWQhXI3c1ruvvCHrm9uSyrcjGZVt5cu9iXuhUr7P5la8UrFBLn7yublTWyXOn%2FejjV8QczMO7V5UvzrNM6qznyaentJTKnbFOKPLNOX9N8UulXztVuqzMz1969cy5NHfKe22zKZh%2B8PZ9CD0jj3z10f7%2FfX7vOLSbwpU10nKHLAzabkPkN%2BHznZP%2F1rwlcOawh%2BcBqrKeuBY%2FLBpNYNRhzngNrw4l4Grn%2Fh8HbOxvo%2BcCsOIWsrTGwNUYmBrMjODL%2F02K3O28%2FGN738BNMOHGBRvcOPPBgbRe7zZUJ6GJoi3Fky5PVhmV3STqctYN1SrvsBCFn6n%2Byd%2F%2BAQAA%2F%2F8BAAD%2F%2F64N4aiXBAAA

192.243.61.225

7 B

URL
valuermainly.com/ren.gif?sid=H4sIAAAAAAAC%2F1SSzYscxRvHq%2FPb3ymIL4jgQRhQUMGdrZ7pyfYkB2OMCcGYxCSSq%2FXWs5Wp7mqquqcne9BgQHIcbx489HxnN4saxRw8qURmvciCkPGgi7jgPyCKEPAmszuy%2BBzqefk8h%2Bf5PvX%2BuNwjIUq2e%2BkNu66NYSudJm28cE1n0la%2BceFqI6RNeqJxTWfHohON4fxxg%2BMh7TTpi42zSvTtSouGlIY0bJzRTiV2uLJPofO73bDZpc2o1Qw7EYbuv7kvA3gWQA72yBPQcvb%2Fte%2FvQYspsvSL08r3C5u%2F9FpaGlZYh4HceivrZ7bKkB6GiQuQZFuLblg%2FI%2BTDI7DZ1mID2MHGfANwPSPBTyF4trUYE3yweTApN1AZuDyKajCFMlNoNoWwt6DlAwIIiQsXkaV3LlhXsRsHlM3pjCw9%2FAu6mpGlX59Eln5%2Byuhh44o1ZaFt5jFMaujhFLo3RV5uo1gPoKttiOI9aPkDWXl4Hlm6cdEbCy13nxNh3G6HEV8OY8mXo3YYLvM47C6LJKJx%2B5iIRMz2JdJ6Cp1MYdQIzB9B6QOUOkCZBCjzAKncbbBON6F0NeFJux1HQoh2W4hOfEx2ZDuKE4pSzHcYochHEGYE4W4idzfR1yO48lv4tRpeLsEXMxK8%2BS4GskalCCpPUDGCShNUBUE1qDel8S1f35HGlzxc%2BNbCt%2BuJLXpjtmmLnsoImBuN8z3y%2BFzA4FGdo692GzJudaMwjmPBYso7irYiEUnKVgXjNIoovK6h%2FREwH2Bdz8hTf46R6xlZSr4EZ9vwZhtCPwZWPgNWTVZbFGxtEsUU69lnXPq0x4zxzUwVkLZGXiyhuBGMzR55ev%2BSZ3%2F%2FGUrsnDz69fV3%2Fv7lWQhXI3c1ruvvCHrm9uSyrcjGZVt5cu9iXuhUr7P5la8UrFBLn7yublTWyXOn%2FejjV8QczMO7V5UvzrNM6qznyaentJTKnbFOKPLNOX9N8UulXztVuqzMz1969cy5NHfKe22zKZh%2B8PZ9CD0jj3z10f7%2FfX7vOLSbwpU10nKHLAzabkPkN%2BHznZP%2F1rwlcOawh%2BcBqrKeuBY%2FLBpNYNRhzngNrw4l4Grn%2Fh8HbOxvo%2BcCsOIWsrTGwNUYmBrMjODL%2F02K3O28%2FGN738BNMOHGBRvcOPPBgbRe7zZUJ6GJoi3Fky5PVhmV3STqctYN1SrvsBCFn6n%2Byd%2F%2BAQAA%2F%2F8BAAD%2F%2F64N4aiXBAAA
IP
192.243.61.225:0
ASN
#39572 DataWeb Global Group B.V.

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1SSzYscxRvHq%2FPb3ymIL4jgQRhQUMGdrZ7pyfYkB2OMCcGYxCSSq%2FXWs5Wp7mqquqcne9BgQHIcbx489HxnN4saxRw8qURmvciCkPGgi7jgPyCKEPAmszuy%2BBzqefk8h%2Bf5PvX%2BuNwjIUq2e%2BkNu66NYSudJm28cE1n0la%2BceFqI6RNeqJxTWfHohON4fxxg%2BMh7TTpi42zSvTtSouGlIY0bJzRTiV2uLJPofO73bDZpc2o1Qw7EYbuv7kvA3gWQA72yBPQcvb%2Fte%2FvQYspsvSL08r3C5u%2F9FpaGlZYh4HceivrZ7bKkB6GiQuQZFuLblg%2FI%2BTDI7DZ1mID2MHGfANwPSPBTyF4trUYE3yweTApN1AZuDyKajCFMlNoNoWwt6DlAwIIiQsXkaV3LlhXsRsHlM3pjCw9%2FAu6mpGlX59Eln5%2Byuhh44o1ZaFt5jFMaujhFLo3RV5uo1gPoKttiOI9aPkDWXl4Hlm6cdEbCy13nxNh3G6HEV8OY8mXo3YYLvM47C6LJKJx%2B5iIRMz2JdJ6Cp1MYdQIzB9B6QOUOkCZBCjzAKncbbBON6F0NeFJux1HQoh2W4hOfEx2ZDuKE4pSzHcYochHEGYE4W4idzfR1yO48lv4tRpeLsEXMxK8%2BS4GskalCCpPUDGCShNUBUE1qDel8S1f35HGlzxc%2BNbCt%2BuJLXpjtmmLnsoImBuN8z3y%2BFzA4FGdo692GzJudaMwjmPBYso7irYiEUnKVgXjNIoovK6h%2FREwH2Bdz8hTf46R6xlZSr4EZ9vwZhtCPwZWPgNWTVZbFGxtEsUU69lnXPq0x4zxzUwVkLZGXiyhuBGMzR55ev%2BSZ3%2F%2FGUrsnDz69fV3%2Fv7lWQhXI3c1ruvvCHrm9uSyrcjGZVt5cu9iXuhUr7P5la8UrFBLn7yublTWyXOn%2FejjV8QczMO7V5UvzrNM6qznyaentJTKnbFOKPLNOX9N8UulXztVuqzMz1969cy5NHfKe22zKZh%2B8PZ9CD0jj3z10f7%2FfX7vOLSbwpU10nKHLAzabkPkN%2BHznZP%2F1rwlcOawh%2BcBqrKeuBY%2FLBpNYNRhzngNrw4l4Grn%2Fh8HbOxvo%2BcCsOIWsrTGwNUYmBrMjODL%2F02K3O28%2FGN738BNMOHGBRvcOPPBgbRe7zZUJ6GJoi3Fky5PVhmV3STqctYN1SrvsBCFn6n%2Byd%2F%2BAQAA%2F%2F8BAAD%2F%2F64N4aiXBAAA HTTP/1.1
Host: valuermainly.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Cookie: u_pl=17787248; uid_id2=c183314b-18db-4311-b819-cf40836c4c8a:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 14:36:17 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: cda660daf3a7d24e80bbdb7e625dd289
Strict-Transport-Security: max-age=0; includeSubdomains

i.jads.co/network/user1037/42-1688927188-0262966001688927188.gif

205.185.216.42

129 kB

URL
i.jads.co/network/user1037/42-1688927188-0262966001688927188.gif
IP
205.185.216.42:0
ASN
#20446 STACKPATH-CDN

File type
GIF image data, version 89a, 250 x 250\012- data
Size
129 kB (129148 bytes)
Hash
c74036976f355462580c618bde1972ce
5cf7350afd17a4646583a01bda48cc7db9f3ab11
468e3b79344f5192fd5244e1122d92aa9ba318cd666a4a23f56cafff7137bdbe

HTTP Headers

GET /network/user1037/42-1688927188-0262966001688927188.gif HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://poweredby.jads.co/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 02 Dec 2023 14:36:18 GMT
Connection: Keep-Alive
ETag: "1688927188"
Cache-Control: max-age=18962625
Content-Length: 129148
Content-Type: image/gif
Last-Modified: Sun, 09 Jul 2023 18:26:28 GMT
Accept-Ranges: bytes
X-HW: 1701527778.dop225.sk1.t,1701527778.cds250.sk1.c

cdn.yourwebbars.com/sb/interstitial/games/hentai-heroes/main/9/index.html

104.26.6.19

826 B

URL
cdn.yourwebbars.com/sb/interstitial/games/hentai-heroes/main/9/index.html
IP
104.26.6.19:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document, ASCII text
Size
826 B (826 bytes)
Hash
646559fd465295bf306d1d2b9577b1cb
89e67be3b0fdda8b91ad50afab696020b95c0e7b
155244a91470301be700b488d699994faa1651279ad2138b663b1d83e209b3a8

HTTP Headers

GET /sb/interstitial/games/hentai-heroes/main/9/index.html HTTP/1.1
Host: cdn.yourwebbars.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://top1pornmovies.sexjanet.com
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:17 GMT
content-type: text/html
last-modified: Tue, 24 Oct 2023 12:21:31 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TldHeOruLrIbDNHN35V%2FcYZaXZ4tMQ15%2BkWWKVwiq5o4JQMhb0OvWAPH%2Fg0bnu7bEQ9PndKzyzY%2FnS%2BHqpQZJL0lbU8dreSp%2FKzPOzs4T%2FNBAP88HUb7%2Bu9kPQdD73nBe8fblRc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f44d20dc82b4f3-OSL
content-encoding: br
X-Firefox-Spdy: h2

pluralpeachy.com/d8/29/41/d82941888ca80b5e024c4d0a7cab0440.js

173.233.137.60

15 kB

URL
pluralpeachy.com/d8/29/41/d82941888ca80b5e024c4d0a7cab0440.js
IP
173.233.137.60:0
ASN
#7979 SERVERS-COM

File type
ASCII text, with very long lines (42759), with no line terminators
Size
15 kB (15415 bytes)
Hash
602f810b0ab133050c94eddedf06cfa4
7a059e487fab25179c9e39ca01b01ea545c6a2d8
ddec2ef2593089a4a54dd3f054f0e79586b205d9eeb24656fb8f2e2e05571ee8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /d8/29/41/d82941888ca80b5e024c4d0a7cab0440.js HTTP/1.1
Host: pluralpeachy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 14:36:17 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 37d99d4e55f638f88a70d34ecf9e7ee1
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

dragnag.com/8f/9f/c6/8f9fc67e3b5b368f1c72c9bed43a0f41.js

192.243.61.225

15 kB

URL
dragnag.com/8f/9f/c6/8f9fc67e3b5b368f1c72c9bed43a0f41.js
IP
192.243.61.225:0
ASN
#39572 DataWeb Global Group B.V.

File type
ASCII text, with very long lines (42795), with no line terminators
Size
15 kB (15416 bytes)
Hash
cff1030588a7675af409cebaeb5725f2
238df74b79ca48c01d2c01196dda0c476ff7c1fd
c5a537275a6bb0d056475433eb5d90b9e9a115078888117cb13c26046b7f23cc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /8f/9f/c6/8f9fc67e3b5b368f1c72c9bed43a0f41.js HTTP/1.1
Host: dragnag.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 14:36:18 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 6e26bfb3150dfae125b4a983491a3c04
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

biptolyla.com/auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R

188.72.219.36

0 B

URL
biptolyla.com/auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R
IP
188.72.219.36:0
ASN
#35415 Webzilla B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R HTTP/1.1
Host: biptolyla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://top1pornmovies.sexjanet.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
server: nginx
date: Sat, 02 Dec 2023 14:36:18 GMT
content-type: application/javascript
content-length: 0
expires: Mon, 26 Jul 2011 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-WoW64
X-Firefox-Spdy: h2

i.bngprm.com/banners/300x250/how%20long/no.gif

64.210.135.149

122 kB

URL
i.bngprm.com/banners/300x250/how%20long/no.gif
IP
64.210.135.149:0
ASN
#30361 SWIFTWILL2

File type
GIF image data, version 89a, 300 x 250\012- data
Size
122 kB (121639 bytes)
Hash
7141979c9bdaf12890a995cf8c448b12
f40b1fab31234af32e3799376a8f87d090b6736e
1f9cc0a0d4ad37c1ac373cde03e442788809e10855a1207b2e5ab415f6589750

HTTP Headers

GET /banners/300x250/how%20long/no.gif HTTP/1.1
Host: i.bngprm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bngpt.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:18 GMT
content-type: image/gif
content-length: 121639
last-modified: Wed, 27 Nov 2019 10:19:25 GMT
cache-control: max-age=2592000
x-bcs-o: 1
expires: Sat, 11 Dec 2021 10:27:03 GMT
x-o1-bcs-ban: HIT
access-control-allow-origin: *
access-control-allow-methods: GET
accept-ranges: bytes
x-cdn-diag: ams5-7099-6-3764-h-0-0---;7734-23-6612----0-1-0
X-Firefox-Spdy: h2

173.233.137.60

0 B

URL
pluralpeachy.com/watch.811247300189.js?key=539d71c7c61ed9e36ed1dd6ab6acffc8&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%2C%22porn%22%2C%22pictures%22%2C%22and%22%2C%22xxx%22%2C%22galleries%22%5D&refer=http%3A%2F%2Ftop1pornmovies.sexjanet.com%2F&tz=0&dev=e&res=14.3093&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1
IP
173.233.137.60:0
ASN
#7979 SERVERS-COM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.811247300189.js?key=539d71c7c61ed9e36ed1dd6ab6acffc8&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%2C%22porn%22%2C%22pictures%22%2C%22and%22%2C%22xxx%22%2C%22galleries%22%5D&refer=http%3A%2F%2Ftop1pornmovies.sexjanet.com%2F&tz=0&dev=e&res=14.3093&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1 HTTP/1.1
Host: pluralpeachy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://top1pornmovies.sexjanet.com
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 14:36:18 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://top1pornmovies.sexjanet.com
Access-Control-Allow-Origin: http://top1pornmovies.sexjanet.com
Access-Control-Allow-Credentials: true
Location: https://pluralpeachy.com/watch.811247300189.js?key=539d71c7c61ed9e36ed1dd6ab6acffc8&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%2C%22porn%22%2C%22pictures%22%2C%22and%22%2C%22xxx%22%2C%22galleries%22%5D&refer=http%3A%2F%2Ftop1pornmovies.sexjanet.com%2F&tz=0&dev=e&res=14.3093&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1&shu=aa0268770852b81f499a49d8222c81babc014be5567719272cc74b6fcf1b116e0c8aa2dfe858a8c5d16e4c844979bdc14a9dc28fc737265cfddfc75352584e872c3662d41a78b553ec7e168d5aee9ab36d61c6e9de04bc1de82d8fb492633420&pst=1701527838&rmtc=t
Set-Cookie: u_pl=17743402; expires=Sun, 03 Dec 2023 14:36:18 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzc0MzQwMiwiayI6IjUzOWQ3MWM3YzYxZWQ5ZTM2ZWQxZGQ2YWI2YWNmZmM4Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNTAzNjQ5LCJwaWQiOjI4ODQzNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjo1LCJwdCI6NCwicGsiOiJ4M2J0dWpzdWsiLCJjcGtzIjp7IjI5IjoiZDgyOTQxODg4Y2E4MGI1ZTAyNGM0ZDBhN2NhYjA0NDAifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly90b3AxcG9ybm1vdmllcy5zZXhqYW5ldC5jb20vIiwiYXIiOltdfX0.1HCEvnPrw8aw4oGMBn0zQSZghV1ECQgmUdSYy5NDJqc; expires=Sat, 02 Dec 2023 14:37:18 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d6791f44821bbd90c24261722f09bf0c
Strict-Transport-Security: max-age=0; includeSubdomains

cdn.cloudimagesb.com/bi/9f/b3/7c/9fb37c19ad0f85288bf9bed90071fb10/1682514147.jpg

45.133.44.9

64 kB

URL
cdn.cloudimagesb.com/bi/9f/b3/7c/9fb37c19ad0f85288bf9bed90071fb10/1682514147.jpg
IP
45.133.44.9:0
ASN
#39572 DataWeb Global Group B.V.

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=176, yresolution=184, resolutionunit=2], baseline, precision 8, 300x250, components 3\012- data
Size
64 kB (63710 bytes)
Hash
f766dac311dd3ade69f95da8c2694e1b
6320a9e0f6369cea9c367c8a2f7cdbdff9006a0b
60c0bb35d9d13ac8493cc1b96b9d3a20afca8a6cccb84948024fcd0deae74993

HTTP Headers

GET /bi/9f/b3/7c/9fb37c19ad0f85288bf9bed90071fb10/1682514147.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:18 GMT
content-type: image/jpeg
content-length: 63710
server: nginx/1.21.6
last-modified: Wed, 26 Apr 2023 13:02:36 GMT
etag: "644920ec-f8de"
expires: Mon, 04 Dec 2023 14:36:18 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

accommodationcarpetavid.com/sbar.json?key=8f9fc67e3b5b368f1c72c9bed43a0f41&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1

173.233.139.164

4.0 kB

URL
accommodationcarpetavid.com/sbar.json?key=8f9fc67e3b5b368f1c72c9bed43a0f41&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1
IP
173.233.139.164:0
ASN
#7979 SERVERS-COM

File type
JSON data\012- , ASCII text, with very long lines (6205), with no line terminators
Size
4.0 kB (4049 bytes)
Hash
1c767b650403bd2af8f035ea225dcef7
28ec1c0f9032f2a3954a60611a2acf3d18f9b5a6
c73bd66f116f02b8d89c17328769f4f9d82f1b005a87652c2d0b14eb6526e111

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sbar.json?key=8f9fc67e3b5b368f1c72c9bed43a0f41&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1 HTTP/1.1
Host: accommodationcarpetavid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://top1pornmovies.sexjanet.com
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Cookie: u_pl=17787246; uid_id2=c183314b-18db-4311-b819-cf40836c4c8a:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 14:36:18 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://top1pornmovies.sexjanet.com
Access-Control-Allow-Origin: http://top1pornmovies.sexjanet.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17787246,17787247; expires=Sun, 03 Dec 2023 14:36:18 GMT; secure; SameSite=None
uid_id2=c183314b-18db-4311-b819-cf40836c4c8a:2:1; expires=Sat, 09 Dec 2023 14:36:18 GMT; secure; SameSite=None
uncs=2; expires=Sun, 03 Dec 2023 14:36:18 GMT; secure; SameSite=None
uncs29=2; expires=Sun, 03 Dec 2023 14:36:18 GMT; secure; SameSite=None
slec8f9fc67e3b5b368f1c72c9bed43a0f41=[4714200]; expires=Sat, 02 Dec 2023 14:36:23 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 86359aee25aceedc2a285c93c5b97f56
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

go.eabids.com/banner.go?spaceid=5675442&keywords=&maincat=

217.22.19.194

1.3 kB

URL
go.eabids.com/banner.go?spaceid=5675442&keywords=&maincat=
IP
217.22.19.194:0
ASN
#42567 Mojohost B.v.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1262), with no line terminators
Size
1.3 kB (1262 bytes)
Hash
aad7e5c4eede9fc0b280f4e9106ef1a7
19e8971e342dbe0762d2e173926af5b04feb64b5
b1fb64100470b84b743cec9b6c37ef90bd79c241495c475a0df9d01335271470

HTTP Headers

GET /banner.go?spaceid=5675442&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:18 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 1262
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Janon, 02 12 2023 14:36:18 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
Accept-Ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
X-Backend-Server: nl2-web-201

192.243.61.225

0 B

URL
dragnag.com/watch.1353825216675.js?key=11115435c35e6b966b90a5f936e0edcc&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%2C%22porn%22%2C%22pictures%22%2C%22and%22%2C%22xxx%22%2C%22galleries%22%5D&refer=http%3A%2F%2Ftop1pornmovies.sexjanet.com%2F&tz=0&dev=e&res=14.3093&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1
IP
192.243.61.225:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1353825216675.js?key=11115435c35e6b966b90a5f936e0edcc&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%2C%22porn%22%2C%22pictures%22%2C%22and%22%2C%22xxx%22%2C%22galleries%22%5D&refer=http%3A%2F%2Ftop1pornmovies.sexjanet.com%2F&tz=0&dev=e&res=14.3093&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1 HTTP/1.1
Host: dragnag.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://top1pornmovies.sexjanet.com
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 14:36:18 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://top1pornmovies.sexjanet.com
Access-Control-Allow-Origin: http://top1pornmovies.sexjanet.com
Access-Control-Allow-Credentials: true
Location: https://dragnag.com/watch.1353825216675.js?key=11115435c35e6b966b90a5f936e0edcc&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%2C%22porn%22%2C%22pictures%22%2C%22and%22%2C%22xxx%22%2C%22galleries%22%5D&refer=http%3A%2F%2Ftop1pornmovies.sexjanet.com%2F&tz=0&dev=e&res=14.3093&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1&shu=dd0cb675388efe92cb0ca4c91c420f31f94428c412c6f5d46c701103d4119cd4f6ba4f4776b398c11ecab0cd39ed7bca61993a4e49c391820d155b55e7a8b0f2ab5046aa98c240d2a740036e16e838d5e223b166288b0fdf99e88acb86&pst=1701527838&rmtc=t
Set-Cookie: u_pl=17763957; expires=Sun, 03 Dec 2023 14:36:18 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzc2Mzk1NywiayI6IjExMTE1NDM1YzM1ZTZiOTY2YjkwYTVmOTM2ZTBlZGNjIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxOTU5OTYxLCJwaWQiOjI4ODQzNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjo1LCJwdCI6NCwicGsiOiJkNXdyanVydCIsImNwa3MiOnsiMjkiOiI4ZjlmYzY3ZTNiNWIzNjhmMWM3MmM5YmVkNDNhMGY0MSJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cDovL3RvcDFwb3JubW92aWVzLnNleGphbmV0LmNvbS8iLCJhciI6W119fQ.9LfKaLaGzJMdyf2clAdjqu4Ue4HGL_OZVtnjKJKJg6I; expires=Sat, 02 Dec 2023 14:37:18 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d1c955d179fd45ffee073f418b7e4e1a
Strict-Transport-Security: max-age=0; includeSubdomains

cdn.yourwebbars.com/sb/interstitial/games/hentai-heroes/main/9/index.html

104.26.6.19

1.6 kB

URL
cdn.yourwebbars.com/sb/interstitial/games/hentai-heroes/main/9/index.html
IP
104.26.6.19:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document, ASCII text
Size
1.6 kB (1585 bytes)
Hash
646559fd465295bf306d1d2b9577b1cb
89e67be3b0fdda8b91ad50afab696020b95c0e7b
155244a91470301be700b488d699994faa1651279ad2138b663b1d83e209b3a8

HTTP Headers

GET /sb/interstitial/games/hentai-heroes/main/9/index.html HTTP/1.1
Host: cdn.yourwebbars.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://top1pornmovies.sexjanet.com
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:18 GMT
content-type: text/html
last-modified: Tue, 24 Oct 2023 12:21:31 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Xj77s0S55LkJM%2F8TT%2FyZHpVw31MQgo6PNVgieUkUUiayWFef%2BQj5oa1d0E%2FUg3ejBEg5M1VDcv2pCBp%2FIE4SUob7YOl4LzbWeAZtGO%2FefXTRzWmXpuwIsgpe3F97CbLwMD99HsM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f44d24efe6b4f3-OSL
content-encoding: br
X-Firefox-Spdy: h2

i.bngprm.com/banners/300x250/how%20long/no.gif

64.210.135.149

122 kB

URL
i.bngprm.com/banners/300x250/how%20long/no.gif
IP
64.210.135.149:0
ASN
#30361 SWIFTWILL2

File type
GIF image data, version 89a, 300 x 250\012- data
Size
122 kB (121639 bytes)
Hash
7141979c9bdaf12890a995cf8c448b12
f40b1fab31234af32e3799376a8f87d090b6736e
1f9cc0a0d4ad37c1ac373cde03e442788809e10855a1207b2e5ab415f6589750

HTTP Headers

GET /banners/300x250/how%20long/no.gif HTTP/1.1
Host: i.bngprm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bngpt.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:18 GMT
content-type: image/gif
content-length: 121639
last-modified: Wed, 27 Nov 2019 10:19:25 GMT
cache-control: max-age=2592000
x-bcs-o: 1
expires: Sat, 11 Dec 2021 10:27:03 GMT
x-o1-bcs-ban: HIT
access-control-allow-origin: *
access-control-allow-methods: GET
accept-ranges: bytes
x-cdn-diag: ams5-7099-6-3764-h-0-0---;7734-23-6612----0-0-0
X-Firefox-Spdy: h2

biptolyla.com/auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R

188.72.219.36

162 B

URL
biptolyla.com/auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R
IP
188.72.219.36:0
ASN
#35415 Webzilla B.V.

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
162 B (162 bytes)
Hash
4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

HTTP Headers

GET /auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R HTTP/1.1
Host: biptolyla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 02 Dec 2023 14:36:18 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://biptolyla.com/auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Content-Type-Options: nosniff

192.243.61.225

0 B

URL
valuermainly.com/watch.616756378411.js?key=c515a1f4fc3a36b04275034bdcef5c99&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%2C%22porn%22%2C%22pictures%22%2C%22and%22%2C%22xxx%22%2C%22galleries%22%5D&refer=http%3A%2F%2Ftop1pornmovies.sexjanet.com%2F&tz=0&dev=e&res=14.3093&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1
IP
192.243.61.225:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.616756378411.js?key=c515a1f4fc3a36b04275034bdcef5c99&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%2C%22porn%22%2C%22pictures%22%2C%22and%22%2C%22xxx%22%2C%22galleries%22%5D&refer=http%3A%2F%2Ftop1pornmovies.sexjanet.com%2F&tz=0&dev=e&res=14.3093&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1 HTTP/1.1
Host: valuermainly.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://top1pornmovies.sexjanet.com
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Cookie: u_pl=17787248; uid_id2=c183314b-18db-4311-b819-cf40836c4c8a:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 14:36:18 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://top1pornmovies.sexjanet.com
Access-Control-Allow-Origin: http://top1pornmovies.sexjanet.com
Access-Control-Allow-Credentials: true
Location: https://valuermainly.com/watch.616756378411.js?key=c515a1f4fc3a36b04275034bdcef5c99&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%2C%22porn%22%2C%22pictures%22%2C%22and%22%2C%22xxx%22%2C%22galleries%22%5D&refer=http%3A%2F%2Ftop1pornmovies.sexjanet.com%2F&tz=0&dev=e&res=14.3093&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1&shu=4ba5d0845d9f5d54aafc738031b1743b29a795aca32363ac9d90b554b495988174e026295cd027d5225c79570551b1e2b200c0c3e17399256d8f611e8fe7d33069605c08a2c509451b3bd2e49f99b35a1e775ce6deb6db4c37722553fca9be&pst=1701527838&rmtc=t
Set-Cookie: u_pl=17787248,17763945; expires=Sun, 03 Dec 2023 14:36:18 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzc2Mzk0NSwiayI6ImM1MTVhMWY0ZmMzYTM2YjA0Mjc1MDM0YmRjZWY1Yzk5Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxOTU5OTYyLCJwaWQiOjI4ODQzNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjo1LCJwdCI6NCwicGsiOiJ3YWN0dWZ6ZGFkIiwiY3BrcyI6eyIyOSI6IjI4ODUzMzkyYTc2YTE0YjE0MjY5OTFiNmRlZjIyNDNiIn0sInQiOjF9LCJ1Ijp7InUiOjIsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwOi8vdG9wMXBvcm5tb3ZpZXMuc2V4amFuZXQuY29tLyIsImFyIjpbXX19.z6XRFODImIqPRuj3HjoX9d4OVLPZvhr3tkNkkz7Cfxk; expires=Sat, 02 Dec 2023 14:37:18 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 87527a08332c69941ee38fbe81fd87f8
Strict-Transport-Security: max-age=0; includeSubdomains

impolitefreakish.com/sbar.json?key=d82941888ca80b5e024c4d0a7cab0440&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1

173.233.139.164

4.3 kB

URL
impolitefreakish.com/sbar.json?key=d82941888ca80b5e024c4d0a7cab0440&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1
IP
173.233.139.164:0
ASN
#7979 SERVERS-COM

File type
JSON data\012- , ASCII text, with very long lines (5965), with no line terminators
Size
4.3 kB (4271 bytes)
Hash
57b590c706f580912e41238800e9c78b
32f31d011e7531043f7490d2b6842629619cb17d
48c86d52b2c6eeb622314426f59e42d3f0f57aa58096416860a5231cced09ccc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sbar.json?key=d82941888ca80b5e024c4d0a7cab0440&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1 HTTP/1.1
Host: impolitefreakish.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://top1pornmovies.sexjanet.com
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 14:36:18 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://top1pornmovies.sexjanet.com
Access-Control-Allow-Origin: http://top1pornmovies.sexjanet.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17787248; expires=Sun, 03 Dec 2023 14:36:18 GMT; secure; SameSite=None
uid_id2=c183314b-18db-4311-b819-cf40836c4c8a:2:1; expires=Sat, 09 Dec 2023 14:36:18 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 03 Dec 2023 14:36:18 GMT; secure; SameSite=None
uncs=1; expires=Sun, 03 Dec 2023 14:36:18 GMT; secure; SameSite=None
pdhtkv29=true; expires=Sun, 03 Dec 2023 14:36:18 GMT; secure; SameSite=None
uncs29=1; expires=Sun, 03 Dec 2023 14:36:18 GMT; secure; SameSite=None
slecd82941888ca80b5e024c4d0a7cab0440=[4714200]; expires=Sat, 02 Dec 2023 14:36:23 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8caac8ac779bb05efedecf6c4b6d1d8c
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

biptolyla.com/auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R

188.72.219.36

162 B

URL
biptolyla.com/auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R
IP
188.72.219.36:0
ASN
#35415 Webzilla B.V.

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
162 B (162 bytes)
Hash
4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

HTTP Headers

GET /auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R HTTP/1.1
Host: biptolyla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 02 Dec 2023 14:36:18 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://biptolyla.com/auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Content-Type-Options: nosniff

94.199.255.192

594 B

URL
bngpt.com/promo.php?c=688955&subid=2|159343|14904110|no|112022|40568594|7648657|1|0|46|50304|,,,,,|4|0|0|3,4,6|0|0|en|1|91.90.42.154|0|0|0|0|3143242&subid2=14904110&type=banner&size=300x250&name=st_true;st_dali;st_random_all;on_off;st_x2;double2;how_long;st-double-penetration
IP
94.199.255.192:0
ASN
#48684 Viking Host B.V.

File type
gzip compressed data, max compression, from Unix\012- data
Size
594 B (594 bytes)
Hash
e4981ff0576b7dfd95478617e721b94a
1c3b2567bd3f5469f16cefb3d6ffc4359fe80bc8
6b516458425c03277eff6078fcea957c33e34ca3521d648a840217d20790d058

HTTP Headers

GET /promo.php?c=688955&subid=2|159343|14904110|no|112022|40568594|7648657|1|0|46|50304|,,,,,|4|0|0|3,4,6|0|0|en|1|91.90.42.154|0|0|0|0|3143242&subid2=14904110&type=banner&size=300x250&name=st_true;st_dali;st_random_all;on_off;st_x2;double2;how_long;st-double-penetration HTTP/1.1
Host: bngpt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://go.eabids.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 02 Dec 2023 14:36:17 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: 
expires: Sat, 02 Dec 2023 14:36:16 GMT
x-bcs: ded7724
strict-transport-security: max-age=0;
cache-control: no-cache, public
content-encoding: gzip
x-bc-bl: 102
X-Firefox-Spdy: h2

explosivegleameddesigner.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSTYgcVRd9Nd98boL4gxuFQIOCCk5P%2FfVMV7IwxpgQjElMItn6%2FmrmpavfK96r6pqZhQYjkmW7c%2BGi%2BvT8GA1iFq5UIj1uZEBIu9BBHHDnSgQh4E66p2XwLt6995y7uOe8%2B8GgPCABSrp%2F%2BQ2zobKMLraafuOF60oLU7nGxWuNwG%2F6JxvXlV6KTzbWJo%2FtnQj8VtN%2FsXFO8o5ZDP3A9wM%2FaJxVVqZmbXHKQuV3k6CZ%2BM04bAatGGv2v70r5%2BDoHETvgDwJJcb%2FX%2F3%2BHhQfQXe%2FOCNdpzD5S691y4wWxqIndt7SHW0qje5RmVoPqd6ZTcO4MSEfzcHonZkCmN7mRAGYGhPvpwBM78zWBOttHW7KMkgNJo6h6o0gsxEUHYGbW1DiAQG4wMVL0N3ti8ZWdP2QpRN2TOYf%2FgVVjcn8r09Bdz8%2Fnam1xlWTlYUy2mEtraHWRlArI%2BTlLooND6raBS%2FegxI%2FkMWHF6C7m5dcZqDE%2FnM8aEdRELOFoC3YQhwFwQJrB8kCT2O%2FHS3xmLfp1CKlRlDpCJnsg7o5lM5DqTyUqYcy99AV%2Bw3aSlLfX05ZGkXtmHMeRZy32kuiJaK4nfoo%2BURDH0XeB8%2F64Pb97VJzFyaDYDsXq0Wnt1nYUm5OwEHwySEUJlMQub2JjurDlt%2FCrdZw4hG4Yky8N99FT9SoJEHlCCpKUCmCqiCoevWWyFzo6m2RuZIFsxzOclQPTbEyoFumWJGagNr%2BID8gT0ys9h5TGh253wjb7VYUJSFdXqJBzII4XEqSgC0JmYZhHDE4VUO5OVDnYUONyfHfn0GuxmQ%2B%2FRKM7sJlu%2BDqcdDyOGg1XA590NVh3Paxoe9U65w3c2M1hKmRF%2FMo1r1BdkCenv73uT9%2BhuR7p459feOdv395FtzWyG2NG%2Bo7gpXs9vCKqcjmFVM5cu9SXqiu2qCTW7ha0ELOf%2Fq6XK%2BMFefPuP6dV%2FiEmJR3r0lXXKBaKL3iyGenlRDSnjWWS%2FLNeXddssulWz1dWl3mFy6%2FevZ8N7fSOWX0CFQ9ePs%2BuBqTR7%2F6eHrlzx%2BcgLIj2LJGt9wjs4Ayu%2BD5Tbh879S%2FmDMENjuaYbmHqqyHNmRHYKYIMnnUU1bDySMLmNy7%2F%2BchN3C3sWI90OIWdLdGz9boZTVo1ocr%2Fzcscrv38o%2FRNMAyb8gy622yzGYfHlrr1H5DtlI%2FlX4oWZqwdJn6IknjhNEkkMusRQMUbiw7p377BwAA%2F%2F8BAAD%2F%2FxTqRom9BAAA

192.243.59.12

7 B

URL
explosivegleameddesigner.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSTYgcVRd9Nd98boL4gxuFQIOCCk5P%2FfVMV7IwxpgQjElMItn6%2FmrmpavfK96r6pqZhQYjkmW7c%2BGi%2BvT8GA1iFq5UIj1uZEBIu9BBHHDnSgQh4E66p2XwLt6995y7uOe8%2B8GgPCABSrp%2F%2BQ2zobKMLraafuOF60oLU7nGxWuNwG%2F6JxvXlV6KTzbWJo%2FtnQj8VtN%2FsXFO8o5ZDP3A9wM%2FaJxVVqZmbXHKQuV3k6CZ%2BM04bAatGGv2v70r5%2BDoHETvgDwJJcb%2FX%2F3%2BHhQfQXe%2FOCNdpzD5S691y4wWxqIndt7SHW0qje5RmVoPqd6ZTcO4MSEfzcHonZkCmN7mRAGYGhPvpwBM78zWBOttHW7KMkgNJo6h6o0gsxEUHYGbW1DiAQG4wMVL0N3ti8ZWdP2QpRN2TOYf%2FgVVjcn8r09Bdz8%2Fnam1xlWTlYUy2mEtraHWRlArI%2BTlLooND6raBS%2FegxI%2FkMWHF6C7m5dcZqDE%2FnM8aEdRELOFoC3YQhwFwQJrB8kCT2O%2FHS3xmLfp1CKlRlDpCJnsg7o5lM5DqTyUqYcy99AV%2Bw3aSlLfX05ZGkXtmHMeRZy32kuiJaK4nfoo%2BURDH0XeB8%2F64Pb97VJzFyaDYDsXq0Wnt1nYUm5OwEHwySEUJlMQub2JjurDlt%2FCrdZw4hG4Yky8N99FT9SoJEHlCCpKUCmCqiCoevWWyFzo6m2RuZIFsxzOclQPTbEyoFumWJGagNr%2BID8gT0ys9h5TGh253wjb7VYUJSFdXqJBzII4XEqSgC0JmYZhHDE4VUO5OVDnYUONyfHfn0GuxmQ%2B%2FRKM7sJlu%2BDqcdDyOGg1XA590NVh3Paxoe9U65w3c2M1hKmRF%2FMo1r1BdkCenv73uT9%2BhuR7p459feOdv395FtzWyG2NG%2Bo7gpXs9vCKqcjmFVM5cu9SXqiu2qCTW7ha0ELOf%2Fq6XK%2BMFefPuP6dV%2FiEmJR3r0lXXKBaKL3iyGenlRDSnjWWS%2FLNeXddssulWz1dWl3mFy6%2FevZ8N7fSOWX0CFQ9ePs%2BuBqTR7%2F6eHrlzx%2BcgLIj2LJGt9wjs4Ayu%2BD5Tbh879S%2FmDMENjuaYbmHqqyHNmRHYKYIMnnUU1bDySMLmNy7%2F%2BchN3C3sWI90OIWdLdGz9boZTVo1ocr%2Fzcscrv38o%2FRNMAyb8gy622yzGYfHlrr1H5DtlI%2FlX4oWZqwdJn6IknjhNEkkMusRQMUbiw7p377BwAA%2F%2F8BAAD%2F%2FxTqRom9BAAA
IP
192.243.59.12:0
ASN
#39572 DataWeb Global Group B.V.

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSTYgcVRd9Nd98boL4gxuFQIOCCk5P%2FfVMV7IwxpgQjElMItn6%2FmrmpavfK96r6pqZhQYjkmW7c%2BGi%2BvT8GA1iFq5UIj1uZEBIu9BBHHDnSgQh4E66p2XwLt6995y7uOe8%2B8GgPCABSrp%2F%2BQ2zobKMLraafuOF60oLU7nGxWuNwG%2F6JxvXlV6KTzbWJo%2FtnQj8VtN%2FsXFO8o5ZDP3A9wM%2FaJxVVqZmbXHKQuV3k6CZ%2BM04bAatGGv2v70r5%2BDoHETvgDwJJcb%2FX%2F3%2BHhQfQXe%2FOCNdpzD5S691y4wWxqIndt7SHW0qje5RmVoPqd6ZTcO4MSEfzcHonZkCmN7mRAGYGhPvpwBM78zWBOttHW7KMkgNJo6h6o0gsxEUHYGbW1DiAQG4wMVL0N3ti8ZWdP2QpRN2TOYf%2FgVVjcn8r09Bdz8%2Fnam1xlWTlYUy2mEtraHWRlArI%2BTlLooND6raBS%2FegxI%2FkMWHF6C7m5dcZqDE%2FnM8aEdRELOFoC3YQhwFwQJrB8kCT2O%2FHS3xmLfp1CKlRlDpCJnsg7o5lM5DqTyUqYcy99AV%2Bw3aSlLfX05ZGkXtmHMeRZy32kuiJaK4nfoo%2BURDH0XeB8%2F64Pb97VJzFyaDYDsXq0Wnt1nYUm5OwEHwySEUJlMQub2JjurDlt%2FCrdZw4hG4Yky8N99FT9SoJEHlCCpKUCmCqiCoevWWyFzo6m2RuZIFsxzOclQPTbEyoFumWJGagNr%2BID8gT0ys9h5TGh253wjb7VYUJSFdXqJBzII4XEqSgC0JmYZhHDE4VUO5OVDnYUONyfHfn0GuxmQ%2B%2FRKM7sJlu%2BDqcdDyOGg1XA590NVh3Paxoe9U65w3c2M1hKmRF%2FMo1r1BdkCenv73uT9%2BhuR7p459feOdv395FtzWyG2NG%2Bo7gpXs9vCKqcjmFVM5cu9SXqiu2qCTW7ha0ELOf%2Fq6XK%2BMFefPuP6dV%2FiEmJR3r0lXXKBaKL3iyGenlRDSnjWWS%2FLNeXddssulWz1dWl3mFy6%2FevZ8N7fSOWX0CFQ9ePs%2BuBqTR7%2F6eHrlzx%2BcgLIj2LJGt9wjs4Ayu%2BD5Tbh879S%2FmDMENjuaYbmHqqyHNmRHYKYIMnnUU1bDySMLmNy7%2F%2BchN3C3sWI90OIWdLdGz9boZTVo1ocr%2Fzcscrv38o%2FRNMAyb8gy622yzGYfHlrr1H5DtlI%2FlX4oWZqwdJn6IknjhNEkkMusRQMUbiw7p377BwAA%2F%2F8BAAD%2F%2FxTqRom9BAAA HTTP/1.1
Host: explosivegleameddesigner.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 02 Dec 2023 14:36:18 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4e380969f6e7a102562f4ed5fe1b7e6c
Strict-Transport-Security: max-age=0; includeSubdomains

chaturbate.com/topembed/?join_overlay=1&tour=dTm0&campaign=Q2cRU&disable_sound=1&mobileRedirect=auto&embed_video_only=1&id=2%7C164978%7C7017784%7Cno%7C94553%7C40900043%7C5675441%7C1%7C0%7C46%7C50304%7C%2C%2C%2C%2C%2C%7C4%7C0%7C0%7C1%2C2%2C3%2C6%2C12%2C13%2C19%2C21%2C26%7C0%7C0%7Cen%7C1%7C91.90.42.154%7C0%7C0%7C0%7C0%7C3143242

104.18.100.40

11 kB

URL
chaturbate.com/topembed/?join_overlay=1&tour=dTm0&campaign=Q2cRU&disable_sound=1&mobileRedirect=auto&embed_video_only=1&id=2%7C164978%7C7017784%7Cno%7C94553%7C40900043%7C5675441%7C1%7C0%7C46%7C50304%7C%2C%2C%2C%2C%2C%7C4%7C0%7C0%7C1%2C2%2C3%2C6%2C12%2C13%2C19%2C21%2C26%7C0%7C0%7Cen%7C1%7C91.90.42.154%7C0%7C0%7C0%7C0%7C3143242
IP
104.18.100.40:0
ASN
#13335 CLOUDFLARENET

File type
gzip compressed data, max speed, from Unix\012- data
Size
11 kB (10945 bytes)
Hash
3c8c91379711b8f13210717c28c3623c
22a8b196d5511f0592e1aa1ce29ca7c3f1ed92e3
b39af7e3f037e310c1a89e9fbffdb25efce95454c0907841a52080c052a703dc

HTTP Headers

GET /topembed/?join_overlay=1&tour=dTm0&campaign=Q2cRU&disable_sound=1&mobileRedirect=auto&embed_video_only=1&id=2%7C164978%7C7017784%7Cno%7C94553%7C40900043%7C5675441%7C1%7C0%7C46%7C50304%7C%2C%2C%2C%2C%2C%7C4%7C0%7C0%7C1%2C2%2C3%2C6%2C12%2C13%2C19%2C21%2C26%7C0%7C0%7Cen%7C1%7C91.90.42.154%7C0%7C0%7C0%7C0%7C3143242 HTTP/1.1
Host: chaturbate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://go.eabids.com/
DNT: 1
Connection: keep-alive
Cookie: __cf_bm=oahF8zudTlZsXXjxC5Y.1uu5Hbo3W2Bo.N7iDpMTstM-1701527777-0-AZA4/FS/9UILQBWnO7tFCxwRMx+pdPx3qdGHm7B3GYZ27xe4koKzP1qmMPSd4TUC5rhqfJtTSIkvCa0GrfuLu34=
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 302 Found
date: Sat, 02 Dec 2023 14:36:18 GMT
content-type: text/html; charset=utf-8
location: /embed/mazzanti_/?join_overlay=1&tour=dTm0&campaign=Q2cRU&disable_sound=1&mobileRedirect=auto&embed_video_only=1&id=2%7C164978%7C7017784%7Cno%7C94553%7C40900043%7C5675441%7C1%7C0%7C46%7C50304%7C%2C%2C%2C%2C%2C%7C4%7C0%7C0%7C1%2C2%2C3%2C6%2C12%2C13%2C19%2C21%2C26%7C0%7C0%7Cen%7C1%7C91.90.42.154%7C0%7C0%7C0%7C0%7C3143242
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
vary: Accept-Language, Cookie
content-language: en
content-security-policy: default-src 'self';  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mmcdn.com https://*.static.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://ajax.googleapis.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://*.googletagmanager.com https://www.google.com/recaptcha/ https://www.google.com/cv/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/cv/ https://www.gstatic.com/eureka/ https://www.gstatic.com/cast/ https://*.nr-data.net https://certify-js.alexametrics.com https://player.vimeo.com/api/player.js https://static.hotjar.com https://script.hotjar.com ;  style-src 'self' data: 'unsafe-inline' https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://static.hotjar.com https://script.hotjar.com;  img-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://*.stream.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://*.google-analytics.com https://*.googletagmanager.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://cdnjs.cloudflare.com https://www.gstatic.com https://*.nr-data.net https://certify.alexametrics.com https://stats.g.doubleclick.net https://cbgames.s3.amazonaws.com https://player.vimeo.com https://script.hotjar.com http://script.hotjar.com ;  font-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com ;  connect-src 'self' blob: blob https://*.mmcdn.com wss://*.mmcdn.com wss://*.mmcdn.com:8443 https://*.highwebmedia.com wss://*.highwebmedia.com wss://*.highwebmedia.com:8443 https://*.nr-data.net https://*.chaturbate.com https://chaturbate.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://*.googletagmanager.com https://cbvideoupload.s3-accelerate.amazonaws.com https://stats.g.doubleclick.net https://internet-up.ably-realtime.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://tls-use1.fpapi.io https://use1.fptls.com https://eun1.fptls.com https://aps1.fptls.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com ;  media-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com mediasource: blob: data: https://storage.googleapis.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com;  object-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://download.macromedia.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ;  frame-src 'self' https://*.mmcdn.com https://*.chaturbate.com https://chaturbate.com https://*.highwebmedia.com https://adserver.exoticads.com https://www.google.com/recaptcha/ https://*.wnu.com https://wnu.com https://checkout.2000charge.com https://www.sofort.com https://*.girogate.de https://player.vimeo.com https://vars.hotjar.com https://directory-live.cb.dev https://*.web.cb.dev ;  child-src 'self' blob: blob ;  worker-src 'self' blob: blob ;  form-action 'self' https://*.chaturbate.com https://chaturbate.com https://*.stream.highwebmedia.com https://*.wnu.com https://wnu.com https://devportal.cb.dev https://*.web.amer-1.jumio.ai https://saas-onboarding.incodesmile.com https://smartpay.coinsmart.com https://crypto-payments.net https://secure.paygarden.com ;  manifest-src 'self' https://*.mmcdn.com https://*.highwebmedia.com ;  report-uri https://report-uri.mmcdn.com/r/t/csp/enforce;
report-to: {"group":"default","max_age":2592000,"endpoints":[{"url":"https://report-uri.mmcdn.com/a/t/g"}],"include_subdomains":true}
nel: {"report_to":"default","max_age":2592000,"include_subdomains":true}
x-frame-options: DENY
cache-control: no-cache
set-cookie: affkey="eJyrVipSslJQyigpKbDS10/P10tNTMpMKdZLzs/VV6oFAJBCCa0="; Domain=.chaturbate.com; expires=Mon, 01 Jan 2024 14:36:18 GMT; Max-Age=2592000; Path=/
sbr=sec:sbra1502c17-0ea1-4ff2-98c5-10085b65fb7e:1r9R6Q:JJ3VoiYGJGQ68K9MtPoX0ZGJQBQ; Domain=.chaturbate.com; expires=Thu, 27 Aug 2026 14:36:18 GMT; HttpOnly; Max-Age=86313600; Path=/; Secure
pageaction_sample_id=5; expires=Sat, 02 Dec 2023 15:36:18 GMT; Max-Age=3600; Path=/
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=https://report-uri.highwebmedia.com/r/t/xss/enforce
referrer-policy: strict-origin-when-cross-origin
via: 1.1 google
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 82f44d242bc056bb-OSL

valuermainly.com/28/85/33/28853392a76a14b1426991b6def2243b.js

192.243.61.225

15 kB

URL
valuermainly.com/28/85/33/28853392a76a14b1426991b6def2243b.js
IP
192.243.61.225:0
ASN
#39572 DataWeb Global Group B.V.

