Report - www.dump.xxx/xxx/791/Barely_Legal_Blonde_Assign_To_Porn

Report Overview

Submitted URL
www.dump.xxx/xxx/791/Barely_Legal_Blonde_Assign_To_Porn_Casting.html
IP
144.217.159.164
ASN
#16276 OVH SAS
Submitted
2022-12-09 16:24:16
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
40

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.4 kB	4.9 kB	216.58.211.3
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	52.42.148.177
e1.o.lencr.org	6159	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.4 kB	2.9 kB	95.101.11.115
ocsp.sca1b.amazontrust.com	1015	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	700 B	1.9 kB	54.230.245.110
simplewebanalysis.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	770 B	810 B	52.28.211.11
fairfaxgeorgianayourself.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	8.5 kB	38 kB	173.233.137.36
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	35.241.9.150
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	391 B	34.117.237.239
fonts.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	476 B	17 kB	142.250.74.35
www.google-analytics.com	40	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	369 B	21 kB	142.250.74.46
recesslikeness.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	444 B	467 B	192.243.61.225
cdn.creative-bars1.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.2 kB	19 kB	172.64.108.13
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	341 B	737 B	93.184.220.29
banquetunarmedgrater.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	371 B	327 B	192.243.59.12
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.8 kB	58 kB	34.120.237.76
cdn.cloudimagesb.com	23099	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	415 B	70 kB	45.133.44.10
unseenreport.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.1 kB	1.3 kB	192.243.59.13
friendshipmale.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	357 B	956 B	172.64.163.31
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	5.7 kB	15 kB	95.101.11.115
coreportions.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	786 B	36 kB	173.233.139.164
www.googletagmanager.com	75	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	381 B	44 kB	142.250.74.40
cdn.barscreative1.com	25648	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	443 B	386 B	45.133.44.3
www.dump.xxx	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	29 kB	1.1 MB	144.217.159.164
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-12-09	medium	simplewebanalysis.com/stats	Malware
2022-12-09	medium	simplewebanalysis.com/stats	Malware
2022-12-09	medium	cdn.barscreative1.com/sb/au/e6/d7/97/e6d797a3a7be0e7ec1877d1b33146dfa/1657714258.html	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-12-09	medium	coreportions.com	Sinkholed
2022-12-09	medium	coreportions.com	Sinkholed
2022-12-09	medium	fairfaxgeorgianayourself.com	Sinkholed
2022-12-09	medium	fairfaxgeorgianayourself.com	Sinkholed
2022-12-09	medium	fairfaxgeorgianayourself.com	Sinkholed
2022-12-09	medium	banquetunarmedgrater.com	Sinkholed
2022-12-09	medium	recesslikeness.com	Sinkholed
2022-12-09	medium	fairfaxgeorgianayourself.com	Sinkholed
2022-12-09	medium	fairfaxgeorgianayourself.com	Sinkholed
2022-12-09	medium	fairfaxgeorgianayourself.com	Sinkholed
2022-12-09	medium	fairfaxgeorgianayourself.com	Sinkholed
2022-12-09	medium	fairfaxgeorgianayourself.com	Sinkholed
2022-12-09	medium	fairfaxgeorgianayourself.com	Sinkholed
2022-12-09	medium	fairfaxgeorgianayourself.com	Sinkholed
2022-12-09	medium	unseenreport.com	Sinkholed
2022-12-09	medium	unseenreport.com	Sinkholed
2022-12-09	medium	unseenreport.com	Sinkholed

JavaScript (26)

	URL	Size	First Seen	Last Seen
	www.dump.xxx/xxx/791/Barely_Legal_Blonde_Assign_To_Porn_Casting.html	621 B	2023-03-09	2023-03-09
Pretty URL www.dump.xxx/xxx/791/Barely_Legal_Blonde_Assign_To_Porn_Casting.html IP 144.217.159.164 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:08:29 Last Seen2023-03-09 00:08:29 Times Seen1 Hash b3157e53055800faeab11fb9505aa9f6 e9852768609ffc10c9d091897bcbe85106fb703c 3a1f6c2aacce8809d5b05bc204428615b6be8f4c7b66ccb97e1cbac0f555382a Loading...

	coreportions.com/67/2d/85/672d85ea2c0a2440ce89a486df2fb3d3.js	60 kB	2023-03-09	2023-03-09
Pretty URL coreportions.com/67/2d/85/672d85ea2c0a2440ce89a486df2fb3d3.js IP 173.233.139.164 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:08:29 Last Seen2023-03-09 00:08:29 Times Seen1 Hash 465cedfb0644b57db5e611e8f077f1de ce38bdbca213e9372f69b14f7e6e871806d7a5bf a25e3748024ca7f87cbd75a9e213014b5484ef53b3ec8064e3d4834ae259b4e0 Loading...

	www.google-analytics.com/analytics.js	50 kB	2023-03-08	2024-04-27
Pretty URL www.google-analytics.com/analytics.js IP 142.250.74.46 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 05:22:31 Last Seen2024-04-27 02:03:36 Times Seen1536 Hash fda30e8a22c9bcd954fd8d0fadd0e77c ae47cd34cbde081a48d7f92fc80aaf06a1381193 b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719 Loading...

	www.dump.xxx/xxx/791/Barely_Legal_Blonde_Assign_To_Porn_Casting.html	2.7 kB	2023-03-08	2024-04-21
Pretty URL www.dump.xxx/xxx/791/Barely_Legal_Blonde_Assign_To_Porn_Casting.html IP 144.217.159.164 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 19:37:41 Last Seen2024-04-21 03:51:10 Times Seen143 Hash e455d04c2f3393d55dda4b980c0f7af8 0c90f0f4d2cc917d70c2e05cdee81714af30c548 c506fe36b8cdccf17c02e9693900418ab5412d8851390e42e01a861544b68774 Loading...

	www.dump.xxx/templates/dump_tube/js/bootstrap.min.js+lazyload.min.js.pagespeed.jc.M3XZ4xSlvO.js	75 kB	2023-03-09	2023-03-09
Pretty URL www.dump.xxx/templates/dump_tube/js/bootstrap.min.js+lazyload.min.js.pagespeed.jc.M3XZ4xSlvO.js IP 144.217.159.164 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:08:30 Last Seen2023-03-09 00:08:30 Times Seen1 Hash 3375d9e314a5bce721e73737408f40fa 49e3d3ff275ef42950677fdbe0ec18ef60e87be2 94b76defd57cc458693086c5fe8be0a011f2c911983b2daea35835a41c8d3a48 Loading...

	www.dump.xxx/xxx/791/_,Mjo.S3MGhoEYDR.js.pagespeed.jm.qSVd1Dfm3m.js	4.0 kB	2023-03-09	2023-03-09
Pretty URL www.dump.xxx/xxx/791/_,Mjo.S3MGhoEYDR.js.pagespeed.jm.qSVd1Dfm3m.js IP 144.217.159.164 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:08:30 Last Seen2023-03-09 00:08:30 Times Seen1 Hash a9255dd437e6de6cb4595906db25b745 087a1c50b985ccc109dd95c378c0589ca66597ee f019a833f9a46a3b7eead3f4af9f6fdbd05e39d1692f6f8b31caf0b7fcccc261 Loading...

	www.dump.xxx/xxx/791/Barely_Legal_Blonde_Assign_To_Porn_Casting.html	31 B	2023-03-09	2023-03-09
Pretty URL www.dump.xxx/xxx/791/Barely_Legal_Blonde_Assign_To_Porn_Casting.html IP 144.217.159.164 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:08:30 Last Seen2023-03-09 00:08:30 Times Seen1 Hash 7ab95b8e155215cfa83bf9d79f805e9d f92481740478593da1eb4afbfc0f82bb99d50f09 e0def6eb6f014766c4b6a18e2d9ca907066ee7b22bbd80a0930f9df8c78d2157 Loading...

	www.dump.xxx/xxx/791/Barely_Legal_Blonde_Assign_To_Porn_Casting.html	844 B	2023-03-09	2023-03-09
Pretty URL www.dump.xxx/xxx/791/Barely_Legal_Blonde_Assign_To_Porn_Casting.html IP 144.217.159.164 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:08:30 Last Seen2023-03-09 00:08:30 Times Seen1 Hash b0bf1821d419ea879a2bb31ee433305b d0e9319fc65f73aec3a443cda07d9521d4944443 2d850a41f477141e577276f992fa89e381e856496b85bbddd60e840f158dabee Loading...

	www.dump.xxx/xxx/791/Barely_Legal_Blonde_Assign_To_Porn_Casting.html	134 B	2023-03-08	2023-03-09
Pretty URL www.dump.xxx/xxx/791/Barely_Legal_Blonde_Assign_To_Porn_Casting.html IP 144.217.159.164 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 19:37:41 Last Seen2023-03-09 00:08:30 Times Seen1 Hash 241d5ddcd96a21cdef229077264ce576 77dd06b43bd03b7553e42cbba930fbef046ed3dd 8dc8790d0cec9e465eccddcaaf8b577cdb233b1790b9fbc0b004fbfca05dfa04 Loading...

	www.googletagmanager.com/gtag/js?id=UA-8881943-10	112 kB	2023-03-09	2023-03-09
Pretty URL www.googletagmanager.com/gtag/js?id=UA-8881943-10 IP 142.250.74.40 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:08:30 Last Seen2023-03-09 00:08:30 Times Seen1 Hash 8a3b8b9a60ee8f77b88b5a965a2054b7 75c58c9ce1de0c093acf32fac0ec7623f78343dc 7f577b7c6fa8d553104f443ec1c1fe6d38e8b8c687fba69f710e2043b9a3cfb2 Loading...