File type
ASCII text, with very long lines (42789), with no line terminators
Size
15 kB (15421 bytes)
Hash
7058c1df11ecf8df41be1d9f6bfdb4e2
fbaf837cc8155fa8782b3e8c96775f369bdf7af5
a944daccfbe311eb9cbdfea91cc3dc41daa15144366ed502fb742ae1fc85538f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /28/85/33/28853392a76a14b1426991b6def2243b.js HTTP/1.1
Host: valuermainly.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 14:36:18 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 564f05c28e1dd3e05c0dee21616fe662
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

friendshipmale.com/sfp.js

104.21.234.32

28 kB

URL
friendshipmale.com/sfp.js
IP
104.21.234.32:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Size
28 kB (27568 bytes)
Hash
924e967bca1d599992556a8d139b1c5a
222b09dbf164ddc03d39100fd0524a22018d28b2
ac84c2f8288b59f8e04ba77287ce696052bfeee0d462a566d94dc305df646c95

HTTP Headers

GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 02 Dec 2023 14:36:18 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: max-age=14400
X-Request-ID: ed27bb14c3efc1d5642b030806088f56
Strict-Transport-Security: max-age=0; includeSubdomains
CF-Cache-Status: EXPIRED
Last-Modified: Sat, 02 Dec 2023 14:36:18 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2u6wGkZlbF84VSd1DNm45N87r1qiXQ3ykD%2BUq0DSKkMAETpgRMKjiXXoCGVi%2BNQnBLHbPQYUipj5Fdg66pkhYvP8mPeXEeczbn3poDMhOzB%2Fw%2FhM2jnX3tbNJp6H%2Bo55lzaokvk%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 82f44d279fb0b51b-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

pluralpeachy.com/watch.811247300189.js?key=539d71c7c61ed9e36ed1dd6ab6acffc8&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%2C%22porn%22%2C%22pictures%22%2C%22and%22%2C%22xxx%22%2C%22galleries%22%5D&refer=http%3A%2F%2Ftop1pornmovies.sexjanet.com%2F&tz=0&dev=e&res=14.3093&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1&shu=aa0268770852b81f499a49d8222c81babc014be5567719272cc74b6fcf1b116e0c8aa2dfe858a8c5d16e4c844979bdc14a9dc28fc737265cfddfc75352584e872c3662d41a78b553ec7e168d5aee9ab36d61c6e9de04bc1de82d8fb492633420&pst=1701527838&rmtc=t

173.233.137.60

2.1 kB

URL
pluralpeachy.com/watch.811247300189.js?key=539d71c7c61ed9e36ed1dd6ab6acffc8&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%2C%22porn%22%2C%22pictures%22%2C%22and%22%2C%22xxx%22%2C%22galleries%22%5D&refer=http%3A%2F%2Ftop1pornmovies.sexjanet.com%2F&tz=0&dev=e&res=14.3093&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1&shu=aa0268770852b81f499a49d8222c81babc014be5567719272cc74b6fcf1b116e0c8aa2dfe858a8c5d16e4c844979bdc14a9dc28fc737265cfddfc75352584e872c3662d41a78b553ec7e168d5aee9ab36d61c6e9de04bc1de82d8fb492633420&pst=1701527838&rmtc=t
IP
173.233.137.60:0
ASN
#7979 SERVERS-COM

File type
HTML document, ASCII text, with very long lines (2568)
Size
2.1 kB (2077 bytes)
Hash
98f6a91aa6847c8df40a64f2887cd1e1
8e226c054e1f1039fe9d27afae3e508b18647aae
cc908c9e15f0250f62bfaf5c0183d78cf1813f8693aee4ef1a2aa62abffb7162

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.811247300189.js?key=539d71c7c61ed9e36ed1dd6ab6acffc8&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%2C%22porn%22%2C%22pictures%22%2C%22and%22%2C%22xxx%22%2C%22galleries%22%5D&refer=http%3A%2F%2Ftop1pornmovies.sexjanet.com%2F&tz=0&dev=e&res=14.3093&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1&shu=aa0268770852b81f499a49d8222c81babc014be5567719272cc74b6fcf1b116e0c8aa2dfe858a8c5d16e4c844979bdc14a9dc28fc737265cfddfc75352584e872c3662d41a78b553ec7e168d5aee9ab36d61c6e9de04bc1de82d8fb492633420&pst=1701527838&rmtc=t HTTP/1.1
Host: pluralpeachy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://top1pornmovies.sexjanet.com
Referer: http://top1pornmovies.sexjanet.com/
DNT: 1
Connection: keep-alive
Cookie: u_pl=17743402; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzc0MzQwMiwiayI6IjUzOWQ3MWM3YzYxZWQ5ZTM2ZWQxZGQ2YWI2YWNmZmM4Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNTAzNjQ5LCJwaWQiOjI4ODQzNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjo1LCJwdCI6NCwicGsiOiJ4M2J0dWpzdWsiLCJjcGtzIjp7IjI5IjoiZDgyOTQxODg4Y2E4MGI1ZTAyNGM0ZDBhN2NhYjA0NDAifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly90b3AxcG9ybm1vdmllcy5zZXhqYW5ldC5jb20vIiwiYXIiOltdfX0.1HCEvnPrw8aw4oGMBn0zQSZghV1ECQgmUdSYy5NDJqc
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 14:36:18 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://top1pornmovies.sexjanet.com
Access-Control-Allow-Origin: http://top1pornmovies.sexjanet.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=c183314b-18db-4311-b819-cf40836c4c8a:2:1; expires=Sat, 09 Dec 2023 14:36:18 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 03 Dec 2023 14:36:18 GMT; secure; SameSite=None
uncs=1; expires=Sun, 03 Dec 2023 14:36:18 GMT; secure; SameSite=None
pdhtkv5=true; expires=Sun, 03 Dec 2023 14:36:18 GMT; secure; SameSite=None
uncs5=1; expires=Sun, 03 Dec 2023 14:36:18 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1d2d2042ee8aaf21fd33027ae2cbcd85
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

static.eabids.com/data/bannerpools/112022/33916.jpg

217.22.19.195

65 kB

URL
static.eabids.com/data/bannerpools/112022/33916.jpg
IP
217.22.19.195:0
ASN
#42567 Mojohost B.v.

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 300x250, components 3\012- data
Size
65 kB (64855 bytes)
Hash
f00251f4cdb98d2647186b8687e962aa
0fe8ceb8d60b00b8941896d7b93bc4aa6630b5a0
b0b30e324f1e14b26a9ef248b22540a044108bb3cc5f6c0fadea8a2e0a73d76a

HTTP Headers

GET /data/bannerpools/112022/33916.jpg HTTP/1.1
Host: static.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://go.eabids.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:18 GMT
Content-Type: image/jpeg
Content-Length: 64855
Last-Modified: Thu, 28 Apr 2022 13:46:30 GMT
Connection: keep-alive
ETag: "626a9ab6-fd57"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Backend-Server: nl2-static-221
Accept-Ranges: bytes

impolitefreakish.com/ren.gif?sid=H4sIAAAAAAAC%2F1SSz4scRRTHq%2BOKhyD%2BQAQPwoCCCu5s9UxPtic5GGNMCMYkJpFcrV89W5nqrqaqe3qyhxAMSI7jzYOHnu9ssqhRzMGTSmTWiywIGQ%2B6iHvwDxBFCHiT2R1ZfId6Pz7v8N731QfjcpeEKNnOhbftujaGrXSatPHyFZ1JW%2FnGucuNkDbpscYVnR2JjjWG88cNjoa006SvNE4r0bcrLRpSGtKwcUo7ldjhyh6Fzu92w2aXNqNWM%2BxEGLr%2F574M4FkAOdglT0PL2aNrP9yDFlNk6Zcnle8XNn%2F1zbQ0rLAOA7n5btbPbJUhPQgTFyDJNhfdsH5GyEeHYLPNxQawg435BuB6RoKfQ%2FBsczEm%2BOD2%2FqTcQGXg8jCqwRTKTKHZFMLehJYPCCAkzp1Hlt45Z13Fru1TNqczsvTwb%2BhqRpZ%2BewZZ%2BsUJo4eNS9aUhbaZxzCpoYdT6N4UebmFYj2ArrYgiveh5Y9k5eFZZOnGeW8stNx5UYRxux1GfDmMJV%2BO2mG4zOOwuyySiMbtIyISMduTSOspdDKFUSMwfwilD1DqAGUSoMwDpHKnwTrdhNLVhCftdhwJIdptITrxEdmR7ShOKEox32GEIh9BmBGEu4Hc3UBfj%2BDK7%2BDXanj5GHwxI8E71zGQNSpFUHmCihFUmqAqCKpBfVsa3%2FL1HWl8ycOFby18u57Yojdmt23RUxkBc6NxvkuemgsYPKFz9NVOQ8atbhTGcSxYTHlH0VYkIknZqmCcRhGF1zW0PwTmA6zrGXn2rzFyPSNLyVfgbAvebEHoJ8HK58GqyWqLgq1NophiPfucS5%2F2mDG%2BmakC0tbIiyUU14Kx2SXP7V3y9B%2B%2FQInt44e%2FuXr9n19fgHA1clfjqv6eoGduTS7aimxctJUn987nhU71Optf%2BVLBCrX06VvqWmWdPHPSjz55XczBPLx7WfniLMukznqefHZCS6ncKeuEIt%2Be8VcUv1D6tROly8r87IU3Tp1Jc6e81zabgukH792H0DPy%2BNcf7%2F3fl3aPQrspXFkjLbfJwqDtFkR%2BAz7fPv5fzVsCZw56eB6gKuuJa%2FGDotEERh3kjNfw6kACrrbv%2F7nPxv4Wei4AK24iS2sMXI2BqcHMCL58ZFLkbvu1n9p7Bm6CCTcu2ODGmQ%2F3pfV6p6E6CU0UbSmedHmyyqjsJlGXs26oVnmHhSj8TPWP%2F%2F4vAAAA%2F%2F8BAAD%2F%2FzS72J2XBAAA

173.233.139.164

7 B

URL
impolitefreakish.com/ren.gif?sid=H4sIAAAAAAAC%2F1SSz4scRRTHq%2BOKhyD%2BQAQPwoCCCu5s9UxPtic5GGNMCMYkJpFcrV89W5nqrqaqe3qyhxAMSI7jzYOHnu9ssqhRzMGTSmTWiywIGQ%2B6iHvwDxBFCHiT2R1ZfId6Pz7v8N731QfjcpeEKNnOhbftujaGrXSatPHyFZ1JW%2FnGucuNkDbpscYVnR2JjjWG88cNjoa006SvNE4r0bcrLRpSGtKwcUo7ldjhyh6Fzu92w2aXNqNWM%2BxEGLr%2F574M4FkAOdglT0PL2aNrP9yDFlNk6Zcnle8XNn%2F1zbQ0rLAOA7n5btbPbJUhPQgTFyDJNhfdsH5GyEeHYLPNxQawg435BuB6RoKfQ%2FBsczEm%2BOD2%2FqTcQGXg8jCqwRTKTKHZFMLehJYPCCAkzp1Hlt45Z13Fru1TNqczsvTwb%2BhqRpZ%2BewZZ%2BsUJo4eNS9aUhbaZxzCpoYdT6N4UebmFYj2ArrYgiveh5Y9k5eFZZOnGeW8stNx5UYRxux1GfDmMJV%2BO2mG4zOOwuyySiMbtIyISMduTSOspdDKFUSMwfwilD1DqAGUSoMwDpHKnwTrdhNLVhCftdhwJIdptITrxEdmR7ShOKEox32GEIh9BmBGEu4Hc3UBfj%2BDK7%2BDXanj5GHwxI8E71zGQNSpFUHmCihFUmqAqCKpBfVsa3%2FL1HWl8ycOFby18u57Yojdmt23RUxkBc6NxvkuemgsYPKFz9NVOQ8atbhTGcSxYTHlH0VYkIknZqmCcRhGF1zW0PwTmA6zrGXn2rzFyPSNLyVfgbAvebEHoJ8HK58GqyWqLgq1NophiPfucS5%2F2mDG%2BmakC0tbIiyUU14Kx2SXP7V3y9B%2B%2FQInt44e%2FuXr9n19fgHA1clfjqv6eoGduTS7aimxctJUn987nhU71Optf%2BVLBCrX06VvqWmWdPHPSjz55XczBPLx7WfniLMukznqefHZCS6ncKeuEIt%2Be8VcUv1D6tROly8r87IU3Tp1Jc6e81zabgukH792H0DPy%2BNcf7%2F3fl3aPQrspXFkjLbfJwqDtFkR%2BAz7fPv5fzVsCZw56eB6gKuuJa%2FGDotEERh3kjNfw6kACrrbv%2F7nPxv4Wei4AK24iS2sMXI2BqcHMCL58ZFLkbvu1n9p7Bm6CCTcu2ODGmQ%2F3pfV6p6E6CU0UbSmedHmyyqjsJlGXs26oVnmHhSj8TPWP%2F%2F4vAAAA%2F%2F8BAAD%2F%2FzS72J2XBAAA
IP
173.233.139.164:0
ASN
#7979 SERVERS-COM

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1SSz4scRRTHq%2BOKhyD%2BQAQPwoCCCu5s9UxPtic5GGNMCMYkJpFcrV89W5nqrqaqe3qyhxAMSI7jzYOHnu9ssqhRzMGTSmTWiywIGQ%2B6iHvwDxBFCHiT2R1ZfId6Pz7v8N731QfjcpeEKNnOhbftujaGrXSatPHyFZ1JW%2FnGucuNkDbpscYVnR2JjjWG88cNjoa006SvNE4r0bcrLRpSGtKwcUo7ldjhyh6Fzu92w2aXNqNWM%2BxEGLr%2F574M4FkAOdglT0PL2aNrP9yDFlNk6Zcnle8XNn%2F1zbQ0rLAOA7n5btbPbJUhPQgTFyDJNhfdsH5GyEeHYLPNxQawg435BuB6RoKfQ%2FBsczEm%2BOD2%2FqTcQGXg8jCqwRTKTKHZFMLehJYPCCAkzp1Hlt45Z13Fru1TNqczsvTwb%2BhqRpZ%2BewZZ%2BsUJo4eNS9aUhbaZxzCpoYdT6N4UebmFYj2ArrYgiveh5Y9k5eFZZOnGeW8stNx5UYRxux1GfDmMJV%2BO2mG4zOOwuyySiMbtIyISMduTSOspdDKFUSMwfwilD1DqAGUSoMwDpHKnwTrdhNLVhCftdhwJIdptITrxEdmR7ShOKEox32GEIh9BmBGEu4Hc3UBfj%2BDK7%2BDXanj5GHwxI8E71zGQNSpFUHmCihFUmqAqCKpBfVsa3%2FL1HWl8ycOFby18u57Yojdmt23RUxkBc6NxvkuemgsYPKFz9NVOQ8atbhTGcSxYTHlH0VYkIknZqmCcRhGF1zW0PwTmA6zrGXn2rzFyPSNLyVfgbAvebEHoJ8HK58GqyWqLgq1NophiPfucS5%2F2mDG%2BmakC0tbIiyUU14Kx2SXP7V3y9B%2B%2FQInt44e%2FuXr9n19fgHA1clfjqv6eoGduTS7aimxctJUn987nhU71Optf%2BVLBCrX06VvqWmWdPHPSjz55XczBPLx7WfniLMukznqefHZCS6ncKeuEIt%2Be8VcUv1D6tROly8r87IU3Tp1Jc6e81zabgukH792H0DPy%2BNcf7%2F3fl3aPQrspXFkjLbfJwqDtFkR%2BAz7fPv5fzVsCZw56eB6gKuuJa%2FGDotEERh3kjNfw6kACrrbv%2F7nPxv4Wei4AK24iS2sMXI2BqcHMCL58ZFLkbvu1n9p7Bm6CCTcu2ODGmQ%2F3pfV6p6E6CU0UbSmedHmyyqjsJlGXs26oVnmHhSj8TPWP%2F%2F4vAAAA%2F%2F8BAAD%2F%2FzS72J2XBAAA HTTP/1.1
Host: impolitefreakish.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Cookie: u_pl=17787248; uid_id2=c183314b-18db-4311-b819-cf40836c4c8a:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 14:36:18 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 39c157b28c06f21a94424b4abc598621
Strict-Transport-Security: max-age=0; includeSubdomains

biptolyla.com/auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R

188.72.219.36

0 B

URL
biptolyla.com/auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R
IP
188.72.219.36:0
ASN
#35415 Webzilla B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R HTTP/1.1
Host: biptolyla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://top1pornmovies.sexjanet.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Sat, 02 Dec 2023 14:36:18 GMT
content-type: application/javascript
content-length: 0
expires: Mon, 26 Jul 2011 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-WoW64
X-Firefox-Spdy: h2

biptolyla.com/auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R

188.72.219.36

0 B

URL
biptolyla.com/auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R
IP
188.72.219.36:0
ASN
#35415 Webzilla B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /auW.ZNyzQu2r9FkyZnT/9U6gbE2C5mlFS/WvQT9RNPDlE/4OMrjrk/0HN/Cc0N0/MLT/g/yNOkTTQK1ZJPnEB-1KcV2-hiaRbO2/5/lGS/WeQs9iNIDeEZ4rMtjTkS0/NVCI0R0UMWT/gwy/OlTQQ/1R HTTP/1.1
Host: biptolyla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://top1pornmovies.sexjanet.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Sat, 02 Dec 2023 14:36:18 GMT
content-type: application/javascript
content-length: 0
expires: Mon, 26 Jul 2011 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-WoW64
X-Firefox-Spdy: h2

dragnag.com/watch.1353825216675.js?key=11115435c35e6b966b90a5f936e0edcc&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%2C%22porn%22%2C%22pictures%22%2C%22and%22%2C%22xxx%22%2C%22galleries%22%5D&refer=http%3A%2F%2Ftop1pornmovies.sexjanet.com%2F&tz=0&dev=e&res=14.3093&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1&shu=dd0cb675388efe92cb0ca4c91c420f31f94428c412c6f5d46c701103d4119cd4f6ba4f4776b398c11ecab0cd39ed7bca61993a4e49c391820d155b55e7a8b0f2ab5046aa98c240d2a740036e16e838d5e223b166288b0fdf99e88acb86&pst=1701527838&rmtc=t

192.243.61.225

2.1 kB

URL
dragnag.com/watch.1353825216675.js?key=11115435c35e6b966b90a5f936e0edcc&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%2C%22porn%22%2C%22pictures%22%2C%22and%22%2C%22xxx%22%2C%22galleries%22%5D&refer=http%3A%2F%2Ftop1pornmovies.sexjanet.com%2F&tz=0&dev=e&res=14.3093&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1&shu=dd0cb675388efe92cb0ca4c91c420f31f94428c412c6f5d46c701103d4119cd4f6ba4f4776b398c11ecab0cd39ed7bca61993a4e49c391820d155b55e7a8b0f2ab5046aa98c240d2a740036e16e838d5e223b166288b0fdf99e88acb86&pst=1701527838&rmtc=t
IP
192.243.61.225:0
ASN
#39572 DataWeb Global Group B.V.

File type
HTML document, ASCII text, with very long lines (2565)
Size
2.1 kB (2064 bytes)
Hash
525f82662d0a01d3f7f6453480224758
b7f21bc78962521b9929ea8b0abc1f74a219ca8e
e0f6e42c218aeb71fe8bce8da80d61ed5aba43f92893d4dfffef5b9b9496fcc7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1353825216675.js?key=11115435c35e6b966b90a5f936e0edcc&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%2C%22porn%22%2C%22pictures%22%2C%22and%22%2C%22xxx%22%2C%22galleries%22%5D&refer=http%3A%2F%2Ftop1pornmovies.sexjanet.com%2F&tz=0&dev=e&res=14.3093&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1&shu=dd0cb675388efe92cb0ca4c91c420f31f94428c412c6f5d46c701103d4119cd4f6ba4f4776b398c11ecab0cd39ed7bca61993a4e49c391820d155b55e7a8b0f2ab5046aa98c240d2a740036e16e838d5e223b166288b0fdf99e88acb86&pst=1701527838&rmtc=t HTTP/1.1
Host: dragnag.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://top1pornmovies.sexjanet.com
Referer: http://top1pornmovies.sexjanet.com/
DNT: 1
Connection: keep-alive
Cookie: u_pl=17763957; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzc2Mzk1NywiayI6IjExMTE1NDM1YzM1ZTZiOTY2YjkwYTVmOTM2ZTBlZGNjIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxOTU5OTYxLCJwaWQiOjI4ODQzNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjo1LCJwdCI6NCwicGsiOiJkNXdyanVydCIsImNwa3MiOnsiMjkiOiI4ZjlmYzY3ZTNiNWIzNjhmMWM3MmM5YmVkNDNhMGY0MSJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cDovL3RvcDFwb3JubW92aWVzLnNleGphbmV0LmNvbS8iLCJhciI6W119fQ.9LfKaLaGzJMdyf2clAdjqu4Ue4HGL_OZVtnjKJKJg6I
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 14:36:18 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://top1pornmovies.sexjanet.com
Access-Control-Allow-Origin: http://top1pornmovies.sexjanet.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=c183314b-18db-4311-b819-cf40836c4c8a:2:1; expires=Sat, 09 Dec 2023 14:36:18 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 03 Dec 2023 14:36:18 GMT; secure; SameSite=None
uncs=1; expires=Sun, 03 Dec 2023 14:36:18 GMT; secure; SameSite=None
pdhtkv5=true; expires=Sun, 03 Dec 2023 14:36:18 GMT; secure; SameSite=None
uncs5=1; expires=Sun, 03 Dec 2023 14:36:18 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 49394681e70459799b0c22bdf9cec7c9
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

static.eabids.com/data/bannerpools/112022/33910.gif

217.22.19.195

152 kB

URL
static.eabids.com/data/bannerpools/112022/33910.gif
IP
217.22.19.195:0
ASN
#42567 Mojohost B.v.

File type
GIF image data, version 89a, 300 x 250\012- data
Size
152 kB (152504 bytes)
Hash
c774723edb868b24964a19fee64c1b07
c4aa3f9766d01377c56b62f2eeb231e498e0d162
955a2a678149cbc95b2ab9cd2c4cf3ebec6de1b900eb22c89b4d02617835ca92

HTTP Headers

GET /data/bannerpools/112022/33910.gif HTTP/1.1
Host: static.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://go.eabids.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:18 GMT
Content-Type: image/gif
Content-Length: 152504
Last-Modified: Thu, 28 Apr 2022 13:46:36 GMT
Connection: keep-alive
ETag: "626a9abc-253b8"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Backend-Server: nl2-static-222
Accept-Ranges: bytes

valuermainly.com/watch.616756378411.js?key=c515a1f4fc3a36b04275034bdcef5c99&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%2C%22porn%22%2C%22pictures%22%2C%22and%22%2C%22xxx%22%2C%22galleries%22%5D&refer=http%3A%2F%2Ftop1pornmovies.sexjanet.com%2F&tz=0&dev=e&res=14.3093&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1&shu=4ba5d0845d9f5d54aafc738031b1743b29a795aca32363ac9d90b554b495988174e026295cd027d5225c79570551b1e2b200c0c3e17399256d8f611e8fe7d33069605c08a2c509451b3bd2e49f99b35a1e775ce6deb6db4c37722553fca9be&pst=1701527838&rmtc=t

192.243.61.225

2.1 kB

URL
valuermainly.com/watch.616756378411.js?key=c515a1f4fc3a36b04275034bdcef5c99&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%2C%22porn%22%2C%22pictures%22%2C%22and%22%2C%22xxx%22%2C%22galleries%22%5D&refer=http%3A%2F%2Ftop1pornmovies.sexjanet.com%2F&tz=0&dev=e&res=14.3093&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1&shu=4ba5d0845d9f5d54aafc738031b1743b29a795aca32363ac9d90b554b495988174e026295cd027d5225c79570551b1e2b200c0c3e17399256d8f611e8fe7d33069605c08a2c509451b3bd2e49f99b35a1e775ce6deb6db4c37722553fca9be&pst=1701527838&rmtc=t
IP
192.243.61.225:0
ASN
#39572 DataWeb Global Group B.V.

File type
HTML document, ASCII text, with very long lines (2592)
Size
2.1 kB (2096 bytes)
Hash
8229a0f27d3093723ccb07ad0b0eb43f
2875f81534a972834e1482349d7bc70a73d01ec4
ed749c7881264e9c4e01030dfe44853700b7b1402a67f9b1a2e81970c1ea5869

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.616756378411.js?key=c515a1f4fc3a36b04275034bdcef5c99&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%2C%22porn%22%2C%22pictures%22%2C%22and%22%2C%22xxx%22%2C%22galleries%22%5D&refer=http%3A%2F%2Ftop1pornmovies.sexjanet.com%2F&tz=0&dev=e&res=14.3093&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1&shu=4ba5d0845d9f5d54aafc738031b1743b29a795aca32363ac9d90b554b495988174e026295cd027d5225c79570551b1e2b200c0c3e17399256d8f611e8fe7d33069605c08a2c509451b3bd2e49f99b35a1e775ce6deb6db4c37722553fca9be&pst=1701527838&rmtc=t HTTP/1.1
Host: valuermainly.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://top1pornmovies.sexjanet.com
Referer: http://top1pornmovies.sexjanet.com/
DNT: 1
Connection: keep-alive
Cookie: u_pl=17787248,17763945; uid_id2=c183314b-18db-4311-b819-cf40836c4c8a:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzc2Mzk0NSwiayI6ImM1MTVhMWY0ZmMzYTM2YjA0Mjc1MDM0YmRjZWY1Yzk5Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxOTU5OTYyLCJwaWQiOjI4ODQzNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjo1LCJwdCI6NCwicGsiOiJ3YWN0dWZ6ZGFkIiwiY3BrcyI6eyIyOSI6IjI4ODUzMzkyYTc2YTE0YjE0MjY5OTFiNmRlZjIyNDNiIn0sInQiOjF9LCJ1Ijp7InUiOjIsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwOi8vdG9wMXBvcm5tb3ZpZXMuc2V4amFuZXQuY29tLyIsImFyIjpbXX19.z6XRFODImIqPRuj3HjoX9d4OVLPZvhr3tkNkkz7Cfxk
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 14:36:18 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://top1pornmovies.sexjanet.com
Access-Control-Allow-Origin: http://top1pornmovies.sexjanet.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=c183314b-18db-4311-b819-cf40836c4c8a:2:1; expires=Sat, 09 Dec 2023 14:36:18 GMT; secure; SameSite=None
uncs=2; expires=Sun, 03 Dec 2023 14:36:18 GMT; secure; SameSite=None
pdhtkv5=true; expires=Sun, 03 Dec 2023 14:36:18 GMT; secure; SameSite=None
uncs5=1; expires=Sun, 03 Dec 2023 14:36:18 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8ba7a609f7ef22561db351a6f1688476
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

explosivegleameddesigner.com/sbar.json?key=8f9fc67e3b5b368f1c72c9bed43a0f41&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1

192.243.59.20

4.2 kB

URL
explosivegleameddesigner.com/sbar.json?key=8f9fc67e3b5b368f1c72c9bed43a0f41&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1
IP
192.243.59.20:0
ASN
#39572 DataWeb Global Group B.V.

File type
JSON data\012- , ASCII text, with very long lines (5969), with no line terminators
Size
4.2 kB (4191 bytes)
Hash
d7efe289aba1600ff9b68c9e3dc956c3
21bcea50cd8e2a9e68a33bab55a7217c4c243bac
08fa954c4cf84f81b2f48b4f953f9b0c2e4d5259f229506251efee26e3334edd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sbar.json?key=8f9fc67e3b5b368f1c72c9bed43a0f41&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1 HTTP/1.1
Host: explosivegleameddesigner.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://top1pornmovies.sexjanet.com
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 02 Dec 2023 14:36:18 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://top1pornmovies.sexjanet.com
Access-Control-Allow-Origin: http://top1pornmovies.sexjanet.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17787247; expires=Sun, 03 Dec 2023 14:36:17 GMT; secure; SameSite=None
uid_id2=c183314b-18db-4311-b819-cf40836c4c8a:2:1; expires=Sat, 09 Dec 2023 14:36:17 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 03 Dec 2023 14:36:18 GMT; secure; SameSite=None
uncs=1; expires=Sun, 03 Dec 2023 14:36:18 GMT; secure; SameSite=None
pdhtkv29=true; expires=Sun, 03 Dec 2023 14:36:18 GMT; secure; SameSite=None
uncs29=1; expires=Sun, 03 Dec 2023 14:36:18 GMT; secure; SameSite=None
slec8f9fc67e3b5b368f1c72c9bed43a0f41=[4714200]; expires=Sat, 02 Dec 2023 14:36:23 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4b950da2f9a665a6eed60da7d52ed0a3
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

creative.mnaspm.com/widgets/v4/Universal/main.672e6e87c69b0c60653e.css

104.18.59.150

6.0 kB

URL
creative.mnaspm.com/widgets/v4/Universal/main.672e6e87c69b0c60653e.css
IP
104.18.59.150:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (13396), with no line terminators
Size
6.0 kB (5960 bytes)
Hash
d55b785d72863fbb8425a36b7d675ec2
546cda15b6fb2a67ce1f102dc82eefb6f749f9c3
a4d09f6a50b6d96e7f22ab12f406dcf44be0d815105018cc5c7f1105fbf597f7

HTTP Headers

GET /widgets/v4/Universal/main.672e6e87c69b0c60653e.css HTTP/1.1
Host: creative.mnaspm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://creative.mnaspm.com/widgets/v4/Universal?action=sbSignupWithModel&campaignId=0344371630277140d4e6e843762bdf964d4ae7bf351771961595fbde6c2ada11&campaignType=smartpop&creativeId=d61a8beea3946d486612a3452b3d53ba84299ee51efd9260534d85230347af08&iterationId=765917&masterSmartpopId=1914&memberId=F7dSn9yoBDtw0ZqlHnT-q4Lg0wAMBU4elDCgMQG1y4rLPH67YnuCQ784slOaXxoWQFZJWYhvYY3Gl2EK5jIEyvFsoWG5ZJvmF4DnePFDp-8YBrZ4_gUIDRUi&mlView=1&p1=4359545&quality=240p&ruleId=17&smartpopId=1793&sourceId=477848&usePreroll=0&userId=d100f7df1b38527c59f2a01ce658dbfb8b696949c12c1469164f408167d4a1ca&variationId=32246&webp=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 02 Dec 2023 14:36:18 GMT
content-type: text/css
last-modified: Thu, 30 Nov 2023 11:58:38 GMT
etag: W/"656878ee-3454"
expires: Sat, 02 Dec 2023 14:36:19 GMT
cache-control: max-age=10
pragma: public
cf-cache-status: HIT
age: 7
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f44d27cbc55691-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

friendshipmale.com/sfp.js

104.21.234.32

28 kB

URL
friendshipmale.com/sfp.js
IP
104.21.234.32:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Size
28 kB (27568 bytes)
Hash
924e967bca1d599992556a8d139b1c5a
222b09dbf164ddc03d39100fd0524a22018d28b2
ac84c2f8288b59f8e04ba77287ce696052bfeee0d462a566d94dc305df646c95

HTTP Headers

GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 02 Dec 2023 14:36:18 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: max-age=14400
X-Request-ID: b3d4e72c2e34986bce1292efe1246009
Strict-Transport-Security: max-age=0; includeSubdomains
CF-Cache-Status: EXPIRED
Last-Modified: Sat, 02 Dec 2023 14:36:18 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G2Xmhuv62ByBGEG%2FErlGiAqYTVvR3kU6RvMDQiRykMaaB1eXkLeM0rra0aLkkt5JQ0JMSXKFOFBjiQmLzypFOEYmKvtB35DWYG9GFFun%2B7zmrmVCxVuvWjZS9p6c5c07INRXmig%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 82f44d278fab56ba-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

go.eabids.com/banner.go?spaceid=5675442&keywords=&maincat=

217.22.19.194

1.3 kB

URL
go.eabids.com/banner.go?spaceid=5675442&keywords=&maincat=
IP
217.22.19.194:0
ASN
#42567 Mojohost B.v.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1262), with no line terminators
Size
1.3 kB (1262 bytes)
Hash
1bc735abb67432b1c4c88b35a21635d1
300fd3e3b94283c2033ba663e42b2b3b697c2aca
e3d37a4414362f221feec384b2928098be43270c96768ddaf5df372c24c29651

HTTP Headers

GET /banner.go?spaceid=5675442&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:19 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 1262
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Janon, 02 12 2023 14:36:19 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
Accept-Ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
X-Backend-Server: nl2-web-201

video.ktkjmp.com/adsbygoogle.js

104.18.48.21

16 B

URL
video.ktkjmp.com/adsbygoogle.js
IP
104.18.48.21:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
16 B (16 bytes)
Hash
3d7f7a60216d40dea48e495fef6903c9
fecdb5184f55cf012563d78940eb97b10b9cc99b
96d83ac9f20fc0b88404f307f135e212642e02d6ea295c96b28aed0d771a224f

HTTP Headers

GET /adsbygoogle.js HTTP/1.1
Host: video.ktkjmp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.mnaspm.com/
Origin: https://creative.mnaspm.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:19 GMT
content-type: application/javascript
content-length: 16
x-amz-id-2: eOt3YX0Nm2YrsRFghHjY+ldPpZhMsRS8Tg9HXo+sQY2MfQ8piotah5MMqRgsIwcNTLmVbQ2iqoU=
x-amz-request-id: Y49M74J1R1NSP1TJ
last-modified: Thu, 10 Mar 2022 13:52:07 GMT
etag: "3d7f7a60216d40dea48e495fef6903c9"
x-amz-meta-s3cmd-attrs: atime:1646920284/ctime:1646920283/gid:20/gname:staff/md5:3d7f7a60216d40dea48e495fef6903c9/mode:33188/mtime:1646920283/uid:501/uname:mikhailchubar
x-amz-version-id: eIgLIBoMMcsEXtxOH6UDjWyfAquRpkIG
access-control-allow-origin: https://creative.mnaspm.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: HIT
age: 1901
expires: Sat, 02 Dec 2023 18:36:19 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f44d2c1a155685-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

comedianthirteenth.com/539d71c7c61ed9e36ed1dd6ab6acffc8/invoke.js

173.233.137.52

11 kB

URL
comedianthirteenth.com/539d71c7c61ed9e36ed1dd6ab6acffc8/invoke.js
IP
173.233.137.52:0
ASN
#7979 SERVERS-COM

File type
exported SGML document, ASCII text, with very long lines (29644), with no line terminators
Size
11 kB (10943 bytes)
Hash
466f0551c36b6ad4bef0a0c12a383f85
3463ce48c86d2605474fd4130a30b359fee76bcc
c30c464e82a03e732a8b4888ba933fa3c97a73c0a9f5c9086b94d2c38c8eaa6f

HTTP Headers

GET /539d71c7c61ed9e36ed1dd6ab6acffc8/invoke.js HTTP/1.1
Host: comedianthirteenth.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 14:36:19 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a20d8a7f5662e2375a4ac9e57af0fd61
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

divedresign.com/ren.gif?sid=H4sIAAAAAAAC%2F1RST4gcxReu3t%2F%2B8BDEP3jJITCgoII72z3dszudHIwxJgRjEpNIrta%2F3q1MdVdT1T092UMIRiTH8ebBQ883m12jQczBk0pk1ossCBkPuoh78ORJBCHgTWZ2ZPEd6r33fe%2Fwvq%2FeB8NynwQo6d6lt8yG0pout5t%2B46VrKhOmco0LVxuB3%2FRPNK6pbCU60ehPH9s7Hvjtpv9y46zkXbPc8gPfD%2FygcUZZmZj%2B8oyFyu%2FHQTP2m1GrGbQj9O1%2Fe1cuwNEFiN4%2BeRZKTP6%2F%2Fv0DKD5Gln5xWrpuYfJX3khLTQtj0RPb72TdzFQZ0sMysR6SbHs%2BDeMmhHy0AJNtzxXA9DanCsDUhHg%2FBWDZ9nxNsN7dg02ZhszAxBFUvTGkHkPRMbi5DSUeEYALXLiILN26YGxFbxywdMpOyOLjv6CqCVn89Tlk6eentOo3rhhdFspkDv2khuqPodbGyMsdFBseVLUDXrwHJX4gy4%2FPI0s3LzptoMTeCzzohGEQsaWgI9hSFAbBEusE8RJPIr8TrvCId%2BjMIqXGUMkYWg5A3QJK56FUHsrEQ5l7SMVeg7bjxPdXE5aEYSfinIch5%2B3OimiLMOokPko%2B1TBAkQ%2FA9QDcvr%2BVi%2FWi29ssbCk3y4y7YfDJAdSKZ%2BDWFGzFwwC5vYWuGsCW38Kt13DiCbhiQry3b6InalSSoHIEFSWoFEFVEFS9%2Bq7QruXqLaFdyYJ5bs1zWI9MsTakd02xJjMCagfDfJ88M7Xae0oZdOVeo5PECV9ZlSFrs3ClkwR8tcVjJkUUUj%2BJAjhVQ7kFUOdhQ03Isd%2BPIlcTsph8CUZ34PQOuHoatDwGWo1WWz7o%2Bijq%2BNjI7vWpum6a3KQQpkZeLKK44Q31Pjk6%2B%2B%2Bzf%2FwMyXdPHvn6%2Bs2%2Ff3ke3NbIbY3r6juCNX1ndNlUZPOyqRx5cDEvVKo26PQWrhS0kIufvilvVMaKc6fd4N5rfEpMy%2FtXpSvO00yobM2Rz04pIaQ9YyyX5Jtz7ppkl0q3fqq0WZmfv%2FT6mXNpbqVzymRjUPXo3YfgakKe%2FOrj2ZW%2FuH8cyo5hyxppuUvmAWV2wPNbcPnuyX8xZwisPpxhuYeqrEe2xQ5BrQi0POwpq%2BHkoQVM7j7884AbujtYsx5ocRtZWqNna%2FR0DaoHcOX%2FRkVud1%2F9MZwFmPZGTFtvk2mrPzyw1qm9hmwnfiL9lmRJzJJV6os4iWJG40CusjYNULiJ7J787R8AAAD%2F%2FwEAAP%2F%2FnXK9V70EAAA%3D

192.243.59.13

7 B

URL
divedresign.com/ren.gif?sid=H4sIAAAAAAAC%2F1RST4gcxReu3t%2F%2B8BDEP3jJITCgoII72z3dszudHIwxJgRjEpNIrta%2F3q1MdVdT1T092UMIRiTH8ebBQ883m12jQczBk0pk1ossCBkPuoh78ORJBCHgTWZ2ZPEd6r33fe%2Fwvq%2FeB8NynwQo6d6lt8yG0pout5t%2B46VrKhOmco0LVxuB3%2FRPNK6pbCU60ehPH9s7Hvjtpv9y46zkXbPc8gPfD%2FygcUZZmZj%2B8oyFyu%2FHQTP2m1GrGbQj9O1%2Fe1cuwNEFiN4%2BeRZKTP6%2F%2Fv0DKD5Gln5xWrpuYfJX3khLTQtj0RPb72TdzFQZ0sMysR6SbHs%2BDeMmhHy0AJNtzxXA9DanCsDUhHg%2FBWDZ9nxNsN7dg02ZhszAxBFUvTGkHkPRMbi5DSUeEYALXLiILN26YGxFbxywdMpOyOLjv6CqCVn89Tlk6eentOo3rhhdFspkDv2khuqPodbGyMsdFBseVLUDXrwHJX4gy4%2FPI0s3LzptoMTeCzzohGEQsaWgI9hSFAbBEusE8RJPIr8TrvCId%2BjMIqXGUMkYWg5A3QJK56FUHsrEQ5l7SMVeg7bjxPdXE5aEYSfinIch5%2B3OimiLMOokPko%2B1TBAkQ%2FA9QDcvr%2BVi%2FWi29ssbCk3y4y7YfDJAdSKZ%2BDWFGzFwwC5vYWuGsCW38Kt13DiCbhiQry3b6InalSSoHIEFSWoFEFVEFS9%2Bq7QruXqLaFdyYJ5bs1zWI9MsTakd02xJjMCagfDfJ88M7Xae0oZdOVeo5PECV9ZlSFrs3ClkwR8tcVjJkUUUj%2BJAjhVQ7kFUOdhQ03Isd%2BPIlcTsph8CUZ34PQOuHoatDwGWo1WWz7o%2Bijq%2BNjI7vWpum6a3KQQpkZeLKK44Q31Pjk6%2B%2B%2Bzf%2FwMyXdPHvn6%2Bs2%2Ff3ke3NbIbY3r6juCNX1ndNlUZPOyqRx5cDEvVKo26PQWrhS0kIufvilvVMaKc6fd4N5rfEpMy%2FtXpSvO00yobM2Rz04pIaQ9YyyX5Jtz7ppkl0q3fqq0WZmfv%2FT6mXNpbqVzymRjUPXo3YfgakKe%2FOrj2ZW%2FuH8cyo5hyxppuUvmAWV2wPNbcPnuyX8xZwisPpxhuYeqrEe2xQ5BrQi0POwpq%2BHkoQVM7j7884AbujtYsx5ocRtZWqNna%2FR0DaoHcOX%2FRkVud1%2F9MZwFmPZGTFtvk2mrPzyw1qm9hmwnfiL9lmRJzJJV6os4iWJG40CusjYNULiJ7J787R8AAAD%2F%2FwEAAP%2F%2FnXK9V70EAAA%3D
IP
192.243.59.13:0
ASN
#39572 DataWeb Global Group B.V.

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1RST4gcxReu3t%2F%2B8BDEP3jJITCgoII72z3dszudHIwxJgRjEpNIrta%2F3q1MdVdT1T092UMIRiTH8ebBQ883m12jQczBk0pk1ossCBkPuoh78ORJBCHgTWZ2ZPEd6r33fe%2Fwvq%2FeB8NynwQo6d6lt8yG0pout5t%2B46VrKhOmco0LVxuB3%2FRPNK6pbCU60ehPH9s7Hvjtpv9y46zkXbPc8gPfD%2FygcUZZmZj%2B8oyFyu%2FHQTP2m1GrGbQj9O1%2Fe1cuwNEFiN4%2BeRZKTP6%2F%2Fv0DKD5Gln5xWrpuYfJX3khLTQtj0RPb72TdzFQZ0sMysR6SbHs%2BDeMmhHy0AJNtzxXA9DanCsDUhHg%2FBWDZ9nxNsN7dg02ZhszAxBFUvTGkHkPRMbi5DSUeEYALXLiILN26YGxFbxywdMpOyOLjv6CqCVn89Tlk6eentOo3rhhdFspkDv2khuqPodbGyMsdFBseVLUDXrwHJX4gy4%2FPI0s3LzptoMTeCzzohGEQsaWgI9hSFAbBEusE8RJPIr8TrvCId%2BjMIqXGUMkYWg5A3QJK56FUHsrEQ5l7SMVeg7bjxPdXE5aEYSfinIch5%2B3OimiLMOokPko%2B1TBAkQ%2FA9QDcvr%2BVi%2FWi29ssbCk3y4y7YfDJAdSKZ%2BDWFGzFwwC5vYWuGsCW38Kt13DiCbhiQry3b6InalSSoHIEFSWoFEFVEFS9%2Bq7QruXqLaFdyYJ5bs1zWI9MsTakd02xJjMCagfDfJ88M7Xae0oZdOVeo5PECV9ZlSFrs3ClkwR8tcVjJkUUUj%2BJAjhVQ7kFUOdhQ03Isd%2BPIlcTsph8CUZ34PQOuHoatDwGWo1WWz7o%2Bijq%2BNjI7vWpum6a3KQQpkZeLKK44Q31Pjk6%2B%2B%2Bzf%2FwMyXdPHvn6%2Bs2%2Ff3ke3NbIbY3r6juCNX1ndNlUZPOyqRx5cDEvVKo26PQWrhS0kIufvilvVMaKc6fd4N5rfEpMy%2FtXpSvO00yobM2Rz04pIaQ9YyyX5Jtz7ppkl0q3fqq0WZmfv%2FT6mXNpbqVzymRjUPXo3YfgakKe%2FOrj2ZW%2FuH8cyo5hyxppuUvmAWV2wPNbcPnuyX8xZwisPpxhuYeqrEe2xQ5BrQi0POwpq%2BHkoQVM7j7884AbujtYsx5ocRtZWqNna%2FR0DaoHcOX%2FRkVud1%2F9MZwFmPZGTFtvk2mrPzyw1qm9hmwnfiL9lmRJzJJV6os4iWJG40CusjYNULiJ7J787R8AAAD%2F%2FwEAAP%2F%2FnXK9V70EAAA%3D HTTP/1.1
Host: divedresign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 02 Dec 2023 14:36:19 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ac1525baa0f4c45d16951b65ed828a34
Strict-Transport-Security: max-age=0; includeSubdomains

creative.mnaspm.com/widgets/v4/Universal/lang/en.json

104.18.59.150

118 B

URL
creative.mnaspm.com/widgets/v4/Universal/lang/en.json
IP
104.18.59.150:0
ASN
#13335 CLOUDFLARENET

File type
JSON data\012- , ASCII text
Size
118 B (118 bytes)
Hash
69a54638b649d7ce4748bd42c4b6dade
a2dfe9f8791952fbc5cc44d4757b031a6cee1731
0c25fbbff92c994866041b57d519aa22aa84d55b6b31bcf681dd5b74668cb750

HTTP Headers

GET /widgets/v4/Universal/lang/en.json HTTP/1.1
Host: creative.mnaspm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.mnaspm.com/widgets/v4/Universal?action=sbSignupWithModel&campaignId=0344371630277140d4e6e843762bdf964d4ae7bf351771961595fbde6c2ada11&campaignType=smartpop&creativeId=d61a8beea3946d486612a3452b3d53ba84299ee51efd9260534d85230347af08&iterationId=765917&masterSmartpopId=1914&memberId=F7dSn9yoBDtw0ZqlHnT-q4Lg0wAMBU4elDCgMQG1y4rLPH67YnuCQ784slOaXxoWQFZJWYhvYY3Gl2EK5jIEyvFsoWG5ZJvmF4DnePFDp-8YBrZ4_gUIDRUi&mlView=1&p1=4359545&quality=240p&ruleId=17&smartpopId=1793&sourceId=477848&usePreroll=0&userId=d100f7df1b38527c59f2a01ce658dbfb8b696949c12c1469164f408167d4a1ca&variationId=32246&webp=1
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 02 Dec 2023 14:36:19 GMT
content-type: application/json
last-modified: Thu, 30 Nov 2023 11:57:19 GMT
etag: W/"6568789f-ac"
expires: Sat, 02 Dec 2023 14:36:13 GMT
cache-control: max-age=10
pragma: public
cf-cache-status: HIT
age: 9
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f44d2bcff15691-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

friendshipmale.com/sfp.js

104.21.234.32

28 kB

URL
friendshipmale.com/sfp.js
IP
104.21.234.32:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Size
28 kB (27568 bytes)
Hash
924e967bca1d599992556a8d139b1c5a
222b09dbf164ddc03d39100fd0524a22018d28b2
ac84c2f8288b59f8e04ba77287ce696052bfeee0d462a566d94dc305df646c95

HTTP Headers

GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 02 Dec 2023 14:36:19 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: max-age=14400
X-Request-ID: 2edc7b37fd3c904abf84e165c6a136c8
Strict-Transport-Security: max-age=0; includeSubdomains
CF-Cache-Status: EXPIRED
Last-Modified: Sat, 02 Dec 2023 14:36:18 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=utS3RW39pmUafoY1rFPddsWQSORg%2FfjeIHnqNI6EVg5irztxa6H%2FNlFAD0TKmwSmhQi8f%2BVomzEaaIzHjYUCSotBKB7446ecLMmYf1nMSIumCFLhkriefJyKLTSrLv6NOvzuV%2Bk%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 82f44d2beb69b51b-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

poweredby.jads.co/adshow.php?adzone=941000

185.94.236.246

1.7 kB

URL
poweredby.jads.co/adshow.php?adzone=941000
IP
185.94.236.246:0
ASN
#42567 Mojohost B.v.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (422), with CRLF, LF line terminators
Size
1.7 kB (1674 bytes)
Hash
e2727ad6d831ff93c531fee8d4728dd4
258b9f079352b39a09dc0cbcffc38f6598345f2d
0c0794ecd4ad68d10694b0cbbf553cacfb22222803bdeb4e00044bb97bfafaef

HTTP Headers

GET /adshow.php?adzone=941000 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:19 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=cbcb4b70c01430d4266d17b89742e2d1; expires=Sun, 01-Dec-2024 14:36:19 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps42=1; expires=Sun, 03-Dec-2023 14:36:19 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YToxOntpOjE2ODM0MjI7aToxNzAxNzg2OTc5O30%3D; expires=Tue, 05-Dec-2023 14:36:19 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Tue, 05-Dec-2023 14:36:19 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip

cdn.cloudimagesb.com/bi/0a/92/98/0a92983432984af43c2d9f7b44ef4345/1654688924.jpg

45.133.44.9

17 kB

URL
cdn.cloudimagesb.com/bi/0a/92/98/0a92983432984af43c2d9f7b44ef4345/1654688924.jpg
IP
45.133.44.9:0
ASN
#39572 DataWeb Global Group B.V.

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=3, resolutionunit=2], baseline, precision 8, 300x250, components 3\012- data
Size
17 kB (17350 bytes)
Hash
5b82f8d3a86401c840a877c8d42d0901
06dea70cbe880b6f30523bf624cffcdf42d0d0cf
6f04ef6143e81be3396a245c0b5cd5972762cebcb1d9eb7957e20e71e7f6741a

HTTP Headers

GET /bi/0a/92/98/0a92983432984af43c2d9f7b44ef4345/1654688924.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:19 GMT
content-type: image/jpeg
content-length: 17350
server: nginx/1.21.6
last-modified: Wed, 08 Jun 2022 11:48:51 GMT
etag: "62a08ca3-43c6"
expires: Mon, 04 Dec 2023 14:36:19 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

cdn.cloudimagesb.com/bi/e5/6e/57/e56e574880434120c77ee13127ae8928/1682677121.jpg

45.133.44.9

92 kB

URL
cdn.cloudimagesb.com/bi/e5/6e/57/e56e574880434120c77ee13127ae8928/1682677121.jpg
IP
45.133.44.9:0
ASN
#39572 DataWeb Global Group B.V.