	www.dump.xxx/xxx/791/Barely_Legal_Blonde_Assign_To_Porn_Casting.html	79 B	2023-03-08	2023-03-09
Pretty URL www.dump.xxx/xxx/791/Barely_Legal_Blonde_Assign_To_Porn_Casting.html IP 144.217.159.164 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 19:37:41 Last Seen2023-03-09 00:08:30 Times Seen1 Hash c89f94c91e85b0f0b89dcf9d7e0cb8d0 c1f56095c6534dbc5a1e82d65ced8d6654ad9f79 ce80306383abc90e67fe6e4f66cb0b254eb111dec6d96f1195c0929f4d2358db Loading...

	www.dump.xxx/templates/dump_tube/js/jQuery_v1.12.4.min.js.pagespeed.jm.29OAZzvhfX.js	97 kB	2023-03-07	2024-02-29
Pretty URL www.dump.xxx/templates/dump_tube/js/jQuery_v1.12.4.min.js.pagespeed.jm.29OAZzvhfX.js IP 144.217.159.164 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:41:15 Last Seen2024-02-29 11:16:51 Times Seen218 Hash dbd380673be17d7de1999d7b81cb58b2 fa9190517fb3833652b294904ac33925704daec3 c5aff4c33cfd63995781d8918e4c77753c1151bc3179efbd19f0ef0946d2a103 Loading...

	cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/js/jquery.min.js	90 kB	2023-03-07	2024-04-26
Pretty URL cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/js/jquery.min.js IP 172.64.108.13 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:04:00 Last Seen2024-04-26 16:15:26 Times Seen3744 Hash 561acb3e541133bbdd2c0c19f8ee35a1 ffd1353cf3f77d25f801c84d8208613eb0d3d548 9fde6da568db31801e29243a903bf24f342256b41e3c01e7d018ff7c566ce7fc Loading...

	http:blank	565 B	2023-03-08	2023-05-12
Pretty URL http:blank IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 19:37:41 Last Seen2023-05-12 13:18:36 Times Seen4 Hash 13540e6d3cfcba6b45ae8fcfe9bbd10d e552917b77b0a447236609f937a57f5414faf9e3 d3e299c383668268fe3bd2424b8857997e14a9b273f8e6a076f453bc54c4e0e4 Loading...

	www.dump.xxx/xxx/791/Barely_Legal_Blonde_Assign_To_Porn_Casting.html	192 B	2023-03-09	2023-03-09
Pretty URL www.dump.xxx/xxx/791/Barely_Legal_Blonde_Assign_To_Porn_Casting.html IP 144.217.159.164 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:08:30 Last Seen2023-03-09 00:08:30 Times Seen1 Hash b23d730b8811b7a5433e93bf1934a312 49bfd2ccba2ac33234372af0638cf07eab594d35 062142ab092da97fd2276817fe75844ded55300d65990d2328d95b6f17cf23b8 Loading...

	www.dump.xxx/xxx/791/_,Mjo.Q8Szk-jnGf.js.pagespeed.jm.rtj3ylCGpu.js	46 kB	2023-03-09	2023-03-09
Pretty URL www.dump.xxx/xxx/791/_,Mjo.Q8Szk-jnGf.js.pagespeed.jm.rtj3ylCGpu.js IP 144.217.159.164 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:08:30 Last Seen2023-03-09 00:08:30 Times Seen1 Hash aed8f7ca5086a6e8d038707b0a28563a 3cb0a64c187227fa3aed36bce8d3743aed9a3750 20caabeedf5f79463a5d1c54b45db6e79f60f4306c4d674ea3739835db4b4f52 Loading...

	www.dump.xxx/xxx/791/Barely_Legal_Blonde_Assign_To_Porn_Casting.html	31 B	2023-03-09	2023-03-09
Pretty URL www.dump.xxx/xxx/791/Barely_Legal_Blonde_Assign_To_Porn_Casting.html IP 144.217.159.164 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:08:30 Last Seen2023-03-09 00:08:30 Times Seen1 Hash d24e36853c6e7bfb5ec931436cb0f0c2 6251843d7104f1f635fce8cdfb735cc733797fac 386d6ae5fc7b7aeb1d2c71fc8367e033376f0509fa2797c6047afe40572eedd9 Loading...

	www.dump.xxx/templates/dump_tube/js/jquery.tinyscrollbar.min.js.pagespeed.jm.3FxXIp0s1A.js	3.9 kB	2023-03-09	2023-03-09
Pretty URL www.dump.xxx/templates/dump_tube/js/jquery.tinyscrollbar.min.js.pagespeed.jm.3FxXIp0s1A.js IP 144.217.159.164 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:08:30 Last Seen2023-03-09 00:08:30 Times Seen1 Hash dc5c57229d2cd40846076c308371e437 dc885bff6dfe76d0c5ad99cedd7be94a43a02be1 4cd4427ca440f7b8e4bb1b59bf8a855043811771697d01e04afc5deeb6365404 Loading...