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2], baseline, precision 8, 300x250, components 3\012- data
Size
92 kB (91889 bytes)
Hash
6de9e5bbe4e9c1a724dc7347d2cd4ac2
2da259778b7ad20fa6063faed823928f51a7ce70
6e39b66ececbfc16cd6b247906e0a927f426647dbf5af4628ce0d810cc9bddb8

HTTP Headers

GET /bi/e5/6e/57/e56e574880434120c77ee13127ae8928/1682677121.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:19 GMT
content-type: image/jpeg
content-length: 91889
server: nginx/1.21.6
last-modified: Fri, 28 Apr 2023 10:18:50 GMT
etag: "644b9d8a-166f1"
expires: Mon, 04 Dec 2023 14:36:19 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

chaturbate.com/embed/mazzanti_/?join_overlay=1&tour=dTm0&campaign=Q2cRU&disable_sound=1&mobileRedirect=auto&embed_video_only=1&id=2%7C164978%7C113814%7Cno%7C94553%7C40900043%7C5675443%7C1%7C0%7C46%7C50304%7C%2C%2C%2C%2C%2C%7C4%7C0%7C0%7C1%2C6%2C24%7C0%7C0%7Cen%7C1%7C91.90.42.154%7C0%7C0%7C0%7C0%7C3143242

104.18.100.40

28 kB

URL
chaturbate.com/embed/mazzanti_/?join_overlay=1&tour=dTm0&campaign=Q2cRU&disable_sound=1&mobileRedirect=auto&embed_video_only=1&id=2%7C164978%7C113814%7Cno%7C94553%7C40900043%7C5675443%7C1%7C0%7C46%7C50304%7C%2C%2C%2C%2C%2C%7C4%7C0%7C0%7C1%2C6%2C24%7C0%7C0%7Cen%7C1%7C91.90.42.154%7C0%7C0%7C0%7C0%7C3143242
IP
104.18.100.40:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (54753)
Size
28 kB (27455 bytes)
Hash
2d77bd0c1835e49ea87de636091bec75
2b6d631b225f842b751cbe018ef7e483bd81d156
50d7d53d4bc59ae9925dddc591c5d592cae465027fd0073b5c33d77d3735eb1c

HTTP Headers

GET /embed/mazzanti_/?join_overlay=1&tour=dTm0&campaign=Q2cRU&disable_sound=1&mobileRedirect=auto&embed_video_only=1&id=2%7C164978%7C113814%7Cno%7C94553%7C40900043%7C5675443%7C1%7C0%7C46%7C50304%7C%2C%2C%2C%2C%2C%7C4%7C0%7C0%7C1%2C6%2C24%7C0%7C0%7Cen%7C1%7C91.90.42.154%7C0%7C0%7C0%7C0%7C3143242 HTTP/1.1
Host: chaturbate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://go.eabids.com/
DNT: 1
Connection: keep-alive
Cookie: __cf_bm=oahF8zudTlZsXXjxC5Y.1uu5Hbo3W2Bo.N7iDpMTstM-1701527777-0-AZA4/FS/9UILQBWnO7tFCxwRMx+pdPx3qdGHm7B3GYZ27xe4koKzP1qmMPSd4TUC5rhqfJtTSIkvCa0GrfuLu34=
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 02 Dec 2023 14:36:18 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding, Cookie, Accept-Language
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
content-language: en
content-security-policy: default-src 'self';  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mmcdn.com https://*.static.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://ajax.googleapis.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://*.googletagmanager.com https://www.google.com/recaptcha/ https://www.google.com/cv/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/cv/ https://www.gstatic.com/eureka/ https://www.gstatic.com/cast/ https://*.nr-data.net https://certify-js.alexametrics.com https://player.vimeo.com/api/player.js https://static.hotjar.com https://script.hotjar.com ;  style-src 'self' data: 'unsafe-inline' https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://static.hotjar.com https://script.hotjar.com;  img-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://*.stream.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://*.google-analytics.com https://*.googletagmanager.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://cdnjs.cloudflare.com https://www.gstatic.com https://*.nr-data.net https://certify.alexametrics.com https://stats.g.doubleclick.net https://cbgames.s3.amazonaws.com https://player.vimeo.com https://script.hotjar.com http://script.hotjar.com ;  font-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com ;  connect-src 'self' blob: blob https://*.mmcdn.com wss://*.mmcdn.com wss://*.mmcdn.com:8443 https://*.highwebmedia.com wss://*.highwebmedia.com wss://*.highwebmedia.com:8443 https://*.nr-data.net https://*.chaturbate.com https://chaturbate.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://*.googletagmanager.com https://cbvideoupload.s3-accelerate.amazonaws.com https://stats.g.doubleclick.net https://internet-up.ably-realtime.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://tls-use1.fpapi.io https://use1.fptls.com https://eun1.fptls.com https://aps1.fptls.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com ;  media-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com mediasource: blob: data: https://storage.googleapis.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com;  object-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://download.macromedia.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ;  frame-src 'self' https://*.mmcdn.com https://*.chaturbate.com https://chaturbate.com https://*.highwebmedia.com https://adserver.exoticads.com https://www.google.com/recaptcha/ https://*.wnu.com https://wnu.com https://checkout.2000charge.com https://www.sofort.com https://*.girogate.de https://player.vimeo.com https://vars.hotjar.com https://directory-live.cb.dev https://*.web.cb.dev ;  child-src 'self' blob: blob ;  worker-src 'self' blob: blob ;  form-action 'self' https://*.chaturbate.com https://chaturbate.com https://*.stream.highwebmedia.com https://*.wnu.com https://wnu.com https://devportal.cb.dev https://*.web.amer-1.jumio.ai https://saas-onboarding.incodesmile.com https://smartpay.coinsmart.com https://crypto-payments.net https://secure.paygarden.com ;  manifest-src 'self' https://*.mmcdn.com https://*.highwebmedia.com ;  report-uri https://report-uri.mmcdn.com/r/t/csp/enforce;
report-to: {"group":"default","max_age":2592000,"endpoints":[{"url":"https://report-uri.mmcdn.com/a/t/g"}],"include_subdomains":true}
nel: {"report_to":"default","max_age":2592000,"include_subdomains":true}
cache-control: no-cache
set-cookie: csrftoken=2bZdOxNLV0r4EtkJtGnhO5adIMWBKEmNaGQLHjAahrirvC9GHlSqawhBewiQ6NLJ; Domain=.chaturbate.com; expires=Sat, 30 Nov 2024 14:36:18 GMT; Max-Age=31449600; Path=/; Secure
affkey="eJyrVipSslJQyigpKbDS10/P10tNTMpMKdZLzs/VV6oFAJBCCa0="; Domain=.chaturbate.com; expires=Mon, 01 Jan 2024 14:36:18 GMT; Max-Age=2592000; Path=/
sbr=sec:sbr3183fb82-4405-403d-9f1c-415563ec77ee:1r9R6Q:T36DCrCYPLEW0r_VZ-sufDz8-II; Domain=.chaturbate.com; expires=Thu, 27 Aug 2026 14:36:18 GMT; HttpOnly; Max-Age=86313600; Path=/; Secure
pageaction_sample_id=5; expires=Sat, 02 Dec 2023 15:36:18 GMT; Max-Age=3600; Path=/
tbu_mazzanti_=""; expires=Thu, 01 Jan 1970 00:00:00 GMT; Max-Age=0; Path=/
cb_legacy=""; expires=Thu, 01 Jan 1970 00:00:00 GMT; Max-Age=0; Path=/
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=https://report-uri.highwebmedia.com/r/t/xss/enforce
referrer-policy: strict-origin-when-cross-origin
via: 1.1 google
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 82f44d26be5556bb-OSL
content-encoding: br

cdn.cloudimagesb.com/bi/c1/0e/38/c10e38ccbc0e58856d92d1852a6a5c28/1643828720.jpg

45.133.44.9

79 kB

URL
cdn.cloudimagesb.com/bi/c1/0e/38/c10e38ccbc0e58856d92d1852a6a5c28/1643828720.jpg
IP
45.133.44.9:0
ASN
#39572 DataWeb Global Group B.V.

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CC 2019 (Windows), datetime=2022:02:01 18:31:27], progressive, precision 8, 300x250, components 3\012- data
Size
79 kB (79024 bytes)
Hash
0abb8de62850868fdfb9f971f9224f17
358fa6755beac076f57f94c71b4ea295bb465ce8
e9b63838604d09128169c6af673bb4f55a9a33e48520181553a7d03cf3853400

HTTP Headers

GET /bi/c1/0e/38/c10e38ccbc0e58856d92d1852a6a5c28/1643828720.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:19 GMT
content-type: image/jpeg
content-length: 79024
server: nginx/1.21.6
last-modified: Wed, 02 Feb 2022 19:05:27 GMT
etag: "61fad5f7-134b0"
expires: Mon, 04 Dec 2023 14:36:19 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

sensualtestresume.com/8f/9f/c6/8f9fc67e3b5b368f1c72c9bed43a0f41.js

173.233.139.164

15 kB

URL
sensualtestresume.com/8f/9f/c6/8f9fc67e3b5b368f1c72c9bed43a0f41.js
IP
173.233.139.164:0
ASN
#7979 SERVERS-COM

File type
ASCII text, with very long lines (42837), with no line terminators
Size
15 kB (15425 bytes)
Hash
1d431bfd920190bb077ff19a92aaa8fd
12fd88154c14740a1b3635b1175807581e266039
997a417aafc466bd6520d3b96cbf49fb9886c3c1d483f675c76757a0c8429a6c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /8f/9f/c6/8f9fc67e3b5b368f1c72c9bed43a0f41.js HTTP/1.1
Host: sensualtestresume.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 14:36:19 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 60d04d76a373d6e36b2c1c5419a59d0f
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

explosivegleameddesigner.com/ren.gif?sid=H4sIAAAAAAAC%2F1SSP2wcxRfHZ%2FPzjyZC%2FBFNikgngQRI%2BLx7u%2Be7SwpCCIkiQmySILfMvz2Pb3ZnNbN7e3YBFpFQyqOjoFh%2Fz44ViBApqAAFnWmQJaQcBVgIF1RUCAkpEh06%2B5DFK%2Bb9%2Bbzive%2BbD7eKQxKgoAfLb5kNpTVdaNb92ksrKhWmdLXrt2qBX%2FfP11ZUuhidrw2mj%2B2fC%2Fxm3X%2B5dkXynllo%2BIHvB35Qu6ysjM1g4YhCZfc7Qb3j16NGPWhGGNj%2F5q7w4KgH0T8kz0KJyf9Xv38AxcdIky8uSdfLTfbKG0mhaW4s%2BmL3nbSXmjJFchLG1kOc7s66YdyEkI9PwaS7sw1g%2BtvTDcDUhHg%2FBWDp7mxMsP7O8aRMQ6Zg4jTK%2FhhSj6HoGNzchhKPCMAFri8hTe5eN7ak68eUTumEzD3%2BC6qckLlfn0OafH5Rq0HtptFFrkzqMIgrqMEYqjtGVuwh3%2FCgyj3w%2FAMo8QNZeHwNabK95LSBEgcv8KAdhkHE5oO2YPNRGATzrB105nkc%2Be1wkUe8TY8kUmoMFY%2Bh5RDUnULhPBTKQxF7KDIPiTio0WYn9v1WzOIwbEec8zDkvNleFE0RRu3YR8GnOwyRZ0NwPQS3m8jsJnpqCFt8C7dawYkn4PIJ8d5%2BH31RoZQEpSMoKUGpCMqcoOxXO0K7hqvuCu0KFsx8Y%2BbDamTy7hbdMXlXpgTUDreyQ%2FLMVEDvKWXQkwe1dtyJ%2BWJLhqzJwsV2HPBWg3eYFFFI%2FTgK4FQF5U6BOg8bakLO%2Fn4GmZqQufhLMLoHp%2FfA1dOgxVnQctRq%2BKCro6jtYyO9N6BqzdS5SSBMhSyfQ77ubelDcuboilf%2B%2BBmS7184%2FfXae3%2F%2F8jy4rZDZCmvqO4KuvjO6YUqyfcOUjjxYynKVqA06vfDNnOZy7tM35XpprLh6yQ3vvcanYBrevyVdfo2mQqVdRz67qISQ9rKxXJJvrroVyZYLt3qxsGmRXVt%2B%2FfLVJLPSOWXSMah69O5DcDUhT371ydHfffHwHJQdwxYVkmKfzAzK7IFnm3DZ%2FoV%2Fa84QWH3SwzIPZVGNbIOdFLUi0PIkp6yCkycSMLn%2F8M9jtuXuoGs90Pw20qRC31bo6wpUD%2BGK%2F43yzO6%2F%2BmN4ZGDaGzFtvW2mrf7oWFqnDmqyGfux9BuSxR0Wt6gvOnHUYbQTyBZr0gC5m8jehd%2F%2BAQAA%2F%2F8BAAD%2F%2FzF1BoeTBAAA

192.243.59.20

7 B

URL
explosivegleameddesigner.com/ren.gif?sid=H4sIAAAAAAAC%2F1SSP2wcxRfHZ%2FPzjyZC%2FBFNikgngQRI%2BLx7u%2Be7SwpCCIkiQmySILfMvz2Pb3ZnNbN7e3YBFpFQyqOjoFh%2Fz44ViBApqAAFnWmQJaQcBVgIF1RUCAkpEh06%2B5DFK%2Bb9%2Bbzive%2BbD7eKQxKgoAfLb5kNpTVdaNb92ksrKhWmdLXrt2qBX%2FfP11ZUuhidrw2mj%2B2fC%2Fxm3X%2B5dkXynllo%2BIHvB35Qu6ysjM1g4YhCZfc7Qb3j16NGPWhGGNj%2F5q7w4KgH0T8kz0KJyf9Xv38AxcdIky8uSdfLTfbKG0mhaW4s%2BmL3nbSXmjJFchLG1kOc7s66YdyEkI9PwaS7sw1g%2BtvTDcDUhHg%2FBWDp7mxMsP7O8aRMQ6Zg4jTK%2FhhSj6HoGNzchhKPCMAFri8hTe5eN7ak68eUTumEzD3%2BC6qckLlfn0OafH5Rq0HtptFFrkzqMIgrqMEYqjtGVuwh3%2FCgyj3w%2FAMo8QNZeHwNabK95LSBEgcv8KAdhkHE5oO2YPNRGATzrB105nkc%2Be1wkUe8TY8kUmoMFY%2Bh5RDUnULhPBTKQxF7KDIPiTio0WYn9v1WzOIwbEec8zDkvNleFE0RRu3YR8GnOwyRZ0NwPQS3m8jsJnpqCFt8C7dawYkn4PIJ8d5%2BH31RoZQEpSMoKUGpCMqcoOxXO0K7hqvuCu0KFsx8Y%2BbDamTy7hbdMXlXpgTUDreyQ%2FLMVEDvKWXQkwe1dtyJ%2BWJLhqzJwsV2HPBWg3eYFFFI%2FTgK4FQF5U6BOg8bakLO%2Fn4GmZqQufhLMLoHp%2FfA1dOgxVnQctRq%2BKCro6jtYyO9N6BqzdS5SSBMhSyfQ77ubelDcuboilf%2B%2BBmS7184%2FfXae3%2F%2F8jy4rZDZCmvqO4KuvjO6YUqyfcOUjjxYynKVqA06vfDNnOZy7tM35XpprLh6yQ3vvcanYBrevyVdfo2mQqVdRz67qISQ9rKxXJJvrroVyZYLt3qxsGmRXVt%2B%2FfLVJLPSOWXSMah69O5DcDUhT371ydHfffHwHJQdwxYVkmKfzAzK7IFnm3DZ%2FoV%2Fa84QWH3SwzIPZVGNbIOdFLUi0PIkp6yCkycSMLn%2F8M9jtuXuoGs90Pw20qRC31bo6wpUD%2BGK%2F43yzO6%2F%2BmN4ZGDaGzFtvW2mrf7oWFqnDmqyGfux9BuSxR0Wt6gvOnHUYbQTyBZr0gC5m8jehd%2F%2BAQAA%2F%2F8BAAD%2F%2FzF1BoeTBAAA
IP
192.243.59.20:0
ASN
#39572 DataWeb Global Group B.V.

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1SSP2wcxRfHZ%2FPzjyZC%2FBFNikgngQRI%2BLx7u%2Be7SwpCCIkiQmySILfMvz2Pb3ZnNbN7e3YBFpFQyqOjoFh%2Fz44ViBApqAAFnWmQJaQcBVgIF1RUCAkpEh06%2B5DFK%2Bb9%2Bbzive%2BbD7eKQxKgoAfLb5kNpTVdaNb92ksrKhWmdLXrt2qBX%2FfP11ZUuhidrw2mj%2B2fC%2Fxm3X%2B5dkXynllo%2BIHvB35Qu6ysjM1g4YhCZfc7Qb3j16NGPWhGGNj%2F5q7w4KgH0T8kz0KJyf9Xv38AxcdIky8uSdfLTfbKG0mhaW4s%2BmL3nbSXmjJFchLG1kOc7s66YdyEkI9PwaS7sw1g%2BtvTDcDUhHg%2FBWDp7mxMsP7O8aRMQ6Zg4jTK%2FhhSj6HoGNzchhKPCMAFri8hTe5eN7ak68eUTumEzD3%2BC6qckLlfn0OafH5Rq0HtptFFrkzqMIgrqMEYqjtGVuwh3%2FCgyj3w%2FAMo8QNZeHwNabK95LSBEgcv8KAdhkHE5oO2YPNRGATzrB105nkc%2Be1wkUe8TY8kUmoMFY%2Bh5RDUnULhPBTKQxF7KDIPiTio0WYn9v1WzOIwbEec8zDkvNleFE0RRu3YR8GnOwyRZ0NwPQS3m8jsJnpqCFt8C7dawYkn4PIJ8d5%2BH31RoZQEpSMoKUGpCMqcoOxXO0K7hqvuCu0KFsx8Y%2BbDamTy7hbdMXlXpgTUDreyQ%2FLMVEDvKWXQkwe1dtyJ%2BWJLhqzJwsV2HPBWg3eYFFFI%2FTgK4FQF5U6BOg8bakLO%2Fn4GmZqQufhLMLoHp%2FfA1dOgxVnQctRq%2BKCro6jtYyO9N6BqzdS5SSBMhSyfQ77ubelDcuboilf%2B%2BBmS7184%2FfXae3%2F%2F8jy4rZDZCmvqO4KuvjO6YUqyfcOUjjxYynKVqA06vfDNnOZy7tM35XpprLh6yQ3vvcanYBrevyVdfo2mQqVdRz67qISQ9rKxXJJvrroVyZYLt3qxsGmRXVt%2B%2FfLVJLPSOWXSMah69O5DcDUhT371ydHfffHwHJQdwxYVkmKfzAzK7IFnm3DZ%2FoV%2Fa84QWH3SwzIPZVGNbIOdFLUi0PIkp6yCkycSMLn%2F8M9jtuXuoGs90Pw20qRC31bo6wpUD%2BGK%2F43yzO6%2F%2BmN4ZGDaGzFtvW2mrf7oWFqnDmqyGfux9BuSxR0Wt6gvOnHUYbQTyBZr0gC5m8jehd%2F%2BAQAA%2F%2F8BAAD%2F%2FzF1BoeTBAAA HTTP/1.1
Host: explosivegleameddesigner.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Cookie: u_pl=17787247; uid_id2=c183314b-18db-4311-b819-cf40836c4c8a:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 02 Dec 2023 14:36:19 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 63417e175074809b488bf834e5b455ae
Strict-Transport-Security: max-age=0; includeSubdomains

static.eabids.com/data/bannerpools/112022/33807.jpg

217.22.19.195

17 kB

URL
static.eabids.com/data/bannerpools/112022/33807.jpg
IP
217.22.19.195:0
ASN
#42567 Mojohost B.v.

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 300x250, components 3\012- data
Size
17 kB (17139 bytes)
Hash
5cdf4fdb75c84c7fe9c95a9c43d4558d
d615fb1c007bcc0995b1bc72fe21a47e98f6094f
9e1ca0a8aa682706ecff90fe20dba9c9c9188160b26af5d87bed3763663cfaea

HTTP Headers

GET /data/bannerpools/112022/33807.jpg HTTP/1.1
Host: static.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://go.eabids.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:19 GMT
Content-Type: image/jpeg
Content-Length: 17139
Last-Modified: Thu, 28 Apr 2022 13:46:32 GMT
Connection: keep-alive
ETag: "626a9ab8-42f3"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Backend-Server: nl2-static-222
Accept-Ranges: bytes

valuermainly.com/sbar.json?key=8f9fc67e3b5b368f1c72c9bed43a0f41&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1

192.243.61.225

4.2 kB

URL
valuermainly.com/sbar.json?key=8f9fc67e3b5b368f1c72c9bed43a0f41&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1
IP
192.243.61.225:0
ASN
#39572 DataWeb Global Group B.V.

File type
JSON data\012- , ASCII text, with very long lines (6237), with no line terminators
Size
4.2 kB (4229 bytes)
Hash
e04e5d1174994b8d4b43075a8049d9b6
094f56db8ee7e857444d2fa534f9fb5ef2940a2f
ac9a88e6d59fe5c908764e6d5a841c9300b6715f4015fafbe2986851b506d578

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sbar.json?key=8f9fc67e3b5b368f1c72c9bed43a0f41&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1 HTTP/1.1
Host: valuermainly.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://top1pornmovies.sexjanet.com
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Cookie: u_pl=17787248,17763945; uid_id2=c183314b-18db-4311-b819-cf40836c4c8a:2:1; pdhtkv=true; uncs=2; pdhtkv29=true; uncs29=1; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzc2Mzk0NSwiayI6ImM1MTVhMWY0ZmMzYTM2YjA0Mjc1MDM0YmRjZWY1Yzk5Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxOTU5OTYyLCJwaWQiOjI4ODQzNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjo1LCJwdCI6NCwicGsiOiJ3YWN0dWZ6ZGFkIiwiY3BrcyI6eyIyOSI6IjI4ODUzMzkyYTc2YTE0YjE0MjY5OTFiNmRlZjIyNDNiIn0sInQiOjF9LCJ1Ijp7InUiOjIsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwOi8vdG9wMXBvcm5tb3ZpZXMuc2V4amFuZXQuY29tLyIsImFyIjpbXX19.z6XRFODImIqPRuj3HjoX9d4OVLPZvhr3tkNkkz7Cfxk; pdhtkv5=true; uncs5=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 14:36:19 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://top1pornmovies.sexjanet.com
Access-Control-Allow-Origin: http://top1pornmovies.sexjanet.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17787248,17763945,17787247; expires=Sun, 03 Dec 2023 14:36:19 GMT; secure; SameSite=None
uid_id2=c183314b-18db-4311-b819-cf40836c4c8a:2:1; expires=Sat, 09 Dec 2023 14:36:19 GMT; secure; SameSite=None
uncs=3; expires=Sun, 03 Dec 2023 14:36:19 GMT; secure; SameSite=None
uncs29=2; expires=Sun, 03 Dec 2023 14:36:19 GMT; secure; SameSite=None
slec8f9fc67e3b5b368f1c72c9bed43a0f41=[4714200]; expires=Sat, 02 Dec 2023 14:36:24 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 589e7acb56e085b543f4f2e4449a8678
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

173.233.139.164

0 B

URL
sensualtestresume.com/watch.777068941103.js?key=11115435c35e6b966b90a5f936e0edcc&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%2C%22porn%22%2C%22pictures%22%2C%22and%22%2C%22xxx%22%2C%22galleries%22%5D&refer=http%3A%2F%2Ftop1pornmovies.sexjanet.com%2F&tz=0&dev=e&res=14.3093&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1
IP
173.233.139.164:0
ASN
#7979 SERVERS-COM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.777068941103.js?key=11115435c35e6b966b90a5f936e0edcc&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%2C%22porn%22%2C%22pictures%22%2C%22and%22%2C%22xxx%22%2C%22galleries%22%5D&refer=http%3A%2F%2Ftop1pornmovies.sexjanet.com%2F&tz=0&dev=e&res=14.3093&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1 HTTP/1.1
Host: sensualtestresume.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://top1pornmovies.sexjanet.com
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 14:36:19 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://top1pornmovies.sexjanet.com
Access-Control-Allow-Origin: http://top1pornmovies.sexjanet.com
Access-Control-Allow-Credentials: true
Location: https://sensualtestresume.com/watch.777068941103.js?key=11115435c35e6b966b90a5f936e0edcc&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%2C%22porn%22%2C%22pictures%22%2C%22and%22%2C%22xxx%22%2C%22galleries%22%5D&refer=http%3A%2F%2Ftop1pornmovies.sexjanet.com%2F&tz=0&dev=e&res=14.3093&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1&shu=24cf8d834532564052f7d312a29b1e308ddbeb6db439071060c44abccccac36779b1ae7291750c17860b51989c00e1ce6a52886496f32d986a231f7c2a31c7aae00b93460b68cc20c487b42fcdcb4cc807d584e8f8757632186bb8a4d8d92cf8&pst=1701527839&rmtc=t
Set-Cookie: u_pl=17763957; expires=Sun, 03 Dec 2023 14:36:19 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzc2Mzk1NywiayI6IjExMTE1NDM1YzM1ZTZiOTY2YjkwYTVmOTM2ZTBlZGNjIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxOTU5OTYxLCJwaWQiOjI4ODQzNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjo1LCJwdCI6NCwicGsiOiJkNXdyanVydCIsImNwa3MiOnsiMjkiOiI4ZjlmYzY3ZTNiNWIzNjhmMWM3MmM5YmVkNDNhMGY0MSJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cDovL3RvcDFwb3JubW92aWVzLnNleGphbmV0LmNvbS8iLCJhciI6W119fQ.9LfKaLaGzJMdyf2clAdjqu4Ue4HGL_OZVtnjKJKJg6I; expires=Sat, 02 Dec 2023 14:37:19 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 3bd9f7d35798a288bf7ea3f54904a570
Strict-Transport-Security: max-age=0; includeSubdomains

173.233.137.44

0 B

URL
semicolonrichsieve.com/watch.934729727976.js?key=539d71c7c61ed9e36ed1dd6ab6acffc8&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%2C%22porn%22%2C%22pictures%22%2C%22and%22%2C%22xxx%22%2C%22galleries%22%5D&refer=http%3A%2F%2Ftop1pornmovies.sexjanet.com%2F&tz=0&dev=e&res=14.3093&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1
IP
173.233.137.44:0
ASN
#7979 SERVERS-COM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.934729727976.js?key=539d71c7c61ed9e36ed1dd6ab6acffc8&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%2C%22porn%22%2C%22pictures%22%2C%22and%22%2C%22xxx%22%2C%22galleries%22%5D&refer=http%3A%2F%2Ftop1pornmovies.sexjanet.com%2F&tz=0&dev=e&res=14.3093&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1 HTTP/1.1
Host: semicolonrichsieve.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://top1pornmovies.sexjanet.com
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Cookie: u_pl=17743402; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzc0MzQwMiwiayI6IjUzOWQ3MWM3YzYxZWQ5ZTM2ZWQxZGQ2YWI2YWNmZmM4Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNTAzNjQ5LCJwaWQiOjI4ODQzNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjo1LCJwdCI6NCwicGsiOiJ4M2J0dWpzdWsiLCJjcGtzIjp7IjI5IjoiZDgyOTQxODg4Y2E4MGI1ZTAyNGM0ZDBhN2NhYjA0NDAifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly90b3AxcG9ybm1vdmllcy5zZXhqYW5ldC5jb20vIiwiYXIiOltdfX0.1HCEvnPrw8aw4oGMBn0zQSZghV1ECQgmUdSYy5NDJqc; uid_id2=c183314b-18db-4311-b819-cf40836c4c8a:2:1; iprc9b70e4519600582a19a6958cf6e53a94=3569681; pdhtkv=true; uncs=1; pdhtkv5=true; uncs5=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 14:36:19 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://top1pornmovies.sexjanet.com
Access-Control-Allow-Origin: http://top1pornmovies.sexjanet.com
Access-Control-Allow-Credentials: true
Location: https://semicolonrichsieve.com/watch.934729727976.js?key=539d71c7c61ed9e36ed1dd6ab6acffc8&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%2C%22porn%22%2C%22pictures%22%2C%22and%22%2C%22xxx%22%2C%22galleries%22%5D&refer=http%3A%2F%2Ftop1pornmovies.sexjanet.com%2F&tz=0&dev=e&res=14.3093&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1&shu=c8accc8a1f30e6496a39f8ec0663682765145ad97f347d481b39b568b071b9bb64f25b054ed1c469d7ff3badf688cf83d9b097059c905efd446a6a704796c0f568f4a09fbbdcf214bc5be53d53fbdbebfd8bc9a4da2a8b3fed187b979a0a9219a7&pst=1701527839&rmtc=t
Set-Cookie: ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzc0MzQwMiwiayI6IjUzOWQ3MWM3YzYxZWQ5ZTM2ZWQxZGQ2YWI2YWNmZmM4Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNTAzNjQ5LCJwaWQiOjI4ODQzNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjo1LCJwdCI6NCwicGsiOiJ4M2J0dWpzdWsiLCJjcGtzIjp7IjI5IjoiZDgyOTQxODg4Y2E4MGI1ZTAyNGM0ZDBhN2NhYjA0NDAifSwidCI6MX0sInUiOnsidSI6MiwiYXUiOjIsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6ZmFsc2UsInIiOiJodHRwOi8vdG9wMXBvcm5tb3ZpZXMuc2V4amFuZXQuY29tLyIsImFyIjpbXX19.2l5h6odbGtcJtvl2WdkOqqXSrHTMiHMfjRCIrkw17Rk; expires=Sat, 02 Dec 2023 14:37:19 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: eb43490429f90c15a27af3edba49b8cc
Strict-Transport-Security: max-age=0; includeSubdomains

impolitefreakish.com/sbar.json?key=28853392a76a14b1426991b6def2243b&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1

173.233.139.164

4.2 kB

URL
impolitefreakish.com/sbar.json?key=28853392a76a14b1426991b6def2243b&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1
IP
173.233.139.164:0
ASN
#7979 SERVERS-COM

File type
JSON data\012- , ASCII text, with very long lines (6189), with no line terminators
Size
4.2 kB (4161 bytes)
Hash
b3b2d963fa8d7c17f2f692127cf48958
9b4240be0709f89c05ca183eb3faeb17d2af6e3e
836a16b3219fe4edf3a98b0a3f62fb3bb45f4b64c0a8f5f18ebccf2f4ab9aa22

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sbar.json?key=28853392a76a14b1426991b6def2243b&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1 HTTP/1.1
Host: impolitefreakish.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://top1pornmovies.sexjanet.com
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Cookie: u_pl=17787248; uid_id2=c183314b-18db-4311-b819-cf40836c4c8a:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 14:36:19 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://top1pornmovies.sexjanet.com
Access-Control-Allow-Origin: http://top1pornmovies.sexjanet.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17787248,17787246; expires=Sun, 03 Dec 2023 14:36:19 GMT; secure; SameSite=None
uid_id2=c183314b-18db-4311-b819-cf40836c4c8a:2:1; expires=Sat, 09 Dec 2023 14:36:19 GMT; secure; SameSite=None
uncs=2; expires=Sun, 03 Dec 2023 14:36:19 GMT; secure; SameSite=None
uncs29=2; expires=Sun, 03 Dec 2023 14:36:19 GMT; secure; SameSite=None
slec28853392a76a14b1426991b6def2243b=[4714200]; expires=Sat, 02 Dec 2023 14:36:24 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 02c7cd164a115891320b9e004fe3b844
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

semicolonrichsieve.com/d8/29/41/d82941888ca80b5e024c4d0a7cab0440.js

173.233.137.44

15 kB

URL
semicolonrichsieve.com/d8/29/41/d82941888ca80b5e024c4d0a7cab0440.js
IP
173.233.137.44:0
ASN
#7979 SERVERS-COM

File type
ASCII text, with very long lines (42789), with no line terminators
Size
15 kB (15433 bytes)
Hash
629ccb1b1f68705d70146f1d6eee227b
917bef02a7a4218ae00af8b7707c218dd4689bab
edadceeb5cf5e9092629be09a2a4bcf382bf58c9bd6cdb32134a4130da05d630

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /d8/29/41/d82941888ca80b5e024c4d0a7cab0440.js HTTP/1.1
Host: semicolonrichsieve.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 14:36:19 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9a30e6b824cfc2d7444099c60abdce9d
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

comedianthirteenth.com/570378e640e2da931f2111f251e65e07/invoke.js

173.233.137.52

11 kB

URL
comedianthirteenth.com/570378e640e2da931f2111f251e65e07/invoke.js
IP
173.233.137.52:0
ASN
#7979 SERVERS-COM

File type
exported SGML document, ASCII text, with very long lines (29607), with no line terminators
Size
11 kB (10909 bytes)
Hash
e2b7979d8cc2ca89dbf0b7fd075cb504
78c912051ad937486903e01765b3c4369eb9c606
707ece9a01970f1a51e34793f32718894470f273719d11ae564d7c2ee43c46e3

HTTP Headers

GET /570378e640e2da931f2111f251e65e07/invoke.js HTTP/1.1
Host: comedianthirteenth.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 14:36:19 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ba380f94e0791bdb149c92561e4e3ca7
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

i.jads.co/network/user1037/42-1688927188-0262966001688927188.gif

205.185.216.42

129 kB

URL
i.jads.co/network/user1037/42-1688927188-0262966001688927188.gif
IP
205.185.216.42:0
ASN
#20446 STACKPATH-CDN

File type
GIF image data, version 89a, 250 x 250\012- data
Size
129 kB (129148 bytes)
Hash
c74036976f355462580c618bde1972ce
5cf7350afd17a4646583a01bda48cc7db9f3ab11
468e3b79344f5192fd5244e1122d92aa9ba318cd666a4a23f56cafff7137bdbe

HTTP Headers

GET /network/user1037/42-1688927188-0262966001688927188.gif HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://poweredby.jads.co/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 02 Dec 2023 14:36:19 GMT
Connection: Keep-Alive
ETag: "1688927188"
Cache-Control: max-age=18962624
Content-Length: 129148
Content-Type: image/gif
Last-Modified: Sun, 09 Jul 2023 18:26:28 GMT
Accept-Ranges: bytes
X-HW: 1701527777.dop223.sk1.t,1701527779.cds250.sk1.c

poweredby.jads.co/js/jads.js

185.94.236.246

178 B

URL
poweredby.jads.co/js/jads.js
IP
185.94.236.246:0
ASN
#42567 Mojohost B.v.

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
178 B (178 bytes)
Hash
cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d

HTTP Headers

GET /js/jads.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 02 Dec 2023 14:36:19 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: jads2.js

friendshipmale.com/sfp.js

104.21.234.32

28 kB

URL
friendshipmale.com/sfp.js
IP
104.21.234.32:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Size
28 kB (27568 bytes)
Hash
924e967bca1d599992556a8d139b1c5a
222b09dbf164ddc03d39100fd0524a22018d28b2
ac84c2f8288b59f8e04ba77287ce696052bfeee0d462a566d94dc305df646c95

HTTP Headers

GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 02 Dec 2023 14:36:19 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: max-age=14400
X-Request-ID: 3184a79da5343cf74262c0be42d64248
Strict-Transport-Security: max-age=0; includeSubdomains
CF-Cache-Status: EXPIRED
Last-Modified: Sat, 02 Dec 2023 14:36:19 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l7he9HXic%2Fcdd626NlL2Tdk2xdUM9SG73FzZIAcy7ibzdv%2B3gYolpMkybYVeIneRKRZWx%2FkF9l13o5%2B%2FNpdq7WUOqyO6wBgsziZKrYOl9g0PqxBXxIC9WH7S2gSgLPvNV6C1tiw%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 82f44d2f4feb56ba-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

static-assets.highwebmedia.com/cachebust/chatembed-prod-2adfa57eaaa0fed25ec3.js

104.16.94.42

13 kB

URL
static-assets.highwebmedia.com/cachebust/chatembed-prod-2adfa57eaaa0fed25ec3.js
IP
104.16.94.42:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (25274), with no line terminators
Size
13 kB (13383 bytes)
Hash
ed2069c4f9335121271d770865c9fd4e
ffc15d2aea78fba173973cd1da3b5cffd596c536
a3a688b983741d2182a6b44641570c90dfb1a25859b1688a0fef6a8de591b11d

HTTP Headers

GET /cachebust/chatembed-prod-2adfa57eaaa0fed25ec3.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:19 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=25338
etag: W/"4d9b91142a4d790c9e8410493d85c03f"
last-modified: Mon, 27 Nov 2023 19:25:35 GMT
x-amz-id-2: 7BIPwifCuCUVO4MbwLt9AbChliBhb921Y2zdu6/MnZl1i/yjB70WupSa3eOHBL7qZRd0qKppgV9p0n5wGZX6AQ==
x-amz-meta-s3cmd-attrs: md5:4d9b91142a4d790c9e8410493d85c03f
x-amz-request-id: B704MAGSVH8B1Y7F
x-amz-server-side-encryption: AES256
cf-cache-status: HIT
age: 414474
expires: Mon, 01 Jan 2024 14:36:19 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UtE3VV0iN2%2By5LXpSYobVKjh0OaTsOmpAYvxTqce4zE0VkeCG%2B4RvD03VPdMl4STHNQO18LLRvT8%2BgW99lnsdf3zE%2FwusK8zaUgJWPH5%2B6LupTxJmSb6XA8VaLCttdpmGyLDCKQ110yNmE54FT8MSQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=822I1HK79rr5q921Ig1xZW_bVe5ALet6VQ3wiKJFC8g-1701527779636-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 82f44d2ea90c0b31-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

go.mnaspm.com/abc.gif?action=sbSignupWithModel&campaignId=0344371630277140d4e6e843762bdf964d4ae7bf351771961595fbde6c2ada11&campaignType=smartpop&creativeId=d61a8beea3946d486612a3452b3d53ba84299ee51efd9260534d85230347af08&iterationId=765917&masterSmartpopId=1914&p1=4359545&quality=240p&ruleId=17&smartpopId=1793&sourceId=477848&userId=d100f7df1b38527c59f2a01ce658dbfb8b696949c12c1469164f408167d4a1ca&variationId=32246&modelsLimit=1&actionButtonPlacement=bottom&thumbSizeKey=big&hideButtonOnSmallSpots=1&hideTitleOnSmallSpots=1&hideModelNameOnSmallSpots=1&buttonColor=%23DC0C2C&liveBadgeColor=%2300bd8f&language=en&thumbFit=cover&stripcashR=0&thumbType=default&kbLimit=0&modelsInWatchHistoryCount=-1&modelsInFavoritesCount=-1&userType=newuser&modelsCount=1&segment=hls-newAPI&landing=WidgetV4Universal&referrer=http%3A%2F%2Ftsyndicate.com%2F&i=0&ib=0&filtersMatch=0&m=%5B%7B%22type%22%3A%22navigation%22%2C%22startTime%22%3A0%2C%22duration%22%3A1193%7D%2C%7B%22type%22%3A%22resource%22%2C%22startTime%22%3A955%2C%22duration%22%3A122%2C%22transferSize%22%3A4625%7D%2C%7B%22type%22%3A%22resource%22%2C%22startTime%22%3A956%2C%22duration%22%3A131%2C%22transferSize%22%3A80725%7D%5D&mh=-2026169521

104.18.59.150

103 B

URL
go.mnaspm.com/abc.gif?action=sbSignupWithModel&campaignId=0344371630277140d4e6e843762bdf964d4ae7bf351771961595fbde6c2ada11&campaignType=smartpop&creativeId=d61a8beea3946d486612a3452b3d53ba84299ee51efd9260534d85230347af08&iterationId=765917&masterSmartpopId=1914&p1=4359545&quality=240p&ruleId=17&smartpopId=1793&sourceId=477848&userId=d100f7df1b38527c59f2a01ce658dbfb8b696949c12c1469164f408167d4a1ca&variationId=32246&modelsLimit=1&actionButtonPlacement=bottom&thumbSizeKey=big&hideButtonOnSmallSpots=1&hideTitleOnSmallSpots=1&hideModelNameOnSmallSpots=1&buttonColor=%23DC0C2C&liveBadgeColor=%2300bd8f&language=en&thumbFit=cover&stripcashR=0&thumbType=default&kbLimit=0&modelsInWatchHistoryCount=-1&modelsInFavoritesCount=-1&userType=newuser&modelsCount=1&segment=hls-newAPI&landing=WidgetV4Universal&referrer=http%3A%2F%2Ftsyndicate.com%2F&i=0&ib=0&filtersMatch=0&m=%5B%7B%22type%22%3A%22navigation%22%2C%22startTime%22%3A0%2C%22duration%22%3A1193%7D%2C%7B%22type%22%3A%22resource%22%2C%22startTime%22%3A955%2C%22duration%22%3A122%2C%22transferSize%22%3A4625%7D%2C%7B%22type%22%3A%22resource%22%2C%22startTime%22%3A956%2C%22duration%22%3A131%2C%22transferSize%22%3A80725%7D%5D&mh=-2026169521
IP
104.18.59.150:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
103 B (103 bytes)
Hash
8c99886486b9a004383cb4df29011c43
d79ca4754481fc59598bc08fcdf354900918bffe
bda00b0f6892b1c6991e793b42654ad1807694e2ffabcbc4eb1399379737ef6c

HTTP Headers

GET /abc.gif?action=sbSignupWithModel&campaignId=0344371630277140d4e6e843762bdf964d4ae7bf351771961595fbde6c2ada11&campaignType=smartpop&creativeId=d61a8beea3946d486612a3452b3d53ba84299ee51efd9260534d85230347af08&iterationId=765917&masterSmartpopId=1914&p1=4359545&quality=240p&ruleId=17&smartpopId=1793&sourceId=477848&userId=d100f7df1b38527c59f2a01ce658dbfb8b696949c12c1469164f408167d4a1ca&variationId=32246&modelsLimit=1&actionButtonPlacement=bottom&thumbSizeKey=big&hideButtonOnSmallSpots=1&hideTitleOnSmallSpots=1&hideModelNameOnSmallSpots=1&buttonColor=%23DC0C2C&liveBadgeColor=%2300bd8f&language=en&thumbFit=cover&stripcashR=0&thumbType=default&kbLimit=0&modelsInWatchHistoryCount=-1&modelsInFavoritesCount=-1&userType=newuser&modelsCount=1&segment=hls-newAPI&landing=WidgetV4Universal&referrer=http%3A%2F%2Ftsyndicate.com%2F&i=0&ib=0&filtersMatch=0&m=%5B%7B%22type%22%3A%22navigation%22%2C%22startTime%22%3A0%2C%22duration%22%3A1193%7D%2C%7B%22type%22%3A%22resource%22%2C%22startTime%22%3A955%2C%22duration%22%3A122%2C%22transferSize%22%3A4625%7D%2C%7B%22type%22%3A%22resource%22%2C%22startTime%22%3A956%2C%22duration%22%3A131%2C%22transferSize%22%3A80725%7D%5D&mh=-2026169521 HTTP/1.1
Host: go.mnaspm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://creative.mnaspm.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 02 Dec 2023 14:36:19 GMT
content-type: image/gif
content-length: 103
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64
cf-cache-status: DYNAMIC
set-cookie: __cflb=02DiuDFRFiBZBvMSLtrs3hJVdo5HtfaGfQHjq3b5EPMXi; SameSite=None; Secure; path=/; expires=Sun, 03-Dec-23 14:36:19 GMT; HttpOnly
server: cloudflare
cf-ray: 82f44d308d545691-OSL
alt-svc: h3=":443"; ma=86400

static-assets.highwebmedia.com/cachebust/runtime-react-73812af82c489b5fe5be.js

104.16.94.42

2.7 kB

URL
static-assets.highwebmedia.com/cachebust/runtime-react-73812af82c489b5fe5be.js
IP
104.16.94.42:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (2262), with no line terminators
Size
2.7 kB (2701 bytes)
Hash
1f4e645bc0a1d919d29b7bf7c46cb1cb
640d588dd8640e6c0b1fb99cd780edc702f19b75
4a102ac193d9915d67fb69b759e95d8cd0e06fa4165382e2e7131e12218713ca

HTTP Headers

GET /cachebust/runtime-react-73812af82c489b5fe5be.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:19 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=2325
etag: W/"2ac73670ea6e5bd0046e5fb55c5af690"
last-modified: Tue, 05 Sep 2023 22:31:25 GMT
x-amz-id-2: 7rrfDlWCnE773b0q6dFwG6igjopPrb4VM9Gv8DZqPqrSelMMiK6JjPIO+0pjLLNjHMS3HlUrPck=
x-amz-meta-s3cmd-attrs: md5:2ac73670ea6e5bd0046e5fb55c5af690
x-amz-request-id: CAH06BZKTR85C8SW
x-amz-server-side-encryption: AES256
cf-cache-status: HIT
age: 820399
expires: Mon, 01 Jan 2024 14:36:19 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fJJIAbLpfVkDI%2FGbwcetTcC2s3NsyJ1pXdqCZ%2FmSc77X0NzUl%2BR4TT%2FHdtuQzWoZki7LbuRduo%2Frp93QANyOznN9HRo7f0GVmkFNftRpgeGO4xrVHs9g95jshJ%2BtpU1YaYb9ejhFt6VoJqKOMJGDzw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=kOq_hDrrAzlhbW69YytnAfqdzmwITHEgiePvt37VLbY-1701527779634-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 82f44d2ea90d0b31-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

go.eabids.com/banner.go?spaceid=2194679&keywords=&maincat=

217.22.19.194

1.3 kB

URL
go.eabids.com/banner.go?spaceid=2194679&keywords=&maincat=
IP
217.22.19.194:0
ASN
#42567 Mojohost B.v.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1270), with no line terminators
Size
1.3 kB (1270 bytes)
Hash
0e70c7bac52aa09b4c9a061cb8a7b3d9
10085142a6b570d466caae79b6d45ae2974bf081
4b5bb0d86d5b6285fd7eaf8d334276355f399f2e37bc55d51d6a4e482b28fc8c

HTTP Headers

GET /banner.go?spaceid=2194679&keywords=&maincat= HTTP/1.1
Host: go.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:20 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 1270
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Janon, 02 12 2023 14:36:20 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
Accept-Ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
X-Backend-Server: nl2-web-201

valuermainly.com/sbar.json?key=d82941888ca80b5e024c4d0a7cab0440&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1

192.243.59.20

4.4 kB

URL
valuermainly.com/sbar.json?key=d82941888ca80b5e024c4d0a7cab0440&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1
IP
192.243.59.20:0
ASN
#39572 DataWeb Global Group B.V.