	coreportions.com/10/53/04/105304e684ccab534731149ed1bdf124.js	37 kB	2023-03-09	2023-03-09
Pretty URL coreportions.com/10/53/04/105304e684ccab534731149ed1bdf124.js IP 173.233.139.164 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:08:30 Last Seen2023-03-09 00:08:30 Times Seen1 Hash 430632092c5762e4da060ae035dfa44c 74eebf5b72b3e5809374f3acfaed115ef24f712b 826ea482964d101b4152d5a9e1f8d5274eddadd8f266b4f446c69a67fbac78d6 Loading...

	www.dump.xxx/xxx/791/Barely_Legal_Blonde_Assign_To_Porn_Casting.html	331 B	2023-03-09	2023-03-09
Pretty URL www.dump.xxx/xxx/791/Barely_Legal_Blonde_Assign_To_Porn_Casting.html IP 144.217.159.164 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:08:30 Last Seen2023-03-09 00:08:30 Times Seen1 Hash 3914fb1bcc43ba359d7cdeee64500ead 27f01aa81c509a434a642676284741252d7adfea 08a3c09f02cfd7d9f419a82ce27bba1d0c5c7fe06b449198c8b6f360054b5e60 Loading...

	fairfaxgeorgianayourself.com/43/9b/c9/439bc92bde6d9b897c90c9694312cc38.js	86 kB	2023-03-09	2023-03-09
Pretty URL fairfaxgeorgianayourself.com/43/9b/c9/439bc92bde6d9b897c90c9694312cc38.js IP 173.233.137.36 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:08:30 Last Seen2023-03-09 00:08:30 Times Seen1 Hash a62c7c2f079938d7401821cf34d5eee0 7600c4a73b6c08e72e2aeb380bf4f290837a1e79 0cb4ec6822b5468db8dc2b700a38bc830b9051fa51f4b08825f9d4624dcc7f78 Loading...

	banquetunarmedgrater.com/advertisers.js	0 B	2023-03-07	2024-04-27
Pretty URL banquetunarmedgrater.com/advertisers.js IP 192.243.59.12 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-27 06:29:01 Times Seen37112351 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	www.dump.xxx/templates/dump_tube/js/bootstrap-select.min.js.pagespeed.jm.r7oG0__Cuc.js	33 kB	2023-03-09	2023-12-03
Pretty URL www.dump.xxx/templates/dump_tube/js/bootstrap-select.min.js.pagespeed.jm.r7oG0__Cuc.js IP 144.217.159.164 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:08:30 Last Seen2023-12-03 09:29:25 Times Seen5 Hash afba06d3ffc2b9cb68727c50d7df0872 fb084a5cb3802400f26659c9fbf1de7724321ad2 df5c35b2303cddcbd42aeb142a24e14393f766750eace17be217a14ef7788a14 Loading...

	www.dump.xxx/templates/dump_tube/js/functions.js.pagespeed.jm.0knEcl_q6V.js	15 kB	2023-03-09	2023-03-09
Pretty URL www.dump.xxx/templates/dump_tube/js/functions.js.pagespeed.jm.0knEcl_q6V.js IP 144.217.159.164 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:08:30 Last Seen2023-03-09 00:08:30 Times Seen1 Hash d249c4725feae95d23b3d20d734eb972 2a03938c6fd64b2175ed0c4f94d53f288948eeb2 2f816346f95ed2106c09a92884ed59ab758493fb1d77c04301e3d170518bf5f3 Loading...

		Size	First Seen	Last Seen
	#1 Eval - d9d919c814d181c5ff374804913b61b2	70 kB	2023-03-09	2023-03-09
Pretty Observations First Seen2023-03-09 00:08:30 Last Seen2023-03-09 00:08:30 Times Seen1 Hash d9d919c814d181c5ff374804913b61b2 2a897b447ad45ab5fc5660cebd322626d4f1b112 627e36aac9c8c2153c1e8dbe0411f025d5d673a0090f7f68ba3bf612ebe9a5cf Loading...

	#2 Eval - 35047deb52d6a4c20adb32affe6c0b0d	2.6 kB	2023-03-09	2024-01-29
Pretty Observations First Seen2023-03-09 00:08:30 Last Seen2024-01-29 01:12:40 Times Seen18 Hash 35047deb52d6a4c20adb32affe6c0b0d 7462dc0d35d0996c3e8695d8803ea09e5070a47d 4a87812a874e0eb2839ff3fc2635d2c3a05754a7ff62fc48015ba3cb4d099b20 Loading...