File type
JSON data\012- , ASCII text, with very long lines (6261), with no line terminators
Size
4.4 kB (4428 bytes)
Hash
675ffe848a32a53fc0a685ec696fd90b
1dc2d58fac11e4a96da9d3c5cb772bfbfa762928
082cb5d41c30867d73d285ed146bd9aad0d46fc6aaf9e7b8cfe3cff6969bbb03

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sbar.json?key=d82941888ca80b5e024c4d0a7cab0440&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1 HTTP/1.1
Host: valuermainly.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://top1pornmovies.sexjanet.com
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Cookie: u_pl=17787248,17763945; uid_id2=c183314b-18db-4311-b819-cf40836c4c8a:2:1; pdhtkv=true; uncs=2; pdhtkv29=true; uncs29=1; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzc2Mzk0NSwiayI6ImM1MTVhMWY0ZmMzYTM2YjA0Mjc1MDM0YmRjZWY1Yzk5Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxOTU5OTYyLCJwaWQiOjI4ODQzNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjo1LCJwdCI6NCwicGsiOiJ3YWN0dWZ6ZGFkIiwiY3BrcyI6eyIyOSI6IjI4ODUzMzkyYTc2YTE0YjE0MjY5OTFiNmRlZjIyNDNiIn0sInQiOjF9LCJ1Ijp7InUiOjIsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwOi8vdG9wMXBvcm5tb3ZpZXMuc2V4amFuZXQuY29tLyIsImFyIjpbXX19.z6XRFODImIqPRuj3HjoX9d4OVLPZvhr3tkNkkz7Cfxk; pdhtkv5=true; uncs5=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 02 Dec 2023 14:36:20 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://top1pornmovies.sexjanet.com
Access-Control-Allow-Origin: http://top1pornmovies.sexjanet.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=c183314b-18db-4311-b819-cf40836c4c8a:2:1; expires=Sat, 09 Dec 2023 14:36:19 GMT; secure; SameSite=None
uncs=3; expires=Sun, 03 Dec 2023 14:36:20 GMT; secure; SameSite=None
uncs29=2; expires=Sun, 03 Dec 2023 14:36:20 GMT; secure; SameSite=None
slecd82941888ca80b5e024c4d0a7cab0440=[4714200]; expires=Sat, 02 Dec 2023 14:36:25 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4a04395b7cbaa6ccd084c9089558f36f
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

static-assets.highwebmedia.com/CACHE/js/output.14a236a94bf9.js

104.16.94.42

14 kB

URL
static-assets.highwebmedia.com/CACHE/js/output.14a236a94bf9.js
IP
104.16.94.42:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (29587)
Size
14 kB (13765 bytes)
Hash
15cb7683dc2bd61190aed1eed8099a79
b2f6f5a518a660a22226a14bbe37585037dd0903
14a236a94bf9a3312f6e2acb6ed6f4cfcbfa9fbcc73064a33bf733ce46ef9f66

HTTP Headers

GET /CACHE/js/output.14a236a94bf9.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:19 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
etag: W/"15cb7683dc2bd61190aed1eed8099a79"
last-modified: Thu, 24 Jun 2021 21:24:02 GMT
x-amz-id-2: N0MKbQjQr8TPIuw/4OQLujge4juE6kazr42uqCVvT79nzecleKfVifXJP25bvuRrdfIbstAQdl0=
x-amz-meta-s3cmd-attrs: md5:15cb7683dc2bd61190aed1eed8099a79
x-amz-request-id: CAH2HF6NT0N8723W
cf-cache-status: HIT
age: 820399
expires: Mon, 01 Jan 2024 14:36:19 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3dvIfmS5AZkvOHPMUW%2BM8haxiQESUlbSPNvqiI1gDKOsQYlT6tV8jlaysEejq49EZK%2FOKD%2BECWqGYWjdVKxbufPYvqDzTpr66N%2BDAhmdZnUsWTTMFU%2F%2B3f7P9fC0Vz17DckY3rw6ayXHVYNCkJO0FQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=Xd7mVN71i8UUrdFkMLYLMUha0RvTcYIii6hJ7XRmDbQ-1701527779737-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 82f44d2f498b0b31-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

static-assets.highwebmedia.com/vendor/fingerprintjs-pro-cb.min.js

104.16.94.42

43 kB

URL
static-assets.highwebmedia.com/vendor/fingerprintjs-pro-cb.min.js
IP
104.16.94.42:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (65424)
Size
43 kB (43060 bytes)
Hash
1e7add1aef38c18143ef3d41c084f74a
be95a08cd0960dcd0849da0343a1b1d40c6bcb4e
25cfa5ec6d2a5fb07071d713046189c9ddb87656f92d0984560e99f5f1e7c3e4

HTTP Headers

GET /vendor/fingerprintjs-pro-cb.min.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:19 GMT
content-type: application/javascript
x-amz-id-2: MYHTblWbaVEPZNjUlv8/vIaD99MvB9XQJJBnoiTj7IJOBfaZyWa2WcBGgxICEX2sV+btakN9dvY=
x-amz-request-id: N2SSVTMTWHZ1FHFA
last-modified: Tue, 03 Oct 2023 23:37:24 GMT
etag: W/"1e7add1aef38c18143ef3d41c084f74a"
x-amz-server-side-encryption: AES256
x-amz-meta-s3cmd-attrs: md5:1e7add1aef38c18143ef3d41c084f74a
cache-control: public, max-age=2592000
cf-cache-status: HIT
age: 374109
expires: Mon, 01 Jan 2024 14:36:19 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QuZZDOGrwTKwuMOAw2Uv9CQdx0iv7g%2BkenaBmozZv2D%2FRJOpOBVjOl8Nrl4N1FW%2FIn1ipLRujv97rrcHscjokRc7LegHQ12JcEfetL%2B19Y1Tm5fkN9KO12BtKoc0p9I7EVBcV2pO9ATMViqhIXBsoQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=bDq_Q1nM1BXXjfdy5JkrIbyzIN15fh.uXA24SLrr5o8-1701527779637-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 82f44d2ea9170b31-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

xhamsterlive.com/checkUrl

104.18.63.125

15 B

URL
xhamsterlive.com/checkUrl
IP
104.18.63.125:0
ASN
#13335 CLOUDFLARENET

File type
JSON data\012- , ASCII text, with no line terminators
Size
15 B (15 bytes)
Hash
7fb97eb7c8636552ad068f6d56b5ea34
b69679936779fb02503bc0fe1374a737cc762ecb
e78008828abaa93c4462e326ef384dcda1443352a0f24bdeedada6a6fdbfd1d5

HTTP Headers

GET /checkUrl HTTP/1.1
Host: xhamsterlive.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en
Accept-Encoding: gzip, deflate, br
Referer: https://creative.mnaspm.com/
Origin: https://creative.mnaspm.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:20 GMT
content-type: application/json
content-length: 15
access-control-allow-origin: https://creative.mnaspm.com
cf-cache-status: DYNAMIC
set-cookie: __cflb=02DiuFLvK1H1SdXppSyXjXwZCjqMwfddakRG7ZvbnoQnQ; SameSite=None; Secure; path=/; expires=Sun, 03-Dec-23 13:36:20 GMT; HttpOnly
_cfuvid=PQ2NN29NhRE_pX4_qFKMqbGqI7wOIMSo9Wai0dOp.7Y-1701527780352-0-604800000; path=/; domain=.xhamsterlive.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 82f44d330b5db529-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

static-assets.highwebmedia.com/CACHE/css/output.6a14bdd33e10.css

104.16.94.42

61 kB

URL
static-assets.highwebmedia.com/CACHE/css/output.6a14bdd33e10.css
IP
104.16.94.42:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (65532), with no line terminators
Size
61 kB (60635 bytes)
Hash
9a11328d6ed02a075784fb9a9b0fe61b
a7ec6f1a573dd9da9de92489007a5dc49664ae54
609f29e157dcf3dab0d1a374500137bc1e4e52ed7c60f76c356cb73c10c34c7a

HTTP Headers

GET /CACHE/css/output.6a14bdd33e10.css HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:19 GMT
content-type: text/css
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=213175
etag: W/"65195e3740a74ee0deba6ec0d10dcd0d"
last-modified: Thu, 16 Nov 2023 03:04:10 GMT
x-amz-id-2: EwU03CP2q03cW0/2P4XCHUq1enVvaWu6y+nZZod1m6p8wriRobSNWqN+JuD7yW9CCeiF+fP56AcJttvJaeRSE3FmT0u3ggZM
x-amz-meta-s3cmd-attrs: md5:65195e3740a74ee0deba6ec0d10dcd0d
x-amz-request-id: P9QPYA51G9P080V6
x-amz-server-side-encryption: AES256
cf-cache-status: HIT
age: 888887
expires: Mon, 01 Jan 2024 14:36:19 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cFv2j7auj3QvEq8jI2f9yHPl%2FP9lZJMvUo37tnzOZTrh8tE1PjVVSpPSHjc1fZFKuwy0IiHELDREdt0TXfjETGgIWIWwOC4g2sy9UlgaH36AXlEumuR4O5PeQu9%2BeA2tYLrUUYGYHXR4FlDMlFemUw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=P.UexU0.28s9xSqmt5tAS1kt.818llNtSTu8O2SP7GI-1701527779632-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 82f44d2ea90a0b31-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

sensualtestresume.com/watch.777068941103.js?key=11115435c35e6b966b90a5f936e0edcc&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%2C%22porn%22%2C%22pictures%22%2C%22and%22%2C%22xxx%22%2C%22galleries%22%5D&refer=http%3A%2F%2Ftop1pornmovies.sexjanet.com%2F&tz=0&dev=e&res=14.3093&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1&shu=24cf8d834532564052f7d312a29b1e308ddbeb6db439071060c44abccccac36779b1ae7291750c17860b51989c00e1ce6a52886496f32d986a231f7c2a31c7aae00b93460b68cc20c487b42fcdcb4cc807d584e8f8757632186bb8a4d8d92cf8&pst=1701527839&rmtc=t

173.233.139.164

2.1 kB

URL
sensualtestresume.com/watch.777068941103.js?key=11115435c35e6b966b90a5f936e0edcc&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%2C%22porn%22%2C%22pictures%22%2C%22and%22%2C%22xxx%22%2C%22galleries%22%5D&refer=http%3A%2F%2Ftop1pornmovies.sexjanet.com%2F&tz=0&dev=e&res=14.3093&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1&shu=24cf8d834532564052f7d312a29b1e308ddbeb6db439071060c44abccccac36779b1ae7291750c17860b51989c00e1ce6a52886496f32d986a231f7c2a31c7aae00b93460b68cc20c487b42fcdcb4cc807d584e8f8757632186bb8a4d8d92cf8&pst=1701527839&rmtc=t
IP
173.233.139.164:0
ASN
#7979 SERVERS-COM

File type
HTML document, ASCII text, with very long lines (2551)
Size
2.1 kB (2060 bytes)
Hash
8945ccc5d3b66b9b90a889d86aa09bad
b9b34c3b0faf5cbff28fff635a80077c248c2ee4
0af7cd401b016ba64c4371b5db0aa2950d3d332eed77e4b703f9c927a07b35cd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.777068941103.js?key=11115435c35e6b966b90a5f936e0edcc&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%2C%22porn%22%2C%22pictures%22%2C%22and%22%2C%22xxx%22%2C%22galleries%22%5D&refer=http%3A%2F%2Ftop1pornmovies.sexjanet.com%2F&tz=0&dev=e&res=14.3093&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1&shu=24cf8d834532564052f7d312a29b1e308ddbeb6db439071060c44abccccac36779b1ae7291750c17860b51989c00e1ce6a52886496f32d986a231f7c2a31c7aae00b93460b68cc20c487b42fcdcb4cc807d584e8f8757632186bb8a4d8d92cf8&pst=1701527839&rmtc=t HTTP/1.1
Host: sensualtestresume.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://top1pornmovies.sexjanet.com
Referer: http://top1pornmovies.sexjanet.com/
DNT: 1
Connection: keep-alive
Cookie: u_pl=17763957; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzc2Mzk1NywiayI6IjExMTE1NDM1YzM1ZTZiOTY2YjkwYTVmOTM2ZTBlZGNjIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxOTU5OTYxLCJwaWQiOjI4ODQzNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjo1LCJwdCI6NCwicGsiOiJkNXdyanVydCIsImNwa3MiOnsiMjkiOiI4ZjlmYzY3ZTNiNWIzNjhmMWM3MmM5YmVkNDNhMGY0MSJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cDovL3RvcDFwb3JubW92aWVzLnNleGphbmV0LmNvbS8iLCJhciI6W119fQ.9LfKaLaGzJMdyf2clAdjqu4Ue4HGL_OZVtnjKJKJg6I
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 14:36:20 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://top1pornmovies.sexjanet.com
Access-Control-Allow-Origin: http://top1pornmovies.sexjanet.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=c183314b-18db-4311-b819-cf40836c4c8a:2:1; expires=Sat, 09 Dec 2023 14:36:20 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 03 Dec 2023 14:36:20 GMT; secure; SameSite=None
uncs=1; expires=Sun, 03 Dec 2023 14:36:20 GMT; secure; SameSite=None
pdhtkv5=true; expires=Sun, 03 Dec 2023 14:36:20 GMT; secure; SameSite=None
uncs5=1; expires=Sun, 03 Dec 2023 14:36:20 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d70993e3c63ad16acc6d98823eb4e9ae
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

go.mnaspm.com/api/models?quality=240p&webp=1&forceClient=1&stripcashR=0&limit=1&usePreroll=0

104.18.59.150

824 B

URL
go.mnaspm.com/api/models?quality=240p&webp=1&forceClient=1&stripcashR=0&limit=1&usePreroll=0
IP
104.18.59.150:0
ASN
#13335 CLOUDFLARENET

File type
JSON data\012- , ASCII text, with very long lines (1711), with no line terminators
Size
824 B (824 bytes)
Hash
9ff10dddaa2c26ca30fab856f415bf18
3fe21fd116a6980b43f635ff6d9672d9df9f9911
1b2fdbd0aded2e44f91bcd7318a5c087863d8cb6b924dec43673b5bd8cbfa88a

HTTP Headers

GET /api/models?quality=240p&webp=1&forceClient=1&stripcashR=0&limit=1&usePreroll=0 HTTP/1.1
Host: go.mnaspm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.mnaspm.com/
Origin: https://creative.mnaspm.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 02 Dec 2023 14:36:19 GMT
content-type: application/json
access-control-allow-origin: https://creative.mnaspm.com
access-control-allow-credentials: true
vary: Origin, Accept-Encoding
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64
last-modified: Sat, 02 Dec 2023 14:35:38 GMT
cf-cache-status: HIT
age: 8
server: cloudflare
cf-ray: 82f44d2e0a765691-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

poweredby.jads.co/js/jads.js

185.94.236.246

178 B

URL
poweredby.jads.co/js/jads.js
IP
185.94.236.246:0
ASN
#42567 Mojohost B.v.

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
178 B (178 bytes)
Hash
cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d

HTTP Headers

GET /js/jads.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 02 Dec 2023 14:36:20 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: jads2.js

poweredby.jads.co/js/jads.js

185.94.236.246

178 B

URL
poweredby.jads.co/js/jads.js
IP
185.94.236.246:0
ASN
#42567 Mojohost B.v.

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
178 B (178 bytes)
Hash
cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d

HTTP Headers

GET /js/jads.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 02 Dec 2023 14:36:20 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: jads2.js

static-assets.highwebmedia.com/cachebust/911-react-085e2783e995297520d8.js

104.16.94.42

17 kB

URL
static-assets.highwebmedia.com/cachebust/911-react-085e2783e995297520d8.js
IP
104.16.94.42:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, Unicode text, UTF-8 text, with very long lines (62064), with no line terminators
Size
17 kB (16681 bytes)
Hash
8490259a11448dd8dea4c6fab5f421cb
004e094423aa61bd7448e65fe0cac7c070477148
1493f3e5a4b36f12fa17ca7f04c26231989dc6b3ecd43b1d01e9cbfd0901e9bd

HTTP Headers

GET /cachebust/911-react-085e2783e995297520d8.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:19 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=62128
etag: W/"401985cfbbfe6791ffef87e2043d3dcc"
last-modified: Wed, 29 Nov 2023 17:03:10 GMT
x-amz-id-2: 7n5GJsjxrspubFrhY+XCETZjYLgdu4/aztAhJRqJPLenCV+159ncmlShQwaaeOaoNoYtbJznk6I=
x-amz-meta-s3cmd-attrs: md5:401985cfbbfe6791ffef87e2043d3dcc
x-amz-request-id: 6C1AVD7M5WCVCSR5
x-amz-server-side-encryption: AES256
cf-cache-status: HIT
age: 250208
expires: Mon, 01 Jan 2024 14:36:19 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8w5P0CFqkaPE1HYV%2BV3KgqdEmCqUOsNxE5EINy%2Fl4lZ2QgFIE2QLyP4dO0Twicq3A2HA8qeoSK0HEheL3s%2FoRVOTfdfnPJH6kWH2GaG2w5C7%2BjqJVoMhq2cA9IJgzQzkRCg4TsB6madLL6UvmnltrQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=oSFE2ORTazbn4CAnqoiApL09gx6kR6378zRGtbSzT0g-1701527779633-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 82f44d2ea9110b31-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

static-assets.highwebmedia.com/CACHE/js/output.14a236a94bf9.js

104.16.94.42

45 kB

URL
static-assets.highwebmedia.com/CACHE/js/output.14a236a94bf9.js
IP
104.16.94.42:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (29587)
Size
45 kB (45186 bytes)
Hash
15cb7683dc2bd61190aed1eed8099a79
b2f6f5a518a660a22226a14bbe37585037dd0903
14a236a94bf9a3312f6e2acb6ed6f4cfcbfa9fbcc73064a33bf733ce46ef9f66

HTTP Headers

GET /CACHE/js/output.14a236a94bf9.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:19 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
etag: W/"15cb7683dc2bd61190aed1eed8099a79"
last-modified: Thu, 24 Jun 2021 21:24:02 GMT
x-amz-id-2: N0MKbQjQr8TPIuw/4OQLujge4juE6kazr42uqCVvT79nzecleKfVifXJP25bvuRrdfIbstAQdl0=
x-amz-meta-s3cmd-attrs: md5:15cb7683dc2bd61190aed1eed8099a79
x-amz-request-id: CAH2HF6NT0N8723W
cf-cache-status: HIT
age: 820399
expires: Mon, 01 Jan 2024 14:36:19 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SabFrBek6mJBOCP0TzuPyQo7vZH8yQ8jN6eRzDDrQHJfT1FCQbmptPrugMuv%2FWB6Z6SCuRPjl5VQgWx4J50kgm4CsIqiFPp6koPpU%2Fo%2BQL8I%2FVXEZ5XBWgc1PFGR5TgCeUgzl3QRw8rbWo6M6CoSQg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=I1pJ_axlfFN4MuXtqAyHcWL9sjQyvmbXuk.gXTnsRRY-1701527779635-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 82f44d2ea9180b31-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

semicolonrichsieve.com/watch.934729727976.js?key=539d71c7c61ed9e36ed1dd6ab6acffc8&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%2C%22porn%22%2C%22pictures%22%2C%22and%22%2C%22xxx%22%2C%22galleries%22%5D&refer=http%3A%2F%2Ftop1pornmovies.sexjanet.com%2F&tz=0&dev=e&res=14.3093&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1&shu=c8accc8a1f30e6496a39f8ec0663682765145ad97f347d481b39b568b071b9bb64f25b054ed1c469d7ff3badf688cf83d9b097059c905efd446a6a704796c0f568f4a09fbbdcf214bc5be53d53fbdbebfd8bc9a4da2a8b3fed187b979a0a9219a7&pst=1701527839&rmtc=t

173.233.137.44

2.1 kB

URL
semicolonrichsieve.com/watch.934729727976.js?key=539d71c7c61ed9e36ed1dd6ab6acffc8&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%2C%22porn%22%2C%22pictures%22%2C%22and%22%2C%22xxx%22%2C%22galleries%22%5D&refer=http%3A%2F%2Ftop1pornmovies.sexjanet.com%2F&tz=0&dev=e&res=14.3093&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1&shu=c8accc8a1f30e6496a39f8ec0663682765145ad97f347d481b39b568b071b9bb64f25b054ed1c469d7ff3badf688cf83d9b097059c905efd446a6a704796c0f568f4a09fbbdcf214bc5be53d53fbdbebfd8bc9a4da2a8b3fed187b979a0a9219a7&pst=1701527839&rmtc=t
IP
173.233.137.44:0
ASN
#7979 SERVERS-COM

File type
HTML document, ASCII text, with very long lines (2661)
Size
2.1 kB (2139 bytes)
Hash
47bf86134ebe063181e5752c7018d574
3fc8345e48cf93f14b4e07598e8c7178d201b342
7481bcb41007b1f716aa79cd2733d368c85b0bb21b955c73668582cf380e9902

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.934729727976.js?key=539d71c7c61ed9e36ed1dd6ab6acffc8&kw=%5B%22free%22%2C%22sex%22%2C%22pics%22%2C%22porn%22%2C%22pictures%22%2C%22and%22%2C%22xxx%22%2C%22galleries%22%5D&refer=http%3A%2F%2Ftop1pornmovies.sexjanet.com%2F&tz=0&dev=e&res=14.3093&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1&shu=c8accc8a1f30e6496a39f8ec0663682765145ad97f347d481b39b568b071b9bb64f25b054ed1c469d7ff3badf688cf83d9b097059c905efd446a6a704796c0f568f4a09fbbdcf214bc5be53d53fbdbebfd8bc9a4da2a8b3fed187b979a0a9219a7&pst=1701527839&rmtc=t HTTP/1.1
Host: semicolonrichsieve.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://top1pornmovies.sexjanet.com
Referer: http://top1pornmovies.sexjanet.com/
DNT: 1
Connection: keep-alive
Cookie: u_pl=17743402; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzc0MzQwMiwiayI6IjUzOWQ3MWM3YzYxZWQ5ZTM2ZWQxZGQ2YWI2YWNmZmM4Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNTAzNjQ5LCJwaWQiOjI4ODQzNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjo1LCJwdCI6NCwicGsiOiJ4M2J0dWpzdWsiLCJjcGtzIjp7IjI5IjoiZDgyOTQxODg4Y2E4MGI1ZTAyNGM0ZDBhN2NhYjA0NDAifSwidCI6MX0sInUiOnsidSI6MiwiYXUiOjIsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6ZmFsc2UsInIiOiJodHRwOi8vdG9wMXBvcm5tb3ZpZXMuc2V4amFuZXQuY29tLyIsImFyIjpbXX19.2l5h6odbGtcJtvl2WdkOqqXSrHTMiHMfjRCIrkw17Rk; uid_id2=c183314b-18db-4311-b819-cf40836c4c8a:2:1; iprc9b70e4519600582a19a6958cf6e53a94=3569681; pdhtkv=true; uncs=1; pdhtkv5=true; uncs5=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 14:36:20 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://top1pornmovies.sexjanet.com
Access-Control-Allow-Origin: http://top1pornmovies.sexjanet.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=c183314b-18db-4311-b819-cf40836c4c8a:2:1; expires=Sat, 09 Dec 2023 14:36:20 GMT; secure; SameSite=None
uncs=2; expires=Sun, 03 Dec 2023 14:36:20 GMT; secure; SameSite=None
uncs5=2; expires=Sun, 03 Dec 2023 14:36:20 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 47a47883efd4852f88f598843e07f944
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

top1pornmovies.sexjanet.com/xo1/xo-am1?&se_referrer=&default_keyword=Free%20Sex%20Pics%2C%20Porn%20Pictures%20and%20XXX%20Galleries&&frm639e2ebb86ad8=script639e2ebb86ad9&_cid=507a49e0-058c-52fe-13d3-50e86735dadb11780

51.195.137.224

181 B

URL
top1pornmovies.sexjanet.com/xo1/xo-am1?&se_referrer=&default_keyword=Free%20Sex%20Pics%2C%20Porn%20Pictures%20and%20XXX%20Galleries&&frm639e2ebb86ad8=script639e2ebb86ad9&_cid=507a49e0-058c-52fe-13d3-50e86735dadb11780
IP
51.195.137.224:0
ASN
#16276 OVH SAS

File type
HTML document, ASCII text
Size
181 B (181 bytes)
Hash
5ed3d91f93532ab21b616a4146805c0a
9aa8637bf6b3fb597a28a7c18fbf4e983f15d685
70a52de938a17b302313bfa1c8e4242be635233fa5746d6b39bf071edc3ee0ae

HTTP Headers

GET /xo1/xo-am1?&se_referrer=&default_keyword=Free%20Sex%20Pics%2C%20Porn%20Pictures%20and%20XXX%20Galleries&&frm639e2ebb86ad8=script639e2ebb86ad9&_cid=507a49e0-058c-52fe-13d3-50e86735dadb11780 HTTP/1.1
Host: top1pornmovies.sexjanet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Cookie: _subid=s8hnpaculu4k; 61f26=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjhcIjoxNzAxNTI3ODcyfSxcImNhbXBhaWduc1wiOntcIjRcIjoxNzAxNTI3ODcyfSxcInRpbWVcIjoxNzAxNTI3ODcyfSJ9.EOMBSpvvFimsZrrWXxORtilYa-IOOIZ1sKQXcZCSDN4; _token=uuid_s8hnpaculu4k_s8hnpaculu4k656b4140372231.21744996; _ga_6R2F2JRCJE=GS1.1.1701527778.1.0.1701527778.0.0.0; _ga=GA1.1.1549605250.1701527779; dom3ic8zudi28v8lr6fgphwffqoz0j6c=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1; sb_main_d82941888ca80b5e024c4d0a7cab0440=1; sb_count_d82941888ca80b5e024c4d0a7cab0440=4; sb_main_28853392a76a14b1426991b6def2243b=1; sb_count_28853392a76a14b1426991b6def2243b=3; sb_main_8f9fc67e3b5b368f1c72c9bed43a0f41=1; sb_count_8f9fc67e3b5b368f1c72c9bed43a0f41=4; pbpr0tpuw4isk85t8yg3jb2lj5vqf=explosivegleameddesigner.com
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:20 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 181
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Expires: 0
Pragma: no-cache
Set-Cookie: _subid=s8hnpaculu85; expires=Tue, 02 Jan 2024 14:37:59 GMT; path=/
61f26=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjhcIjoxNzAxNTI3ODcyfSxcImNhbXBhaWduc1wiOntcIjRcIjoxNzAxNTI3ODcyfSxcInRpbWVcIjoxNzAxNTI3ODcyfSJ9.EOMBSpvvFimsZrrWXxORtilYa-IOOIZ1sKQXcZCSDN4; expires=Wed, 03 Nov 2077 05:15:58 GMT; path=/
_token=uuid_s8hnpaculu85_s8hnpaculu85656b4147527129.74412303; expires=Tue, 02 Jan 2024 14:37:59 GMT; path=/
Vary: Accept-Encoding
Access-Control-Allow-Origin: *

chaturbate.com/embed/mazzanti_/?join_overlay=1&tour=dTm0&campaign=Q2cRU&disable_sound=1&mobileRedirect=auto&embed_video_only=1&id=2%7C164978%7C7017784%7Cno%7C94553%7C40900043%7C5675441%7C1%7C0%7C46%7C50304%7C%2C%2C%2C%2C%2C%7C4%7C0%7C0%7C1%2C2%2C3%2C6%2C12%2C13%2C19%2C21%2C26%7C0%7C0%7Cen%7C1%7C91.90.42.154%7C0%7C0%7C0%7C0%7C3143242

104.18.100.40

60 kB

URL
chaturbate.com/embed/mazzanti_/?join_overlay=1&tour=dTm0&campaign=Q2cRU&disable_sound=1&mobileRedirect=auto&embed_video_only=1&id=2%7C164978%7C7017784%7Cno%7C94553%7C40900043%7C5675441%7C1%7C0%7C46%7C50304%7C%2C%2C%2C%2C%2C%7C4%7C0%7C0%7C1%2C2%2C3%2C6%2C12%2C13%2C19%2C21%2C26%7C0%7C0%7Cen%7C1%7C91.90.42.154%7C0%7C0%7C0%7C0%7C3143242
IP
104.18.100.40:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (54753)
Size
60 kB (59839 bytes)
Hash
84d7a9687890c8c2f9767e5a34830589
14b2ce5264ddb40ffaa03288a4d499d2f86c87b4
a4776d84f3a2e652124f20f8855ad8bdd4fc9e6b85cee9b00fbc3eebddb034c9

HTTP Headers

GET /embed/mazzanti_/?join_overlay=1&tour=dTm0&campaign=Q2cRU&disable_sound=1&mobileRedirect=auto&embed_video_only=1&id=2%7C164978%7C7017784%7Cno%7C94553%7C40900043%7C5675441%7C1%7C0%7C46%7C50304%7C%2C%2C%2C%2C%2C%7C4%7C0%7C0%7C1%2C2%2C3%2C6%2C12%2C13%2C19%2C21%2C26%7C0%7C0%7Cen%7C1%7C91.90.42.154%7C0%7C0%7C0%7C0%7C3143242 HTTP/1.1
Host: chaturbate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://go.eabids.com/
DNT: 1
Connection: keep-alive
Cookie: __cf_bm=oahF8zudTlZsXXjxC5Y.1uu5Hbo3W2Bo.N7iDpMTstM-1701527777-0-AZA4/FS/9UILQBWnO7tFCxwRMx+pdPx3qdGHm7B3GYZ27xe4koKzP1qmMPSd4TUC5rhqfJtTSIkvCa0GrfuLu34=
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 02 Dec 2023 14:36:18 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding, Cookie, Accept-Language
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
content-language: en
content-security-policy: default-src 'self';  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mmcdn.com https://*.static.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://ajax.googleapis.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://*.googletagmanager.com https://www.google.com/recaptcha/ https://www.google.com/cv/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/cv/ https://www.gstatic.com/eureka/ https://www.gstatic.com/cast/ https://*.nr-data.net https://certify-js.alexametrics.com https://player.vimeo.com/api/player.js https://static.hotjar.com https://script.hotjar.com ;  style-src 'self' data: 'unsafe-inline' https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://static.hotjar.com https://script.hotjar.com;  img-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://*.stream.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://*.google-analytics.com https://*.googletagmanager.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://cdnjs.cloudflare.com https://www.gstatic.com https://*.nr-data.net https://certify.alexametrics.com https://stats.g.doubleclick.net https://cbgames.s3.amazonaws.com https://player.vimeo.com https://script.hotjar.com http://script.hotjar.com ;  font-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com ;  connect-src 'self' blob: blob https://*.mmcdn.com wss://*.mmcdn.com wss://*.mmcdn.com:8443 https://*.highwebmedia.com wss://*.highwebmedia.com wss://*.highwebmedia.com:8443 https://*.nr-data.net https://*.chaturbate.com https://chaturbate.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://*.googletagmanager.com https://cbvideoupload.s3-accelerate.amazonaws.com https://stats.g.doubleclick.net https://internet-up.ably-realtime.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://tls-use1.fpapi.io https://use1.fptls.com https://eun1.fptls.com https://aps1.fptls.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com ;  media-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com mediasource: blob: data: https://storage.googleapis.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com;  object-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://download.macromedia.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ;  frame-src 'self' https://*.mmcdn.com https://*.chaturbate.com https://chaturbate.com https://*.highwebmedia.com https://adserver.exoticads.com https://www.google.com/recaptcha/ https://*.wnu.com https://wnu.com https://checkout.2000charge.com https://www.sofort.com https://*.girogate.de https://player.vimeo.com https://vars.hotjar.com https://directory-live.cb.dev https://*.web.cb.dev ;  child-src 'self' blob: blob ;  worker-src 'self' blob: blob ;  form-action 'self' https://*.chaturbate.com https://chaturbate.com https://*.stream.highwebmedia.com https://*.wnu.com https://wnu.com https://devportal.cb.dev https://*.web.amer-1.jumio.ai https://saas-onboarding.incodesmile.com https://smartpay.coinsmart.com https://crypto-payments.net https://secure.paygarden.com ;  manifest-src 'self' https://*.mmcdn.com https://*.highwebmedia.com ;  report-uri https://report-uri.mmcdn.com/r/t/csp/enforce;
report-to: {"group":"default","max_age":2592000,"endpoints":[{"url":"https://report-uri.mmcdn.com/a/t/g"}],"include_subdomains":true}
nel: {"report_to":"default","max_age":2592000,"include_subdomains":true}
cache-control: no-cache
set-cookie: csrftoken=rZ3gKdScUVpV26NUkCv70rfJcSmy1I5u1m6utpzJ3dFTBTtIqWn4b73jFdhIvQpM; Domain=.chaturbate.com; expires=Sat, 30 Nov 2024 14:36:18 GMT; Max-Age=31449600; Path=/; Secure
affkey="eJyrVipSslJQyigpKbDS10/P10tNTMpMKdZLzs/VV6oFAJBCCa0="; Domain=.chaturbate.com; expires=Mon, 01 Jan 2024 14:36:18 GMT; Max-Age=2592000; Path=/
sbr=sec:sbrf70b66b3-8272-44d1-be3c-00bc9dde55df:1r9R6Q:xxis-2zsEpFoaEOTP0YgE3WKP1A; Domain=.chaturbate.com; expires=Thu, 27 Aug 2026 14:36:18 GMT; HttpOnly; Max-Age=86313600; Path=/; Secure
pageaction_sample_id=5; expires=Sat, 02 Dec 2023 15:36:18 GMT; Max-Age=3600; Path=/
tbu_mazzanti_=""; expires=Thu, 01 Jan 1970 00:00:00 GMT; Max-Age=0; Path=/
cb_legacy=""; expires=Thu, 01 Jan 1970 00:00:00 GMT; Max-Age=0; Path=/
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=https://report-uri.highwebmedia.com/r/t/xss/enforce
referrer-policy: strict-origin-when-cross-origin
via: 1.1 google
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 82f44d26de7656bb-OSL
content-encoding: br

static-assets.highwebmedia.com/cachebust/746-prod-0898cd0d22231db949ec.js

104.16.94.42

4.8 kB

URL
static-assets.highwebmedia.com/cachebust/746-prod-0898cd0d22231db949ec.js
IP
104.16.94.42:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (14290), with no line terminators
Size
4.8 kB (4835 bytes)
Hash
0c9e3d03db254e6d642d62bc138476c3
1fdb9028f5d5a9d23ea216092a18bced3f473317
3df0e4a15a6f9c70f0906468c12cdc313875975a55be27f942751d0935bf7f57

HTTP Headers

GET /cachebust/746-prod-0898cd0d22231db949ec.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:19 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=14351
etag: W/"7db58db61269f17aa19645f60a2c11b6"
last-modified: Fri, 20 Oct 2023 05:06:07 GMT
x-amz-id-2: 7XWnTDhyDIX6M6OYZKroupYRmdpKKmIERoyL9BZHL76peGSDo4GGT2Cn8WjtghX7o68Wp0Wtp8M=
x-amz-meta-s3cmd-attrs: md5:7db58db61269f17aa19645f60a2c11b6
x-amz-request-id: 1NY47TVGV89WWXXQ
x-amz-server-side-encryption: AES256
cf-cache-status: HIT
age: 464451
expires: Mon, 01 Jan 2024 14:36:19 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EPU7RdwMqSy8huh2rYiG2JCCdRaiM9VA1WLZakAktGv0psxbVF1nSHex3ibEt73xE7bEA7v6A15%2Fp7sGNOTrhPezRRCgPN%2BuAWrcu5b%2BqTKlBBZBdso%2F6YIbQMHJuTKAg7VFvRy5MoR1gCm5fBx7gg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=X3eDaJkr.yio_DLRpg0S.5boX7mC95Z.BwAKbkd_JL0-1701527779738-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 82f44d2f598e0b31-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

static-assets.highwebmedia.com/cachebust/62-prod-89ef3a02cceb56378488.js

104.16.94.42

440 kB

URL
static-assets.highwebmedia.com/cachebust/62-prod-89ef3a02cceb56378488.js
IP
104.16.94.42:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65536), with no line terminators
Size
440 kB (440181 bytes)
Hash
38874a08a6449f276871149131de79df
ecaa46d1810d5763a4f3779983f4c74484f07c28
b1daedd681e125abca1b9b96d7ceb3684d393daed1a514196dacd1541ec58f59

HTTP Headers

GET /cachebust/62-prod-89ef3a02cceb56378488.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:19 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=1964179
etag: W/"2eefbdbf5fa0000a6c9ae9df5485ef38"
last-modified: Wed, 29 Nov 2023 17:03:10 GMT
x-amz-id-2: sHuDVLiCV/CNaZ9e4RXr8T9dJtsBS7kYB7KjYRkjiADjSNL0s7jDHIMZ3MCmavHzBf8xGcm7+uU=
x-amz-meta-s3cmd-attrs: md5:2eefbdbf5fa0000a6c9ae9df5485ef38
x-amz-request-id: 6C19NTTM9P4QZS3S
x-amz-server-side-encryption: AES256
cf-cache-status: HIT
age: 250208
expires: Mon, 01 Jan 2024 14:36:19 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qmhZvCoNbsYb5VhwIQxJp5oMtXtQ%2BNRaMcGrK%2B0cpWF2nHGhv7ke8uCWoQNvB1Zgjit0uKBIrkZfQ2k5LveMkeX1sUr8BrRz9ihbWuNPyl9CHoiMAKPkrAWDGGuVUrxnB6MuswHUn5oi2J75PauGlQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=bDq_Q1nM1BXXjfdy5JkrIbyzIN15fh.uXA24SLrr5o8-1701527779637-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 82f44d2ea91c0b31-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

static-assets.highwebmedia.com/vendor/fingerprintjs-pro-cb.min.js

104.16.94.42

43 kB

URL
static-assets.highwebmedia.com/vendor/fingerprintjs-pro-cb.min.js
IP
104.16.94.42:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (65424)
Size
43 kB (42564 bytes)
Hash
1e7add1aef38c18143ef3d41c084f74a
be95a08cd0960dcd0849da0343a1b1d40c6bcb4e
25cfa5ec6d2a5fb07071d713046189c9ddb87656f92d0984560e99f5f1e7c3e4

HTTP Headers

GET /vendor/fingerprintjs-pro-cb.min.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:19 GMT
content-type: application/javascript
x-amz-id-2: MYHTblWbaVEPZNjUlv8/vIaD99MvB9XQJJBnoiTj7IJOBfaZyWa2WcBGgxICEX2sV+btakN9dvY=
x-amz-request-id: N2SSVTMTWHZ1FHFA
last-modified: Tue, 03 Oct 2023 23:37:24 GMT
etag: W/"1e7add1aef38c18143ef3d41c084f74a"
x-amz-server-side-encryption: AES256
x-amz-meta-s3cmd-attrs: md5:1e7add1aef38c18143ef3d41c084f74a
cache-control: public, max-age=2592000
cf-cache-status: HIT
age: 374109
expires: Mon, 01 Jan 2024 14:36:19 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qiGSvC1HZd0gNErhalZB91uc7Sl8I54%2FRNWrJYnlidugIjBgw2rIUVSNjQTK%2FGISJ3CjT3%2FmrocfFSLam%2BErLz%2FHUeZjq0nRQOAbaFJCvf%2BknBY9gUZg8KjEMc67lCu7qvenH8Sgzq9myQqjKRkbxQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=Xd7mVN71i8UUrdFkMLYLMUha0RvTcYIii6hJ7XRmDbQ-1701527779737-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 82f44d2f498a0b31-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

static-assets.highwebmedia.com/cachebust/runtime-react-73812af82c489b5fe5be.js

104.16.94.42

1.6 kB

URL
static-assets.highwebmedia.com/cachebust/runtime-react-73812af82c489b5fe5be.js
IP
104.16.94.42:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (2262), with no line terminators
Size
1.6 kB (1608 bytes)
Hash
1f4e645bc0a1d919d29b7bf7c46cb1cb
640d588dd8640e6c0b1fb99cd780edc702f19b75
4a102ac193d9915d67fb69b759e95d8cd0e06fa4165382e2e7131e12218713ca

HTTP Headers

GET /cachebust/runtime-react-73812af82c489b5fe5be.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:19 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=2325
etag: W/"2ac73670ea6e5bd0046e5fb55c5af690"
last-modified: Tue, 05 Sep 2023 22:31:25 GMT
x-amz-id-2: 7rrfDlWCnE773b0q6dFwG6igjopPrb4VM9Gv8DZqPqrSelMMiK6JjPIO+0pjLLNjHMS3HlUrPck=
x-amz-meta-s3cmd-attrs: md5:2ac73670ea6e5bd0046e5fb55c5af690
x-amz-request-id: CAH06BZKTR85C8SW
x-amz-server-side-encryption: AES256
cf-cache-status: HIT
age: 820399
expires: Mon, 01 Jan 2024 14:36:19 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bkKteHsExmT9KWcicpLJrHqlFfWrCkLVNcSOOpfZmpvibhTj%2Fft8y8sqHqfyGcmJfwmQGOJRvPG1fyvkOjTDj5TIS9qW6fU87P63NufAojw7dLcOlwja9b6j0NUH8F5zJzCwmhM3mcsjVsg1MYOquw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=86CfGT6sBQBXVr22plji6KntZc.qOh7qGNV6FfYhUZM-1701527779638-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 82f44d2ea9210b31-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap

142.250.74.106

693 B

URL
fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type
ASCII text
Size
693 B (693 bytes)
Hash
e8e4cfffdfbdea8388ebfcabeaa5eb5e
11886e1c95ae73f4839a30bf1fc93157c75f468e
611648a43dde7a75ebdd318079c5c21d48d2d1d0a991b08b304376c5f0775fb9

HTTP Headers

GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Sat, 02 Dec 2023 14:36:20 GMT
Date: Sat, 02 Dec 2023 14:36:20 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff

cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/img/yes-button.png

172.64.109.10

17 kB

URL
cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/img/yes-button.png
IP
172.64.109.10:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 385 x 268, 8-bit colormap, non-interlaced\012- data
Size
17 kB (17346 bytes)
Hash
cb0bdba1c9de3092ecbfd36aae790057
b7aa35b48d0c43cc5b00d175f11b48f9861d3881
e0a31e22e9f31eaa0272174ec8f83d114255891c8079c5ece376a7c734e38c6e

HTTP Headers

GET /sb/interstitial/games/hentai-heroes/main/9/img/yes-button.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:20 GMT
content-type: image/png
content-length: 17346
last-modified: Tue, 24 Oct 2023 12:21:35 GMT
etag: "6537b6cf-43c2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 262095
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Nk7ttBwSDAqYrnbBVJy9ZFxuL7i%2BoLsTZCNj7TDVRlFu334eaiJKbYVUeF3B%2BsRZih1ynGDCPs8DGEVbJmtL5OwewAgc%2FPGsuhaTE6i%2Fqvc3iDOQLNYJX9MPg5tULyjXKLx5stt5BGOo"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f44d36cacd71bc-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/img/yes-button.png

172.64.109.10

17 kB

URL
cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/img/yes-button.png
IP
172.64.109.10:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 385 x 268, 8-bit colormap, non-interlaced\012- data
Size
17 kB (17346 bytes)
Hash
cb0bdba1c9de3092ecbfd36aae790057
b7aa35b48d0c43cc5b00d175f11b48f9861d3881
e0a31e22e9f31eaa0272174ec8f83d114255891c8079c5ece376a7c734e38c6e

HTTP Headers

GET /sb/interstitial/games/hentai-heroes/main/9/img/yes-button.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:20 GMT
content-type: image/png
content-length: 17346
last-modified: Tue, 24 Oct 2023 12:21:35 GMT
etag: "6537b6cf-43c2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 262095
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3ThUZnRKqPkZNweyh7xAD1Jb3rgKRhk1ATR8aCmoZWIEM7XnTszU9BCTrUp7rMU%2F1N7OJWnyANMTGZqHaDkL9kWbbVvi5%2FVpai9d9RTfK281NfSjHoNNsuznk%2FCkt%2Bd9eaxj8Ze79Gnr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f44d36eae371bc-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/img/yes-button.png

172.64.109.10

17 kB

URL
cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/img/yes-button.png
IP
172.64.109.10:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 385 x 268, 8-bit colormap, non-interlaced\012- data
Size
17 kB (17346 bytes)
Hash
cb0bdba1c9de3092ecbfd36aae790057
b7aa35b48d0c43cc5b00d175f11b48f9861d3881
e0a31e22e9f31eaa0272174ec8f83d114255891c8079c5ece376a7c734e38c6e

HTTP Headers

GET /sb/interstitial/games/hentai-heroes/main/9/img/yes-button.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:20 GMT
content-type: image/png
content-length: 17346
last-modified: Tue, 24 Oct 2023 12:21:35 GMT
etag: "6537b6cf-43c2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 262095
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v778EnUvXyEBMJDTAUvNlahmI9D3T0tVAah3xjknGnRM1BOYjwGbzJgb0t%2F7IURfg65lnxPlUqxO3LzMXdQj%2BX1m%2BDI%2FHr7KhrTVEOG%2FvTpwIpOt7cwtvJ%2BXqsmYQYu79K4eo1eHo8%2BC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f44d36eaec71bc-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

static-assets.highwebmedia.com/cachebust/346-react-e4cb082f369152b01a87.js

104.16.94.42

64 kB

URL
static-assets.highwebmedia.com/cachebust/346-react-e4cb082f369152b01a87.js
IP
104.16.94.42:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65536), with no line terminators
Size
64 kB (64445 bytes)
Hash
33b7aa8db8c6a49f046ab890cccd41e6
9f74088cedefa705d00a91c1dac5c3b6bc8c7e9d
3640954b30e90ee65f83047c4fba0b53f6d7a2222d2904c458e272d45b7b308c

HTTP Headers

GET /cachebust/346-react-e4cb082f369152b01a87.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:19 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=196432
etag: W/"e9757fd04edd4f87a25a977a9f7e1fd5"
last-modified: Thu, 09 Nov 2023 01:15:59 GMT
x-amz-id-2: fESnRpuKWz62hsGqzvhqdYd6iTmQn/jvI6ywiGaffv0OzJ3YijnG/dHrz1gVP8LTGS7JkRfHcvY=
x-amz-meta-s3cmd-attrs: md5:e9757fd04edd4f87a25a977a9f7e1fd5
x-amz-request-id: Y9HR39GMQDFE914A
x-amz-server-side-encryption: AES256
cf-cache-status: HIT
age: 640036
expires: Mon, 01 Jan 2024 14:36:19 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0ty%2BBx86cJt907RkTZ%2Ffqaf8LVRG%2FYaBj%2Fdfq4ufTGPKHNfVODnwOYbBVgAz5EHE7mEe7vB%2Fj7vFUmfl9PfvQArCX6rylDQ0qj11KkQ0l49yM31gdaGv3z2zVRl12OyWQEtwn4xv1INiL1N0o2%2BLlw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=kOq_hDrrAzlhbW69YytnAfqdzmwITHEgiePvt37VLbY-1701527779634-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 82f44d2ea90e0b31-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/img/yes-button.png

172.64.109.10

17 kB

URL
cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/img/yes-button.png
IP
172.64.109.10:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 385 x 268, 8-bit colormap, non-interlaced\012- data
Size
17 kB (17346 bytes)
Hash
cb0bdba1c9de3092ecbfd36aae790057
b7aa35b48d0c43cc5b00d175f11b48f9861d3881
e0a31e22e9f31eaa0272174ec8f83d114255891c8079c5ece376a7c734e38c6e

HTTP Headers

GET /sb/interstitial/games/hentai-heroes/main/9/img/yes-button.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:20 GMT
content-type: image/png
content-length: 17346
last-modified: Tue, 24 Oct 2023 12:21:35 GMT
etag: "6537b6cf-43c2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 262095
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=drC7dR%2BmcNXqnC5fw0z3y6FfAZjpI4jgavtuc4AcDeLYIdPHSpMu9QLqYTnAZLOhA9coTzC96b1vlKhYSx2DRZe2mDrLtqZSBGBKe%2Bj8VhHLSIftXA9SrIrErt%2Bx%2BmiDyM%2FkyKYrPaPf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f44d36faf271bc-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/img/yes-button.png

172.64.109.10

17 kB

URL
cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/img/yes-button.png
IP
172.64.109.10:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 385 x 268, 8-bit colormap, non-interlaced\012- data
Size
17 kB (17346 bytes)
Hash
cb0bdba1c9de3092ecbfd36aae790057
b7aa35b48d0c43cc5b00d175f11b48f9861d3881
e0a31e22e9f31eaa0272174ec8f83d114255891c8079c5ece376a7c734e38c6e

HTTP Headers

GET /sb/interstitial/games/hentai-heroes/main/9/img/yes-button.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:20 GMT
content-type: image/png
content-length: 17346
last-modified: Tue, 24 Oct 2023 12:21:35 GMT
etag: "6537b6cf-43c2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 262095
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BE5WGdCDIlkRvEg%2FB5INiJZr5kxm6YLDHMI7c0zgd%2B4lpMYvtEKODMU84svP7oOYifRHgx2JZN7BQJUGPjX5ioeiuo7ymehe8cwKVjOy9POXiznQ7QiYrmBC6QrjV52Tfds9JIFCe%2B0b"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f44d36faf871bc-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

poweredby.jads.co/js/jads2.js

185.94.236.246

1.7 kB

URL
poweredby.jads.co/js/jads2.js
IP
185.94.236.246:0
ASN
#42567 Mojohost B.v.

File type
ASCII text, with very long lines (3758), with no line terminators
Size
1.7 kB (1719 bytes)
Hash
bc8141c4650030c41f6a98026b12ce80
af5618f7e467a207d4c64627be580283ab5640cd
5ad0b5133e45b32908a388c8c6dcfca2c23d1d9d3e2ed6a839a742bab1ffde51

HTTP Headers

GET /js/jads2.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://top1pornmovies.sexjanet.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:20 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 20 Sep 2023 21:26:09 GMT
Transfer-Encoding: chunked
Connection: close
ETag: W/"650b6371-eae"
Content-Encoding: gzip

cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/img/yes-button.png

172.64.109.10

17 kB

URL
cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/img/yes-button.png
IP
172.64.109.10:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 385 x 268, 8-bit colormap, non-interlaced\012- data
Size
17 kB (17346 bytes)
Hash
cb0bdba1c9de3092ecbfd36aae790057
b7aa35b48d0c43cc5b00d175f11b48f9861d3881
e0a31e22e9f31eaa0272174ec8f83d114255891c8079c5ece376a7c734e38c6e

HTTP Headers

GET /sb/interstitial/games/hentai-heroes/main/9/img/yes-button.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:20 GMT
content-type: image/png
content-length: 17346
last-modified: Tue, 24 Oct 2023 12:21:35 GMT
etag: "6537b6cf-43c2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 262095
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G%2FV%2BiYvKNsEEWUspUGvBHxaYOzdg1Wp8ZWmzK%2Fo1NHqtTLhcUJ69WWrC2sadUda%2FTLS97lrCCBXIVpXNJsh1HXmX03EjYI2BIsEnbwOgtKlusYC7yijAC%2Fl2YeKLfDTJkaEuox0gcxBZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f44d36fb0171bc-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/img/yes-button.png

172.64.109.10

17 kB

URL
cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/img/yes-button.png
IP
172.64.109.10:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 385 x 268, 8-bit colormap, non-interlaced\012- data
Size
17 kB (17346 bytes)
Hash
cb0bdba1c9de3092ecbfd36aae790057
b7aa35b48d0c43cc5b00d175f11b48f9861d3881
e0a31e22e9f31eaa0272174ec8f83d114255891c8079c5ece376a7c734e38c6e

HTTP Headers

GET /sb/interstitial/games/hentai-heroes/main/9/img/yes-button.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:20 GMT
content-type: image/png
content-length: 17346
last-modified: Tue, 24 Oct 2023 12:21:35 GMT
etag: "6537b6cf-43c2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 262095
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tZt7ZabfXihTscOR3G9iuh3t29m3YkDNrkyKkUtYtl%2FNm0del4PZ6AU20mwdSwrzTdeKoG1psG9Lh%2BrEmhfnH2ftAJNfEEB5er%2B3jZ4Dlv6hI%2Bvj0%2BVKTy24vjyRJJLoesUZ9AT%2F%2FHE7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f44d370b0871bc-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

static-assets.highwebmedia.com/cachebust/979-react-f36a69be17adb6cd97cf.js

104.16.94.42

28 kB

URL
static-assets.highwebmedia.com/cachebust/979-react-f36a69be17adb6cd97cf.js
IP
104.16.94.42:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (50830), with no line terminators
Size
28 kB (28114 bytes)
Hash
636b1c1879d37d0d2941cfecbd6118a9
d155a1f3043c2e87c14e29e3065b9631e545102d
6d9a6156cf8818bc763f25d257adb25bfb31ca3f1649ce861c02940f7b4c73d3

HTTP Headers

GET /cachebust/979-react-f36a69be17adb6cd97cf.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:19 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=50889
etag: W/"d7cdd97dca406d8500c604bb1c71c801"
last-modified: Mon, 13 Nov 2023 22:36:09 GMT
x-amz-id-2: 9Xp57fHmvaVA1VWDAbOYhrSqkdA/8X81Zo1BJVVKt5njfmsaMuBvkKW0T9Fu7fqW5wDgqqhF6m4=
x-amz-meta-s3cmd-attrs: md5:d7cdd97dca406d8500c604bb1c71c801
x-amz-request-id: PTRDBES4KJM4HXFM
x-amz-server-side-encryption: AES256
cf-cache-status: HIT
age: 475475
expires: Mon, 01 Jan 2024 14:36:19 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bHs6oXbgH%2BClOXkSgtFD5k5DB3yt4XO%2FsMZXsMXeAHqoq3EycdfzPSDWtRxb6UI4%2BG%2FwY8p337vy9RJXCsgjP8LcKeNdGR%2Bt375uAsd1kNs6NCGJ0j6vQ043INgm5HCITFcSpUwbd%2FROteGu3%2FYp1w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=bDq_Q1nM1BXXjfdy5JkrIbyzIN15fh.uXA24SLrr5o8-1701527779637-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 82f44d2ea9120b31-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/img/yes-button.png

172.64.109.10

17 kB

URL
cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/img/yes-button.png
IP
172.64.109.10:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 385 x 268, 8-bit colormap, non-interlaced\012- data
Size
17 kB (17346 bytes)
Hash
cb0bdba1c9de3092ecbfd36aae790057
b7aa35b48d0c43cc5b00d175f11b48f9861d3881
e0a31e22e9f31eaa0272174ec8f83d114255891c8079c5ece376a7c734e38c6e

HTTP Headers

GET /sb/interstitial/games/hentai-heroes/main/9/img/yes-button.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:21 GMT
content-type: image/png
content-length: 17346
last-modified: Tue, 24 Oct 2023 12:21:35 GMT
etag: "6537b6cf-43c2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 262096
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P8xxR%2FmkEVkHi8rYsmHzT0Fkzc7I71IJQcuEqXVgIc23NtoSUj9qeKwJospSrDspIP5m99cKHcIlv728ouQG%2B60mOIO2N2V290EFCCjkrjZS3uMOx3Ui9x8buBhQOh%2FgDauptgxB5Qpf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f44d377b7f71bc-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

static-assets.highwebmedia.com/CACHE/js/output.7cefc4a3ceb9.js

104.16.94.42

278 kB

URL
static-assets.highwebmedia.com/CACHE/js/output.7cefc4a3ceb9.js
IP
104.16.94.42:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (65528), with no line terminators
Size
278 kB (277815 bytes)
Hash
ef05d82da7ebb17ab160d40dbf116ca6
e80953076fe59a649bbb053c5b98097e69d9498c
d50488f4eeeac2396920c2e7e15ce4d7cfb922dc335ddc1568020cb919fc7ba5

HTTP Headers

GET /CACHE/js/output.7cefc4a3ceb9.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:19 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=964706
etag: W/"c778381a3053bdf40195b0aabfdd08e1"
last-modified: Mon, 27 Nov 2023 19:25:34 GMT
x-amz-id-2: nTXI2HcmUkVgnhCo6LYdb/S5nHm4BcM1gxPKiC4ie9d+bTqDrR/bsIuisYUgDD7/0fUcjkWvLJ4=
x-amz-meta-s3cmd-attrs: md5:c778381a3053bdf40195b0aabfdd08e1
x-amz-request-id: 82JRS1263CJGEBE0
x-amz-server-side-encryption: AES256
cf-cache-status: HIT
age: 414493
expires: Mon, 01 Jan 2024 14:36:19 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dSsAPH3wxcqD%2BWbhfozazvGRFy45yWrIMl1PWzB9UQu9GH7f9m9rqJbp%2FefzdVkfie9XAWbRQjsbv9FaK1vPNThi5EX0p%2BS09%2FmJpOCT2GGOJipaeZG505ONmjvgbtA1cySm%2BPFt4GDTMAM9XDnPpQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=X3eDaJkr.yio_DLRpg0S.5boX7mC95Z.BwAKbkd_JL0-1701527779738-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 82f44d2f49890b31-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

explosivegleameddesigner.com/sbar.json?key=8f9fc67e3b5b368f1c72c9bed43a0f41&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1

192.243.59.20

4.1 kB

URL
explosivegleameddesigner.com/sbar.json?key=8f9fc67e3b5b368f1c72c9bed43a0f41&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1
IP
192.243.59.20:0
ASN
#39572 DataWeb Global Group B.V.

File type
JSON data\012- , ASCII text, with very long lines (6177), with no line terminators
Size
4.1 kB (4051 bytes)
Hash
ca9f0d72b1a5989b12e399be182623af
abf0be56dbe303a3e6bef4df324e906c464d0acc
005f8a366d692fba8f10f6f4b761aba7d07fea50fc61b48e20f7ddb75eaecbc1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sbar.json?key=8f9fc67e3b5b368f1c72c9bed43a0f41&uuid=c183314b-18db-4311-b819-cf40836c4c8a%3A2%3A1 HTTP/1.1
Host: explosivegleameddesigner.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://top1pornmovies.sexjanet.com
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Cookie: u_pl=17787247; uid_id2=c183314b-18db-4311-b819-cf40836c4c8a:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 02 Dec 2023 14:36:21 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://top1pornmovies.sexjanet.com
Access-Control-Allow-Origin: http://top1pornmovies.sexjanet.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=c183314b-18db-4311-b819-cf40836c4c8a:2:1; expires=Sat, 09 Dec 2023 14:36:20 GMT; secure; SameSite=None
uncs=2; expires=Sun, 03 Dec 2023 14:36:21 GMT; secure; SameSite=None
uncs29=2; expires=Sun, 03 Dec 2023 14:36:21 GMT; secure; SameSite=None
slec8f9fc67e3b5b368f1c72c9bed43a0f41=[4714200]; expires=Sat, 02 Dec 2023 14:36:26 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a14d1ab9c0774a51e2db184505d38235
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/img/close.svg

172.64.109.10

2.1 kB

URL
cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/img/close.svg
IP
172.64.109.10:0
ASN
#13335 CLOUDFLARENET

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- exported SGML document, ASCII text
Size
2.1 kB (2069 bytes)
Hash
369850b9873659adf0951d845f57dba1
a64257186daa33b6b318943a457b6cf8d80b26b6
9630c142a8c074cc1809ebf4109538cf29cc0baeb6c27726191f1cf5376e2e21

HTTP Headers

GET /sb/interstitial/games/hentai-heroes/main/9/img/close.svg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:20 GMT
content-type: image/svg+xml
last-modified: Tue, 24 Oct 2023 12:21:33 GMT
etag: W/"6537b6cd-4ff"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1937671
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RwRoACUwFE%2B8lAChwrB0Zvrty7nAD5MWYyK4wS8urD187vl46FfAARJ3nNFLUW8G5HbjQmYjfyqEr1pk82Vukv4pcX62igeQA%2F8kuLMI5VAA4V1qGM08pFuEizfezv2eGk2SszJZzR%2FN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f44d36eae271bc-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

go.mnaspm.com/app/domain-checker/check-result

104.18.59.150

0 B

URL
go.mnaspm.com/app/domain-checker/check-result
IP
104.18.59.150:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /app/domain-checker/check-result HTTP/1.1
Host: go.mnaspm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.mnaspm.com/
Content-Type: text/plain;charset=UTF-8
Content-Length: 174
Origin: https://creative.mnaspm.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
date: Sat, 02 Dec 2023 14:36:21 GMT
access-control-allow-origin: https://creative.mnaspm.com
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64
cf-cache-status: DYNAMIC
set-cookie: __cflb=02DiuDFRFiBZBvMSLtsgHAjogiG8Ahr7aJXzPyqBRyQB6; SameSite=None; Secure; path=/; expires=Sun, 03-Dec-23 14:36:21 GMT; HttpOnly
server: cloudflare
cf-ray: 82f44d38cfff5691-OSL
alt-svc: h3=":443"; ma=86400

static-assets.highwebmedia.com/videos/canAutoplayInline.mp4

104.16.94.42

1.5 kB

URL
static-assets.highwebmedia.com/videos/canAutoplayInline.mp4
IP
104.16.94.42:0
ASN
#13335 CLOUDFLARENET

File type
ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Size
1.5 kB (1493 bytes)
Hash
ee4e90be549c5614ac6282a5b80a506b
b60da7c3c1ee54c060fac96fbde6e06dc31a914b
60ddc774c7b5fd0c01d169321a444da403d60c0042f6bee01b0c96f6e1535fda

HTTP Headers

GET /videos/canAutoplayInline.mp4 HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Referer: https://chaturbate.com/
Range: bytes=0-
DNT: 1
Connection: keep-alive
Cookie: _cfuvid=sX2YaZmAknVqY.pqkq.2LHqH1HSzAp.Liicij9zMQZ8-1701527779794-0-604800000
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 206 Partial Content
date: Sat, 02 Dec 2023 14:36:21 GMT
content-type: video/mp4
content-length: 1493
x-amz-id-2: q0jOREM8skPvZvA+davqUMP7JFNfQowbXqm+d08p7GXyHFqfXUS7KffZGCXaw/mprnptx+qaPKE=
x-amz-request-id: 7CR0NTHEY2JKQJHC
last-modified: Tue, 19 Jan 2021 22:07:03 GMT
etag: "ee4e90be549c5614ac6282a5b80a506b"
x-amz-meta-s3cmd-attrs: md5:ee4e90be549c5614ac6282a5b80a506b
cache-control: public, max-age=2592000
cf-cache-status: HIT
age: 460700
expires: Mon, 01 Jan 2024 14:36:21 GMT
content-range: bytes 0-1492/1493
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qrp0DNDVVSBXnsUb0FAffhJj6c%2BsDLGn6tq%2FGvIyFAM3S%2BrN9nzaetfjl%2FsxMHdjY1qY0Kkknic9cfUG8nvHZO%2F3hcMS2t3VjOsxGnVrHZmlltFxx8LZVx0pdkqWxnAs71iiBDY04eZhOUJ7m9o90g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f44d3d18f656bb-OSL
alt-svc: h3=":443"; ma=86400

static.eabids.com/data/bannerpools/112022/34102.gif

217.22.19.195

24 kB

URL
static.eabids.com/data/bannerpools/112022/34102.gif
IP
217.22.19.195:0
ASN
#42567 Mojohost B.v.

File type
GIF image data, version 89a, 160 x 600\012- data
Size
24 kB (24235 bytes)
Hash
8817553b7fd0c7541ebbc64e028966ee
fd961834ef5e2a561b518ddc32e16ff52ae9a13e
eac2d3211aac781900b6776d6bb2c8d3619307b30fb8a2732e8e59f1d30fd894

HTTP Headers

GET /data/bannerpools/112022/34102.gif HTTP/1.1
Host: static.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://go.eabids.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:21 GMT
Content-Type: image/gif
Content-Length: 24235
Last-Modified: Thu, 28 Apr 2022 13:46:28 GMT
Connection: keep-alive
ETag: "626a9ab4-5eab"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Backend-Server: nl2-static-222
Accept-Ranges: bytes

cdn.cloudimagesb.com/bi/5b/db/f4/5bdbf499043f4169d404a3c3eb555159/1665156718.jpg

45.133.44.9

21 kB

URL
cdn.cloudimagesb.com/bi/5b/db/f4/5bdbf499043f4169d404a3c3eb555159/1665156718.jpg
IP
45.133.44.9:0
ASN
#39572 DataWeb Global Group B.V.

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2], baseline, precision 8, 300x250, components 3\012- data
Size
21 kB (20649 bytes)
Hash
e767085939509d149d0cb20bb247c48a
88e43280a4979fb31d13506fd0e51664fd34adba
97bc3af1a48426d7dabec9f72f8ed598e2c5ef56ed9cc0212f7e222ca41fc652

HTTP Headers

GET /bi/5b/db/f4/5bdbf499043f4169d404a3c3eb555159/1665156718.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:22 GMT
content-type: image/jpeg
content-length: 20649
server: nginx/1.21.6
last-modified: Fri, 07 Oct 2022 15:32:06 GMT
etag: "63404676-50a9"
expires: Mon, 04 Dec 2023 14:36:22 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

static.eabids.com/data/bannerpools/94553/24446.gif

217.22.19.195

10 kB

URL
static.eabids.com/data/bannerpools/94553/24446.gif
IP
217.22.19.195:0
ASN
#42567 Mojohost B.v.

File type
GIF image data, version 89a, 250 x 150\012- data
Size
10 kB (10469 bytes)
Hash
f1dfc834e7b463f05d89c552964de728
2ba5b3cbc29ba926ae8443ec16a33cbb0070685c
2643ce833a803c7be0321b464aa8793f887a7752d67de4fbe90a5e219ce5328f

HTTP Headers

GET /data/bannerpools/94553/24446.gif HTTP/1.1
Host: static.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://go.eabids.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:22 GMT
Content-Type: image/gif
Content-Length: 10469
Last-Modified: Thu, 28 Apr 2022 13:44:01 GMT
Connection: keep-alive
ETag: "626a9a21-28e5"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Backend-Server: nl2-static-221
Accept-Ranges: bytes

cdn.cloudimagesb.com/bi/75/3d/db/753ddb6ca75aa57b765b44d7c723902e/1668780144.jpg

45.133.44.9

24 kB

URL
cdn.cloudimagesb.com/bi/75/3d/db/753ddb6ca75aa57b765b44d7c723902e/1668780144.jpg
IP
45.133.44.9:0
ASN
#39572 DataWeb Global Group B.V.

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2], baseline, precision 8, 300x250, components 3\012- data
Size
24 kB (24286 bytes)
Hash
3ddf494497b2ea56caa40f1cb33394ca
aeedc1c7b5ca974e21c928b57beea5cb34d42587
20ac5cb682e2430625febd9e04623aea9bf3a6c482825a3c9bf873bb2d3332a3

HTTP Headers

GET /bi/75/3d/db/753ddb6ca75aa57b765b44d7c723902e/1668780144.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:22 GMT
content-type: image/jpeg
content-length: 24286
server: nginx/1.21.6
last-modified: Fri, 18 Nov 2022 14:02:32 GMT
etag: "63779078-5ede"
expires: Mon, 04 Dec 2023 14:36:22 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/css/style.css

172.64.109.10

36 kB

URL
cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/css/style.css
IP
172.64.109.10:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
36 kB (36373 bytes)
Hash
36a2f44165d87718e33ea6b64cf19d0c
d488c9d41361919fc2fadb85e0d57621d6557630
d6cf3c67d3005fe4dab9c6be6b2bede9fd81239c7d686c54bf31a5b70fb2e0b2

HTTP Headers

GET /sb/interstitial/games/hentai-heroes/main/9/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://top1pornmovies.sexjanet.com
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:20 GMT
content-type: text/css
last-modified: Tue, 24 Oct 2023 12:21:32 GMT
etag: W/"6537b6cc-a9c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RElqYT7JP52HIpq1szFG4s1M%2F4K2BDPvdYEtOFq8mPUX1EAkDejFYnDCW2ARZ0soYy9Vs317c5Yb89yygclRSItzU%2FbKLfbp1XMeUc0Aeq3JjY6LZgCAwsX6xdy16rsz2RYhz%2Bt2w5ka"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f44d370b1371bc-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/img/close.svg

172.64.109.10

44 kB

URL
cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/img/close.svg
IP
172.64.109.10:0
ASN
#13335 CLOUDFLARENET

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- exported SGML document, ASCII text
Size
44 kB (44314 bytes)
Hash
369850b9873659adf0951d845f57dba1
a64257186daa33b6b318943a457b6cf8d80b26b6
9630c142a8c074cc1809ebf4109538cf29cc0baeb6c27726191f1cf5376e2e21

HTTP Headers

GET /sb/interstitial/games/hentai-heroes/main/9/img/close.svg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:20 GMT
content-type: image/svg+xml
last-modified: Tue, 24 Oct 2023 12:21:33 GMT
etag: W/"6537b6cd-4ff"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1937671
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4OCD3VkNt8wf%2FWOVExGyp%2B2CSMmTLO93q4jf5iuDEbeDQx5NeY%2Fbq6zQU1IUSBYe7XaxIMTKr7pa%2FdoFSvJvWEMKVmKFGhZH65hqvx1QR%2B8EN0TkGzz0OQxxMYd66gjQ502NU3GUlc7I"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f44d36faed71bc-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/img/close.svg

172.64.109.10

2.3 kB

URL
cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/img/close.svg
IP
172.64.109.10:0
ASN
#13335 CLOUDFLARENET

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- exported SGML document, ASCII text
Size
2.3 kB (2295 bytes)
Hash
369850b9873659adf0951d845f57dba1
a64257186daa33b6b318943a457b6cf8d80b26b6
9630c142a8c074cc1809ebf4109538cf29cc0baeb6c27726191f1cf5376e2e21

HTTP Headers

GET /sb/interstitial/games/hentai-heroes/main/9/img/close.svg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:20 GMT
content-type: image/svg+xml
last-modified: Tue, 24 Oct 2023 12:21:33 GMT
etag: W/"6537b6cd-4ff"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1937671
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tDIjZBJ7y16su4DkBN1V5rgRXbalB%2BVfLXLg4s60g2mORxL4J4MEA3zlsbVos%2BzglGBwTbNVWSVfKw75kzX3R4zMBKadR94kuKh%2F8wN01nUdFqp3nmRF4zetKLWyhNBRUK0pSxIQ0qeS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f44d36faf771bc-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/img/close.svg

172.64.109.10

2.3 kB

URL
cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/img/close.svg
IP
172.64.109.10:0
ASN
#13335 CLOUDFLARENET

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- exported SGML document, ASCII text
Size
2.3 kB (2295 bytes)
Hash
369850b9873659adf0951d845f57dba1
a64257186daa33b6b318943a457b6cf8d80b26b6
9630c142a8c074cc1809ebf4109538cf29cc0baeb6c27726191f1cf5376e2e21

HTTP Headers

GET /sb/interstitial/games/hentai-heroes/main/9/img/close.svg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:20 GMT
content-type: image/svg+xml
last-modified: Tue, 24 Oct 2023 12:21:33 GMT
etag: W/"6537b6cd-4ff"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1937671
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MHBFWqHtN9Ol32WqWjmNwBmVqbZ%2BHotOiiDzLGvVBfJFXLwZNKgvduj7%2BBw3I9Hh8KgO%2BwB%2FFHqVncR7XWowTh94OpTHV1gPlEpgcnw66oOefzTBqF4C%2BcGES7LxTKbcQcwnWA563%2B5q"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f44d370b0671bc-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

poweredby.jads.co/js/jads2.js

185.94.236.246

1.7 kB

URL
poweredby.jads.co/js/jads2.js
IP
185.94.236.246:0
ASN
#42567 Mojohost B.v.

File type
ASCII text, with very long lines (3758), with no line terminators
Size
1.7 kB (1719 bytes)
Hash
bc8141c4650030c41f6a98026b12ce80
af5618f7e467a207d4c64627be580283ab5640cd
5ad0b5133e45b32908a388c8c6dcfca2c23d1d9d3e2ed6a839a742bab1ffde51

HTTP Headers

GET /js/jads2.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://top1pornmovies.sexjanet.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:22 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 20 Sep 2023 21:26:09 GMT
Transfer-Encoding: chunked
Connection: close
ETag: W/"650b6371-eae"
Content-Encoding: gzip

cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/js/script.js

172.64.109.10

3.3 kB

URL
cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/js/script.js
IP
172.64.109.10:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text
Size
3.3 kB (3265 bytes)
Hash
f06aedc6f9c35062ffcf1d5ad7b6e574
47f1ec30faf80f0958036aea330d22d4ea6bd994
f6ae8744b3f2b2f8865fff018810c62b9bb82ffb3224d0e958ff2cdcec3d2026

HTTP Headers

GET /sb/interstitial/games/hentai-heroes/main/9/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://top1pornmovies.sexjanet.com
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:20 GMT
content-type: application/javascript
last-modified: Tue, 24 Oct 2023 12:21:37 GMT
etag: W/"6537b6d1-f3f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kp0brc%2FzHwP83TFifRvv6ZGefEPiyj9px5IMawJrm7buse011J0xjI7sT76eoSapOWaRfgBgdbCFWusHbAQB1T3ltAQSmpdavnJli5WsqoyqaPnxQa3Q0UUUy4Anb4ywyGJjdglkOG8L"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f44d370b1571bc-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

poweredby.jads.co/js/jads2.js

185.94.236.246

1.7 kB

URL
poweredby.jads.co/js/jads2.js
IP
185.94.236.246:0
ASN
#42567 Mojohost B.v.

File type
ASCII text, with very long lines (3758), with no line terminators
Size
1.7 kB (1719 bytes)
Hash
bc8141c4650030c41f6a98026b12ce80
af5618f7e467a207d4c64627be580283ab5640cd
5ad0b5133e45b32908a388c8c6dcfca2c23d1d9d3e2ed6a839a742bab1ffde51

HTTP Headers

GET /js/jads2.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://top1pornmovies.sexjanet.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:22 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 20 Sep 2023 21:26:09 GMT
Transfer-Encoding: chunked
Connection: close
ETag: W/"650b6371-eae"
Content-Encoding: gzip

rotundfetch.com/ren.gif?sid=H4sIAAAAAAAC%2F1SUS4gc1RfGb81%2F%2FhuD%2BEAEF0KDggpOz63u6kx1sjDGmBCMSUwi2Xpf1XPTt%2BsW91Z1zcxCgoGQZbtz4aL663n4iGIWrlQiPW5kQEi70EGclWtRhIA76Z6Wwbuoc87vO4tzPg51e1gckBAF27%2F8pt3QxrDlVp3WXryuU2lLX7t4rRbSOj1Zu67T49HJ2tr04%2FonQtqq05dq55To2uUGDSkNaVg7q51K7NryTIXO7rbDepvWo0Y9bEVYc%2F%2BtffE%2FeLYA2T8gT0LLyf9Xv78HLcZIe1%2BcUb6b2%2Bzl13uFYbl16Mudt9NuassUvaM0cQGSdGfeDesnhHywAJvuzDeA7W9ONwDXExL8FIKnO%2FMxwftbh5NyA5WCy2Mo%2B2MoM4ZmYwh7C1o%2BIICQuHgJaW%2F7onUlWz9U2VSdkMWHf0GXE7L461NIe5%2BfNnqtdtWaItc29VhLKui1MXRnjKwYI98IoMtdiPw9aPkDWX54AWlv85I3FlruPy%2FCuNkMI74UxpIvRc0wXOJx2F4SSUTj5nERiZjNLNJ6DJ2MYdQAzC%2Bg8AEKHaBIAhRZgJ7cr7FWO6F0JeFJsxlHQohmU4hWfFy2ZDOKE4pCTHcYIM8GEGYA4W5vFqnww8ZHmVzNu%2F1GezN3hdqewkZ7GO4c4taMbk1paxhuH8IZQ%2BZuoqsHcMW38KsVvHwEPp%2BQ4K0CfVmhVASlJygZQakJypyg7Fdb0viGr7al8QUP57Exj81qZPPOkG3ZvKNSAuYGw%2ByAPDH1P3hMZ%2Biq%2FZqMG%2B0ojONYsJjylqKNSESSshXBOI0iCq8raL8A5gNs6Al5%2Bs8hMj0hi8mX4GwX3uxC6MfBimfBytFKg4KtjqKYYiP9jEvf6zBjfD1VOaStkOWLyNeDoTkgz8wO4dzvP0OJvVPHvr7x7t%2B%2FPAfhKmSuwg39HUHH3BldsSXZvGJLT%2B5dynLd0xtseiRXc5arxU%2FeUOuldfL8GT%2F4%2BFUxFabp3WvK5xdYKnXa8eTT01pK5c5aJxT55ry%2Frvjlwq%2BeLlxaZBcuv3b2fC9zyntt0zGYfvDOfQg9IY9%2B9eHs%2FF84OAHtxnBFhV6xR%2BYP2u5CZDfhs71T%2FzJvCZw56uFZgLKoRq7Bj6DRBEYd1YxX8OrIAq727v9xqA39HXRcAJbfQtqr0HcV%2BqYCM4Ppj2CUZ27vlR%2BbswdughE3Ltjkxpn3D631er%2BmWglNFG0onrR5ssKobCdRm7N2qFZ4i4XI%2FUR1T%2F32DwAAAP%2F%2FAQAA%2F%2F%2BhsE1D1gQAAA%3D%3D

173.233.137.44

7 B

URL
rotundfetch.com/ren.gif?sid=H4sIAAAAAAAC%2F1SUS4gc1RfGb81%2F%2FhuD%2BEAEF0KDggpOz63u6kx1sjDGmBCMSUwi2Xpf1XPTt%2BsW91Z1zcxCgoGQZbtz4aL663n4iGIWrlQiPW5kQEi70EGclWtRhIA76Z6Wwbuoc87vO4tzPg51e1gckBAF27%2F8pt3QxrDlVp3WXryuU2lLX7t4rRbSOj1Zu67T49HJ2tr04%2FonQtqq05dq55To2uUGDSkNaVg7q51K7NryTIXO7rbDepvWo0Y9bEVYc%2F%2BtffE%2FeLYA2T8gT0LLyf9Xv78HLcZIe1%2BcUb6b2%2Bzl13uFYbl16Mudt9NuassUvaM0cQGSdGfeDesnhHywAJvuzDeA7W9ONwDXExL8FIKnO%2FMxwftbh5NyA5WCy2Mo%2B2MoM4ZmYwh7C1o%2BIICQuHgJaW%2F7onUlWz9U2VSdkMWHf0GXE7L461NIe5%2BfNnqtdtWaItc29VhLKui1MXRnjKwYI98IoMtdiPw9aPkDWX54AWlv85I3FlruPy%2FCuNkMI74UxpIvRc0wXOJx2F4SSUTj5nERiZjNLNJ6DJ2MYdQAzC%2Bg8AEKHaBIAhRZgJ7cr7FWO6F0JeFJsxlHQohmU4hWfFy2ZDOKE4pCTHcYIM8GEGYA4W5vFqnww8ZHmVzNu%2F1GezN3hdqewkZ7GO4c4taMbk1paxhuH8IZQ%2BZuoqsHcMW38KsVvHwEPp%2BQ4K0CfVmhVASlJygZQakJypyg7Fdb0viGr7al8QUP57Exj81qZPPOkG3ZvKNSAuYGw%2ByAPDH1P3hMZ%2Biq%2FZqMG%2B0ojONYsJjylqKNSESSshXBOI0iCq8raL8A5gNs6Al5%2Bs8hMj0hi8mX4GwX3uxC6MfBimfBytFKg4KtjqKYYiP9jEvf6zBjfD1VOaStkOWLyNeDoTkgz8wO4dzvP0OJvVPHvr7x7t%2B%2FPAfhKmSuwg39HUHH3BldsSXZvGJLT%2B5dynLd0xtseiRXc5arxU%2FeUOuldfL8GT%2F4%2BFUxFabp3WvK5xdYKnXa8eTT01pK5c5aJxT55ry%2Frvjlwq%2BeLlxaZBcuv3b2fC9zyntt0zGYfvDOfQg9IY9%2B9eHs%2FF84OAHtxnBFhV6xR%2BYP2u5CZDfhs71T%2FzJvCZw56uFZgLKoRq7Bj6DRBEYd1YxX8OrIAq727v9xqA39HXRcAJbfQtqr0HcV%2BqYCM4Ppj2CUZ27vlR%2BbswdughE3Ltjkxpn3D631er%2BmWglNFG0onrR5ssKobCdRm7N2qFZ4i4XI%2FUR1T%2F32DwAAAP%2F%2FAQAA%2F%2F%2BhsE1D1gQAAA%3D%3D
IP
173.233.137.44:0
ASN
#7979 SERVERS-COM

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1SUS4gc1RfGb81%2F%2FhuD%2BEAEF0KDggpOz63u6kx1sjDGmBCMSUwi2Xpf1XPTt%2BsW91Z1zcxCgoGQZbtz4aL663n4iGIWrlQiPW5kQEi70EGclWtRhIA76Z6Wwbuoc87vO4tzPg51e1gckBAF27%2F8pt3QxrDlVp3WXryuU2lLX7t4rRbSOj1Zu67T49HJ2tr04%2FonQtqq05dq55To2uUGDSkNaVg7q51K7NryTIXO7rbDepvWo0Y9bEVYc%2F%2BtffE%2FeLYA2T8gT0LLyf9Xv78HLcZIe1%2BcUb6b2%2Bzl13uFYbl16Mudt9NuassUvaM0cQGSdGfeDesnhHywAJvuzDeA7W9ONwDXExL8FIKnO%2FMxwftbh5NyA5WCy2Mo%2B2MoM4ZmYwh7C1o%2BIICQuHgJaW%2F7onUlWz9U2VSdkMWHf0GXE7L461NIe5%2BfNnqtdtWaItc29VhLKui1MXRnjKwYI98IoMtdiPw9aPkDWX54AWlv85I3FlruPy%2FCuNkMI74UxpIvRc0wXOJx2F4SSUTj5nERiZjNLNJ6DJ2MYdQAzC%2Bg8AEKHaBIAhRZgJ7cr7FWO6F0JeFJsxlHQohmU4hWfFy2ZDOKE4pCTHcYIM8GEGYA4W5vFqnww8ZHmVzNu%2F1GezN3hdqewkZ7GO4c4taMbk1paxhuH8IZQ%2BZuoqsHcMW38KsVvHwEPp%2BQ4K0CfVmhVASlJygZQakJypyg7Fdb0viGr7al8QUP57Exj81qZPPOkG3ZvKNSAuYGw%2ByAPDH1P3hMZ%2Biq%2FZqMG%2B0ojONYsJjylqKNSESSshXBOI0iCq8raL8A5gNs6Al5%2Bs8hMj0hi8mX4GwX3uxC6MfBimfBytFKg4KtjqKYYiP9jEvf6zBjfD1VOaStkOWLyNeDoTkgz8wO4dzvP0OJvVPHvr7x7t%2B%2FPAfhKmSuwg39HUHH3BldsSXZvGJLT%2B5dynLd0xtseiRXc5arxU%2FeUOuldfL8GT%2F4%2BFUxFabp3WvK5xdYKnXa8eTT01pK5c5aJxT55ry%2Frvjlwq%2BeLlxaZBcuv3b2fC9zyntt0zGYfvDOfQg9IY9%2B9eHs%2FF84OAHtxnBFhV6xR%2BYP2u5CZDfhs71T%2FzJvCZw56uFZgLKoRq7Bj6DRBEYd1YxX8OrIAq727v9xqA39HXRcAJbfQtqr0HcV%2BqYCM4Ppj2CUZ27vlR%2BbswdughE3Ltjkxpn3D631er%2BmWglNFG0onrR5ssKobCdRm7N2qFZ4i4XI%2FUR1T%2F32DwAAAP%2F%2FAQAA%2F%2F%2BhsE1D1gQAAA%3D%3D HTTP/1.1
Host: rotundfetch.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 14:36:22 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1b9036d75f4972a254548cb1dd4442ea
Strict-Transport-Security: max-age=0; includeSubdomains

poweredby.jads.co/adshow.php?adzone=892138

185.94.236.246

1.8 kB

URL
poweredby.jads.co/adshow.php?adzone=892138
IP
185.94.236.246:0
ASN
#42567 Mojohost B.v.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1613), with CRLF, LF line terminators
Size
1.8 kB (1820 bytes)
Hash
d3ceff6227ebdbfe5f707c92c36d3439
b0d8834d342a5cbf47f76046375921370aa0b263
7ac0be5088bb90b606b6a13649c7e527459841c1b19de14a2a5960f323464615

HTTP Headers

GET /adshow.php?adzone=892138 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:22 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=ebb38816e669acba98bc9974a5aa0347; expires=Sun, 01-Dec-2024 14:36:22 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YTowOnt9; expires=Tue, 05-Dec-2023 14:36:22 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Tue, 05-Dec-2023 14:36:22 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip

static.eabids.com/data/bannerpools/112022/34093.gif

217.22.19.195

24 kB

URL
static.eabids.com/data/bannerpools/112022/34093.gif
IP
217.22.19.195:0
ASN
#42567 Mojohost B.v.

File type
GIF image data, version 89a, 160 x 600\012- data
Size
24 kB (24324 bytes)
Hash
325fa577b032b0847fc13b9e86108bb3
8b2055b70855093d31bb9a71fc29f6becfff2878
9c9efc00b6329d620dd00042411429159a663a3f3ecad450a3de2702e03a327c

HTTP Headers

GET /data/bannerpools/112022/34093.gif HTTP/1.1
Host: static.eabids.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:22 GMT
Content-Type: image/gif
Content-Length: 24324
Last-Modified: Thu, 28 Apr 2022 13:46:35 GMT
Connection: keep-alive
ETag: "626a9abb-5f04"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Backend-Server: nl2-static-222
Accept-Ranges: bytes

fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap

142.250.74.106

693 B

URL
fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type
ASCII text
Size
693 B (693 bytes)
Hash
e8e4cfffdfbdea8388ebfcabeaa5eb5e
11886e1c95ae73f4839a30bf1fc93157c75f468e
611648a43dde7a75ebdd318079c5c21d48d2d1d0a991b08b304376c5f0775fb9

HTTP Headers

GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Sat, 02 Dec 2023 14:36:22 GMT
Date: Sat, 02 Dec 2023 14:36:22 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Opener-Policy: same-origin-allow-popups
Cross-Origin-Resource-Policy: cross-origin
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff

cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/css/style.css

172.64.109.10

759 B

URL
cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/css/style.css
IP
172.64.109.10:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
759 B (759 bytes)
Hash
36a2f44165d87718e33ea6b64cf19d0c
d488c9d41361919fc2fadb85e0d57621d6557630
d6cf3c67d3005fe4dab9c6be6b2bede9fd81239c7d686c54bf31a5b70fb2e0b2

HTTP Headers

GET /sb/interstitial/games/hentai-heroes/main/9/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://top1pornmovies.sexjanet.com
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:21 GMT
content-type: text/css
last-modified: Tue, 24 Oct 2023 12:21:32 GMT
etag: W/"6537b6cc-a9c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xGZW2muJWPPItrUdGQfptZg77yxnohzMFtRpb55H6Zq8701a%2FeeuhDwh4N2uf2TQXgzfV8yaZyR7%2FGJYFg8yeWzR2262VKkJu%2FQd5%2Bge9v8UQnp%2FjOTELM6gQrZnIqf3YJU5jEh8M3ER"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f44d3598a171bc-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

static-assets.highwebmedia.com/tsdefaultassets/sounds/classic/huge.mp3

104.16.94.42

58 kB

URL
static-assets.highwebmedia.com/tsdefaultassets/sounds/classic/huge.mp3
IP
104.16.94.42:0
ASN
#13335 CLOUDFLARENET

File type
MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, Monaural\012- data
Size
58 kB (57678 bytes)
Hash
4f5f5acc1f52a82663f8b8762df7508d
15197386d884cfc8c6a04b2ca37f4e6325146567
8b2f2a0e8f6c4506f802775ffc24567495279088c55dc16d76da9e32257f58ce

HTTP Headers

GET /tsdefaultassets/sounds/classic/huge.mp3 HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Origin: https://chaturbate.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 02 Dec 2023 14:36:22 GMT
content-type: audio/mpeg
content-length: 57678
x-amz-id-2: WAbm9D4yz5SScBD6/+DWJZcrL5gKDRq+hJJs2/dHL/gGY+CjO3Riu/rSKb9OO6BuuPI+B6oP6xieKosA1c3K97EpCC9DfUS5
x-amz-request-id: P0HEX753P0ZNSB69
access-control-allow-origin: *
access-control-allow-methods: GET
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Tue, 19 Jan 2021 22:10:58 GMT
etag: "4f5f5acc1f52a82663f8b8762df7508d"
x-amz-meta-s3cmd-attrs: md5:4f5f5acc1f52a82663f8b8762df7508d
cache-control: public, max-age=2592000
cf-cache-status: HIT
age: 798401
expires: Mon, 01 Jan 2024 14:36:22 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QLfB4AmjKrwoGgRD2k0B88h4ZzpNQxzKuCQuzwtuAF2C5dn4p33nsSBPv0F5UsJ0F6xR6zpAgg27TQOQ8E%2FkDyJlAWWpJ4T4A9kPLuxAVnnCrBFNslmZj98QzmxS6Bk8DPhCk4%2FKCRqdX%2BxeC7osqg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: _cfuvid=Isybd9RTYYVtqgSGLL8c2bxXRx6EbJyMzoKW85fq9Ms-1701527782666-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 82f44d419ff456cb-OSL
alt-svc: h3=":443"; ma=86400

static-assets.highwebmedia.com/CACHE/js/output.9b823bb2f723.js

104.16.94.42

67 kB

URL
static-assets.highwebmedia.com/CACHE/js/output.9b823bb2f723.js
IP
104.16.94.42:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (7845)
Size
67 kB (67290 bytes)
Hash
1360376b8f5657814f662391b765d655
f0b964af6723980210cbb64b80a4dcfbb4fbe61a
9b823bb2f7235a39c4eb0024bf03da1bdbd8c74ee8515caa6f89231096ebd787

HTTP Headers

GET /CACHE/js/output.9b823bb2f723.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:19 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
etag: W/"1360376b8f5657814f662391b765d655"
last-modified: Tue, 24 May 2022 17:14:17 GMT
x-amz-id-2: 7zMaFtLmQ6tc/Ti8co6P0+qwqGeCiORkPFaS0HUrmy8XZ3hQGSLJASszMi0sxBX9UQMfI9PHAEM=
x-amz-meta-s3cmd-attrs: md5:1360376b8f5657814f662391b765d655
x-amz-request-id: SP7A6EV1KB4586BY
cf-cache-status: HIT
age: 810280
expires: Mon, 01 Jan 2024 14:36:19 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ik4Ol6blXCfDsvFG%2FTU47LunZO150mSl5YputWqq1ULT1IIXcM%2FU8dgzSpcV1KinGa2vP8VmYzcmQCGsQoPfvvDTEnYV1YR0issZzJuMCpY1UbfxSBtKg5DI74eQDDcDLVUH6Pw7MtmBfj5fBIo4PQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=sX2YaZmAknVqY.pqkq.2LHqH1HSzAp.Liicij9zMQZ8-1701527779794-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 82f44d2fa9c70b31-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

static-assets.highwebmedia.com/tsdefaultassets/sounds/classic/medium.mp3

104.16.94.42

33 kB

URL
static-assets.highwebmedia.com/tsdefaultassets/sounds/classic/medium.mp3
IP
104.16.94.42:0
ASN
#13335 CLOUDFLARENET

File type
MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, Monaural\012- data
Size
33 kB (32600 bytes)
Hash
a1b122ed72ab3c7f31eaf55a21fb14ce
d59bad3ba30640b238502ae3d2a8eba40574d51f
61aac93b83752081003a02921e70af75a4786b5b33467c8ef50add2d76cb8000

HTTP Headers

GET /tsdefaultassets/sounds/classic/medium.mp3 HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Origin: https://chaturbate.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 02 Dec 2023 14:36:22 GMT
content-type: audio/mpeg
content-length: 32600
x-amz-id-2: DK0+e27tVwanMoahT/2doasjR/Jzw5iFrz9V2nhUlDvJjAlpwIuFHVWRQK8bLOH4zHTCyv0ZQ3FvZdxky8uzxQ==
x-amz-request-id: YRWXP3T6Z4ZH49PF
access-control-allow-origin: *
access-control-allow-methods: GET
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Tue, 19 Jan 2021 22:10:59 GMT
etag: "a1b122ed72ab3c7f31eaf55a21fb14ce"
x-amz-meta-s3cmd-attrs: md5:a1b122ed72ab3c7f31eaf55a21fb14ce
cache-control: public, max-age=2592000
cf-cache-status: HIT
age: 642377
expires: Mon, 01 Jan 2024 14:36:22 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wlsWDM6o4in5wEAoSlLZu66LHoBOufIsGrgKqlTI3OJwjVRWIdkFCvxyu42UgVhHR5VYhy9nFkNe9eMVsncnJIq63sjiLXtcvuMsJQLel0egSjTtr5kqznORHaBS%2BoUCDnYR1leEhwEWgAkYIe90RA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: _cfuvid=_UduYayjWhjxGSn7R8FkX5sfQjRV4g67rTAj5h5HaaE-1701527782676-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 82f44d41affb56cb-OSL
alt-svc: h3=":443"; ma=86400

static-assets.highwebmedia.com/tsdefaultassets/sounds/classic/small.mp3

104.16.94.42

26 kB

URL
static-assets.highwebmedia.com/tsdefaultassets/sounds/classic/small.mp3
IP
104.16.94.42:0
ASN
#13335 CLOUDFLARENET

File type
Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, Monaural\012- data
Size
26 kB (25728 bytes)
Hash
069c25fa18c496300dce85718add378b
e16d86da14847005e3e99b3741b1a55585a8067c
8e1f038b4fc8a72ed517c74eebc5ffedaa5689f26dc3a323007dc6dbc235e5fb

HTTP Headers

GET /tsdefaultassets/sounds/classic/small.mp3 HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Origin: https://chaturbate.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 02 Dec 2023 14:36:22 GMT
content-type: audio/mpeg
content-length: 25728
x-amz-id-2: GeD9d5s+QtDz0MSx7V2wtzWLNyVn2VTN3z7XJKxgRiSbDSh/Pwaou7zaDK6DkA9e5cLRxzrSX28=
x-amz-request-id: QZMC4XRJ7350YCQD
access-control-allow-origin: *
access-control-allow-methods: GET
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Tue, 19 Jan 2021 22:10:59 GMT
etag: "069c25fa18c496300dce85718add378b"
x-amz-meta-s3cmd-attrs: md5:069c25fa18c496300dce85718add378b
cache-control: public, max-age=2592000
cf-cache-status: HIT
age: 742672
expires: Mon, 01 Jan 2024 14:36:22 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N04JJlyn%2BA7%2BpEYcB0lsItbEIwg4jNYiIwRIoBNAhvZx86v%2BV3U%2BN3EAIRi3ikKg5R2SYcdmt6uxxE4buY7R5qXGC7IUu7X8Kf2haZQ461ZtuUhSzGH%2BbIs0%2BLIFlC5%2BhNkpqlDQFEXJfeflgFiYtA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: _cfuvid=mIMynws9clWdFJ.Ceekw9yfK9PB_8hpuKfq3KQkAQMA-1701527782702-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 82f44d41d83956cb-OSL
alt-svc: h3=":443"; ma=86400

cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/css/animate.css

172.64.109.10

24 kB

URL
cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/css/animate.css
IP
172.64.109.10:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
24 kB (24073 bytes)
Hash
e1d8acd5ee9d1a90ea09313cbd8f2b02
8a8327b115d1356715e63270d1ce6d46124c7b1a
3028c87fc798ac3741f02079034e6c23462afc0c5e6c8d321188ce3716c8472a

HTTP Headers

GET /sb/interstitial/games/hentai-heroes/main/9/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://top1pornmovies.sexjanet.com
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:20 GMT
content-type: text/css
last-modified: Tue, 24 Oct 2023 12:21:32 GMT
etag: W/"6537b6cc-13591"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pIH4gvZKbklJAqtbk%2B3qwC1Eaztna5CIW3OK2BtHzsZ1P84ljl5lkd9CBvfz5Df0KV506brbIa2q4R4H4ge2%2FyldVEqrQBMH2opH694GlBOb48Isa17MlkE8ZUdrJ2BJwC8xw8VquT0z"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f44d35c8c671bc-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

static-assets.highwebmedia.com/tsdefaultassets/cam_notice_background.jpg

104.16.94.42

5.5 kB

URL
static-assets.highwebmedia.com/tsdefaultassets/cam_notice_background.jpg
IP
104.16.94.42:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 498x375, components 3\012- data
Size
5.5 kB (5463 bytes)
Hash
b3be0066f96745236ff4fe8fa4367e59
1f77405ff4b2d1d3942e7c4875b1becf72f0a970
a910dfccc165482735f38bd814f11635044fcf490ec71df42416cfc72f426bc4

HTTP Headers

GET /tsdefaultassets/cam_notice_background.jpg HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
DNT: 1
Connection: keep-alive
Cookie: _cfuvid=sX2YaZmAknVqY.pqkq.2LHqH1HSzAp.Liicij9zMQZ8-1701527779794-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 02 Dec 2023 14:36:22 GMT
content-type: image/jpeg
content-length: 5463
cache-control: public, max-age=2592000
cf-bgj: imgq:100,h2pri
cf-polished: origSize=6601
etag: "2041511189fe406b8b89903ca972b53c"
last-modified: Tue, 19 Jan 2021 22:09:34 GMT
x-amz-id-2: Dv9MT9lrOyURv7mUlF05FojM4oQrWtfMdyZRWs2LBz3V9wiT1HMUcLHHfeUyP8ZcVkLAcrvl53YA24rX98KEHwZVm8MMMGFJ
x-amz-meta-s3cmd-attrs: md5:2041511189fe406b8b89903ca972b53c
x-amz-request-id: CG6DHWYRFC5PH9C6
cf-cache-status: HIT
age: 902008
expires: Mon, 01 Jan 2024 14:36:22 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uHtEBf6f98CVVhihUjjFw0FeOc01x3HfxbbnrCFolmYeY2XkEID44M3xicfSLrvBRUuutXlIXDSWugA%2BtP9LC8l36wQn8hadvVaNw6rAip8naHga%2B1l0W%2F8CaN3Ni15QGtmgp6wAky2xXLNeQ%2F%2BE4g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f44d41ddff56bb-OSL
alt-svc: h3=":443"; ma=86400

cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/img/yes-button.png

172.64.109.10

17 kB

URL
cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/img/yes-button.png
IP
172.64.109.10:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 385 x 268, 8-bit colormap, non-interlaced\012- data
Size
17 kB (17346 bytes)
Hash
cb0bdba1c9de3092ecbfd36aae790057
b7aa35b48d0c43cc5b00d175f11b48f9861d3881
e0a31e22e9f31eaa0272174ec8f83d114255891c8079c5ece376a7c734e38c6e

HTTP Headers

GET /sb/interstitial/games/hentai-heroes/main/9/img/yes-button.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 02 Dec 2023 14:36:22 GMT
content-type: image/png
content-length: 17346
last-modified: Tue, 24 Oct 2023 12:21:35 GMT
etag: "6537b6cf-43c2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 387405
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FMJYcMBYbc9TQlyBj6qE8uciIEIK4TyBT%2BiMoAFaFajutBXekGChbwEQ4ON8FAeBWr78ACYm5U36XaKB3Lf9Ug3yvK88JaOvflg7SjMoHZ4CIju%2FXih5MnFyyCpjSpUW9Ib8EqJlSzIc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f44d41a8b524b7-LHR
alt-svc: h3=":443"; ma=86400

static-assets.highwebmedia.com/cachebust/chatembed-prod-2adfa57eaaa0fed25ec3.js

104.16.94.42

8.1 kB

URL
static-assets.highwebmedia.com/cachebust/chatembed-prod-2adfa57eaaa0fed25ec3.js
IP
104.16.94.42:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (25274), with no line terminators
Size
8.1 kB (8106 bytes)
Hash
ed2069c4f9335121271d770865c9fd4e
ffc15d2aea78fba173973cd1da3b5cffd596c536
a3a688b983741d2182a6b44641570c90dfb1a25859b1688a0fef6a8de591b11d

HTTP Headers

GET /cachebust/chatembed-prod-2adfa57eaaa0fed25ec3.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:19 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=25338
etag: W/"4d9b91142a4d790c9e8410493d85c03f"
last-modified: Mon, 27 Nov 2023 19:25:35 GMT
x-amz-id-2: 7BIPwifCuCUVO4MbwLt9AbChliBhb921Y2zdu6/MnZl1i/yjB70WupSa3eOHBL7qZRd0qKppgV9p0n5wGZX6AQ==
x-amz-meta-s3cmd-attrs: md5:4d9b91142a4d790c9e8410493d85c03f
x-amz-request-id: B704MAGSVH8B1Y7F
x-amz-server-side-encryption: AES256
cf-cache-status: HIT
age: 414474
expires: Mon, 01 Jan 2024 14:36:19 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4KAnhvnPuaLUU%2FyRGUco4dKtX%2BfzbileoOvvCBVi3PIOJ2EgEdrdu1Anf4I1mByJjoccW3i9eX286lzyGMyMOpSemNz36imYZfnqBio%2FlTwr8Vm%2FsCl9wGHkz4TzZnedLDDn07a%2BLTzlMFnDYet4pg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=bDq_Q1nM1BXXjfdy5JkrIbyzIN15fh.uXA24SLrr5o8-1701527779637-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 82f44d2ea9200b31-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/img/close.svg

172.64.109.10

576 B

URL
cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/img/close.svg
IP
172.64.109.10:0
ASN
#13335 CLOUDFLARENET

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- exported SGML document, ASCII text
Size
576 B (576 bytes)
Hash
369850b9873659adf0951d845f57dba1
a64257186daa33b6b318943a457b6cf8d80b26b6
9630c142a8c074cc1809ebf4109538cf29cc0baeb6c27726191f1cf5376e2e21

HTTP Headers

GET /sb/interstitial/games/hentai-heroes/main/9/img/close.svg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:21 GMT
content-type: image/svg+xml
last-modified: Tue, 24 Oct 2023 12:21:33 GMT
etag: W/"6537b6cd-4ff"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1937672
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hHyjI6eA%2FkMD0MGSwzSO2DV7hMWyI9X7FskjBp3F3vCDlyj3ZXWtAlhvn1yHY4cylDXHdlHsxFr6NecO2UWSeSJ7s1CoLJV9tDQApLwvEEb%2BK3mv1W5PCRHxVIAw5n6MrM%2BQruWbODEB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f44d374b6271bc-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/js/script.js

172.64.109.10

1.6 kB

URL
cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/js/script.js
IP
172.64.109.10:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text
Size
1.6 kB (1553 bytes)
Hash
f06aedc6f9c35062ffcf1d5ad7b6e574
47f1ec30faf80f0958036aea330d22d4ea6bd994
f6ae8744b3f2b2f8865fff018810c62b9bb82ffb3224d0e958ff2cdcec3d2026

HTTP Headers

GET /sb/interstitial/games/hentai-heroes/main/9/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://top1pornmovies.sexjanet.com
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:20 GMT
content-type: application/javascript
last-modified: Tue, 24 Oct 2023 12:21:37 GMT
etag: W/"6537b6d1-f3f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QSI1cxmB0FsJUJ6rgKufOVoFTQKDZDQCpK67L%2BP12XGlFN5KaDhxBSEaJL%2BiduOUv0Cx2OmihyB64LLRngsjMPfiwZJ78oDLuuDm6umdVYaO4g4Sq4ix3XjvIcSdAv9t5DGEae%2BZokab"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f44d35c8ca71bc-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

static-assets.highwebmedia.com/cachebust/635-prod-3c72f542e66361adb02b.js

104.16.94.42

10 kB

URL
static-assets.highwebmedia.com/cachebust/635-prod-3c72f542e66361adb02b.js
IP
104.16.94.42:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (38123), with no line terminators
Size
10 kB (10353 bytes)
Hash
f01af9c1eb699817c66fe488fa58f04d
937eb3d8402b470a868880e92e3aef498fd1bf2d
b8955e4fe474c4ad7f23d10b3a6f69583fa0c5ceb60feb1fc670547e7279ea15

HTTP Headers

GET /cachebust/635-prod-3c72f542e66361adb02b.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:19 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=38206
etag: W/"b516746dae4a77f66eb721af6c35002e"
last-modified: Mon, 16 Oct 2023 16:59:18 GMT
x-amz-id-2: iBkSLp7uek6HTXuiimvL1a3N7BK/tdS/RFzHyrfIW1fN/R5A2BqOUbg2V968mUROJuTSjrms+UlAar/74kVtv5UplOwpqKW4yaleQwYtveI=
x-amz-meta-s3cmd-attrs: md5:b516746dae4a77f66eb721af6c35002e
x-amz-request-id: 36CWEA3FGRJ81BK3
x-amz-server-side-encryption: AES256
cf-cache-status: HIT
age: 823878
expires: Mon, 01 Jan 2024 14:36:19 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gVx1wWJOWslRs1ptATHQh%2BsNxIsiD8u8nu%2B2LfzJHroAbvirLqYys2jlrjLMEKqEX8AQuun5953%2F4bSkni3Q5nc7GDGHT95G%2BpJBRP%2FJs9ON7jk%2B9fbug%2BcvXCBMg%2Fm%2FolJDgcb9QomGJVqEMMKhfQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=822I1HK79rr5q921Ig1xZW_bVe5ALet6VQ3wiKJFC8g-1701527779636-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 82f44d2ea91d0b31-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

static-assets.highwebmedia.com/cachebust/runtime-prod-22cfbb8c72d95d4777ae.js

104.16.94.42

242 kB

URL
static-assets.highwebmedia.com/cachebust/runtime-prod-22cfbb8c72d95d4777ae.js
IP
104.16.94.42:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (1433), with no line terminators
Size
242 kB (242241 bytes)
Hash
aa812fc7c0ac6c3cc271faad13dde64d
d70d8eab3ca16dbe69b7f2618f59687601f0f369
dbd117009980fbed0b6d578e37126076338b2f132162d90d92ac4df60a8602b5

HTTP Headers

GET /cachebust/runtime-prod-22cfbb8c72d95d4777ae.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:19 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=1495
etag: W/"f69be2b5ddc0375cbe268eac0ed03779"
last-modified: Tue, 28 Mar 2023 16:57:10 GMT
x-amz-id-2: 2/uk8s0B1Kl15b0aePUXz2rywabqTMl2REt8hc5aMprdMb350w1kZCKkpBGLD2kFmbC9sCsRLhseNs0lls97ovp+r5N/u5fg57F30rcTu8s=
x-amz-meta-s3cmd-attrs: md5:f69be2b5ddc0375cbe268eac0ed03779
x-amz-request-id: XDDNJ65MW1CW3EAE
x-amz-server-side-encryption: AES256
cf-cache-status: HIT
age: 909140
expires: Mon, 01 Jan 2024 14:36:19 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7v8eyVDX2RhFEr%2BXVZILFPpzhRR%2FnSlyoKxygWjq%2BUhd9ZGWXYFVchyK6yp95269CRORtutP3xViShbLuX4nNgMOVCwmxAN4vtsdOJH%2BhTijogtQj3wPzASOEbDyPRnajSm1SMSPmLRTr5UwWowtow%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=I1pJ_axlfFN4MuXtqAyHcWL9sjQyvmbXuk.gXTnsRRY-1701527779635-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 82f44d2ea91a0b31-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

static-assets.highwebmedia.com/jsi18n/en/djangojs.js?hash=56e12706f00e

104.16.94.42

854 B

URL
static-assets.highwebmedia.com/jsi18n/en/djangojs.js?hash=56e12706f00e
IP
104.16.94.42:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (1327)
Size
854 B (854 bytes)
Hash
2309eef4cc0c9d16f44d2a048266ada0
63ef9037c574b3f23568a97fe88229a5455b2970
dd5c833fdb401f94556b224b910d3d154c977b508d94a8147c2c195812247d3d