HTTP Transactions (121)

URL IP Response Size

www.dump.xxx/xxx/791/Barely_Legal_Blonde_Assign_To_Porn_Casting.html

144.217.159.164

301 Moved Permanently

284 B

URL HTTP/1.1
www.dump.xxx/xxx/791/Barely_Legal_Blonde_Assign_To_Porn_Casting.html
IP
144.217.159.164:0
ASN
#16276 OVH SAS

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
284 B (284 bytes)
Hash
e6ae2a376cc6be51336561b95265c367
10b0a503430cce0a81b25384823d7811b9873b37
afcec90f20fec0de72e518d4ca24d57ef21e99d21ce3ccf971a11ba7f8cd4f40

HTTP Headers

GET /xxx/791/Barely_Legal_Blonde_Assign_To_Porn_Casting.html HTTP/1.1
Host: www.dump.xxx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Fri, 09 Dec 2022 16:24:04 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 284
Connection: keep-alive
Location: https://www.dump.xxx/xxx/791/Barely_Legal_Blonde_Assign_To_Porn_Casting.html
Cache-Control: max-age=1
Expires: Fri, 09 Dec 2022 16:24:05 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7181eff9c60e83eb0004ece591e47dca
0fd8cd0c9d10b0547938982e57d2c43e2d98679f
89c5c0e2d6890798644174a8e31976aec03a1b3deb03812afbb520e5ed68f522

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "89C5C0E2D6890798644174A8E31976AEC03A1B3DEB03812AFBB520E5ED68F522"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2699
Expires: Fri, 09 Dec 2022 17:09:03 GMT
Date: Fri, 09 Dec 2022 16:24:04 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
388f6fea5bafa378266622b72311a6ee
447f102dc12172ce1ba44c5e94e1d7bb49d43372
a597afb4d4f7f3c82f0f2857322226fc69dc92e099bfd0605f7a0cd562be9d21

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A597AFB4D4F7F3C82F0F2857322226FC69DC92E099BFD0605F7A0CD562BE9D21"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6933
Expires: Fri, 09 Dec 2022 18:19:37 GMT
Date: Fri, 09 Dec 2022 16:24:04 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
b44c4b5daa307a355e7bab1c83c1ca82
dbd14cd873f1dd4502f277b3f51cb7bc8da0c080
fd4604461cfa002c8a261bb14eb8dda56817db231b9012b2eb38d6dbc2674df5

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Alert, Retry-After, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 09 Dec 2022 16:08:19 GMT
content-type: application/json
age: 945
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
4ee537977be9c03702f8ffe0025bf1fe
21637881c4aa34c4add703f8bff4eff573159f45
4819229fd8f502a0c68c80bd7409e104c1b4d1a98ca8a6cd9deba629b1511aea

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4819229FD8F502A0C68C80BD7409E104C1B4D1A98CA8A6CD9DEBA629B1511AEA"
Last-Modified: Thu, 08 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9374
Expires: Fri, 09 Dec 2022 19:00:18 GMT
Date: Fri, 09 Dec 2022 16:24:04 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: 4QNmLRlEzaUqn2MPnqhlXYV+kl3clGXHkLGccquE/vZWMQnJ/gKGWIn27949PLOo8zwJ+BtiMWc=
x-amz-request-id: 25DPZ0R1EH5VQJTC
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 09 Dec 2022 15:48:23 GMT
age: 2141
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 16:24:04 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Last-Modified, ETag, Cache-Control, Alert, Content-Length, Pragma, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 09 Dec 2022 16:07:55 GMT
age: 970
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
e6be4d2155028ffff5d01ab6e7edf6da
07172071b5cf43c4cd7d7930b4ad8518ec1e32e9
4d8a5fa2362fd0910babd6d128d850d4460829468eb23d34ee5ee6eaa42d5a38

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2503
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 16:24:05 GMT
Last-Modified: Fri, 09 Dec 2022 15:42:22 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471

www.dump.xxx/templates/dump_tube/css/A.style.css.pagespeed.cf.2azX20yOiJ.css

144.217.159.164

200 OK

28 kB

URL HTTP/2
www.dump.xxx/templates/dump_tube/css/A.style.css.pagespeed.cf.2azX20yOiJ.css
IP
144.217.159.164:0
ASN
#16276 OVH SAS

File type
ASCII text, with very long lines (65536), with no line terminators
Size
28 kB (28231 bytes)
Hash
348ef0e7256f9878691f0aa9352d3b71
cbab23613eaf570800c1c42f991143f7b039c99a
47b4241e297f90dab831880c91e3097e858e8e4a1adea340519bfc8612c979e9

HTTP Headers

GET /templates/dump_tube/css/A.style.css.pagespeed.cf.2azX20yOiJ.css HTTP/1.1
Host: www.dump.xxx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dump.xxx/xxx/791/Barely_Legal_Blonde_Assign_To_Porn_Casting.html
Cookie: PHPSESSID=47f7a4f18eefdd3c087e7de44bb557d3
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: text/css
front-end-https: on
date: Fri, 09 Dec 2022 13:20:40 GMT
expires: Sat, 09 Dec 2023 13:20:40 GMT
cache-control: max-age=31536000
etag: W/"0"
last-modified: Fri, 09 Dec 2022 13:20:40 GMT
x-original-content-length: 149712
vary: Accept-Encoding
content-encoding: gzip
content-length: 28231
x-page-speed: 1.13.35.2-0
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
bf8858fa52de668b0013cf9ce66d290c
9c319173ee6a48c6e717e9e8764008564aabe7ba
93df528ead5887cbbcf51f83c9e6ffa451861ae3145296ab3dfc269067080933