HTTP Headers

GET /jsi18n/en/djangojs.js?hash=56e12706f00e HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:19 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=3281
etag: W/"705ead69114e6e1da9710c40c1580f7b"
last-modified: Wed, 23 Aug 2023 23:00:31 GMT
x-amz-id-2: Rbn4hhky9u/kgKIt4n+T4t3qsBc+glas6/ZNCiqegSy3yckZ0djoFfeKMV58/y6YA/pzDpnl6YU=
x-amz-meta-s3cmd-attrs: md5:705ead69114e6e1da9710c40c1580f7b
x-amz-request-id: 6C11FEMA7850GRGC
x-amz-server-side-encryption: AES256
cf-cache-status: HIT
age: 250208
expires: Mon, 01 Jan 2024 14:36:19 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uBOcJXqrFtcLA%2BVWLEkVn1w5ssqJKo%2BZ4cIh4aYdYSFyil9TTolurl2Gcxu9LNvnjeW16O4HOnUONgvpPAFJkOMacan2MzGTXWyfDjT%2BL7REAUgmPcezI1PtPKGum1uuw0VC1SwoGp7jvj6vrUQX5g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=DrhLeTvccFaNyOYJFlZIAgzLHtDOoGM8RCGKoKlqgEU-1701527779645-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 82f44d2eb92d0b31-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/img/tab.jpg

172.64.109.10

184 kB

URL
cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/img/tab.jpg
IP
172.64.109.10:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1024x1366, components 3\012- data
Size
184 kB (184016 bytes)
Hash
514b590c0bc71e9b888a4fb84a797f71
0316ebba7a31e09475981e88b2520076c34854a7
d6dafd5e754539f4d557e4eb25cc86d72429c0e06a97477ff0afb63b4b5fe2be

HTTP Headers

GET /sb/interstitial/games/hentai-heroes/main/9/img/tab.jpg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 02 Dec 2023 14:36:22 GMT
content-type: image/jpeg
content-length: 184016
last-modified: Tue, 24 Oct 2023 12:21:35 GMT
etag: "6537b6cf-2ced0"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 260460
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KNke7pY%2B5ETmZpmjx542X3zN5ONSUuggQ7ZUBDBDLPGEhjNAtxUCNRp5LPN3wHhc0NeX6rnDxiCm6t5stH5ON%2B5vjAwbdgHlSmhbFqHeK2%2FuR%2FyNK6dxOxYU%2FH9CwbFXmcqvnaHX5K1u"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f44d42194c24b7-LHR
alt-svc: h3=":443"; ma=86400

cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/js/script.js

172.64.109.10

1.5 kB

URL
cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/js/script.js
IP
172.64.109.10:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text
Size
1.5 kB (1546 bytes)
Hash
f06aedc6f9c35062ffcf1d5ad7b6e574
47f1ec30faf80f0958036aea330d22d4ea6bd994
f6ae8744b3f2b2f8865fff018810c62b9bb82ffb3224d0e958ff2cdcec3d2026

HTTP Headers

GET /sb/interstitial/games/hentai-heroes/main/9/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://top1pornmovies.sexjanet.com
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:20 GMT
content-type: application/javascript
last-modified: Tue, 24 Oct 2023 12:21:37 GMT
etag: W/"6537b6d1-f3f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FSs9GIx2jLlTaZI0snHXgT5xJwmwFHe1GVaIffdkhUMIRb39gOew5HNzaSTMwKiqs2aEfDvzU%2FZ0l0sg8%2BQJHBLwgaomb2nFW1Z1pzY5zA5NpCmSWk7ST2XFL9Vu3PXBOzszh7isX2sP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f44d372b3d71bc-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/css/style.css

172.64.109.10

237 kB

URL
cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/css/style.css
IP
172.64.109.10:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
237 kB (237385 bytes)
Hash
36a2f44165d87718e33ea6b64cf19d0c
d488c9d41361919fc2fadb85e0d57621d6557630
d6cf3c67d3005fe4dab9c6be6b2bede9fd81239c7d686c54bf31a5b70fb2e0b2

HTTP Headers

GET /sb/interstitial/games/hentai-heroes/main/9/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://top1pornmovies.sexjanet.com
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:21 GMT
content-type: text/css
last-modified: Tue, 24 Oct 2023 12:21:32 GMT
etag: W/"6537b6cc-a9c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=us8kKgJfVdjkFrJGpZXX51YoM0JJQOrHxBx007lFDEM9RDZTVIol8WeQKOKNpkgle3XXYM%2F%2FdBE%2FcKHo1UxyLAXddXLEw7LVsW8HHys%2BmPdD7uTlYYeFEQIkuwIKkLRyh6eeWnE7s2%2BM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f44d35684971bc-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

impolitefreakish.com/impr.gif?sid=H4sIAAAAAAAC%2F1SSz4scRRTHq%2BOKhyD%2BQAQPwoCCCu5s93RPpic5GGNMCMYkJpFcrV89W5nqrqaqe3qyh7AYkBzHmwcPPd%2FZzaJGMQdPKpFZL7IgZDzoIu7BP0AUIeBNZndk8R3q%2Ffi8w3vfVx%2BMyz0SoKS7l942a0prutJu%2Bo2Xr6lMmMo1LlxtBH7TP9G4prJj0YnGcP7YwfHAbzf9VxpnJe%2BblZYf%2BH7gB40zysrEDFf2KVR%2Btxs0u34zajWDdoSh%2FX%2FuSg%2BOehCDPfI0lJg9uvrDPSg%2BRZZ%2BeVq6fmHyV99MS00LYzEQW%2B9m%2FcxUGdLDMLEekmxr0Q3jZoR8dAQm21psADPYmG8ApmbE%2BzkAy7YWY4INNg8mZRoyAxNHUQ2mkHoKRafg5haUeEAALnDhIrL0zgVjK3rjgNI5nZGlh39DVTOy9NszyNIvTmk1bFwxuiyUyRyGSQ01nEL1psjLbRRrHlS1DV68DyV%2BJCsPzyNLNy46baDE7os8iMMwiNhyEAu2HIVBsMzioLvMk8iPw2M84jHdl0ipKVQyhZYjUHcEpfNQKg9l4qHMPaRit0Hb3cT3OwlLwjCOOOdhyHk7PibaIozixEfJ5zuMUOQjcD0Ct%2BvI7Tr6agRbfge3WsOJx%2BCKGfHeuYmBqFFJgsoRVJSgUgRVQVAN6k2hXcvVd4R2JQsWvrXwYT0xRW9MN03RkxkBtaNxvkeemgvoPaFy9OVuQ8StbhTEccxp7LO29FsRj4RPO5wyP4p8OFVDuSOgzsOampFn%2FxojVzOylHwFRrfh9Da4ehK0fB60mnRaPujqJIp9rGWfM%2BHSHtXaNTNZQJgaebGE4oY31nvkuf1Lnv3jF0i%2Bc%2FLoN9dv%2FvPrC%2BC2Rm5rXFffE%2FT07cllU5GNy6Zy5N7FvFCpWqPzK18paCGXPn1L3qiMFedOu9Enr%2FM5mId3r0pXnKeZUFnPkc9OKSGkPWMsl%2BTbc%2B6aZJdKt3qqtFmZn7%2F0xplzaW6lc8pkU1D14L374GpGHv%2F64%2F3%2F%2B9LecSg7hS1rpOUOWRiU2QbP1%2BHynZP%2F1ZwhsPqwh%2BUeqrKe2BY7LGpFoOVhTlkNJw8lYHLn%2Fp8HbOxuo2c90OIWsrTGwNYY6BpUj%2BDKRyZFbnde%2ByncNzDtTZi23gbTVn94IK1Tu412EMmYxR0uBJNcBJ1WGIe%2B3xIi6nRl0EXhZrJ%2F8vd%2FAQAA%2F%2F8BAAD%2F%2FyCzVnuXBAAA

173.233.139.164

7 B

URL
impolitefreakish.com/impr.gif?sid=H4sIAAAAAAAC%2F1SSz4scRRTHq%2BOKhyD%2BQAQPwoCCCu5s93RPpic5GGNMCMYkJpFcrV89W5nqrqaqe3qyh7AYkBzHmwcPPd%2FZzaJGMQdPKpFZL7IgZDzoIu7BP0AUIeBNZndk8R3q%2Ffi8w3vfVx%2BMyz0SoKS7l942a0prutJu%2Bo2Xr6lMmMo1LlxtBH7TP9G4prJj0YnGcP7YwfHAbzf9VxpnJe%2BblZYf%2BH7gB40zysrEDFf2KVR%2Btxs0u34zajWDdoSh%2FX%2FuSg%2BOehCDPfI0lJg9uvrDPSg%2BRZZ%2BeVq6fmHyV99MS00LYzEQW%2B9m%2FcxUGdLDMLEekmxr0Q3jZoR8dAQm21psADPYmG8ApmbE%2BzkAy7YWY4INNg8mZRoyAxNHUQ2mkHoKRafg5haUeEAALnDhIrL0zgVjK3rjgNI5nZGlh39DVTOy9NszyNIvTmk1bFwxuiyUyRyGSQ01nEL1psjLbRRrHlS1DV68DyV%2BJCsPzyNLNy46baDE7os8iMMwiNhyEAu2HIVBsMzioLvMk8iPw2M84jHdl0ipKVQyhZYjUHcEpfNQKg9l4qHMPaRit0Hb3cT3OwlLwjCOOOdhyHk7PibaIozixEfJ5zuMUOQjcD0Ct%2BvI7Tr6agRbfge3WsOJx%2BCKGfHeuYmBqFFJgsoRVJSgUgRVQVAN6k2hXcvVd4R2JQsWvrXwYT0xRW9MN03RkxkBtaNxvkeemgvoPaFy9OVuQ8StbhTEccxp7LO29FsRj4RPO5wyP4p8OFVDuSOgzsOampFn%2FxojVzOylHwFRrfh9Da4ehK0fB60mnRaPujqJIp9rGWfM%2BHSHtXaNTNZQJgaebGE4oY31nvkuf1Lnv3jF0i%2Bc%2FLoN9dv%2FvPrC%2BC2Rm5rXFffE%2FT07cllU5GNy6Zy5N7FvFCpWqPzK18paCGXPn1L3qiMFedOu9Enr%2FM5mId3r0pXnKeZUFnPkc9OKSGkPWMsl%2BTbc%2B6aZJdKt3qqtFmZn7%2F0xplzaW6lc8pkU1D14L374GpGHv%2F64%2F3%2F%2B9LecSg7hS1rpOUOWRiU2QbP1%2BHynZP%2F1ZwhsPqwh%2BUeqrKe2BY7LGpFoOVhTlkNJw8lYHLn%2Fp8HbOxuo2c90OIWsrTGwNYY6BpUj%2BDKRyZFbnde%2ByncNzDtTZi23gbTVn94IK1Tu412EMmYxR0uBJNcBJ1WGIe%2B3xIi6nRl0EXhZrJ%2F8vd%2FAQAA%2F%2F8BAAD%2F%2FyCzVnuXBAAA
IP
173.233.139.164:0
ASN
#7979 SERVERS-COM

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /impr.gif?sid=H4sIAAAAAAAC%2F1SSz4scRRTHq%2BOKhyD%2BQAQPwoCCCu5s93RPpic5GGNMCMYkJpFcrV89W5nqrqaqe3qyh7AYkBzHmwcPPd%2FZzaJGMQdPKpFZL7IgZDzoIu7BP0AUIeBNZndk8R3q%2Ffi8w3vfVx%2BMyz0SoKS7l942a0prutJu%2Bo2Xr6lMmMo1LlxtBH7TP9G4prJj0YnGcP7YwfHAbzf9VxpnJe%2BblZYf%2BH7gB40zysrEDFf2KVR%2Btxs0u34zajWDdoSh%2FX%2FuSg%2BOehCDPfI0lJg9uvrDPSg%2BRZZ%2BeVq6fmHyV99MS00LYzEQW%2B9m%2FcxUGdLDMLEekmxr0Q3jZoR8dAQm21psADPYmG8ApmbE%2BzkAy7YWY4INNg8mZRoyAxNHUQ2mkHoKRafg5haUeEAALnDhIrL0zgVjK3rjgNI5nZGlh39DVTOy9NszyNIvTmk1bFwxuiyUyRyGSQ01nEL1psjLbRRrHlS1DV68DyV%2BJCsPzyNLNy46baDE7os8iMMwiNhyEAu2HIVBsMzioLvMk8iPw2M84jHdl0ipKVQyhZYjUHcEpfNQKg9l4qHMPaRit0Hb3cT3OwlLwjCOOOdhyHk7PibaIozixEfJ5zuMUOQjcD0Ct%2BvI7Tr6agRbfge3WsOJx%2BCKGfHeuYmBqFFJgsoRVJSgUgRVQVAN6k2hXcvVd4R2JQsWvrXwYT0xRW9MN03RkxkBtaNxvkeemgvoPaFy9OVuQ8StbhTEccxp7LO29FsRj4RPO5wyP4p8OFVDuSOgzsOampFn%2FxojVzOylHwFRrfh9Da4ehK0fB60mnRaPujqJIp9rGWfM%2BHSHtXaNTNZQJgaebGE4oY31nvkuf1Lnv3jF0i%2Bc%2FLoN9dv%2FvPrC%2BC2Rm5rXFffE%2FT07cllU5GNy6Zy5N7FvFCpWqPzK18paCGXPn1L3qiMFedOu9Enr%2FM5mId3r0pXnKeZUFnPkc9OKSGkPWMsl%2BTbc%2B6aZJdKt3qqtFmZn7%2F0xplzaW6lc8pkU1D14L374GpGHv%2F64%2F3%2F%2B9LecSg7hS1rpOUOWRiU2QbP1%2BHynZP%2F1ZwhsPqwh%2BUeqrKe2BY7LGpFoOVhTlkNJw8lYHLn%2Fp8HbOxuo2c90OIWsrTGwNYY6BpUj%2BDKRyZFbnde%2ByncNzDtTZi23gbTVn94IK1Tu412EMmYxR0uBJNcBJ1WGIe%2B3xIi6nRl0EXhZrJ%2F8vd%2FAQAA%2F%2F8BAAD%2F%2FyCzVnuXBAAA HTTP/1.1
Host: impolitefreakish.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Cookie: u_pl=17787248,17787246; uid_id2=c183314b-18db-4311-b819-cf40836c4c8a:2:1; pdhtkv=true; uncs=2; pdhtkv29=true; uncs29=2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 14:36:22 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8a989172edc436f7a0259d9a32ae3597
Strict-Transport-Security: max-age=0; includeSubdomains

static-assets.highwebmedia.com/cachebust/346-react-e4cb082f369152b01a87.js

104.16.94.42

302 kB

URL
static-assets.highwebmedia.com/cachebust/346-react-e4cb082f369152b01a87.js
IP
104.16.94.42:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65536), with no line terminators
Size
302 kB (301823 bytes)
Hash
33b7aa8db8c6a49f046ab890cccd41e6
9f74088cedefa705d00a91c1dac5c3b6bc8c7e9d
3640954b30e90ee65f83047c4fba0b53f6d7a2222d2904c458e272d45b7b308c

HTTP Headers

GET /cachebust/346-react-e4cb082f369152b01a87.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:19 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=196432
etag: W/"e9757fd04edd4f87a25a977a9f7e1fd5"
last-modified: Thu, 09 Nov 2023 01:15:59 GMT
x-amz-id-2: fESnRpuKWz62hsGqzvhqdYd6iTmQn/jvI6ywiGaffv0OzJ3YijnG/dHrz1gVP8LTGS7JkRfHcvY=
x-amz-meta-s3cmd-attrs: md5:e9757fd04edd4f87a25a977a9f7e1fd5
x-amz-request-id: Y9HR39GMQDFE914A
x-amz-server-side-encryption: AES256
cf-cache-status: HIT
age: 640036
expires: Mon, 01 Jan 2024 14:36:19 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0tpxHB4POPg0bVez44FG4erqKnkz7kQi2%2BoZyuQUk7nnoHMSk%2F20dmL1T4x40XoBhjhzjZtu4cCWoGppGAv2sbTwZ2IVlpItPkOD6PRaUTdw8L%2BHXt8IVjYGFSN1bX9GFrPYD%2F996GOzV6e7BKpy3w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=822I1HK79rr5q921Ig1xZW_bVe5ALet6VQ3wiKJFC8g-1701527779636-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 82f44d2ea9230b31-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/js/script.js

172.64.109.10

1.6 kB

URL
cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/js/script.js
IP
172.64.109.10:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text
Size
1.6 kB (1553 bytes)
Hash
f06aedc6f9c35062ffcf1d5ad7b6e574
47f1ec30faf80f0958036aea330d22d4ea6bd994
f6ae8744b3f2b2f8865fff018810c62b9bb82ffb3224d0e958ff2cdcec3d2026

HTTP Headers

GET /sb/interstitial/games/hentai-heroes/main/9/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://top1pornmovies.sexjanet.com
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:22 GMT
content-type: application/javascript
last-modified: Tue, 24 Oct 2023 12:21:37 GMT
etag: W/"6537b6d1-f3f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 2
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XxvqIQGGk8atOoGT%2F9LyKHqznyuhdDssq6HoB%2BEsDWY0eSGjdl6M7b5N96KMejFPt3WvywBOcv48CJ34v6fJ%2FQKHBVM4dY1xWedP5RXajueXz6tCv7rJAssMWD5X%2FDf6I8mQ1W45wA8P"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f44d419fe271bc-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

accommodationcarpetavid.com/pixel/sbs?c=1

173.233.139.164

0 B

URL
accommodationcarpetavid.com/pixel/sbs?c=1
IP
173.233.139.164:0
ASN
#7979 SERVERS-COM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbs?c=1 HTTP/1.1
Host: accommodationcarpetavid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Cookie: u_pl=17787246,17787247; uid_id2=c183314b-18db-4311-b819-cf40836c4c8a:2:1; pdhtkv=true; uncs=2; pdhtkv29=true; uncs29=2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 14:36:22 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

static-assets.highwebmedia.com/tsdefaultassets/volume-mute.svg

104.16.94.42

700 B

URL
static-assets.highwebmedia.com/tsdefaultassets/volume-mute.svg
IP
104.16.94.42:0
ASN
#13335 CLOUDFLARENET

File type
SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size
700 B (700 bytes)
Hash
0e7eb973c55f707fb660aa0598430dc8
519b80c25a0d1dc61136488cfc6bcb467f8ed0a2
10b24b0019834fec69c090733473239d9cf133477785283f61566b76e9c91742

HTTP Headers

GET /tsdefaultassets/volume-mute.svg HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
DNT: 1
Connection: keep-alive
Cookie: _cfuvid=sX2YaZmAknVqY.pqkq.2LHqH1HSzAp.Liicij9zMQZ8-1701527779794-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 02 Dec 2023 14:36:22 GMT
content-type: image/svg+xml
x-amz-id-2: gL8huy4e7jhazpz/tKZIYogxa9hGMQd/y+muxOOgubUPZhO4K45cOL4jMcM53JzSBv9PNePDPXA=
x-amz-request-id: 2FAMQYHG5SDTJ93H
last-modified: Tue, 19 Jan 2021 22:11:22 GMT
etag: W/"0e7eb973c55f707fb660aa0598430dc8"
x-amz-meta-s3cmd-attrs: md5:0e7eb973c55f707fb660aa0598430dc8
cache-control: public, max-age=2592000
cf-cache-status: HIT
age: 725970
expires: Mon, 01 Jan 2024 14:36:22 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JGAeVbi3%2BJRpeHd3p2JKR97e1NuMcqCEGLzVzuXAeakmysabIlfG81yjA2N2XlMv0EmoSlwPHmzzPPfDBLcgtLtecXU%2BsP%2FvE15Sg7j0Q8KElX5fdqTUeG1kRhYvQi8LRZVtprlceAFY%2FfAqYIBESQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f44d41ee0456bb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/css/animate.css

172.64.109.10

5.5 kB

URL
cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/css/animate.css
IP
172.64.109.10:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
5.5 kB (5489 bytes)
Hash
e1d8acd5ee9d1a90ea09313cbd8f2b02
8a8327b115d1356715e63270d1ce6d46124c7b1a
3028c87fc798ac3741f02079034e6c23462afc0c5e6c8d321188ce3716c8472a

HTTP Headers

GET /sb/interstitial/games/hentai-heroes/main/9/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://top1pornmovies.sexjanet.com
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:20 GMT
content-type: text/css
last-modified: Tue, 24 Oct 2023 12:21:32 GMT
etag: W/"6537b6cc-13591"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MCLuwI8GANnpYT6uGJXXG0hguEZgOm5fOi%2B2YtqgvEE3gIH4sGzzccIXZZ6GQB3oXeZnx%2F6QZ9LVWoYcp492Bdt6xed2RARBjc8r6%2BFcPlOEwVRC2d6amNQRSE640XOlC9sqbd5FNg4m"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f44d35583371bc-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

static-assets.highwebmedia.com/tsdefaultassets/sounds/classic/large.mp3

104.16.94.42

58 kB

URL
static-assets.highwebmedia.com/tsdefaultassets/sounds/classic/large.mp3
IP
104.16.94.42:0
ASN
#13335 CLOUDFLARENET

File type
MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, Monaural\012- data
Size
58 kB (57678 bytes)
Hash
3c341f99a417abeaa0e76f070d2ee776
c14d20fc3b5c6f0ec8085a59ff7108a0fd4ccd70
06a32e4bddac3148330822781fc4a9a62cab480e46e1ba8e8158b9d86445a7c7

HTTP Headers

GET /tsdefaultassets/sounds/classic/large.mp3 HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Origin: https://chaturbate.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 02 Dec 2023 14:36:23 GMT
content-type: audio/mpeg
content-length: 57678
x-amz-id-2: YU8k62ah/ewQHqX4Xq1RwzK7+74/PRbOabpenxeq6w4dGFBZJBXbi0lZHRz6ht8PnLOuhcfpQMI=
x-amz-request-id: 33VZKQ5WB6DZGPWA
access-control-allow-origin: *
access-control-allow-methods: GET
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Tue, 19 Jan 2021 22:10:58 GMT
etag: "3c341f99a417abeaa0e76f070d2ee776"
x-amz-meta-s3cmd-attrs: md5:3c341f99a417abeaa0e76f070d2ee776
cache-control: public, max-age=2592000
cf-cache-status: HIT
age: 901620
expires: Mon, 01 Jan 2024 14:36:23 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rLXQEG28inW6akO%2FyTGHcNkgI28tZtKM3OibrXl2hflOzAc8WKsrCIWWjCrHCMdGqL3Zve7H7LfwnhxvJ0D8x5v5cYY1yvNhGgFhakMy7NxUwvetuNZoU3QiYtTDmUpwRG7IOnbveW4FY1RoiG4emA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: _cfuvid=DhRFggxkxA9TYUP5qqXe7siar95n0DRI_OipiusHRNc-1701527783020-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 82f44d43da8356cb-OSL
alt-svc: h3=":443"; ma=86400

static-assets.highwebmedia.com/tsdefaultassets/cam_notice_background.jpg

104.16.94.42

5.5 kB

URL
static-assets.highwebmedia.com/tsdefaultassets/cam_notice_background.jpg
IP
104.16.94.42:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 498x375, components 3\012- data
Size
5.5 kB (5463 bytes)
Hash
b3be0066f96745236ff4fe8fa4367e59
1f77405ff4b2d1d3942e7c4875b1becf72f0a970
a910dfccc165482735f38bd814f11635044fcf490ec71df42416cfc72f426bc4

HTTP Headers

GET /tsdefaultassets/cam_notice_background.jpg HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
DNT: 1
Connection: keep-alive
Cookie: _cfuvid=sX2YaZmAknVqY.pqkq.2LHqH1HSzAp.Liicij9zMQZ8-1701527779794-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 02 Dec 2023 14:36:23 GMT
content-type: image/jpeg
content-length: 5463
cache-control: public, max-age=2592000
cf-bgj: imgq:100,h2pri
cf-polished: origSize=6601
etag: "2041511189fe406b8b89903ca972b53c"
last-modified: Tue, 19 Jan 2021 22:09:34 GMT
x-amz-id-2: Dv9MT9lrOyURv7mUlF05FojM4oQrWtfMdyZRWs2LBz3V9wiT1HMUcLHHfeUyP8ZcVkLAcrvl53YA24rX98KEHwZVm8MMMGFJ
x-amz-meta-s3cmd-attrs: md5:2041511189fe406b8b89903ca972b53c
x-amz-request-id: CG6DHWYRFC5PH9C6
cf-cache-status: HIT
age: 902009
expires: Mon, 01 Jan 2024 14:36:23 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6untC0UZFJkm5dmzD2Cc7ctlGilwA96Jd05q436yvafEJf3ou5%2FiZ2swA68tu%2FsF%2FQRzsOY0KneXWP4NVDisKVzocjqsPqmMdDEuLOspUPQFIBNzhcX0uyYwkTOTGgRYqDquUmjaV5V1lnofk74Yhw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f44d43efea56bb-OSL
alt-svc: h3=":443"; ma=86400

static-assets.highwebmedia.com/tsdefaultassets/sounds/classic/huge.mp3

104.16.94.42

58 kB

URL
static-assets.highwebmedia.com/tsdefaultassets/sounds/classic/huge.mp3
IP
104.16.94.42:0
ASN
#13335 CLOUDFLARENET

File type
MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, Monaural\012- data
Size
58 kB (57678 bytes)
Hash
4f5f5acc1f52a82663f8b8762df7508d
15197386d884cfc8c6a04b2ca37f4e6325146567
8b2f2a0e8f6c4506f802775ffc24567495279088c55dc16d76da9e32257f58ce

HTTP Headers

GET /tsdefaultassets/sounds/classic/huge.mp3 HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Origin: https://chaturbate.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 02 Dec 2023 14:36:23 GMT
content-type: audio/mpeg
content-length: 57678
x-amz-id-2: WAbm9D4yz5SScBD6/+DWJZcrL5gKDRq+hJJs2/dHL/gGY+CjO3Riu/rSKb9OO6BuuPI+B6oP6xieKosA1c3K97EpCC9DfUS5
x-amz-request-id: P0HEX753P0ZNSB69
access-control-allow-origin: *
access-control-allow-methods: GET
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Tue, 19 Jan 2021 22:10:58 GMT
etag: "4f5f5acc1f52a82663f8b8762df7508d"
x-amz-meta-s3cmd-attrs: md5:4f5f5acc1f52a82663f8b8762df7508d
cache-control: public, max-age=2592000
cf-cache-status: HIT
age: 798402
expires: Mon, 01 Jan 2024 14:36:23 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zfT%2FX2bHU1E2jkO2pV8MVcmQKCv3VJ6sPLbTP5KUVJ9ry86ydaRgTJwv1bXi9smUFAW8inDHfPOmdrTDf3dnPx5Y0LULUiwm8JPF%2Bt7h0HqAbNOukQGLZZ7OX8EvrJ5OlD7WTvJY8OBuy%2Fl2Tl2SnA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: _cfuvid=74NXXKXfAI0HOydV7aJsDE4rrh0MDHsU5Sfj9GheVkM-1701527783021-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 82f44d43da8056cb-OSL
alt-svc: h3=":443"; ma=86400

cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/css/animate.css

172.64.109.10

37 kB

URL
cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/css/animate.css
IP
172.64.109.10:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
37 kB (37447 bytes)
Hash
e1d8acd5ee9d1a90ea09313cbd8f2b02
8a8327b115d1356715e63270d1ce6d46124c7b1a
3028c87fc798ac3741f02079034e6c23462afc0c5e6c8d321188ce3716c8472a

HTTP Headers

GET /sb/interstitial/games/hentai-heroes/main/9/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://top1pornmovies.sexjanet.com
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:20 GMT
content-type: text/css
last-modified: Tue, 24 Oct 2023 12:21:32 GMT
etag: W/"6537b6cc-13591"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cIkWPDEfD%2FDB4B2SDrc2bemO%2FQdPmy2AxaomOmBdSSQrHZDmEyDuH7B%2F%2FiitMu6f%2FCN5iMbN8eZrXpAMoPXNb9DgdEXzgZJjzd8y4GL7kiMJziWKJexLnmbI2cPl8Vji%2F%2FnwUAq22BUZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f44d36094271bc-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

static-assets.highwebmedia.com/tsdefaultassets/sounds/classic/small.mp3

104.16.94.42

26 kB

URL
static-assets.highwebmedia.com/tsdefaultassets/sounds/classic/small.mp3
IP
104.16.94.42:0
ASN
#13335 CLOUDFLARENET

File type
Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, Monaural\012- data
Size
26 kB (25728 bytes)
Hash
069c25fa18c496300dce85718add378b
e16d86da14847005e3e99b3741b1a55585a8067c
8e1f038b4fc8a72ed517c74eebc5ffedaa5689f26dc3a323007dc6dbc235e5fb

HTTP Headers

GET /tsdefaultassets/sounds/classic/small.mp3 HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Origin: https://chaturbate.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 02 Dec 2023 14:36:23 GMT
content-type: audio/mpeg
content-length: 25728
x-amz-id-2: GeD9d5s+QtDz0MSx7V2wtzWLNyVn2VTN3z7XJKxgRiSbDSh/Pwaou7zaDK6DkA9e5cLRxzrSX28=
x-amz-request-id: QZMC4XRJ7350YCQD
access-control-allow-origin: *
access-control-allow-methods: GET
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Tue, 19 Jan 2021 22:10:59 GMT
etag: "069c25fa18c496300dce85718add378b"
x-amz-meta-s3cmd-attrs: md5:069c25fa18c496300dce85718add378b
cache-control: public, max-age=2592000
cf-cache-status: HIT
age: 742673
expires: Mon, 01 Jan 2024 14:36:23 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZY%2BTHhyXpG20bKML2mviR0rZHMKo3Ixtb6pFaL1XE9ZzVZHizKBmf51Tbs8V3CuedKNXgI4HEe9nmvuJWYWZGgm%2FVciz%2B0xy87yQqLXRxJqWqGjG9SxXqDuMGEvt35lHIpWn84tSQwIz6cAbVgnrTw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: _cfuvid=DYQKc2N86Fdcoe7LTALlL23q_10pKL_VM8aTIHPDIsc-1701527783023-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 82f44d43da8e56cb-OSL
alt-svc: h3=":443"; ma=86400

static-assets.highwebmedia.com/tsdefaultassets/sounds/classic/tiny.mp3

104.16.94.42

19 kB

URL
static-assets.highwebmedia.com/tsdefaultassets/sounds/classic/tiny.mp3
IP
104.16.94.42:0
ASN
#13335 CLOUDFLARENET

File type
MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, Monaural\012- data
Size
19 kB (19226 bytes)
Hash
1179631f78330d8b2e8918f8f0e2e9fa
743c778104ff0a87f440990ec9f285ed95a515e7
16da4e83dd5e5ebacba638b7ecea526f9d6b856c623f69de7813f9d2ed7220a4

HTTP Headers

GET /tsdefaultassets/sounds/classic/tiny.mp3 HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Origin: https://chaturbate.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 02 Dec 2023 14:36:23 GMT
content-type: audio/mpeg
content-length: 19226
x-amz-id-2: NJlYNEDyttivkbb+OFXDavDxtVAlhYmogm9OVYTos50waiCbmXq2X/ghK/zHJC54kROQElhj88M=
x-amz-request-id: 4KPC22YB9KDRTBRH
access-control-allow-origin: *
access-control-allow-methods: GET
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Tue, 19 Jan 2021 22:11:00 GMT
etag: "1179631f78330d8b2e8918f8f0e2e9fa"
x-amz-meta-s3cmd-attrs: md5:1179631f78330d8b2e8918f8f0e2e9fa
cache-control: public, max-age=2592000
cf-cache-status: HIT
age: 364630
expires: Mon, 01 Jan 2024 14:36:23 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A%2Fffp%2BSW2JZ3NX4pqfB4ow4%2BWjKjztPQsNOZhIEnV7jUYAiaiYY7XNGoxtHuH4ONkY3%2BPFRe5zfrb6lYssB9sJqhH2bdmPaIis%2FqyG%2FWEKvjz2dm65PLdUeYbxNT54IalEHxRSIKYLU908PiQEJFDg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: _cfuvid=STgwxzvdXBuWM22tZnNzkElHZLPGX2vmDOZFfPUfsiY-1701527783022-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 82f44d43da9056cb-OSL
alt-svc: h3=":443"; ma=86400

impolitefreakish.com/pixel/sbs?c=1

173.233.139.164

0 B

URL
impolitefreakish.com/pixel/sbs?c=1
IP
173.233.139.164:0
ASN
#7979 SERVERS-COM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbs?c=1 HTTP/1.1
Host: impolitefreakish.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Cookie: u_pl=17787248,17787246; uid_id2=c183314b-18db-4311-b819-cf40836c4c8a:2:1; pdhtkv=true; uncs=2; pdhtkv29=true; uncs29=2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 14:36:23 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

static-assets.highwebmedia.com/cachebust/304-react-e81afc61e6aeab40e9c6.js

104.16.94.42

49 kB

URL
static-assets.highwebmedia.com/cachebust/304-react-e81afc61e6aeab40e9c6.js
IP
104.16.94.42:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65536), with no line terminators
Size
49 kB (49355 bytes)
Hash
3ec623d01673c93f91f23a50b9dbc2d0
3beaa8ca89d156a38876c0e9739007b4ebbfeff5
7016ebb0dd64b62bc75bdf37eeda3e2e6f6e724cdcf564ed33335ad5f2d6f0d7

HTTP Headers

GET /cachebust/304-react-e81afc61e6aeab40e9c6.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:19 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=171911
etag: W/"c223066dc41f6eede51b71788b84878a"
last-modified: Fri, 20 Oct 2023 05:06:06 GMT
x-amz-id-2: zt3Silen4sW17yjz7Q2oDTxQEBTQZPT4NpdDUR+UdvBsRHkeUkRTEsRNNkcoqvXnpgEj/gkThLw=
x-amz-meta-s3cmd-attrs: md5:c223066dc41f6eede51b71788b84878a
x-amz-request-id: DB2TQT1JS3W1CRRG
x-amz-server-side-encryption: AES256
cf-cache-status: HIT
age: 720476
expires: Mon, 01 Jan 2024 14:36:19 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qSM09PxH9euCNCnS0BCKdDsXOSiT1%2BNBh7s11em1wh7%2FhMPzTFxIxx5JTONj2YVIAKWsizbOBHDR0xP5T1nsdI7ZakQHPBY2jwuEXh%2FHTn5yKmUXD82sRyQA0Dkl8UZF3jKP59I4U2SoKkvHZ0Gtgg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=P.UexU0.28s9xSqmt5tAS1kt.818llNtSTu8O2SP7GI-1701527779632-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 82f44d2ea90f0b31-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

static-assets.highwebmedia.com/cachebust/304-react-e81afc61e6aeab40e9c6.js

104.16.94.42

233 kB

URL
static-assets.highwebmedia.com/cachebust/304-react-e81afc61e6aeab40e9c6.js
IP
104.16.94.42:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65536), with no line terminators
Size
233 kB (232788 bytes)
Hash
3ec623d01673c93f91f23a50b9dbc2d0
3beaa8ca89d156a38876c0e9739007b4ebbfeff5
7016ebb0dd64b62bc75bdf37eeda3e2e6f6e724cdcf564ed33335ad5f2d6f0d7

HTTP Headers

GET /cachebust/304-react-e81afc61e6aeab40e9c6.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:19 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=171911
etag: W/"c223066dc41f6eede51b71788b84878a"
last-modified: Fri, 20 Oct 2023 05:06:06 GMT
x-amz-id-2: zt3Silen4sW17yjz7Q2oDTxQEBTQZPT4NpdDUR+UdvBsRHkeUkRTEsRNNkcoqvXnpgEj/gkThLw=
x-amz-meta-s3cmd-attrs: md5:c223066dc41f6eede51b71788b84878a
x-amz-request-id: DB2TQT1JS3W1CRRG
x-amz-server-side-encryption: AES256
cf-cache-status: HIT
age: 720476
expires: Mon, 01 Jan 2024 14:36:19 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8EvJq1VtPGvsGndxT4UTZtk%2BO68ilQOC1mRtHIkN%2F72fvnfVJ%2FxdCTxG4X79R%2FNjN%2B40QeRmMptuoahEAu6IRnZL5jiV261CpWGsJv4Z7T%2FFZX%2Bai9FSNvqyQ3nHd4JAxmQTaR4NkqdqJRvoEl%2FWyA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=bDq_Q1nM1BXXjfdy5JkrIbyzIN15fh.uXA24SLrr5o8-1701527779637-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 82f44d2ea9240b31-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/css/style.css

172.64.109.10

185 kB

URL
cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/css/style.css
IP
172.64.109.10:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
185 kB (184758 bytes)
Hash
36a2f44165d87718e33ea6b64cf19d0c
d488c9d41361919fc2fadb85e0d57621d6557630
d6cf3c67d3005fe4dab9c6be6b2bede9fd81239c7d686c54bf31a5b70fb2e0b2

HTTP Headers

GET /sb/interstitial/games/hentai-heroes/main/9/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://top1pornmovies.sexjanet.com
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:20 GMT
content-type: text/css
last-modified: Tue, 24 Oct 2023 12:21:32 GMT
etag: W/"6537b6cc-a9c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=82DjA1au0AMU1OC1Zecsi%2BJfahU7mBblo2DNcQjkTKn7vtE7z0Vkixd%2BlUuRQOabPFKimq6xoUTd8T%2BTiwrA1LG0WqP0qwg9mOsJoD91GGkWnoxNn64XwaMu6kl22S%2B2hzLzOymoUAMi"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f44d36094d71bc-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.yourwebbars.com/sb/interstitial/games/hentai-heroes/main/9/index.html

104.26.6.19

323 B

URL
cdn.yourwebbars.com/sb/interstitial/games/hentai-heroes/main/9/index.html
IP
104.26.6.19:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document, ASCII text
Size
323 B (323 bytes)
Hash
646559fd465295bf306d1d2b9577b1cb
89e67be3b0fdda8b91ad50afab696020b95c0e7b
155244a91470301be700b488d699994faa1651279ad2138b663b1d83e209b3a8

HTTP Headers

GET /sb/interstitial/games/hentai-heroes/main/9/index.html HTTP/1.1
Host: cdn.yourwebbars.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://top1pornmovies.sexjanet.com
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:17 GMT
content-type: text/html
last-modified: Tue, 24 Oct 2023 12:21:31 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RG2Ac5Fdchn44wIgVTCST3UXROvF8yTsvDVmKaPEf3EgPlZlvcB2CwtISCdr34GrsbawXv6wbbCTDrd1ApJGGMS2ob%2BGhsDnhySMkNd%2Bhcrl7dI9a1ZFVxUHAvkM6ae%2F7%2BZ42sA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f44d23bebeb4f3-OSL
content-encoding: br
X-Firefox-Spdy: h2

static-assets.highwebmedia.com/cachebust/788-prod-089e2548671b7384bb27.js

104.16.94.42

20 kB

URL
static-assets.highwebmedia.com/cachebust/788-prod-089e2548671b7384bb27.js
IP
104.16.94.42:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (65531), with no line terminators
Size
20 kB (20278 bytes)
Hash
ee538f9cbb9bec93b4242265430ab256
8090eedff52e7a4bfaf8f7a5b6641b7a63611a44
23af7709bc832820c61dfb8c6bee807320e0c95b5cd628590101f74918e0758d

HTTP Headers

GET /cachebust/788-prod-089e2548671b7384bb27.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:19 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=72488
etag: W/"4ae1dac2b13e40952ac1abe2d2003856"
last-modified: Thu, 16 Nov 2023 21:27:26 GMT
x-amz-id-2: qZArD+UYPzBpm9VINWavusGXNKK32iBYRX2zgGkfX9qqon+mRqZyJLp14qoN9prkobxj+yeRDQ4=
x-amz-meta-s3cmd-attrs: md5:4ae1dac2b13e40952ac1abe2d2003856
x-amz-request-id: WYRHVBC3YXF7W96D
x-amz-server-side-encryption: AES256
cf-cache-status: HIT
age: 716631
expires: Mon, 01 Jan 2024 14:36:19 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Pw4XKKroqOaDSAz%2BA77Fm8e25GtbDAGDFFkGm5VR3Q5wNTbb8vWWZT9VAycOwz0bcijerKKDSicLvutyS6oOM7h%2BYBiyuZfRWI0Cgc23OtT5vQmP6sYQXyR8cnJJghDiLMVfhhJKOwvEi%2BgjboLnVQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=BtAyslZ9YQAN3gCSfaCMUMIkbp4niTq0LeXSL6EEE6E-1701527779640-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 82f44d2ea91f0b31-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

poweredby.jads.co/adshow.php?adzone=962249

185.94.236.246

1.7 kB

URL
poweredby.jads.co/adshow.php?adzone=962249
IP
185.94.236.246:0
ASN
#42567 Mojohost B.v.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (426), with CRLF, LF line terminators
Size
1.7 kB (1676 bytes)
Hash
7fa2159c543850f7eb39958b8cbe02db
0b13f9f5c2af113ea52259eefd9b8ecd175f50c0
a3552216fb4f44953ee706b0ec9b6b42ad806db8924b57d210974c9853a13885

HTTP Headers

GET /adshow.php?adzone=962249 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:23 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=ebb38816e669acba98bc9974a5aa0347; expires=Sun, 01-Dec-2024 14:36:22 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps8605=1; expires=Sun, 03-Dec-2023 14:36:23 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YToxOntpOjg4NDM5OTtpOjE3MDE3ODY5ODI7fQ%3D%3D; expires=Tue, 05-Dec-2023 14:36:22 GMT; Max-Age=259199; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Tue, 05-Dec-2023 14:36:22 GMT; Max-Age=259199; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip

static-assets.highwebmedia.com/cachebust/619-prod-bcdc3f7a7b8eb36f018f.js

104.16.94.42

35 kB

URL
static-assets.highwebmedia.com/cachebust/619-prod-bcdc3f7a7b8eb36f018f.js
IP
104.16.94.42:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (65533), with no line terminators
Size
35 kB (34687 bytes)
Hash
85b1ff9e46b590a1ad7a4e68e5d4a347
11ef3d6fd7ad6f8e378075a9b7027ac279644172
df11f3f6675eb2ac85bad1d987fcf2d0eb6410de1920ef332aa32a54b00d45c2

HTTP Headers

GET /cachebust/619-prod-bcdc3f7a7b8eb36f018f.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:19 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=151855
etag: W/"59413d8b1296694a544b4ff36dcca77b"
last-modified: Wed, 29 Nov 2023 17:03:09 GMT
x-amz-id-2: qsfA08TyEmywpTreUypAM0ALuG5q9sXMcxcr2D7o3gfolcP0nSW02ddbKQXsj6Y2849fOz3vtrlzvWF208xo3xB2JMirin1E
x-amz-meta-s3cmd-attrs: md5:59413d8b1296694a544b4ff36dcca77b
x-amz-request-id: V8TSVXH76ZDMVZ18
x-amz-server-side-encryption: AES256
cf-cache-status: HIT
age: 250204
expires: Mon, 01 Jan 2024 14:36:19 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6NINwyGCYVOlpXdUVvQdEXsmz8xyDPO6iWo1IFS6gDcUbeuGHckNDmL3pPTqRwJP%2BBKfCNxjNXmxtXiQ%2FvYKZV5%2BKY0142Dsult%2FyZ2l%2BFs9y10quffS7%2BbVeuL1rT4cuJ3rIFkpmkz%2FtLwJ1cXa4w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=6s.LwecR7LzfeMVzhfAGB5GX6m31gCXeC2CqNITtS9c-1701527779740-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 82f44d2f59910b31-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/css/animate.css

172.64.109.10

6.5 kB

URL
cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/css/animate.css
IP
172.64.109.10:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
6.5 kB (6521 bytes)
Hash
e1d8acd5ee9d1a90ea09313cbd8f2b02
8a8327b115d1356715e63270d1ce6d46124c7b1a
3028c87fc798ac3741f02079034e6c23462afc0c5e6c8d321188ce3716c8472a

HTTP Headers

GET /sb/interstitial/games/hentai-heroes/main/9/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://top1pornmovies.sexjanet.com
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:20 GMT
content-type: text/css
last-modified: Tue, 24 Oct 2023 12:21:32 GMT
etag: W/"6537b6cc-13591"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MGaiQko5JiA0WwehF37hoE3uEzN2uVr7MSdz8VI3v5T6dT9AUtViKpol0lpytV00PkW1ineeqm5cGN328Ein8uQEDfJQZ7OwxltT0NDLs0VOAYmGL2FcB1d0apcBdL4L29pQlKM9wUtb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f44d372b3671bc-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

confrontbitterly.com/pixel/sbs?c=1

173.233.137.44

0 B

URL
confrontbitterly.com/pixel/sbs?c=1
IP
173.233.137.44:0
ASN
#7979 SERVERS-COM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbs?c=1 HTTP/1.1
Host: confrontbitterly.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 14:36:23 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

skiofficerdemote.com/pixel/sbs?c=1

173.233.139.164

0 B

URL
skiofficerdemote.com/pixel/sbs?c=1
IP
173.233.139.164:0
ASN
#7979 SERVERS-COM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbs?c=1 HTTP/1.1
Host: skiofficerdemote.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Cookie: u_pl=17787248,17787246; uid_id2=c183314b-18db-4311-b819-cf40836c4c8a:2:1; pdhtkv=true; uncs=2; pdhtkv29=true; uncs29=2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 14:36:23 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

poweredby.jads.co/adshow.php?adzone=892138

185.94.236.246

1.6 kB

URL
poweredby.jads.co/adshow.php?adzone=892138
IP
185.94.236.246:0
ASN
#42567 Mojohost B.v.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (384), with CRLF, LF line terminators
Size
1.6 kB (1648 bytes)
Hash
de93a17fda66dafc87386972fec2e64e
d671f411c0fa26c1f904c10849d1694a34247dc5
69804dba248977faa4eb145b8317e1206b96dba4d734cd7b2e1baca460389f4b

HTTP Headers

GET /adshow.php?adzone=892138 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 14:36:23 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=ebb38816e669acba98bc9974a5aa0347; expires=Sun, 01-Dec-2024 14:36:22 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YTowOnt9; expires=Tue, 05-Dec-2023 14:36:22 GMT; Max-Age=259199; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Tue, 05-Dec-2023 14:36:22 GMT; Max-Age=259199; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip

cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/css/style.css

172.64.109.10

237 kB

URL
cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/css/style.css
IP
172.64.109.10:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
237 kB (237385 bytes)
Hash
36a2f44165d87718e33ea6b64cf19d0c
d488c9d41361919fc2fadb85e0d57621d6557630
d6cf3c67d3005fe4dab9c6be6b2bede9fd81239c7d686c54bf31a5b70fb2e0b2

HTTP Headers

GET /sb/interstitial/games/hentai-heroes/main/9/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://top1pornmovies.sexjanet.com
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:20 GMT
content-type: text/css
last-modified: Tue, 24 Oct 2023 12:21:32 GMT
etag: W/"6537b6cc-a9c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FjTHpfqQDks7uFtumatsgKtHXbsP6AHkUOl3Pqw9AZvRkSuDElOhSPXameDGy26xi4eCGMNBMHyiSyh90Kfikf8CBVmSoylVkeYtcvN5XjDx7E33msAoXY1wKBxPxkkHoli55k3oRbTD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f44d35c8c771bc-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/img/tab.jpg

172.64.109.10

184 kB

URL
cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/img/tab.jpg
IP
172.64.109.10:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1024x1366, components 3\012- data
Size
184 kB (184016 bytes)
Hash
514b590c0bc71e9b888a4fb84a797f71
0316ebba7a31e09475981e88b2520076c34854a7
d6dafd5e754539f4d557e4eb25cc86d72429c0e06a97477ff0afb63b4b5fe2be

HTTP Headers

GET /sb/interstitial/games/hentai-heroes/main/9/img/tab.jpg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 02 Dec 2023 14:36:22 GMT
content-type: image/jpeg
content-length: 184016
last-modified: Tue, 24 Oct 2023 12:21:35 GMT
etag: "6537b6cf-2ced0"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 260460
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gIHC%2B4FQywaAmq%2Bt1njPLsMm5D670%2BfNBLj4n4YVFOz7mUfcH73fMkQsw1Ki1Ky8LUtewVdDV95hjM8apnat0C3S%2B13eFDm8zX5O9dCf9f%2BqttyoEMmLylA4QkgboPg91Uq8q1K%2Fn1mn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f44d4299e024b7-LHR
alt-svc: h3=":443"; ma=86400

cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/img/mob.jpg

172.64.109.10

237 kB

URL
cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/img/mob.jpg
IP
172.64.109.10:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1080x2340, components 3\012- data
Size
237 kB (236643 bytes)
Hash
8938c7c9af72d1403e83a963f04a4a19
05a2d9fea84dc46e815a533e79515d05807cc47e
44a076d9da712a251a2c6aeff916b5a15d34aa00554a596686e29e390a0fc680

HTTP Headers

GET /sb/interstitial/games/hentai-heroes/main/9/img/mob.jpg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 02 Dec 2023 14:36:22 GMT
content-type: image/jpeg
content-length: 236643
last-modified: Tue, 24 Oct 2023 12:21:35 GMT
etag: "6537b6cf-39c63"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 190012
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FW8jBxpEoj3qT0kxm%2FTbqPi%2F74Uv6zPOJEdL%2FvVuDsDTXE5hojtIhx0I87rQMcegGUM7raOYAEAIBM54hlPPd2QoTx8LELQ1ADWrU%2FUWW2Vl94YsdmjcwxrmKQK3CPWCtRNJcM%2Bh9zf6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f44d432a8c24b7-LHR
alt-svc: h3=":443"; ma=86400

cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/css/animate.css

172.64.109.10

6.7 kB

URL
cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/css/animate.css
IP
172.64.109.10:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
6.7 kB (6686 bytes)
Hash
e1d8acd5ee9d1a90ea09313cbd8f2b02
8a8327b115d1356715e63270d1ce6d46124c7b1a
3028c87fc798ac3741f02079034e6c23462afc0c5e6c8d321188ce3716c8472a

HTTP Headers

GET /sb/interstitial/games/hentai-heroes/main/9/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://top1pornmovies.sexjanet.com
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:20 GMT
content-type: text/css
last-modified: Tue, 24 Oct 2023 12:21:32 GMT
etag: W/"6537b6cc-13591"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g0QLROz8SGVSEdWCZrZkPkzRGlcQoWKITsq%2BR5jOMLrpzwKOM2Mtp7jsQhLTQkD2NZFtosDL0UMokNqolZyLpxxJQyePfNeZBonLPAMCcdADQefOcKoSv2qZr0VggdYvYYjrnFhJGJ5D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f44d370b0e71bc-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/img/mob.jpg

172.64.109.10

237 kB

URL
cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/img/mob.jpg
IP
172.64.109.10:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1080x2340, components 3\012- data
Size
237 kB (236643 bytes)
Hash
8938c7c9af72d1403e83a963f04a4a19
05a2d9fea84dc46e815a533e79515d05807cc47e
44a076d9da712a251a2c6aeff916b5a15d34aa00554a596686e29e390a0fc680

HTTP Headers

GET /sb/interstitial/games/hentai-heroes/main/9/img/mob.jpg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 02 Dec 2023 14:36:22 GMT
content-type: image/jpeg
content-length: 236643
last-modified: Tue, 24 Oct 2023 12:21:35 GMT
etag: "6537b6cf-39c63"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 190012
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9HpxghOn0vqTIN1Gd2XQIyozp42YZGH5PkU0sgmfiimy1mlNCXP8RRPXuBdPLiApICztX1U45TKyy05kWwOVRj7V%2FRSK9yUieAJUeMoXKGAKAe%2BNFAaaQenVzJf6sGFBDLDn6YFs%2FKZ4"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f44d432a8e24b7-LHR
alt-svc: h3=":443"; ma=86400

fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap

142.250.74.106

693 B

URL
fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type
ASCII text
Size
693 B (693 bytes)
Hash
e8e4cfffdfbdea8388ebfcabeaa5eb5e
11886e1c95ae73f4839a30bf1fc93157c75f468e
611648a43dde7a75ebdd318079c5c21d48d2d1d0a991b08b304376c5f0775fb9

HTTP Headers

GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Sat, 02 Dec 2023 14:36:23 GMT
Date: Sat, 02 Dec 2023 14:36:23 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Opener-Policy: same-origin-allow-popups
Cross-Origin-Resource-Policy: cross-origin
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff

i.jads.co/ads/user93082/ad1789788-1693791256.png

205.185.216.42

88 kB

URL
i.jads.co/ads/user93082/ad1789788-1693791256.png
IP
205.185.216.42:0
ASN
#20446 STACKPATH-CDN

File type
PNG image data, 160 x 600, 8-bit/color RGBA, non-interlaced\012- data
Size
88 kB (87957 bytes)
Hash
e3d68f593d4b73dd05c3e882e4ef5438
66a5a481c14cd9943c586621c42ee847b95e6963
62fa6d3f3eb3ff11f038404bba6d7f96fc92f79cb5e37a6e7fed3217fe95cd6e

HTTP Headers

GET /ads/user93082/ad1789788-1693791256.png HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://poweredby.jads.co/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 02 Dec 2023 14:36:23 GMT
Connection: Keep-Alive
ETag: "1693791256"
Cache-Control: max-age=23799839
Content-Length: 87957
Content-Type: image/png
Last-Modified: Mon, 04 Sep 2023 01:34:16 GMT
Accept-Ranges: bytes
X-HW: 1701527783.dop223.sk1.t,1701527783.cds221.sk1.c

i.jads.co/1x1.gif

205.185.216.42

28 kB

URL
i.jads.co/1x1.gif
IP
205.185.216.42:0
ASN
#20446 STACKPATH-CDN

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 250x250, components 3\012- data
Size
28 kB (27460 bytes)
Hash
2acfb73fd2df022a7dad5595adef5bda
939b803ea641bd427b7599f92a816262e7a5bf48
3d4610a2ab69d08e54685d0d3cfcf03ec663bacff8cc89a1e0a2904a7769e641

HTTP Headers

GET /1x1.gif HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://poweredby.jads.co/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 02 Dec 2023 14:36:23 GMT
Connection: Keep-Alive
ETag: "1478208967"
Cache-Control: max-age=18749913
Content-Length: 27460
Content-Type: image/jpeg
Last-Modified: Thu, 03 Nov 2016 21:36:07 GMT
Accept-Ranges: bytes
X-HW: 1701527783.dop225.sk1.t,1701527783.cds217.sk1.c

cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/img/mob.jpg

172.64.109.10

237 kB

URL
cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/img/mob.jpg
IP
172.64.109.10:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1080x2340, components 3\012- data
Size
237 kB (236643 bytes)
Hash
8938c7c9af72d1403e83a963f04a4a19
05a2d9fea84dc46e815a533e79515d05807cc47e
44a076d9da712a251a2c6aeff916b5a15d34aa00554a596686e29e390a0fc680

HTTP Headers

GET /sb/interstitial/games/hentai-heroes/main/9/img/mob.jpg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 02 Dec 2023 14:36:22 GMT
content-type: image/jpeg
content-length: 236643
last-modified: Tue, 24 Oct 2023 12:21:35 GMT
etag: "6537b6cf-39c63"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 190012
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kQydQOowBMipPJ6%2FATiblqIKMrNKSKYNmrLuQwy5Q7%2BqvAyPaNV8iNQddIKCPtHm06wQr2HlWAmzoyWMAOjOzuug9MSzizaSfcxNWKvQVR%2FZta2Z0TW93DAZIvIC4wtkm3G8rRze6y0a"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f44d432a9424b7-LHR
alt-svc: h3=":443"; ma=86400

cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/img/tab.jpg

172.64.109.10

184 kB

URL
cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/img/tab.jpg
IP
172.64.109.10:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1024x1366, components 3\012- data
Size
184 kB (184016 bytes)
Hash
514b590c0bc71e9b888a4fb84a797f71
0316ebba7a31e09475981e88b2520076c34854a7
d6dafd5e754539f4d557e4eb25cc86d72429c0e06a97477ff0afb63b4b5fe2be

HTTP Headers

GET /sb/interstitial/games/hentai-heroes/main/9/img/tab.jpg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 02 Dec 2023 14:36:22 GMT
content-type: image/jpeg
content-length: 184016
last-modified: Tue, 24 Oct 2023 12:21:35 GMT
etag: "6537b6cf-2ced0"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 260460
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=et6kbOaF5PsnBjTWJt9z3zrNlUr4y0Bl4QSjhbE4Uh6uMLXFube7BgguN1minaT%2BuvSvGUAEeU8XXnX4UFdKNQDtjTs%2FEve9Q0OlNfhy4%2FUYv8Lylz2BtfXfPr1NJISqJSoCpx4e8l49"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f44d433aad24b7-LHR
alt-svc: h3=":443"; ma=86400

divedresign.com/pixel/sbs?c=1

192.243.59.20

0 B

URL
divedresign.com/pixel/sbs?c=1
IP
192.243.59.20:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbs?c=1 HTTP/1.1
Host: divedresign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 02 Dec 2023 14:36:23 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

rotundfetch.com/impr.gif?sid=H4sIAAAAAAAC%2F1SUS4gc1RfGb81%2F%2FhuD%2BEAEF0KDggpOT706U50sjDEmBGMSk0i23lf33PStusW9VV0zs5BgIGTZ7ly4qP56Hj6imIUrlUiPGxkQ0i50EGflWhQh4E66p2XwLuqc8%2FvO4pyPQ90elgckQEn3L79pNpTWdLnV9BsvXleZMJVrXLzWCPymf7JxXWXH45ONtenH9k8Efqvpv9Q4J3nPLId%2B4PuBHzTOKis7Zm15pkLld9tBs%2B0347AZtGKs2f%2FWrvwfHF2A6B%2BQJ6HE5P%2Br39%2BD4mNk6RdnpOsVJn%2F59bTUtDAWfbHzdtbLTJUhPUo71kMn25l3w7gJIR8swGQ78w1g%2BpvTDcDUhHg%2FBWDZznxMsP7W4aRMQ2Zg4hiq%2FhhSj6HoGNzcghIPCMAFLl5Clm5fNLai64cqnaoTsvjwL6hqQhZ%2FfQpZ%2BvlprdYaV40uC2Uyh7VODbU2huqOkZdjFBseVLULXrwHJX4gyw8vIEs3LzltoMT%2B8zxIoiiI2VKQCLYUR0GwxJKgvcQ7sZ9Ex3nMEzqzSKkxVGcMLQegbgGl81AqD2XHQ5l7SMV%2Bg7baHd9f6bBOFCUx5zyKOG8lx0VLRHHS8VHy6Q4DFPkAXA%2FA7e2PcrFa9Pphe7OwpdwuM%2B7C9jDYOcStGd2a0tYw2D6EM7Y5ZcMQub2JnhrAlt%2FCrdZw4hG4YkK8t0r0RY1KElSOoKIElSKoCoKqX28J7UJXbwvtShbMYziPUT0yRXdIt0zRlRkBtYNhfkCemPrvPaZy9OR%2BQyRhOw6SJOE08VlL%2BmHMY%2BHTFU6ZH8c%2BnKqh3AKo87ChJuTpP4fI1YQsdr4Eo7twehdcPQ5aPgtajVZCH3R1FCc%2BNrLPmHBpl2rtmpksIEyNvFhEse4N9QF5ZnYI537%2FGZLvnTr29Y13%2F%2F7lOXBbI7c1bqjvCLr6zuiKqcjmFVM5cu9SXqhUbdDpkVwtaCEXP3lDrlfGivNn3ODjV%2FlUmKZ3r0lXXKCZUFnXkU9PKyGkPWssl%2BSb8%2B66ZJdLt3q6tFmZX7j82tnzaW6lc8pkY1D14J374GpCHv3qw9n5v3BwAsqOYcsaablH5g%2FK7ILnN%2BHyvVP%2FMmcIrD7qYbmHqqxHNmRHUCsCLY9qymo4eWQBk3v3%2FzjUhu4OutYDLW4hS2v0bY2%2BrkH1YPojGBW53Xvlx2j2wLQ3Ytp6m0xb%2Ff6htU7tN1pBLBOWrHAhmOQiWAmjJPL9UIh4pS2DNgo3kb1Tv%2F0DAAD%2F%2FwEAAP%2F%2F1nkjidYEAAA%3D

173.233.137.44

7 B

URL
rotundfetch.com/impr.gif?sid=H4sIAAAAAAAC%2F1SUS4gc1RfGb81%2F%2FhuD%2BEAEF0KDggpOT706U50sjDEmBGMSk0i23lf33PStusW9VV0zs5BgIGTZ7ly4qP56Hj6imIUrlUiPGxkQ0i50EGflWhQh4E66p2XwLuqc8%2FvO4pyPQ90elgckQEn3L79pNpTWdLnV9BsvXleZMJVrXLzWCPymf7JxXWXH45ONtenH9k8Efqvpv9Q4J3nPLId%2B4PuBHzTOKis7Zm15pkLld9tBs%2B0347AZtGKs2f%2FWrvwfHF2A6B%2BQJ6HE5P%2Br39%2BD4mNk6RdnpOsVJn%2F59bTUtDAWfbHzdtbLTJUhPUo71kMn25l3w7gJIR8swGQ78w1g%2BpvTDcDUhHg%2FBWDZznxMsP7W4aRMQ2Zg4hiq%2FhhSj6HoGNzcghIPCMAFLl5Clm5fNLai64cqnaoTsvjwL6hqQhZ%2FfQpZ%2BvlprdYaV40uC2Uyh7VODbU2huqOkZdjFBseVLULXrwHJX4gyw8vIEs3LzltoMT%2B8zxIoiiI2VKQCLYUR0GwxJKgvcQ7sZ9Ex3nMEzqzSKkxVGcMLQegbgGl81AqD2XHQ5l7SMV%2Bg7baHd9f6bBOFCUx5zyKOG8lx0VLRHHS8VHy6Q4DFPkAXA%2FA7e2PcrFa9Pphe7OwpdwuM%2B7C9jDYOcStGd2a0tYw2D6EM7Y5ZcMQub2JnhrAlt%2FCrdZw4hG4YkK8t0r0RY1KElSOoKIElSKoCoKqX28J7UJXbwvtShbMYziPUT0yRXdIt0zRlRkBtYNhfkCemPrvPaZy9OR%2BQyRhOw6SJOE08VlL%2BmHMY%2BHTFU6ZH8c%2BnKqh3AKo87ChJuTpP4fI1YQsdr4Eo7twehdcPQ5aPgtajVZCH3R1FCc%2BNrLPmHBpl2rtmpksIEyNvFhEse4N9QF5ZnYI537%2FGZLvnTr29Y13%2F%2F7lOXBbI7c1bqjvCLr6zuiKqcjmFVM5cu9SXqhUbdDpkVwtaCEXP3lDrlfGivNn3ODjV%2FlUmKZ3r0lXXKCZUFnXkU9PKyGkPWssl%2BSb8%2B66ZJdLt3q6tFmZX7j82tnzaW6lc8pkY1D14J374GpCHv3qw9n5v3BwAsqOYcsaablH5g%2FK7ILnN%2BHyvVP%2FMmcIrD7qYbmHqqxHNmRHUCsCLY9qymo4eWQBk3v3%2FzjUhu4OutYDLW4hS2v0bY2%2BrkH1YPojGBW53Xvlx2j2wLQ3Ytp6m0xb%2Ff6htU7tN1pBLBOWrHAhmOQiWAmjJPL9UIh4pS2DNgo3kb1Tv%2F0DAAD%2F%2FwEAAP%2F%2F1nkjidYEAAA%3D
IP
173.233.137.44:0
ASN
#7979 SERVERS-COM

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /impr.gif?sid=H4sIAAAAAAAC%2F1SUS4gc1RfGb81%2F%2FhuD%2BEAEF0KDggpOT706U50sjDEmBGMSk0i23lf33PStusW9VV0zs5BgIGTZ7ly4qP56Hj6imIUrlUiPGxkQ0i50EGflWhQh4E66p2XwLuqc8%2FvO4pyPQ90elgckQEn3L79pNpTWdLnV9BsvXleZMJVrXLzWCPymf7JxXWXH45ONtenH9k8Efqvpv9Q4J3nPLId%2B4PuBHzTOKis7Zm15pkLld9tBs%2B0347AZtGKs2f%2FWrvwfHF2A6B%2BQJ6HE5P%2Br39%2BD4mNk6RdnpOsVJn%2F59bTUtDAWfbHzdtbLTJUhPUo71kMn25l3w7gJIR8swGQ78w1g%2BpvTDcDUhHg%2FBWDZznxMsP7W4aRMQ2Zg4hiq%2FhhSj6HoGNzcghIPCMAFLl5Clm5fNLai64cqnaoTsvjwL6hqQhZ%2FfQpZ%2BvlprdYaV40uC2Uyh7VODbU2huqOkZdjFBseVLULXrwHJX4gyw8vIEs3LzltoMT%2B8zxIoiiI2VKQCLYUR0GwxJKgvcQ7sZ9Ex3nMEzqzSKkxVGcMLQegbgGl81AqD2XHQ5l7SMV%2Bg7baHd9f6bBOFCUx5zyKOG8lx0VLRHHS8VHy6Q4DFPkAXA%2FA7e2PcrFa9Pphe7OwpdwuM%2B7C9jDYOcStGd2a0tYw2D6EM7Y5ZcMQub2JnhrAlt%2FCrdZw4hG4YkK8t0r0RY1KElSOoKIElSKoCoKqX28J7UJXbwvtShbMYziPUT0yRXdIt0zRlRkBtYNhfkCemPrvPaZy9OR%2BQyRhOw6SJOE08VlL%2BmHMY%2BHTFU6ZH8c%2BnKqh3AKo87ChJuTpP4fI1YQsdr4Eo7twehdcPQ5aPgtajVZCH3R1FCc%2BNrLPmHBpl2rtmpksIEyNvFhEse4N9QF5ZnYI537%2FGZLvnTr29Y13%2F%2F7lOXBbI7c1bqjvCLr6zuiKqcjmFVM5cu9SXqhUbdDpkVwtaCEXP3lDrlfGivNn3ODjV%2FlUmKZ3r0lXXKCZUFnXkU9PKyGkPWssl%2BSb8%2B66ZJdLt3q6tFmZX7j82tnzaW6lc8pkY1D14J374GpCHv3qw9n5v3BwAsqOYcsaablH5g%2FK7ILnN%2BHyvVP%2FMmcIrD7qYbmHqqxHNmRHUCsCLY9qymo4eWQBk3v3%2FzjUhu4OutYDLW4hS2v0bY2%2BrkH1YPojGBW53Xvlx2j2wLQ3Ytp6m0xb%2Ff6htU7tN1pBLBOWrHAhmOQiWAmjJPL9UIh4pS2DNgo3kb1Tv%2F0DAAD%2F%2FwEAAP%2F%2F1nkjidYEAAA%3D HTTP/1.1
Host: rotundfetch.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 14:36:23 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 006d7150241f0406960464b43823bdd0
Strict-Transport-Security: max-age=0; includeSubdomains

cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/img/tab.jpg

172.64.109.10

184 kB

URL
cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/img/tab.jpg
IP
172.64.109.10:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1024x1366, components 3\012- data
Size
184 kB (184016 bytes)
Hash
514b590c0bc71e9b888a4fb84a797f71
0316ebba7a31e09475981e88b2520076c34854a7
d6dafd5e754539f4d557e4eb25cc86d72429c0e06a97477ff0afb63b4b5fe2be

HTTP Headers

GET /sb/interstitial/games/hentai-heroes/main/9/img/tab.jpg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 02 Dec 2023 14:36:22 GMT
content-type: image/jpeg
content-length: 184016
last-modified: Tue, 24 Oct 2023 12:21:35 GMT
etag: "6537b6cf-2ced0"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 260460
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g7Jyz2FmXy1Q0UDPdzVPXuOYV5E1s3j4evqJzKg%2Bcg8QS91FxzfferUQh6zkkKx3hQqyv1TZ%2FlRZpuJDBJM7iIurxELUZInFaoD8i5tvsplcuq1Q115tq2pep35RcWeMladK%2B7STyFGp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f44d433ab124b7-LHR
alt-svc: h3=":443"; ma=86400

distancemedicalchristian.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSTYgcRRSuXtdTFH%2FwkkNgQEEFd7Z7umd3OjkYY0wIxiQmkVytv96tTHVXU9U9PdmDBCOS43jz4KHnm82u0SDm4EklMutFFoSMB13EvQmeRBAC3mRmRxbfod573%2FcO7%2FvqfTgs90mAku5destsKK3pcrvpN166pjJhKte4cLUR%2BE3%2FROOaylaiE43%2B9LG944HfbvovN85K3jXLLT%2Fw%2FcAPGmeUlYnpL89YqPxeHDRjvxm1mkE7Qt%2F%2Bv3flAhxdgOjtk2ehxOTx9R%2FuQ%2FExsvTL09J1C5O%2F8kZaaloYi57YfifrZqbKkB6WifWQZNvzaRg3IeTjBZhse64Aprc5VQCmJsT7OQDLtudrgvXuHGzKNGQGJo6g6o0h9RiKjsHNLSjxkABc4MJFZOnWBWMreuOApVN2QhYf%2FQ1VTcjib88hS784pVW%2FccXoslAmc%2BgnNVR%2FDLU2Rl6OUWx4UNUOePE%2BlPiRLD86jyzdvOi0gRJ7L%2FCgE4ZBxJaCjmBLURgES6wTxEs8ifxOuMIj3qEzi5QaQyVjaDkAdQsonYdSeSgTD2XuIRV7DdqOE99fTVgShp2Icx6GnLc7K6ItwqiT%2BCj5VMMART4A1wNw%2B8FWmXHXiofBVi7Wi25vs7Cl3JyCw%2BDTA6gVz0Dk9ia6agBbfge3XsOJJ%2BCKCfHeLtATNSpJUDmCihJUiqAqCKpefUdo13L1ltCuZME8t%2BY5rEemWBvSO6ZYkxkBtYNhvk%2BemVrtPaUMunKv0UnihK%2BsypC1WbjSSQK%2B2uIxkyIKqZ9EAZyqodwCqPOwoSbk2B9HkasJWUy%2BAqM7cHoHXD0NWh4DrUarLR90fRR1fGxkd%2FtUXTdNblIIUyMvFlHc8IZ6nxyd%2FffZP3%2BB5Lsnj3xz%2Fb1%2Ffn0e3NbIbY3r6nuCNX17dNlUZPOyqRy5fzEvVKo26PQWrhS0kIufvSlvVMaKc6fd4O5rfEpMy3tXpSvO00yobM2Rz08pIaQ9YyyX5Ntz7ppkl0q3fqq0WZmfv%2FT6mXNpbqVzymRjUPXw3QfgakKe%2FPqT2ZW%2FuH8cyo5hyxppuUvmAWV2wPObcPnuyf8wZwisPpxhuYeqrEe2xQ5BrQi0POwpq%2BHkoQVM7j7464AbuttYsx5ocQtZWqNna%2FR0DaoHcOVjoyK3u6%2F%2BFM4CTHsjpq23ybTVHx1Y69ReQ7YTP5F%2BS7IkZskq9UWcRDGjcSBXWZsGKNxEdk%2F%2B%2Fi8AAAD%2F%2FwEAAP%2F%2Fy6ny3b0EAAA%3D

173.233.139.164

7 B

URL
distancemedicalchristian.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSTYgcRRSuXtdTFH%2FwkkNgQEEFd7Z7umd3OjkYY0wIxiQmkVytv96tTHVXU9U9PdmDBCOS43jz4KHnm82u0SDm4EklMutFFoSMB13EvQmeRBAC3mRmRxbfod573%2FcO7%2FvqfTgs90mAku5destsKK3pcrvpN166pjJhKte4cLUR%2BE3%2FROOaylaiE43%2B9LG944HfbvovN85K3jXLLT%2Fw%2FcAPGmeUlYnpL89YqPxeHDRjvxm1mkE7Qt%2F%2Bv3flAhxdgOjtk2ehxOTx9R%2FuQ%2FExsvTL09J1C5O%2F8kZaaloYi57YfifrZqbKkB6WifWQZNvzaRg3IeTjBZhse64Aprc5VQCmJsT7OQDLtudrgvXuHGzKNGQGJo6g6o0h9RiKjsHNLSjxkABc4MJFZOnWBWMreuOApVN2QhYf%2FQ1VTcjib88hS784pVW%2FccXoslAmc%2BgnNVR%2FDLU2Rl6OUWx4UNUOePE%2BlPiRLD86jyzdvOi0gRJ7L%2FCgE4ZBxJaCjmBLURgES6wTxEs8ifxOuMIj3qEzi5QaQyVjaDkAdQsonYdSeSgTD2XuIRV7DdqOE99fTVgShp2Icx6GnLc7K6ItwqiT%2BCj5VMMART4A1wNw%2B8FWmXHXiofBVi7Wi25vs7Cl3JyCw%2BDTA6gVz0Dk9ia6agBbfge3XsOJJ%2BCKCfHeLtATNSpJUDmCihJUiqAqCKpefUdo13L1ltCuZME8t%2BY5rEemWBvSO6ZYkxkBtYNhvk%2BemVrtPaUMunKv0UnihK%2BsypC1WbjSSQK%2B2uIxkyIKqZ9EAZyqodwCqPOwoSbk2B9HkasJWUy%2BAqM7cHoHXD0NWh4DrUarLR90fRR1fGxkd%2FtUXTdNblIIUyMvFlHc8IZ6nxyd%2FffZP3%2BB5Lsnj3xz%2Fb1%2Ffn0e3NbIbY3r6nuCNX17dNlUZPOyqRy5fzEvVKo26PQWrhS0kIufvSlvVMaKc6fd4O5rfEpMy3tXpSvO00yobM2Rz08pIaQ9YyyX5Ntz7ppkl0q3fqq0WZmfv%2FT6mXNpbqVzymRjUPXw3QfgakKe%2FPqT2ZW%2FuH8cyo5hyxppuUvmAWV2wPObcPnuyf8wZwisPpxhuYeqrEe2xQ5BrQi0POwpq%2BHkoQVM7j7464AbuttYsx5ocQtZWqNna%2FR0DaoHcOVjoyK3u6%2F%2BFM4CTHsjpq23ybTVHx1Y69ReQ7YTP5F%2BS7IkZskq9UWcRDGjcSBXWZsGKNxEdk%2F%2B%2Fi8AAAD%2F%2FwEAAP%2F%2Fy6ny3b0EAAA%3D
IP
173.233.139.164:0
ASN
#7979 SERVERS-COM

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSTYgcRRSuXtdTFH%2FwkkNgQEEFd7Z7umd3OjkYY0wIxiQmkVytv96tTHVXU9U9PdmDBCOS43jz4KHnm82u0SDm4EklMutFFoSMB13EvQmeRBAC3mRmRxbfod573%2FcO7%2FvqfTgs90mAku5destsKK3pcrvpN166pjJhKte4cLUR%2BE3%2FROOaylaiE43%2B9LG944HfbvovN85K3jXLLT%2Fw%2FcAPGmeUlYnpL89YqPxeHDRjvxm1mkE7Qt%2F%2Bv3flAhxdgOjtk2ehxOTx9R%2FuQ%2FExsvTL09J1C5O%2F8kZaaloYi57YfifrZqbKkB6WifWQZNvzaRg3IeTjBZhse64Aprc5VQCmJsT7OQDLtudrgvXuHGzKNGQGJo6g6o0h9RiKjsHNLSjxkABc4MJFZOnWBWMreuOApVN2QhYf%2FQ1VTcjib88hS784pVW%2FccXoslAmc%2BgnNVR%2FDLU2Rl6OUWx4UNUOePE%2BlPiRLD86jyzdvOi0gRJ7L%2FCgE4ZBxJaCjmBLURgES6wTxEs8ifxOuMIj3qEzi5QaQyVjaDkAdQsonYdSeSgTD2XuIRV7DdqOE99fTVgShp2Icx6GnLc7K6ItwqiT%2BCj5VMMART4A1wNw%2B8FWmXHXiofBVi7Wi25vs7Cl3JyCw%2BDTA6gVz0Dk9ia6agBbfge3XsOJJ%2BCKCfHeLtATNSpJUDmCihJUiqAqCKpefUdo13L1ltCuZME8t%2BY5rEemWBvSO6ZYkxkBtYNhvk%2BemVrtPaUMunKv0UnihK%2BsypC1WbjSSQK%2B2uIxkyIKqZ9EAZyqodwCqPOwoSbk2B9HkasJWUy%2BAqM7cHoHXD0NWh4DrUarLR90fRR1fGxkd%2FtUXTdNblIIUyMvFlHc8IZ6nxyd%2FffZP3%2BB5Lsnj3xz%2Fb1%2Ffn0e3NbIbY3r6nuCNX17dNlUZPOyqRy5fzEvVKo26PQWrhS0kIufvSlvVMaKc6fd4O5rfEpMy3tXpSvO00yobM2Rz08pIaQ9YyyX5Ntz7ppkl0q3fqq0WZmfv%2FT6mXNpbqVzymRjUPXw3QfgakKe%2FPqT2ZW%2FuH8cyo5hyxppuUvmAWV2wPObcPnuyf8wZwisPpxhuYeqrEe2xQ5BrQi0POwpq%2BHkoQVM7j7464AbuttYsx5ocQtZWqNna%2FR0DaoHcOVjoyK3u6%2F%2BFM4CTHsjpq23ybTVHx1Y69ReQ7YTP5F%2BS7IkZskq9UWcRDGjcSBXWZsGKNxEdk%2F%2B%2Fi8AAAD%2F%2FwEAAP%2F%2Fy6ny3b0EAAA%3D HTTP/1.1
Host: distancemedicalchristian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 14:36:23 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0256b7614cc429b82de5dfb8024be087
Strict-Transport-Security: max-age=0; includeSubdomains

cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/img/tab.jpg

172.64.109.10

184 kB

URL
cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/img/tab.jpg
IP
172.64.109.10:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1024x1366, components 3\012- data
Size
184 kB (184016 bytes)
Hash
514b590c0bc71e9b888a4fb84a797f71
0316ebba7a31e09475981e88b2520076c34854a7
d6dafd5e754539f4d557e4eb25cc86d72429c0e06a97477ff0afb63b4b5fe2be

HTTP Headers

GET /sb/interstitial/games/hentai-heroes/main/9/img/tab.jpg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 02 Dec 2023 14:36:22 GMT
content-type: image/jpeg
content-length: 184016
last-modified: Tue, 24 Oct 2023 12:21:35 GMT
etag: "6537b6cf-2ced0"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 260460
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LujFo5LQQ5qF7UDHFwVy7gVDhxQhBx1OnXbS2MdTE7gbg9OvL2xKyWDpbspqjh%2F8HnTyhKhAOvP%2Faho4hFjgmBJOFOi283sQrZPDiFyRhty%2BlxcetPZTod5Io1VNv2x9GnlgtksxmJ%2Fy"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f44d433ab324b7-LHR
alt-svc: h3=":443"; ma=86400

cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/img/mob.jpg

172.64.109.10

237 kB

URL
cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/img/mob.jpg
IP
172.64.109.10:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1080x2340, components 3\012- data
Size
237 kB (236643 bytes)
Hash
8938c7c9af72d1403e83a963f04a4a19
05a2d9fea84dc46e815a533e79515d05807cc47e
44a076d9da712a251a2c6aeff916b5a15d34aa00554a596686e29e390a0fc680

HTTP Headers

GET /sb/interstitial/games/hentai-heroes/main/9/img/mob.jpg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 02 Dec 2023 14:36:23 GMT
content-type: image/jpeg
content-length: 236643
last-modified: Tue, 24 Oct 2023 12:21:35 GMT
etag: "6537b6cf-39c63"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 190013
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0tGvIFN0%2BF0tEYsCQ2Z5fa1%2B0PJhHZH%2B%2F7CQOfZjPjXYy5Gjgp%2BrBNvqpPQ9Jw%2BGeFX9oA0Uko81jxslOsNgY%2BUhL%2FVZFAJmBiyYvLhwvHrFR9OZIgfnFywHL92BzlV4R6Aoi%2FhW%2BoUU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f44d43fb9d24b7-LHR
alt-svc: h3=":443"; ma=86400

rotundfetch.com/pixel/sbs?c=1

173.233.137.44

0 B

URL
rotundfetch.com/pixel/sbs?c=1
IP
173.233.137.44:0
ASN
#7979 SERVERS-COM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbs?c=1 HTTP/1.1
Host: rotundfetch.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 14:36:23 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/img/close.svg

172.64.109.10

24 kB

URL
cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/img/close.svg
IP
172.64.109.10:0
ASN
#13335 CLOUDFLARENET

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- exported SGML document, ASCII text
Size
24 kB (24230 bytes)
Hash
369850b9873659adf0951d845f57dba1
a64257186daa33b6b318943a457b6cf8d80b26b6
9630c142a8c074cc1809ebf4109538cf29cc0baeb6c27726191f1cf5376e2e21

HTTP Headers

GET /sb/interstitial/games/hentai-heroes/main/9/img/close.svg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:20 GMT
content-type: image/svg+xml
last-modified: Tue, 24 Oct 2023 12:21:33 GMT
etag: W/"6537b6cd-4ff"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1937671
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a%2Fd60xyLB7HIFnVeG40bVJHg%2FTxIaIJObCVCuR5Bvam%2FURpmE8BYl%2FlzBpsosXUtRNqCqgi4zwKfM2l2TdPgl9K4mNT7c0w8aBreGlAxGbsnYsPasmVExgud55rzJiiesyMs%2FaHyZhm4"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f44d36fafc71bc-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

i.jads.co/network/user500/30216-1542657399-0904606001542657399.gif

205.185.216.42

54 kB

URL
i.jads.co/network/user500/30216-1542657399-0904606001542657399.gif
IP
205.185.216.42:0
ASN
#20446 STACKPATH-CDN

File type
GIF image data, version 89a, 468 x 60\012- data
Size
54 kB (53726 bytes)
Hash
e0a115c86ff68c3c0f525ee34765b42e
fa93c7b45acd037515a99960e1ac99db96629210
4f44d579bf053533634e7f9f589a935ffb055729fa5496d4a20808e2bf477d41

HTTP Headers

GET /network/user500/30216-1542657399-0904606001542657399.gif HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://poweredby.jads.co/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 02 Dec 2023 14:36:23 GMT
Connection: Keep-Alive
ETag: "1542657399"
Cache-Control: max-age=18760796
Content-Length: 53726
Content-Type: image/gif
Last-Modified: Mon, 19 Nov 2018 19:56:39 GMT
Accept-Ranges: bytes
X-HW: 1701527783.dop225.sk1.t,1701527783.cds238.sk1.c

cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/img/mob.jpg

172.64.109.10

237 kB

URL
cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/img/mob.jpg
IP
172.64.109.10:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1080x2340, components 3\012- data
Size
237 kB (236643 bytes)
Hash
8938c7c9af72d1403e83a963f04a4a19
05a2d9fea84dc46e815a533e79515d05807cc47e
44a076d9da712a251a2c6aeff916b5a15d34aa00554a596686e29e390a0fc680

HTTP Headers

GET /sb/interstitial/games/hentai-heroes/main/9/img/mob.jpg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 02 Dec 2023 14:36:23 GMT
content-type: image/jpeg
content-length: 236643
last-modified: Tue, 24 Oct 2023 12:21:35 GMT
etag: "6537b6cf-39c63"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 190013
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XlMwPrLvAymtG1lOSgiTGtOxm4PF0RdvxhIIE8gilaDX%2FV%2B7DH9CEsqnkRqrPrZVnvV9eJcFOvysesk8D18P1JdH%2FIDASStfvYZyxMTCYQOgsuabdFfNYxribkewUIz4e6ThYlw8aaGn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f44d43fba024b7-LHR
alt-svc: h3=":443"; ma=86400

cbjpeg.stream.highwebmedia.com/stream?room=mazzanti_&f=0.12558303777983315

131.153.81.178

24 kB

URL
cbjpeg.stream.highwebmedia.com/stream?room=mazzanti_&f=0.12558303777983315
IP
131.153.81.178:0
ASN
#19437 SS-ASH

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 1280x1281, segment length 16, comment: "Lavc58.134.100", baseline, precision 8, 854x480, components 3\012- data
Size
24 kB (23654 bytes)
Hash
a0c7f233623c7e43db5a5bc1d2e22a18
97d021fe355eee0f028ce4a2936bebc2e7be5f9f
b2b46a96a7ef1778f5dadc6c01611cef5a241e315a8ec706fef37d304823888d

HTTP Headers

GET /stream?room=mazzanti_&f=0.12558303777983315 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
DNT: 1
Connection: keep-alive
Cookie: _cfuvid=sX2YaZmAknVqY.pqkq.2LHqH1HSzAp.Liicij9zMQZ8-1701527779794-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 02 Dec 2023 14:36:23 GMT
content-type: image/jpeg
content-length: 23654
x-server-name: CB Jpeg Server
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/img/tab.jpg

172.64.109.10

184 kB

URL
cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/img/tab.jpg
IP
172.64.109.10:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1024x1366, components 3\012- data
Size
184 kB (184016 bytes)
Hash
514b590c0bc71e9b888a4fb84a797f71
0316ebba7a31e09475981e88b2520076c34854a7
d6dafd5e754539f4d557e4eb25cc86d72429c0e06a97477ff0afb63b4b5fe2be

HTTP Headers

GET /sb/interstitial/games/hentai-heroes/main/9/img/tab.jpg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 02 Dec 2023 14:36:23 GMT
content-type: image/jpeg
content-length: 184016
last-modified: Tue, 24 Oct 2023 12:21:35 GMT
etag: "6537b6cf-2ced0"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 260461
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=riJBmVu6ptg1TiniWqJX8PeXsVe%2BmKT41FvmXlwCpxVGCOO31%2BM3VwXU1kcNRk418swXmE%2B6ZiLoJ51X%2Bux22K2R8zDku88TEokh8tvriZfz1T4q09FtS2fKa38%2FkYKI8%2FUY6NDXU5wv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f44d43fba124b7-LHR
alt-svc: h3=":443"; ma=86400

i.jads.co/ads/user93082/ad1789788-1693791256.png

205.185.216.42

88 kB

URL
i.jads.co/ads/user93082/ad1789788-1693791256.png
IP
205.185.216.42:0
ASN
#20446 STACKPATH-CDN

File type
PNG image data, 160 x 600, 8-bit/color RGBA, non-interlaced\012- data
Size
88 kB (87957 bytes)
Hash
e3d68f593d4b73dd05c3e882e4ef5438
66a5a481c14cd9943c586621c42ee847b95e6963
62fa6d3f3eb3ff11f038404bba6d7f96fc92f79cb5e37a6e7fed3217fe95cd6e

HTTP Headers

GET /ads/user93082/ad1789788-1693791256.png HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://poweredby.jads.co/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 02 Dec 2023 14:36:23 GMT
Connection: Keep-Alive
ETag: "1693791256"
Cache-Control: max-age=23799839
Content-Length: 87957
Content-Type: image/png
Last-Modified: Mon, 04 Sep 2023 01:34:16 GMT
Accept-Ranges: bytes
X-HW: 1701527783.dop225.sk1.t,1701527783.cds221.sk1.c

cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/img/tab.jpg

172.64.109.10

184 kB

URL
cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/img/tab.jpg
IP
172.64.109.10:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1024x1366, components 3\012- data
Size
184 kB (184016 bytes)
Hash
514b590c0bc71e9b888a4fb84a797f71
0316ebba7a31e09475981e88b2520076c34854a7
d6dafd5e754539f4d557e4eb25cc86d72429c0e06a97477ff0afb63b4b5fe2be

HTTP Headers

GET /sb/interstitial/games/hentai-heroes/main/9/img/tab.jpg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 02 Dec 2023 14:36:23 GMT
content-type: image/jpeg
content-length: 184016
last-modified: Tue, 24 Oct 2023 12:21:35 GMT
etag: "6537b6cf-2ced0"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 260461
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7sPdN7y374l9Mv01sQXwY79T%2Flq3KRXtVqZyeFtEkI%2FF%2BOdpkC%2FBLmNyMHy7ZEj3oaK0XytZgHHOu3uXCB7pkNhnq0rwlIqB%2FMPiHj%2Bnntt3f9Osf2OrHL4ZfZOLt8CRCbZBewSWxISt"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f44d43fba324b7-LHR
alt-svc: h3=":443"; ma=86400

i.jads.co/network/user47819/8605-1583019937-0419205001583019937.gif

205.185.216.42

1.1 MB

URL
i.jads.co/network/user47819/8605-1583019937-0419205001583019937.gif
IP
205.185.216.42:0
ASN
#20446 STACKPATH-CDN

File type
GIF image data, version 89a, 160 x 600\012- data
Size
1.1 MB (1056226 bytes)
Hash
d539f7b68039f13ef2bf52cf1b2de5f9
fb9b7897fd77443aa15246cfbb440283402d475d
00abbe0f8a345185a8222edc20b9e97a76bfcbba268f280508e3df79fd685ff9

HTTP Headers

GET /network/user47819/8605-1583019937-0419205001583019937.gif HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://poweredby.jads.co/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 02 Dec 2023 14:36:23 GMT
Connection: Keep-Alive
ETag: "1583019937"
Cache-Control: max-age=2278812
Content-Length: 1056226
Content-Type: image/gif
Last-Modified: Sat, 29 Feb 2020 23:45:37 GMT
Accept-Ranges: bytes
X-HW: 1701527783.dop223.sk1.t,1701527783.cds220.sk1.c

cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/img/close.svg

172.64.109.10

247 kB

URL
cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/img/close.svg
IP
172.64.109.10:0
ASN
#13335 CLOUDFLARENET

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- exported SGML document, ASCII text
Size
247 kB (247344 bytes)
Hash
369850b9873659adf0951d845f57dba1
a64257186daa33b6b318943a457b6cf8d80b26b6
9630c142a8c074cc1809ebf4109538cf29cc0baeb6c27726191f1cf5376e2e21

HTTP Headers

GET /sb/interstitial/games/hentai-heroes/main/9/img/close.svg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:20 GMT
content-type: image/svg+xml
last-modified: Tue, 24 Oct 2023 12:21:33 GMT
etag: W/"6537b6cd-4ff"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1937671
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FACXJyoBeJg8uSdkmNlEbQcWRiAbjlTaxAxJ5XlOzuB3d1X%2FmoPlzY%2B%2FmY65zP4RXMjBGpB%2FiKbVYaYMNf6Es3G4qgPoyrlimSd2MFZzfLQ%2FcOQ1eLOp7jVR25kZmeViFckUvptqPcMV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f44d36eaeb71bc-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

i.jads.co/network/user500/16321-1456773456.gif

205.185.216.42

160 kB

URL
i.jads.co/network/user500/16321-1456773456.gif
IP
205.185.216.42:0
ASN
#20446 STACKPATH-CDN

File type
GIF image data, version 89a, 160 x 600\012- data
Size
160 kB (159963 bytes)
Hash
7ac0d7682e2a5b0fd95c4d549322268b
383de13eb415d95282f577ed439929b309c29f44
fe6fd88fe1e9747efc40e941057baf8d161b1adaae8a96073ad83b87a955825c

HTTP Headers

GET /network/user500/16321-1456773456.gif HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://poweredby.jads.co/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 02 Dec 2023 14:36:23 GMT
Connection: Keep-Alive
ETag: "1456773457"
Cache-Control: max-age=10730493
Content-Length: 159963
Content-Type: image/gif
Last-Modified: Mon, 29 Feb 2016 19:17:37 GMT
Accept-Ranges: bytes
X-HW: 1701527783.dop225.sk1.t,1701527783.cds263.sk1.c

i.jads.co/network/user500/25313-1554995841-0794293001554995841.gif

205.185.216.42

102 kB

URL
i.jads.co/network/user500/25313-1554995841-0794293001554995841.gif
IP
205.185.216.42:0
ASN
#20446 STACKPATH-CDN

File type
GIF image data, version 89a, 160 x 600\012- data
Size
102 kB (102513 bytes)
Hash
514c9b51c2b4d688a11b2dcc5c8e02e3
2782f479d6b207e35d1691da672394401143b0df
0fe77f5a52b2c06fe19cee3b40d320825e27a84ff9afd60c098041bfc99a8c7b

HTTP Headers

GET /network/user500/25313-1554995841-0794293001554995841.gif HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://poweredby.jads.co/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 02 Dec 2023 14:36:23 GMT
Connection: Keep-Alive
ETag: "1554995841"
Cache-Control: max-age=18780514
Content-Length: 102513
Content-Type: image/gif
Last-Modified: Thu, 11 Apr 2019 15:17:21 GMT
Accept-Ranges: bytes
X-HW: 1701527783.dop231.sk1.t,1701527783.cds242.sk1.c

i.jads.co/network/user500/16321-1456773411.gif

205.185.216.10

483 kB

URL
i.jads.co/network/user500/16321-1456773411.gif
IP
205.185.216.10:0
ASN
#20446 STACKPATH-CDN

File type
GIF image data, version 89a, 160 x 600\012- data
Size
483 kB (483151 bytes)
Hash
90cec21630c306cfdba7bd4f4cb0842c
c8c606f324382d87464b1743937395574a38fe83
86122054483b5250905782cde647a887e5269909f6f94f9793864a63b606a483

HTTP Headers

GET /network/user500/16321-1456773411.gif HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://poweredby.jads.co/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 02 Dec 2023 14:36:23 GMT
Connection: Keep-Alive
ETag: "1456773411"
Cache-Control: max-age=16459440
Content-Length: 483151
Content-Type: image/gif
Last-Modified: Mon, 29 Feb 2016 19:16:51 GMT
Accept-Ranges: bytes
X-HW: 1701527783.dop207.sk1.t,1701527783.cds217.sk1.c

cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/img/tab.jpg

172.64.109.10

184 kB

URL
cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/img/tab.jpg
IP
172.64.109.10:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1024x1366, components 3\012- data
Size
184 kB (184016 bytes)
Hash
514b590c0bc71e9b888a4fb84a797f71
0316ebba7a31e09475981e88b2520076c34854a7
d6dafd5e754539f4d557e4eb25cc86d72429c0e06a97477ff0afb63b4b5fe2be

HTTP Headers

GET /sb/interstitial/games/hentai-heroes/main/9/img/tab.jpg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 02 Dec 2023 14:36:23 GMT
content-type: image/jpeg
content-length: 184016
last-modified: Tue, 24 Oct 2023 12:21:35 GMT
etag: "6537b6cf-2ced0"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 260461
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=73%2BZsgmbs8P3M1DdO5p2AMuMmpdUnl3VoBOZbRYV%2BZ0ShnRcBiq6WtTCRc070YDHdwFPhD2Lsf4eLv8fRIjnhImu6xkjWYuryDMqxda8ZM6YSnwtL4f77x%2BN5nB2uoVWXUFFA4wQN9MQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f44d469e9624b7-LHR
alt-svc: h3=":443"; ma=86400

i.jads.co/network/user1037/1-1619547642-0028094001619547642.jpg

205.185.216.42

55 kB

URL
i.jads.co/network/user1037/1-1619547642-0028094001619547642.jpg
IP
205.185.216.42:0
ASN
#20446 STACKPATH-CDN

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 160x600, components 3\012- data
Size
55 kB (55292 bytes)
Hash
dc758a7ea885c9e45ccbf2bb315cf2fa
e00e03b7f8648b660ca4d485ec65b6439d4b0762
86bb80e5cee68b62da1c0f9d3a9c80940f39812d43dd00b671f6a2acce62e8ff

HTTP Headers

GET /network/user1037/1-1619547642-0028094001619547642.jpg HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://poweredby.jads.co/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 02 Dec 2023 14:36:23 GMT
Connection: Keep-Alive
ETag: "1619547642"
Cache-Control: max-age=418019
Content-Length: 55292
Content-Type: image/jpeg
Last-Modified: Tue, 27 Apr 2021 18:20:42 GMT
Accept-Ranges: bytes
X-HW: 1701527783.dop223.sk1.t,1701527783.cds250.sk1.c

i.jads.co/1x1.gif

205.185.216.10

28 kB

URL
i.jads.co/1x1.gif
IP
205.185.216.10:0
ASN
#20446 STACKPATH-CDN

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 250x250, components 3\012- data
Size
28 kB (27460 bytes)
Hash
2acfb73fd2df022a7dad5595adef5bda
939b803ea641bd427b7599f92a816262e7a5bf48
3d4610a2ab69d08e54685d0d3cfcf03ec663bacff8cc89a1e0a2904a7769e641

HTTP Headers

GET /1x1.gif HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://poweredby.jads.co/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 02 Dec 2023 14:36:23 GMT
Connection: Keep-Alive
ETag: "1478208967"
Cache-Control: max-age=18749913
Content-Length: 27460
Content-Type: image/jpeg
Last-Modified: Thu, 03 Nov 2016 21:36:07 GMT
Accept-Ranges: bytes
X-HW: 1701527783.dop207.sk1.t,1701527783.cds217.sk1.c

cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/img/mob.jpg

172.64.109.10

237 kB

URL
cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/img/mob.jpg
IP
172.64.109.10:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1080x2340, components 3\012- data
Size
237 kB (236643 bytes)
Hash
8938c7c9af72d1403e83a963f04a4a19
05a2d9fea84dc46e815a533e79515d05807cc47e
44a076d9da712a251a2c6aeff916b5a15d34aa00554a596686e29e390a0fc680

HTTP Headers

GET /sb/interstitial/games/hentai-heroes/main/9/img/mob.jpg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 02 Dec 2023 14:36:23 GMT
content-type: image/jpeg
content-length: 236643
last-modified: Tue, 24 Oct 2023 12:21:35 GMT
etag: "6537b6cf-39c63"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 190013
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e6iduD9ztaJt7JoI%2Bb1txswzmW8IKzZL%2F3v4GuQn8lNCilAkC654i8H6HiMNOSNGVyrjLs3ft3gzjMo6VPnsMXLbosJkoLLIM7tnQUmJquVILEZNCLFscR75S0XcB07fEWECkm39uKs3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f44d49598124b7-LHR
alt-svc: h3=":443"; ma=86400

distancemedicalchristian.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSTYgcRRSuXtdTFH%2FwkkNgQEEFd7Z7umenJzkYY0wIxiQmkVytv96tTHVXU9U9PdmDBCOS43jz4KHnm82u0SDm4EklMutFFoSMB13EvQmeRBAC3mR2Rxbfod573%2FcO7%2FvqfTgq90iAku5eesusK63pcrvpN166pjJhKte4cLUR%2BE3%2FROOaylaiE43B7LH944HfbvovN85K3jPLLT%2Fw%2FcAPGmeUlYkZLO%2BzUPm9btDs%2Bs2o1QzaEQb2%2F70rF%2BDoAkR%2FjzwLJaaPr%2F1wH4pPkKVfnpauV5j8lTfSUtPCWPTF1jtZLzNVhvSwTKyHJNuaT8O4KSEfL8BkW3MFMP2NmQIwNSXezwFYtjVfE6x%2F52BTpiEzMHEEVX8CqSdQdAJubkGJhwTgAhcuIks3Lxhb0RsHLJ2xU7L46G%2BoakoWf3sOWfrFKa0GjStGl4UymcMgqaEGE6jVCfJygmLdg6q2wYv3ocSPZPnReWTpxkWnDZTYfYEHcRgGEVsKYsGWojAIllgcdJd4EvlxuMIjHtN9i5SaQCUTaDkEdQsonYdSeSgTD2XuIRW7DdruJr7fSVgShnHEOQ9DztvximiLMIoTHyWfaRiiyIfgeghuP%2Fg0F2tFr9%2FqbhS2lJtlxl2rOwo2D%2BB9cGMGjgLk9iZ6aghbfge3VsOJJ%2BCKKfHeLtAXNSpJUDmCihJUiqAqCKp%2BfUdo13L1ptCuZME8t%2BY5rMemWB3RO6ZYlRkBtcNRvkeemVntPaUMenK3ESfdhK90ZMjaLFyJk4B3WrzLpIhC6idRAKdqKLcA6jysqyk59sdR5GpKFpOvwOg2nN4GV0%2BDlsdAq3Gn5YOujaPYx3p2d0DVddPkJoUwNfJiEcUNb6T3yNH9%2Fz775y%2BQfOfkkW%2Buv%2FfPr8%2BD2xq5rXFdfU%2Bwqm%2BPL5uKbFw2lSP3L%2BaFStU6nd3ClYIWcvGzN%2BWNylhx7rQb3n2Nz4hZee%2BqdMV5mgmVrTry%2BSklhLRnjOWSfHvOXZPsUunWTpU2K%2FPzl14%2Fcy7NrXROmWwCqh6%2B%2BwBcTcmTX3%2Byf%2BUv7h2HshPYskZa7pB5QJlt8PwmXL5z8j%2FMGQKrD2dY7qEq67FtsUNQKwItD3vKajh5aAGTOw%2F%2BOuBG7jZWrQda3EKW1ujbGn1dg%2BohXPnYuMjtzqs%2FhfsBpr0x09bbYNrqjw6sdWq30Q4iGbO4w4Vgkoug0wrj0PdbQkSdrgy6KNxU9k7%2B%2Fi8AAAD%2F%2FwEAAP%2F%2FQSRHPb0EAAA%3D