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 16:24:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googletagmanager.com/gtag/js?id=UA-8881943-10

142.250.74.40

200 OK

44 kB

URL HTTP/2
www.googletagmanager.com/gtag/js?id=UA-8881943-10
IP
142.250.74.40:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1921)
Size
44 kB (43593 bytes)
Hash
3e97cb7121fa1fae5c278d934da0087a
016ffb70a4d3790271ac7a45c76d90d9da602a76
88b1e5afbad300b403ea535b2ce7a93e4dbea0675fde74b24497d4e27a217bad

HTTP Headers

GET /gtag/js?id=UA-8881943-10 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dump.xxx/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 09 Dec 2022 16:24:05 GMT
expires: Fri, 09 Dec 2022 16:24:05 GMT
cache-control: private, max-age=900
last-modified: Fri, 09 Dec 2022 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43593
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
bf8858fa52de668b0013cf9ce66d290c
9c319173ee6a48c6e717e9e8764008564aabe7ba
93df528ead5887cbbcf51f83c9e6ffa451861ae3145296ab3dfc269067080933

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 16:24:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.dump.xxx/templates/dump_tube/js/jQuery_v1.12.4.min.js.pagespeed.jm.29OAZzvhfX.js

144.217.159.164

200 OK

34 kB

URL HTTP/2
www.dump.xxx/templates/dump_tube/js/jQuery_v1.12.4.min.js.pagespeed.jm.29OAZzvhfX.js
IP
144.217.159.164:0
ASN
#16276 OVH SAS

File type
ASCII text, with very long lines (65536), with no line terminators
Size
34 kB (33689 bytes)
Hash
3d98dcea67fce498b3dc85211308b1e5
dc3b3a6e02ba655ec35c2d1dc42cd4ae62c33313
e227b6a40c6d8c90a0022562120f1011e275d07cc5e16e0239b068a3993841b7

HTTP Headers

GET /templates/dump_tube/js/jQuery_v1.12.4.min.js.pagespeed.jm.29OAZzvhfX.js HTTP/1.1
Host: www.dump.xxx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dump.xxx/xxx/791/Barely_Legal_Blonde_Assign_To_Porn_Casting.html
Cookie: PHPSESSID=47f7a4f18eefdd3c087e7de44bb557d3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: application/javascript
front-end-https: on
date: Fri, 09 Dec 2022 13:10:48 GMT
expires: Sat, 09 Dec 2023 13:10:48 GMT
cache-control: max-age=31536000
etag: W/"0"
last-modified: Fri, 09 Dec 2022 13:10:48 GMT
x-original-content-length: 97166
vary: Accept-Encoding
content-encoding: gzip
content-length: 33689
x-page-speed: 1.13.35.2-0
X-Firefox-Spdy: h2

www.dump.xxx/xxx/791/_,Mjo.S3MGhoEYDR.js.pagespeed.jm.qSVd1Dfm3m.js

144.217.159.164

200 OK

1.8 kB

URL HTTP/2
www.dump.xxx/xxx/791/_,Mjo.S3MGhoEYDR.js.pagespeed.jm.qSVd1Dfm3m.js
IP
144.217.159.164:0
ASN
#16276 OVH SAS

File type
ASCII text, with very long lines (3987), with no line terminators
Size
1.8 kB (1848 bytes)
Hash
18e7286d004f0bc42a34695d523d1623
c098c70f41db388a0cb48ef8bdf3e656ab277316
2a9661032ba2b810ce990cea00e9d56d6432664dbd60a0edc4a4a3054599f764

HTTP Headers

GET /xxx/791/_,Mjo.S3MGhoEYDR.js.pagespeed.jm.qSVd1Dfm3m.js HTTP/1.1
Host: www.dump.xxx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dump.xxx/xxx/791/Barely_Legal_Blonde_Assign_To_Porn_Casting.html
Cookie: PHPSESSID=47f7a4f18eefdd3c087e7de44bb557d3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: application/javascript
date: Fri, 09 Dec 2022 16:24:05 GMT
expires: Sat, 09 Dec 2023 16:24:05 GMT
cache-control: max-age=31536000
etag: W/"0"
last-modified: Fri, 09 Dec 2022 16:24:05 GMT
x-original-content-length: 3997
vary: Accept-Encoding
content-encoding: gzip
content-length: 1848
x-page-speed: 1.13.35.2-0
X-Firefox-Spdy: h2

www.dump.xxx/media/thumbs/embedded/1436.jpg

144.217.159.164

200 OK

15 kB

URL HTTP/2
www.dump.xxx/media/thumbs/embedded/1436.jpg
IP
144.217.159.164:0
ASN
#16276 OVH SAS

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 278x170, components 3\012- data
Size
15 kB (15180 bytes)
Hash
7b1f34276e88eedd96c06da8789af00b
05867a2513ecb01f59e7c82091dc68312eeee792
d0f1410d7b03ce24bb7c9c519faebabaa669cf3075ad422998235c9f81a0bf45

HTTP Headers

GET /media/thumbs/embedded/1436.jpg HTTP/1.1
Host: www.dump.xxx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dump.xxx/xxx/791/Barely_Legal_Blonde_Assign_To_Porn_Casting.html
Cookie: PHPSESSID=47f7a4f18eefdd3c087e7de44bb557d3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/jpeg
content-length: 15180
last-modified: Sat, 06 Nov 2021 17:10:06 GMT
accept-ranges: bytes
expires: Sun, 08 Jan 2023 15:46:03 GMT
vary: User-Agent
front-end-https: on
date: Fri, 09 Dec 2022 15:46:03 GMT
etag: W/"PSA-ex80J26I7t"
cache-control: max-age=2592000, public, s-maxage=10
X-Firefox-Spdy: h2

www.dump.xxx/media/thumbs/embedded/2376.jpg

144.217.159.164

200 OK

18 kB

URL HTTP/2
www.dump.xxx/media/thumbs/embedded/2376.jpg
IP
144.217.159.164:0
ASN
#16276 OVH SAS

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 278x170, components 3\012- data
Size
18 kB (17844 bytes)
Hash
55d40242c676332125d8ebedcb0d3900
7ef2c09f329314b407a4c6601e6a8fa5d4ea060c
2c6c8b380435308c6b4e88d1ee30b328947825858f839c85a47c97aabe9d4fb0

HTTP Headers

GET /media/thumbs/embedded/2376.jpg HTTP/1.1
Host: www.dump.xxx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dump.xxx/xxx/791/Barely_Legal_Blonde_Assign_To_Porn_Casting.html
Cookie: PHPSESSID=47f7a4f18eefdd3c087e7de44bb557d3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/jpeg
content-length: 17844
last-modified: Sat, 06 Nov 2021 17:10:25 GMT
accept-ranges: bytes
expires: Sun, 08 Jan 2023 14:34:10 GMT
vary: User-Agent
front-end-https: on
date: Fri, 09 Dec 2022 14:34:12 GMT
cache-control: max-age=2592000, public
etag: W/"PSA-VdQCQsZ2My"
X-Firefox-Spdy: h2

www.dump.xxx/media/thumbs/embedded/779.jpg

144.217.159.164

200 OK

18 kB

URL HTTP/2
www.dump.xxx/media/thumbs/embedded/779.jpg
IP
144.217.159.164:0
ASN
#16276 OVH SAS

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 278x170, components 3\012- data
Size
18 kB (18012 bytes)
Hash
e6a29f11ed39762ca5587bac55c07fce
acbba0e13479b045bcc75eb9587da6a802cc4772
270b245b57cff9a01d8f662c1f5daf441db235b03d1d04c5c0f7d517d856189d

HTTP Headers

GET /media/thumbs/embedded/779.jpg HTTP/1.1
Host: www.dump.xxx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dump.xxx/xxx/791/Barely_Legal_Blonde_Assign_To_Porn_Casting.html
Cookie: PHPSESSID=47f7a4f18eefdd3c087e7de44bb557d3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/jpeg
content-length: 18012
last-modified: Sat, 06 Nov 2021 17:09:54 GMT
accept-ranges: bytes
expires: Sun, 08 Jan 2023 13:34:37 GMT
vary: User-Agent
front-end-https: on
date: Fri, 09 Dec 2022 13:34:37 GMT
cache-control: max-age=2592000, public
etag: W/"PSA-5qKfEe05di"
X-Firefox-Spdy: h2

www.dump.xxx/media/thumbs/embedded/2492.jpg

144.217.159.164

200 OK

13 kB

URL HTTP/2
www.dump.xxx/media/thumbs/embedded/2492.jpg
IP
144.217.159.164:0
ASN
#16276 OVH SAS

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 278x170, components 3\012- data
Size
13 kB (12917 bytes)
Hash
834acd26a90c161e868f3d3bf99de203
5433ea1f90fe6abc346480238390ccf9cfee0f1f
7268f499adcf8ef045202760b41f6c893d73d95024bd1e86d9f1a9e950b8c62d

HTTP Headers

GET /media/thumbs/embedded/2492.jpg HTTP/1.1
Host: www.dump.xxx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dump.xxx/xxx/791/Barely_Legal_Blonde_Assign_To_Porn_Casting.html
Cookie: PHPSESSID=47f7a4f18eefdd3c087e7de44bb557d3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/jpeg
content-length: 12917
last-modified: Sat, 06 Nov 2021 17:10:27 GMT
accept-ranges: bytes
expires: Sun, 08 Jan 2023 13:31:47 GMT
vary: User-Agent
front-end-https: on
date: Fri, 09 Dec 2022 13:31:47 GMT
cache-control: max-age=2592000, public
etag: W/"PSA-g0rNJqkMFh"
X-Firefox-Spdy: h2

push.services.mozilla.com/

52.42.148.177

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.42.148.177:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: O3hb0JJ0/BUzID8hkAuIDA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 7Rj1HWahz9M+n8NS24f42urYcsU=

www.dump.xxx/media/thumbs/embedded/2183.jpg

144.217.159.164

200 OK

15 kB

URL HTTP/2
www.dump.xxx/media/thumbs/embedded/2183.jpg
IP
144.217.159.164:0
ASN
#16276 OVH SAS