173.233.139.164

7 B

URL
distancemedicalchristian.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSTYgcRRSuXtdTFH%2FwkkNgQEEFd7Z7umenJzkYY0wIxiQmkVytv96tTHVXU9U9PdmDBCOS43jz4KHnm82u0SDm4EklMutFFoSMB13EvQmeRBAC3mR2Rxbfod573%2FcO7%2FvqfTgq90iAku5eesusK63pcrvpN166pjJhKte4cLUR%2BE3%2FROOaylaiE43B7LH944HfbvovN85K3jPLLT%2Fw%2FcAPGmeUlYkZLO%2BzUPm9btDs%2Bs2o1QzaEQb2%2F70rF%2BDoAkR%2FjzwLJaaPr%2F1wH4pPkKVfnpauV5j8lTfSUtPCWPTF1jtZLzNVhvSwTKyHJNuaT8O4KSEfL8BkW3MFMP2NmQIwNSXezwFYtjVfE6x%2F52BTpiEzMHEEVX8CqSdQdAJubkGJhwTgAhcuIks3Lxhb0RsHLJ2xU7L46G%2BoakoWf3sOWfrFKa0GjStGl4UymcMgqaEGE6jVCfJygmLdg6q2wYv3ocSPZPnReWTpxkWnDZTYfYEHcRgGEVsKYsGWojAIllgcdJd4EvlxuMIjHtN9i5SaQCUTaDkEdQsonYdSeSgTD2XuIRW7DdruJr7fSVgShnHEOQ9DztvximiLMIoTHyWfaRiiyIfgeghuP%2Fg0F2tFr9%2FqbhS2lJtlxl2rOwo2D%2BB9cGMGjgLk9iZ6aghbfge3VsOJJ%2BCKKfHeLtAXNSpJUDmCihJUiqAqCKp%2BfUdo13L1ptCuZME8t%2BY5rMemWB3RO6ZYlRkBtcNRvkeemVntPaUMenK3ESfdhK90ZMjaLFyJk4B3WrzLpIhC6idRAKdqKLcA6jysqyk59sdR5GpKFpOvwOg2nN4GV0%2BDlsdAq3Gn5YOujaPYx3p2d0DVddPkJoUwNfJiEcUNb6T3yNH9%2Fz775y%2BQfOfkkW%2Buv%2FfPr8%2BD2xq5rXFdfU%2Bwqm%2BPL5uKbFw2lSP3L%2BaFStU6nd3ClYIWcvGzN%2BWNylhx7rQb3n2Nz4hZee%2BqdMV5mgmVrTry%2BSklhLRnjOWSfHvOXZPsUunWTpU2K%2FPzl14%2Fcy7NrXROmWwCqh6%2B%2BwBcTcmTX3%2Byf%2BUv7h2HshPYskZa7pB5QJlt8PwmXL5z8j%2FMGQKrD2dY7qEq67FtsUNQKwItD3vKajh5aAGTOw%2F%2BOuBG7jZWrQda3EKW1ujbGn1dg%2BohXPnYuMjtzqs%2FhfsBpr0x09bbYNrqjw6sdWq30Q4iGbO4w4Vgkoug0wrj0PdbQkSdrgy6KNxU9k7%2B%2Fi8AAAD%2F%2FwEAAP%2F%2FQSRHPb0EAAA%3D
IP
173.233.139.164:0
ASN
#7979 SERVERS-COM

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSTYgcRRSuXtdTFH%2FwkkNgQEEFd7Z7umenJzkYY0wIxiQmkVytv96tTHVXU9U9PdmDBCOS43jz4KHnm82u0SDm4EklMutFFoSMB13EvQmeRBAC3mR2Rxbfod573%2FcO7%2FvqfTgq90iAku5eesusK63pcrvpN166pjJhKte4cLUR%2BE3%2FROOaylaiE43B7LH944HfbvovN85K3jPLLT%2Fw%2FcAPGmeUlYkZLO%2BzUPm9btDs%2Bs2o1QzaEQb2%2F70rF%2BDoAkR%2FjzwLJaaPr%2F1wH4pPkKVfnpauV5j8lTfSUtPCWPTF1jtZLzNVhvSwTKyHJNuaT8O4KSEfL8BkW3MFMP2NmQIwNSXezwFYtjVfE6x%2F52BTpiEzMHEEVX8CqSdQdAJubkGJhwTgAhcuIks3Lxhb0RsHLJ2xU7L46G%2BoakoWf3sOWfrFKa0GjStGl4UymcMgqaEGE6jVCfJygmLdg6q2wYv3ocSPZPnReWTpxkWnDZTYfYEHcRgGEVsKYsGWojAIllgcdJd4EvlxuMIjHtN9i5SaQCUTaDkEdQsonYdSeSgTD2XuIRW7DdruJr7fSVgShnHEOQ9DztvximiLMIoTHyWfaRiiyIfgeghuP%2Fg0F2tFr9%2FqbhS2lJtlxl2rOwo2D%2BB9cGMGjgLk9iZ6aghbfge3VsOJJ%2BCKKfHeLtAXNSpJUDmCihJUiqAqCKp%2BfUdo13L1ptCuZME8t%2BY5rMemWB3RO6ZYlRkBtcNRvkeemVntPaUMenK3ESfdhK90ZMjaLFyJk4B3WrzLpIhC6idRAKdqKLcA6jysqyk59sdR5GpKFpOvwOg2nN4GV0%2BDlsdAq3Gn5YOujaPYx3p2d0DVddPkJoUwNfJiEcUNb6T3yNH9%2Fz775y%2BQfOfkkW%2Buv%2FfPr8%2BD2xq5rXFdfU%2Bwqm%2BPL5uKbFw2lSP3L%2BaFStU6nd3ClYIWcvGzN%2BWNylhx7rQb3n2Nz4hZee%2BqdMV5mgmVrTry%2BSklhLRnjOWSfHvOXZPsUunWTpU2K%2FPzl14%2Fcy7NrXROmWwCqh6%2B%2BwBcTcmTX3%2Byf%2BUv7h2HshPYskZa7pB5QJlt8PwmXL5z8j%2FMGQKrD2dY7qEq67FtsUNQKwItD3vKajh5aAGTOw%2F%2BOuBG7jZWrQda3EKW1ujbGn1dg%2BohXPnYuMjtzqs%2FhfsBpr0x09bbYNrqjw6sdWq30Q4iGbO4w4Vgkoug0wrj0PdbQkSdrgy6KNxU9k7%2B%2Fi8AAAD%2F%2FwEAAP%2F%2FQSRHPb0EAAA%3D HTTP/1.1
Host: distancemedicalchristian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 14:36:23 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 5babe8c7569038a45b4de682d59cced2
Strict-Transport-Security: max-age=0; includeSubdomains

cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/img/tab.jpg

172.64.109.10

184 kB

URL
cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/9/img/tab.jpg
IP
172.64.109.10:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1024x1366, components 3\012- data
Size
184 kB (184016 bytes)
Hash
514b590c0bc71e9b888a4fb84a797f71
0316ebba7a31e09475981e88b2520076c34854a7
d6dafd5e754539f4d557e4eb25cc86d72429c0e06a97477ff0afb63b4b5fe2be

HTTP Headers

GET /sb/interstitial/games/hentai-heroes/main/9/img/tab.jpg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 02 Dec 2023 14:36:23 GMT
content-type: image/jpeg
content-length: 184016
last-modified: Tue, 24 Oct 2023 12:21:35 GMT
etag: "6537b6cf-2ced0"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 260461
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PamPY6nmg7D9CfvaeWRaII6%2FI%2BLEGKhe%2BVYLQek6CjbDsQSupJj4oyBJi%2FpXwSHqj5NHC43yDHyZLyJumT3aGpO0B6ddxINV%2BTn%2Ff02Be2R%2BiN%2FE4%2BlFnOuOR3wDfFOlXa9uAMFkX84R"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f44d49598324b7-LHR
alt-svc: h3=":443"; ma=86400

distancemedicalchristian.com/pixel/sbs?c=1

173.233.139.164

0 B

URL
distancemedicalchristian.com/pixel/sbs?c=1
IP
173.233.139.164:0
ASN
#7979 SERVERS-COM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbs?c=1 HTTP/1.1
Host: distancemedicalchristian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 14:36:24 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

cbjpeg.stream.highwebmedia.com/stream?room=mazzanti_&f=0.4551362367481607

131.153.81.178

25 kB

URL
cbjpeg.stream.highwebmedia.com/stream?room=mazzanti_&f=0.4551362367481607
IP
131.153.81.178:0
ASN
#19437 SS-ASH

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 1280x1281, segment length 16, comment: "Lavc58.134.100", baseline, precision 8, 854x480, components 3\012- data
Size
25 kB (25149 bytes)
Hash
f2f9a2fe8d53203761b52bfcefa26dd9
e3cfa342dca7a3adfec52d4ae3bab8b1e633b57e
a352853d042c0b4a17d23b8f93cdcadcf58a473671926327564ad973890ba977

HTTP Headers

GET /stream?room=mazzanti_&f=0.4551362367481607 HTTP/1.1
Host: cbjpeg.stream.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
DNT: 1
Connection: keep-alive
Cookie: _cfuvid=sX2YaZmAknVqY.pqkq.2LHqH1HSzAp.Liicij9zMQZ8-1701527779794-0-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 02 Dec 2023 14:36:24 GMT
content-type: image/jpeg
content-length: 25149
x-server-name: CB Jpeg Server
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
cache-tag: cbjpeg
x-frame-options: DENY
X-Firefox-Spdy: h2

conqueredallrightswell.com/pph1aeej?key=7a7c3779889805e2058addecb7e13424&psid=17763969

192.243.61.225

1.4 kB

URL
conqueredallrightswell.com/pph1aeej?key=7a7c3779889805e2058addecb7e13424&psid=17763969
IP
192.243.61.225:0
ASN
#39572 DataWeb Global Group B.V.

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (488)
Size
1.4 kB (1396 bytes)
Hash
03be8a45625b1de9cfa7f8274a2d7094
55bf88671bcab754fa7556c563361e8a4d664026
e8668244b3cb897c4b27a34e988e1a319ea5e90d2e3aaf6ddabc948a2075906c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pph1aeej?key=7a7c3779889805e2058addecb7e13424&psid=17763969 HTTP/1.1
Host: conqueredallrightswell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://top1pornmovies.sexjanet.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 14:36:24 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=15077602; expires=Sun, 03 Dec 2023 14:36:24 GMT
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNTA3NzYwMiwiayI6IjdhN2MzNzc5ODg5ODA1ZTIwNThhZGRlY2I3ZTEzNDI0Iiwic2lkIjoiMTc3NjM5NjkiLCJpc2lkIjoyLCJhc2lkIjoxLCJ6aWQiOjE0NjQxNSwicGlkIjo5NzI5OSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjoyOCwicHQiOjQsInBrIjoicHBoMWFlZWoiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly90b3AxcG9ybm1vdmllcy5zZXhqYW5ldC5jb20vIiwiYXIiOltdfX0.UaOwGt8KoazpeNDfAu6P81CDhVcXdbk3gk4EwIQ0hvI; expires=Sat, 02 Dec 2023 14:37:24 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d73bf0c65b431e460567d7c9e8585faa
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

chaturbate.com/cdn-cgi/challenge-platform/h/b/jsd/r/82f44d26de7656bb

104.18.100.40

25 kB

URL
chaturbate.com/cdn-cgi/challenge-platform/h/b/jsd/r/82f44d26de7656bb
IP
104.18.100.40:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
25 kB (24729 bytes)
Hash
3bff118abde7e1b18fde50bbf2577db3
a5a3139514484fa585baba191b9c5ed8b3c56c47
5542bb40ffb32589754de8843dc1c6bb087237095defe3a0d81c0d0c7e863e73

HTTP Headers

POST /cdn-cgi/challenge-platform/h/b/jsd/r/82f44d26de7656bb HTTP/1.1
Host: chaturbate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 11965
Origin: https://chaturbate.com
DNT: 1
Connection: keep-alive
Referer: https://chaturbate.com/embed/mazzanti_/?join_overlay=1&tour=dTm0&campaign=Q2cRU&disable_sound=1&mobileRedirect=auto&embed_video_only=1&id=2%7C164978%7C7017784%7Cno%7C94553%7C40900043%7C5675441%7C1%7C0%7C46%7C50304%7C%2C%2C%2C%2C%2C%7C4%7C0%7C0%7C1%2C2%2C3%2C6%2C12%2C13%2C19%2C21%2C26%7C0%7C0%7Cen%7C1%7C91.90.42.154%7C0%7C0%7C0%7C0%7C3143242
Cookie: __cf_bm=oahF8zudTlZsXXjxC5Y.1uu5Hbo3W2Bo.N7iDpMTstM-1701527777-0-AZA4/FS/9UILQBWnO7tFCxwRMx+pdPx3qdGHm7B3GYZ27xe4koKzP1qmMPSd4TUC5rhqfJtTSIkvCa0GrfuLu34=; cf_clearance=Xo.XozNXTwPFEUSJGihe0zHvXfNOd6FaUls55wdX8aY-1701527783-0-1-730ca2d2.73a07051.5b213570-0.2.1701527783
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 02 Dec 2023 14:36:24 GMT
content-type: text/plain; charset=UTF-8
set-cookie: cf_clearance=kKrZ6cW36oGuFjJv28wc6viHgPAT.cFRvTn4wVF.ke4-1701527784-0-1-730ca2d2.73a07051.5b213570-0.2.1701527784; path=/; expires=Sun, 01-Dec-24 14:36:24 GMT; domain=.chaturbate.com; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lTPOhfrOJ3ZQgbS2%2Bz744MD1UQhcTsPq8WHAGbrEGUReL%2FXRsYZVrOLfVlYRQMwcrpvOK9d8QIE%2FhpO68iOYsdvj5ktvXMii4ypFMxq1NYcHKkwm1jej8Nbel%2B2h6D%2BK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 82f44d49ee8f56bb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

realtime.pa.highwebmedia.com/comet/connect?access_token=eyJhbGciOiJIUzI1NiIsImtpZCI6IktTS3cyZy5MMzZJU2ciLCJ0eXAiOiJKV1QifQ.eyJpYXQiOjE3MDE1Mjc3ODQsImV4cCI6MTcwMTYxNDE4NC4wLCJ4LWFibHktY2FwYWJpbGl0eSI6IntcImdsb2JhbDpwdXNoX3NlcnZpY2VcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb21fYW5vbjpwcmVzZW5jZTpCRTk3M0hWOjE1NlwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpncm91cGVkOkJFOTczSFY6MTU2XCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOmZhbmNsdWI6QkU5NzNIVlwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpzaG9ydGNvZGU6QkU5NzNIVlwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTplbnRlcl9sZWF2ZTpCRTk3M0hWXCI6IFtcInN1YnNjcmliZVwiXX0iLCJ4LWFibHktY2xpZW50SWQiOiIrczI1enp6NmsxZHItYW5vbmI3M2E4NzAyLTYxNjgtNGVjOC04MDNmLWMwN2Y4MmY3YTZkMSJ9.BGhBzStHydu7iRJVHNdyYjFKgfPyz3UTDx_x1yZhchI&stream=false&heartbeats=true&v=2&agent=ably-js%252F1.2.37%2520browser&remainPresentFor=0&rnd=6571301762578523

143.204.55.28

477 B

URL
realtime.pa.highwebmedia.com/comet/connect?access_token=eyJhbGciOiJIUzI1NiIsImtpZCI6IktTS3cyZy5MMzZJU2ciLCJ0eXAiOiJKV1QifQ.eyJpYXQiOjE3MDE1Mjc3ODQsImV4cCI6MTcwMTYxNDE4NC4wLCJ4LWFibHktY2FwYWJpbGl0eSI6IntcImdsb2JhbDpwdXNoX3NlcnZpY2VcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb21fYW5vbjpwcmVzZW5jZTpCRTk3M0hWOjE1NlwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpncm91cGVkOkJFOTczSFY6MTU2XCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOmZhbmNsdWI6QkU5NzNIVlwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpzaG9ydGNvZGU6QkU5NzNIVlwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTplbnRlcl9sZWF2ZTpCRTk3M0hWXCI6IFtcInN1YnNjcmliZVwiXX0iLCJ4LWFibHktY2xpZW50SWQiOiIrczI1enp6NmsxZHItYW5vbmI3M2E4NzAyLTYxNjgtNGVjOC04MDNmLWMwN2Y4MmY3YTZkMSJ9.BGhBzStHydu7iRJVHNdyYjFKgfPyz3UTDx_x1yZhchI&stream=false&heartbeats=true&v=2&agent=ably-js%252F1.2.37%2520browser&remainPresentFor=0&rnd=6571301762578523
IP
143.204.55.28:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text
Size
477 B (477 bytes)
Hash
eec060d8451b90c00cc9bc5c0b542349
3279ff89c3cebd70f529fa8a6c1929f881e906a9
cb76ca11b30b1d6a66f2247cf0db2c45fcc9efdea6c9330a864351853268c6ce

HTTP Headers

GET /comet/connect?access_token=eyJhbGciOiJIUzI1NiIsImtpZCI6IktTS3cyZy5MMzZJU2ciLCJ0eXAiOiJKV1QifQ.eyJpYXQiOjE3MDE1Mjc3ODQsImV4cCI6MTcwMTYxNDE4NC4wLCJ4LWFibHktY2FwYWJpbGl0eSI6IntcImdsb2JhbDpwdXNoX3NlcnZpY2VcIjogW1wic3Vic2NyaWJlXCJdLCBcInJvb21fYW5vbjpwcmVzZW5jZTpCRTk3M0hWOjE1NlwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpncm91cGVkOkJFOTczSFY6MTU2XCI6IFtcInN1YnNjcmliZVwiXSwgXCJyb29tOmZhbmNsdWI6QkU5NzNIVlwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTpzaG9ydGNvZGU6QkU5NzNIVlwiOiBbXCJzdWJzY3JpYmVcIl0sIFwicm9vbTplbnRlcl9sZWF2ZTpCRTk3M0hWXCI6IFtcInN1YnNjcmliZVwiXX0iLCJ4LWFibHktY2xpZW50SWQiOiIrczI1enp6NmsxZHItYW5vbmI3M2E4NzAyLTYxNjgtNGVjOC04MDNmLWMwN2Y4MmY3YTZkMSJ9.BGhBzStHydu7iRJVHNdyYjFKgfPyz3UTDx_x1yZhchI&stream=false&heartbeats=true&v=2&agent=ably-js%252F1.2.37%2520browser&remainPresentFor=0&rnd=6571301762578523 HTTP/1.1
Host: realtime.pa.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
Origin: https://chaturbate.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/json
content-length: 477
access-control-allow-credentials: true
access-control-allow-origin: https://chaturbate.com
access-control-expose-headers: Link,Transfer-Encoding,Content-Length,X-Ably-ErrorCode,X-Ably-ErrorMessage,X-Ably-ServerId,X-Ably-Cluster,Server,X-Amz-Cf-Pop
date: Sat, 02 Dec 2023 14:36:24 GMT
vary: Origin
x-ably-cluster: production:highwebmedia
x-ably-serverid: frontend.e77b.3.eu-central-1-A.i-043d5181d2e70d71a.e91HvHg6ABVv2T
x-robots-tag: noindex
x-cache: Miss from cloudfront
via: 1.1 185768229530368be94556dcab1c486a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: TxCSxJQrDJDc8C58IUBbUuxc43w6SkRgvLuW-h38_ibDzEfFt7BO4w==
X-Firefox-Spdy: h2

conqueredallrightswell.com/api/users?token=L3BwaDFhZWVqP2tleT03YTdjMzc3OTg4OTgwNWUyMDU4YWRkZWNiN2UxMzQyNCZwc2lkPTE3NzYzOTY5JnBzdD0xNzAxNTI3ODQ0JnJlZmVyPWh0dHAlM0ElMkYlMkZ0b3AxcG9ybm1vdmllcy5zZXhqYW5ldC5jb20lMkYmcm10Yz10JnNodT1lOWEwNDBkMTdkZWVkNjQ4YTJjYjk4N2M1Y2M2MGRjY2U0NGNhYmM1ZDczY2Q5MDM4YWZiZjZkM2U5ODIxZjY2ZDE5NzkzYTJkMDk0N2ZkMThkYjM2ZTViZmVjODYzMzQ2MjhmNTkyYzM2ZDUwNTdiODgwZDlkOGU3NTMyM2RhNTkzMjU4YWU0NTI3ZDE5NTk1MjQ5YWQyZTQzZDJiOGJmZjMzZjMxNjZmZDA2MjA3YTNkYTZhMzkyNmI%3D&uuid=&pii=&in=false

192.243.61.225

0 B

URL
conqueredallrightswell.com/api/users?token=L3BwaDFhZWVqP2tleT03YTdjMzc3OTg4OTgwNWUyMDU4YWRkZWNiN2UxMzQyNCZwc2lkPTE3NzYzOTY5JnBzdD0xNzAxNTI3ODQ0JnJlZmVyPWh0dHAlM0ElMkYlMkZ0b3AxcG9ybm1vdmllcy5zZXhqYW5ldC5jb20lMkYmcm10Yz10JnNodT1lOWEwNDBkMTdkZWVkNjQ4YTJjYjk4N2M1Y2M2MGRjY2U0NGNhYmM1ZDczY2Q5MDM4YWZiZjZkM2U5ODIxZjY2ZDE5NzkzYTJkMDk0N2ZkMThkYjM2ZTViZmVjODYzMzQ2MjhmNTkyYzM2ZDUwNTdiODgwZDlkOGU3NTMyM2RhNTkzMjU4YWU0NTI3ZDE5NTk1MjQ5YWQyZTQzZDJiOGJmZjMzZjMxNjZmZDA2MjA3YTNkYTZhMzkyNmI%3D&uuid=&pii=&in=false
IP
192.243.61.225:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /api/users?token=L3BwaDFhZWVqP2tleT03YTdjMzc3OTg4OTgwNWUyMDU4YWRkZWNiN2UxMzQyNCZwc2lkPTE3NzYzOTY5JnBzdD0xNzAxNTI3ODQ0JnJlZmVyPWh0dHAlM0ElMkYlMkZ0b3AxcG9ybm1vdmllcy5zZXhqYW5ldC5jb20lMkYmcm10Yz10JnNodT1lOWEwNDBkMTdkZWVkNjQ4YTJjYjk4N2M1Y2M2MGRjY2U0NGNhYmM1ZDczY2Q5MDM4YWZiZjZkM2U5ODIxZjY2ZDE5NzkzYTJkMDk0N2ZkMThkYjM2ZTViZmVjODYzMzQ2MjhmNTkyYzM2ZDUwNTdiODgwZDlkOGU3NTMyM2RhNTkzMjU4YWU0NTI3ZDE5NTk1MjQ5YWQyZTQzZDJiOGJmZjMzZjMxNjZmZDA2MjA3YTNkYTZhMzkyNmI%3D&uuid=&pii=&in=false HTTP/1.1
Host: conqueredallrightswell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://conqueredallrightswell.com/pph1aeej?key=9ca601a9f47c735df76d5ca46fa26a66&submetric=15077602
Cookie: u_pl=15077602; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNTA3NzYwMiwiayI6IjdhN2MzNzc5ODg5ODA1ZTIwNThhZGRlY2I3ZTEzNDI0Iiwic2lkIjoiMTc3NjM5NjkiLCJpc2lkIjoyLCJhc2lkIjoxLCJ6aWQiOjE0NjQxNSwicGlkIjo5NzI5OSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjoyOCwicHQiOjQsInBrIjoicHBoMWFlZWoiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly90b3AxcG9ybm1vdmllcy5zZXhqYW5ldC5jb20vIiwiYXIiOltdfX0.UaOwGt8KoazpeNDfAu6P81CDhVcXdbk3gk4EwIQ0hvI; cjs=t
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 14:36:25 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: https://unfortunatecatch.com/ba3.Vp0/PX3dpbvzbnmfV/JaZjDQ0s0/OpDWcEzIMIThk/1pLATHQu4INbzmM/xyOqT_Y-?clickId=2ff750efa97073fef017bb88807ce88e&sId=15077602
Set-Cookie: iprcb1bf91585ba6d91b55652202b5dc02f1=4599413; expires=Sun, 03 Dec 2023 14:36:25 GMT
pdhtkv=true; expires=Sun, 03 Dec 2023 14:36:25 GMT
uncs=1; expires=Sun, 03 Dec 2023 14:36:25 GMT
pdhtkv28=true; expires=Sun, 03 Dec 2023 14:36:25 GMT
uncs28=1; expires=Sun, 03 Dec 2023 14:36:25 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e7e55f513d1892d9cc94b751aadbcfb7
Strict-Transport-Security: max-age=0; includeSubdomains

unfortunatecatch.com/ba3.Vp0/PX3dpbvzbnmfV/JaZjDQ0s0/OpDWcEzIMIThk/1pLATHQu4INbzmM/xyOqT_Y-?clickId=2ff750efa97073fef017bb88807ce88e&sId=15077602

88.85.94.240

0 B

URL
unfortunatecatch.com/ba3.Vp0/PX3dpbvzbnmfV/JaZjDQ0s0/OpDWcEzIMIThk/1pLATHQu4INbzmM/xyOqT_Y-?clickId=2ff750efa97073fef017bb88807ce88e&sId=15077602
IP
88.85.94.240:0
ASN
#35415 Webzilla B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ba3.Vp0/PX3dpbvzbnmfV/JaZjDQ0s0/OpDWcEzIMIThk/1pLATHQu4INbzmM/xyOqT_Y-?clickId=2ff750efa97073fef017bb88807ce88e&sId=15077602 HTTP/1.1
Host: unfortunatecatch.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://conqueredallrightswell.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: nginx
date: Sat, 02 Dec 2023 14:36:25 GMT
content-type: text/html;charset=UTF-8
content-length: 0
expires: Mon, 26 Jul 2011 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-WoW64
location: https://eatcells.com/
referrer-policy: no-referrer
x-frame-options: DENY
x-content-type-options: nosniff
X-Firefox-Spdy: h2

eatcells.com/assets/css/new_index.css

94.130.177.84

3.9 kB

URL
eatcells.com/assets/css/new_index.css
IP
94.130.177.84:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text
Size
3.9 kB (3923 bytes)
Hash
0070cb8e88e6776819b1ae397d40f209
db8d333e839bcc76d38026c6710e4be9d9cecd95
c611bde29c5e0950bcee6719767678d98b850288f452a6f7b641dae680fe6096

HTTP Headers

GET /assets/css/new_index.css HTTP/1.1
Host: eatcells.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eatcells.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 02 Dec 2023 14:22:42 GMT
content-type: text/css
content-length: 3923
last-modified: Wed, 04 Sep 2019 20:36:34 GMT
etag: "5d702052-f53"
accept-ranges: bytes
X-Firefox-Spdy: h2

eatcells.com/assets/css/new_gallery.css

94.130.177.84

1.8 kB

URL GET
eatcells.com/assets/css/new_gallery.css
IP
94.130.177.84:0
ASN
#24940 Hetzner Online GmbH

Requested by
https://eatcells.com/
Certificate
IssuerLet's Encrypt
Subjecteatcells.com
FingerprintFB:12:33:21:9E:98:19:D2:25:B6:7C:71:12:58:85:D0:9C:7E:E8:02
ValidityWed, 29 Nov 2023 09:45:41 GMT - Tue, 27 Feb 2024 09:45:40 GMT

File type
ASCII text
Size
1.8 kB (1791 bytes)
Hash
7fe0557524dbf60d5b7d589d11f72fd6
ebbce6c0589f46dc0f8959e49a1778ab01c6b0f5
a374fd62e3d4aa19adba05d455c79bc3352b24e744d455156dcc275947079f9e

HTTP Headers

GET /assets/css/new_gallery.css HTTP/1.1
Host: eatcells.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eatcells.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 02 Dec 2023 14:22:42 GMT
content-type: text/css
content-length: 1791
last-modified: Wed, 04 Sep 2019 20:36:34 GMT
etag: "5d702052-6ff"
accept-ranges: bytes
X-Firefox-Spdy: h2

static-assets.highwebmedia.com/CACHE/js/output.7cefc4a3ceb9.js

104.16.94.42

282 kB

URL
static-assets.highwebmedia.com/CACHE/js/output.7cefc4a3ceb9.js
IP
104.16.94.42:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (65528), with no line terminators
Size
282 kB (281454 bytes)
Hash
ef05d82da7ebb17ab160d40dbf116ca6
e80953076fe59a649bbb053c5b98097e69d9498c
d50488f4eeeac2396920c2e7e15ce4d7cfb922dc335ddc1568020cb919fc7ba5

HTTP Headers

GET /CACHE/js/output.7cefc4a3ceb9.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:19 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=964706
etag: W/"c778381a3053bdf40195b0aabfdd08e1"
last-modified: Mon, 27 Nov 2023 19:25:34 GMT
x-amz-id-2: nTXI2HcmUkVgnhCo6LYdb/S5nHm4BcM1gxPKiC4ie9d+bTqDrR/bsIuisYUgDD7/0fUcjkWvLJ4=
x-amz-meta-s3cmd-attrs: md5:c778381a3053bdf40195b0aabfdd08e1
x-amz-request-id: 82JRS1263CJGEBE0
x-amz-server-side-encryption: AES256
cf-cache-status: HIT
age: 414493
expires: Mon, 01 Jan 2024 14:36:19 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J1IL9NjBw4d0uGHEdBWOvtamvJMn94aZr5PVUsYLxQv3OnFHrAAr1rQGgvb6bJPRkS%2Bd3lDB8qRfMAcTpWn4ptcX%2F8lqKNloSIXlGj1zQWG%2F3gym923wotrXiOBgJAoA%2FGCswjMzgnBPVRLN%2B7Tp6A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=822I1HK79rr5q921Ig1xZW_bVe5ALet6VQ3wiKJFC8g-1701527779636-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 82f44d2ea9160b31-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=UA-136886237-1

142.250.74.168

69 kB

URL
www.googletagmanager.com/gtag/js?id=UA-136886237-1
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (4179)
Size
69 kB (69006 bytes)
Hash
f7f2439f49b914ddeef8526b19a9678b
fefd4d707498363c863a7b52773438312ec6ee93
b4d9a53f22fd76b19780724a4e10b10224d33979012ad68abadc73d4635c835c

HTTP Headers

GET /gtag/js?id=UA-136886237-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eatcells.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 02 Dec 2023 14:36:26 GMT
expires: Sat, 02 Dec 2023 14:36:26 GMT
cache-control: private, max-age=900
last-modified: Sat, 02 Dec 2023 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 69006
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

eatcells.com/assets/js/new_main_out4.js?3512341123

94.130.177.84

66 kB

URL
eatcells.com/assets/js/new_main_out4.js?3512341123
IP
94.130.177.84:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text
Size
66 kB (66367 bytes)
Hash
a09324e4f90b9d6437ded27984bfd1c9
654f526654aa638af0c7cfb378139b8bc0e9b25c
3fe37eefb8e3c4306bb7614aa524baba49a90960a7598053fee3f1d14af05fc7

HTTP Headers

GET /assets/js/new_main_out4.js?3512341123 HTTP/1.1
Host: eatcells.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eatcells.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 02 Dec 2023 14:22:42 GMT
content-type: application/javascript
content-length: 66367
last-modified: Wed, 17 Mar 2021 11:17:47 GMT
etag: "6051e55b-1033f"
accept-ranges: bytes
X-Firefox-Spdy: h2

eatcells.com/assets/img/game-2048.jpg

94.130.177.84

35 kB

URL
eatcells.com/assets/img/game-2048.jpg
IP
94.130.177.84:0
ASN
#24940 Hetzner Online GmbH

File type
JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 1200x1200, components 3\012- data
Size
35 kB (35226 bytes)
Hash
83c6bcd32c7e90ab34e5a8f02e642e8d
97db55b7b37fc4d477057d0e35509af231f770fa
8eb5894f89bf0e0c90e32872557f0ed0bdc95e15518c4cd7eab98a629e17c65e

HTTP Headers

GET /assets/img/game-2048.jpg HTTP/1.1
Host: eatcells.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eatcells.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 02 Dec 2023 14:22:42 GMT
content-type: image/jpeg
content-length: 35226
last-modified: Wed, 04 Sep 2019 20:36:34 GMT
etag: "5d702052-899a"
accept-ranges: bytes
X-Firefox-Spdy: h2

eatcells.com/assets/img/game-floppy.jpg

94.130.177.84

22 kB

URL
eatcells.com/assets/img/game-floppy.jpg
IP
94.130.177.84:0
ASN
#24940 Hetzner Online GmbH

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 300x300, components 3\012- data
Size
22 kB (21816 bytes)
Hash
5ad1eea8c383ba8227fc0202cd53328b
555dced4831f55755a8b94b272be77963c7f243d
df91f7b73203d9477560338afd906fdaea7be4359efd8b4f5c710ea040236f88

HTTP Headers

GET /assets/img/game-floppy.jpg HTTP/1.1
Host: eatcells.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eatcells.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 02 Dec 2023 14:22:42 GMT
content-type: image/jpeg
content-length: 21816
last-modified: Wed, 04 Sep 2019 20:36:35 GMT
etag: "5d702053-5538"
accept-ranges: bytes
X-Firefox-Spdy: h2

eatcells.com/assets/img/split.png?4

94.130.177.84

8.4 kB

URL
eatcells.com/assets/img/split.png?4
IP
94.130.177.84:0
ASN
#24940 Hetzner Online GmbH

File type
PNG image data, 400 x 400, 8-bit/color RGBA, non-interlaced\012- data
Size
8.4 kB (8351 bytes)
Hash
a750c895db286aad876dd4d0d921489f
9702489ca7bf3da73c794bc7b08ebde1af41251f
561d10034a0809c36d7d24c7f3aee2b061a9a5dad63ad28d75f4fbc434406d1b

HTTP Headers

GET /assets/img/split.png?4 HTTP/1.1
Host: eatcells.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eatcells.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 02 Dec 2023 14:22:42 GMT
content-type: image/png
content-length: 8351
last-modified: Wed, 04 Sep 2019 20:36:36 GMT
etag: "5d702054-209f"
accept-ranges: bytes
X-Firefox-Spdy: h2

eatcells.com/assets/img/eject.png?4

94.130.177.84

8.3 kB

URL
eatcells.com/assets/img/eject.png?4
IP
94.130.177.84:0
ASN
#24940 Hetzner Online GmbH

File type
PNG image data, 400 x 400, 8-bit/color RGBA, non-interlaced\012- data
Size
8.3 kB (8253 bytes)
Hash
cdbc5150d163614cf9278cb6f4796fb1
80d9f03f734e95a89f39f2dd076d4466ed99b1bf
0efc772d5985fdb5a8b8bdb62af4732de2ec1ebc8af7f4a6b6039ef1623f5c63

HTTP Headers

GET /assets/img/eject.png?4 HTTP/1.1
Host: eatcells.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eatcells.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 02 Dec 2023 14:22:42 GMT
content-type: image/png
content-length: 8253
last-modified: Wed, 04 Sep 2019 20:36:35 GMT
etag: "5d702053-203d"
accept-ranges: bytes
X-Firefox-Spdy: h2

eatcells.com/assets/img/game-tap.jpg

94.130.177.84

188 kB

URL
eatcells.com/assets/img/game-tap.jpg
IP
94.130.177.84:0
ASN
#24940 Hetzner Online GmbH

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1200x1200, components 3\012- data
Size
188 kB (188023 bytes)
Hash
f10541f07881ca3f61b1adeff57c62b8
c12fbce7d19d66e5fb7c769d1f3f1e75d750d9f7
b92f76d1bdafaafe084228cfda473a714e64f24d816f90d5bf7e2ae59ad65421

HTTP Headers

GET /assets/img/game-tap.jpg HTTP/1.1
Host: eatcells.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eatcells.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 02 Dec 2023 14:22:42 GMT
content-type: image/jpeg
content-length: 188023
last-modified: Wed, 04 Sep 2019 20:36:36 GMT
etag: "5d702054-2de77"
accept-ranges: bytes
X-Firefox-Spdy: h2

eatcells.com/skinList.txt

94.130.177.84

4.7 kB

URL
eatcells.com/skinList.txt
IP
94.130.177.84:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with very long lines (4653), with no line terminators
Size
4.7 kB (4653 bytes)
Hash
fc25f7574d752ded929cb1dac5cfd6dc
25214cdc98340d44f8152951370a8dc6ef858f38
c0b0c1999cab2333546e0233aed66ee13ba7ac3fc21b68bd378e8a7dc114a197

HTTP Headers

GET /skinList.txt HTTP/1.1
Host: eatcells.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eatcells.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 02 Dec 2023 14:22:42 GMT
content-type: text/plain
content-length: 4653
last-modified: Wed, 04 Sep 2019 20:36:32 GMT
etag: "5d702050-122d"
accept-ranges: bytes
X-Firefox-Spdy: h2

www.icone-png.com/png/22/22430.png

194.150.236.240

44 kB

URL
www.icone-png.com/png/22/22430.png
IP
194.150.236.240:0
ASN
#44976 AZNET s.a.r.l.

File type
PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced\012- data
Size
44 kB (44103 bytes)
Hash
e3f3995eee92ffbd800489ea80bcf4b1
09b579124f0cff2b416274fd9dc1533971cedc65
72e00f5849a0359da527b77f1f1063d1476d00aefc93c347b78b96c960bd994a

HTTP Headers

GET /png/22/22430.png HTTP/1.1
Host: www.icone-png.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eatcells.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 02 Dec 2023 14:36:26 GMT
Server: Apache
Strict-Transport-Security: max-age=15768000
Last-Modified: Sun, 06 Jan 2019 22:18:39 GMT
ETag: "324f27-ac75-57ed17e8caf03"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 44103
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: image/png

eatcells.com/

94.130.177.84

34 kB

URL
eatcells.com/
IP
94.130.177.84:0
ASN
#24940 Hetzner Online GmbH

File type
gzip compressed data, max speed, from Unix\012- data
Size
34 kB (33540 bytes)
Hash
f3f441b9f80afb63d7b8502817501b96
094223009ebbca7f76b8e5f621998d6930b5af83
70015d6af47c5e9155ca2269907c4bb9c24cc393771de07c6fe61089abe8cca6

HTTP Headers

GET / HTTP/1.1
Host: eatcells.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 02 Dec 2023 14:22:42 GMT
content-type: text/html; charset=UTF-8
content-encoding: gzip
X-Firefox-Spdy: h2

maxcdn.bootstrapcdn.com/bootstrap/3.3.4/fonts/glyphicons-halflings-regular.woff2

104.18.10.207

18 kB

URL
maxcdn.bootstrapcdn.com/bootstrap/3.3.4/fonts/glyphicons-halflings-regular.woff2
IP
104.18.10.207:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format (Version 2), TrueType, length 18028, version 1.589\012- data
Size
18 kB (18028 bytes)
Hash
448c34a56d699c29117adc64c43affeb
ca35b697d99cae4d1b60f2d60fcd37771987eb07
fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c

HTTP Headers

GET /bootstrap/3.3.4/fonts/glyphicons-halflings-regular.woff2 HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://eatcells.com
DNT: 1
Connection: keep-alive
Referer: https://maxcdn.bootstrapcdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 02 Dec 2023 14:36:26 GMT
content-type: font/woff2
content-length: 18028
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: "448c34a56d699c29117adc64c43affeb"
last-modified: Mon, 25 Jan 2021 22:03:58 GMT
cdn-cachedat: 11/12/2022 05:25:23
cdn-proxyver: 1.03
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 1049
cdn-status: 200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-requestid: 65fad5cfc5af482c7c821eefc6a6a87c
cdn-cache: HIT
cf-cache-status: HIT
age: 813285
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 82f44d58bfcc7128-OSL
alt-svc: h3=":443"; ma=86400

eatcells.com/assets/img/favicon.ico?4

94.130.177.84

32 kB

URL
eatcells.com/assets/img/favicon.ico?4
IP
94.130.177.84:0
ASN
#24940 Hetzner Online GmbH

File type
MS Windows icon resource - 4 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Size
32 kB (32347 bytes)
Hash
86a61de6ab87b83d46a4873affaa717a
8863fa661cf2a1561a7ea19261f0980010d20eac
04e2c050285112bcd703f8765b5104c8dcf2c5b7b463f47802ccbd1933b57adf

HTTP Headers

GET /assets/img/favicon.ico?4 HTTP/1.1
Host: eatcells.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eatcells.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 02 Dec 2023 14:22:42 GMT
content-type: image/x-icon
content-length: 32347
last-modified: Wed, 04 Sep 2019 20:36:35 GMT
etag: "5d702053-7e5b"
accept-ranges: bytes
X-Firefox-Spdy: h2

eatcells.com/api/

94.130.177.84

0 B

URL
eatcells.com/api/
IP
94.130.177.84:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /api/ HTTP/1.1
Host: eatcells.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://eatcells.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Ees4u0FbFfSkNGMaSw/CHw==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Server: nginx
Date: Sat, 02 Dec 2023 14:22:42 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: DTKkjgHw/qjmLROo7pie1OZ/7SM=

www.googletagmanager.com/gtag/js?id=G-7KY1EBYBZS&l=dataLayer&cx=c

142.250.74.168

81 kB

URL
www.googletagmanager.com/gtag/js?id=G-7KY1EBYBZS&l=dataLayer&cx=c
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (5955)
Size
81 kB (81214 bytes)
Hash
0ddc1769b31aefe903c9dda43e851ab5
71084606bf3da7671e968e5738eec1d73a7863f7
b54c6a767a02b61f14259ecd5eb3d8d6077740d5842734a80042e062ce1afa0c

HTTP Headers

GET /gtag/js?id=G-7KY1EBYBZS&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eatcells.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 02 Dec 2023 14:36:26 GMT
expires: Sat, 02 Dec 2023 14:36:26 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 81214
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

static-assets.highwebmedia.com/cachebust/runtime-prod-22cfbb8c72d95d4777ae.js

104.16.94.42

76 kB

URL
static-assets.highwebmedia.com/cachebust/runtime-prod-22cfbb8c72d95d4777ae.js
IP
104.16.94.42:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (1433), with no line terminators
Size
76 kB (76051 bytes)
Hash
aa812fc7c0ac6c3cc271faad13dde64d
d70d8eab3ca16dbe69b7f2618f59687601f0f369
dbd117009980fbed0b6d578e37126076338b2f132162d90d92ac4df60a8602b5

HTTP Headers

GET /cachebust/runtime-prod-22cfbb8c72d95d4777ae.js HTTP/1.1
Host: static-assets.highwebmedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chaturbate.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 14:36:19 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=1495
etag: W/"f69be2b5ddc0375cbe268eac0ed03779"
last-modified: Tue, 28 Mar 2023 16:57:10 GMT
x-amz-id-2: 2/uk8s0B1Kl15b0aePUXz2rywabqTMl2REt8hc5aMprdMb350w1kZCKkpBGLD2kFmbC9sCsRLhseNs0lls97ovp+r5N/u5fg57F30rcTu8s=
x-amz-meta-s3cmd-attrs: md5:f69be2b5ddc0375cbe268eac0ed03779
x-amz-request-id: XDDNJ65MW1CW3EAE
x-amz-server-side-encryption: AES256
cf-cache-status: HIT
age: 909140
expires: Mon, 01 Jan 2024 14:36:19 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xM2qkTFjWOh9yjGzds8sAZw7o4RUywn2T5uOcMcrhANU%2BkVbq4NwpjDoa7lCCOTxQQGdCLJShuw%2BJxHViwL%2BMzbCEcRPCrRXsrDgT74XiqVjyAyrAfBDpZKoOrwc5biNSXmgQALnlRpZfrWgUDfPHw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: _cfuvid=X3eDaJkr.yio_DLRpg0S.5boX7mC95Z.BwAKbkd_JL0-1701527779738-0-604800000; path=/; domain=.highwebmedia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 82f44d2f598d0b31-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

eatcells.com/skins/eyepatch.png

94.130.177.84

50 kB

URL
eatcells.com/skins/eyepatch.png
IP
94.130.177.84:0
ASN
#24940 Hetzner Online GmbH

File type
PNG image data, 512 x 512, 8-bit colormap, non-interlaced\012- data
Size
50 kB (50106 bytes)
Hash
cbf8582d13331dd2e4ebbb73155a1585
39887e6ef9f290bb9d658abc5817c61a125c7c64
33f2058cce18edbda1a52330654cb9c33d58c06c0a793c3d15bcbcf720d563c3

HTTP Headers

GET /skins/eyepatch.png HTTP/1.1
Host: eatcells.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eatcells.com/
Cookie: _ga_7KY1EBYBZS=GS1.1.1701527791.1.0.1701527791.0.0.0; _ga=GA1.1.1324869197.1701527792
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 02 Dec 2023 14:22:42 GMT
content-type: image/png
content-length: 50106
last-modified: Sun, 17 Feb 2019 12:59:45 GMT
etag: "5c695ac1-c3ba"
accept-ranges: bytes
X-Firefox-Spdy: h2

eatcells.com/skins/tiger.png

94.130.177.84

15 kB

URL
eatcells.com/skins/tiger.png
IP
94.130.177.84:0
ASN
#24940 Hetzner Online GmbH

File type
PNG image data, 512 x 512, 8-bit colormap, non-interlaced\012- data
Size
15 kB (14862 bytes)
Hash
6e33e1c9a721c4f52ca1a13988cc25ae
87d27695562adb691181e168fcc1c25dd925ae3f
ad5cb4e7dfcfbea55f8f7bb1b31428118360d90ebe75f561793976ceb8173a86

HTTP Headers

GET /skins/tiger.png HTTP/1.1
Host: eatcells.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eatcells.com/
Cookie: _ga_7KY1EBYBZS=GS1.1.1701527791.1.0.1701527791.0.0.0; _ga=GA1.1.1324869197.1701527792
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 02 Dec 2023 14:22:42 GMT
content-type: image/png
content-length: 14862
last-modified: Sun, 17 Feb 2019 13:00:11 GMT
etag: "5c695adb-3a0e"
accept-ranges: bytes
X-Firefox-Spdy: h2

fonts.gstatic.com/s/ubuntu/v20/4iCv6KVjbNBYlgoCxCvjvmyNL4U.woff2

142.250.74.131

38 kB

URL
fonts.gstatic.com/s/ubuntu/v20/4iCv6KVjbNBYlgoCxCvjvmyNL4U.woff2
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 37840, version 1.0\012- data
Size
38 kB (37840 bytes)
Hash
6957af42676a9a6104e7a8eee1cee92f
05a81c1de245f5abfda3e26e333753a98a90b77f
e4f50b8bf27fec2b2be5907a06a6579a355aa86542322a2434fac71a22c2ea6e

HTTP Headers

GET /s/ubuntu/v20/4iCv6KVjbNBYlgoCxCvjvmyNL4U.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://eatcells.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 37840
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 29 Nov 2023 21:49:00 GMT
expires: Thu, 28 Nov 2024 21:49:00 GMT
cache-control: public, max-age=31536000
age: 233246
last-modified: Wed, 27 Apr 2022 17:05:12 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/ubuntu/v20/4iCv6KVjbNBYlgoCxCvjs2yNL4U.woff2

142.250.74.131

13 kB

URL
fonts.gstatic.com/s/ubuntu/v20/4iCv6KVjbNBYlgoCxCvjs2yNL4U.woff2
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 12936, version 1.0\012- data
Size
13 kB (12936 bytes)
Hash
6addbc1c8b8d01749d11b911a14b495e
56d87e9231ba1cf4c97a03e98d1ead1622b366ac
7e60d4df52144b57e1065524716f9087b1be34ffc9049e0d3eb1091f8d1e2551

HTTP Headers

GET /s/ubuntu/v20/4iCv6KVjbNBYlgoCxCvjs2yNL4U.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://eatcells.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 12936
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 29 Nov 2023 12:16:07 GMT
expires: Thu, 28 Nov 2024 12:16:07 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 27 Apr 2022 17:10:55 GMT
content-type: font/woff2
age: 267619
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/ubuntu/v20/4iCv6KVjbNBYlgoCxCvjtGyNL4U.woff2

142.250.74.131

18 kB

URL
fonts.gstatic.com/s/ubuntu/v20/4iCv6KVjbNBYlgoCxCvjtGyNL4U.woff2
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 18200, version 1.0\012- data
Size
18 kB (18200 bytes)
Hash
8c7519686a5ddf20a3981e660a5f2610
3e0d73d14e4892b36fb5c6a9854c7d2e6bec005a
caeaf02fa4a8a45438c270767c4e50fc7f3ed5f94a4c90984eaacb87c2e8a693

HTTP Headers

GET /s/ubuntu/v20/4iCv6KVjbNBYlgoCxCvjtGyNL4U.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://eatcells.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 18200
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 29 Nov 2023 21:48:56 GMT
expires: Thu, 28 Nov 2024 21:48:56 GMT
cache-control: public, max-age=31536000
age: 233251
last-modified: Wed, 27 Apr 2022 17:10:53 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

eatcells.com/skins/archer.png

94.130.177.84

62 kB

URL
eatcells.com/skins/archer.png
IP
94.130.177.84:0
ASN
#24940 Hetzner Online GmbH

File type
PNG image data, 512 x 512, 8-bit colormap, non-interlaced\012- data
Size
62 kB (61476 bytes)
Hash
4b06774da4a6ad9db34cf848b3cd4b71
4c741e2bbebdf13a77ebc1b4c4276193481f1b21
a0d189ff6399c664ee1deb4e5f9f4c33696f6ac39ffc940f4378c16a92af4493

HTTP Headers

GET /skins/archer.png HTTP/1.1
Host: eatcells.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eatcells.com/
Cookie: _ga_7KY1EBYBZS=GS1.1.1701527791.1.0.1701527791.0.0.0; _ga=GA1.1.1324869197.1701527792
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 02 Dec 2023 14:22:44 GMT
content-type: image/png
content-length: 61476
last-modified: Sun, 17 Feb 2019 12:59:34 GMT
etag: "5c695ab6-f024"
accept-ranges: bytes
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (22)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

HTTP Transactions (424)

URL

IP

ASN

File type

Size

Hash

HTTP Headers