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 278x170, components 3\012- data
Size
15 kB (14643 bytes)
Hash
e53c12c5355cf2da27a2e8ebd392c556
b7c4817ad86dc84a6cf234106f1f286515ca4019
3de944982651f352df2c792fe68e81e7be7d0de2fb661d77afcb80d2c2d14c8e

HTTP Headers

GET /media/thumbs/embedded/2183.jpg HTTP/1.1
Host: www.dump.xxx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dump.xxx/xxx/791/Barely_Legal_Blonde_Assign_To_Porn_Casting.html
Cookie: PHPSESSID=47f7a4f18eefdd3c087e7de44bb557d3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/jpeg
content-length: 14643
last-modified: Sat, 06 Nov 2021 17:10:20 GMT
accept-ranges: bytes
expires: Sun, 08 Jan 2023 16:04:06 GMT
vary: User-Agent
front-end-https: on
date: Fri, 09 Dec 2022 16:04:07 GMT
etag: W/"PSA-5TwSxTVc8t"
cache-control: max-age=2592000, public, s-maxage=10
X-Firefox-Spdy: h2

www.dump.xxx/media/thumbs/embedded/502.jpg

144.217.159.164

200 OK

14 kB

URL HTTP/2
www.dump.xxx/media/thumbs/embedded/502.jpg
IP
144.217.159.164:0
ASN
#16276 OVH SAS

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 278x170, components 3\012- data
Size
14 kB (14432 bytes)
Hash
45778783c5a149ab5bd49fb9483bdf48
b61c6a10f643622c7e492d68a4e57a86a47a56c1
a768910623704766fb861c922cb5de2f889759d095dee9444a7e73a1190b2950

HTTP Headers

GET /media/thumbs/embedded/502.jpg HTTP/1.1
Host: www.dump.xxx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dump.xxx/xxx/791/Barely_Legal_Blonde_Assign_To_Porn_Casting.html
Cookie: PHPSESSID=47f7a4f18eefdd3c087e7de44bb557d3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 16:24:05 GMT
content-type: image/jpeg
content-length: 14432
last-modified: Sat, 06 Nov 2021 17:09:49 GMT
accept-ranges: bytes
expires: Sun, 08 Jan 2023 16:24:05 GMT
vary: User-Agent
front-end-https: on
cache-control: max-age=2592000, public, s-maxage=10
X-Firefox-Spdy: h2

www.dump.xxx/media/thumbs/embedded/936.jpg

144.217.159.164

200 OK

18 kB

URL HTTP/2
www.dump.xxx/media/thumbs/embedded/936.jpg
IP
144.217.159.164:0
ASN
#16276 OVH SAS

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 278x170, components 3\012- data
Size
18 kB (18423 bytes)
Hash
8aa1bf002f94225812efd9ea6fb0d8a1
4128ecb62fb8c049b5b79144ba14cd558330af8d
107278b29e62d7d822e6e9a16c81514a626c86263fc4567db7e7e470ad4233ea

HTTP Headers

GET /media/thumbs/embedded/936.jpg HTTP/1.1
Host: www.dump.xxx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dump.xxx/xxx/791/Barely_Legal_Blonde_Assign_To_Porn_Casting.html
Cookie: PHPSESSID=47f7a4f18eefdd3c087e7de44bb557d3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 16:24:05 GMT
content-type: image/jpeg
content-length: 18423
last-modified: Sat, 06 Nov 2021 17:09:56 GMT
accept-ranges: bytes
expires: Sun, 08 Jan 2023 16:24:05 GMT
vary: User-Agent
front-end-https: on
cache-control: max-age=2592000, public, s-maxage=10
X-Firefox-Spdy: h2

www.dump.xxx/media/thumbs/embedded/2426.jpg

144.217.159.164

200 OK

14 kB

URL HTTP/2
www.dump.xxx/media/thumbs/embedded/2426.jpg
IP
144.217.159.164:0
ASN
#16276 OVH SAS

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 278x170, components 3\012- data
Size
14 kB (13493 bytes)
Hash
a85d9f97422ee511384f53db9a164c99
14e10f9fd43308e98f59a09c18f0d2a5c1183aee
e1d6bbd34a74f339b02bee665c81ebbe843bc5f82a371ecc3931aa4a2bcc3d14

HTTP Headers

GET /media/thumbs/embedded/2426.jpg HTTP/1.1
Host: www.dump.xxx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dump.xxx/xxx/791/Barely_Legal_Blonde_Assign_To_Porn_Casting.html
Cookie: PHPSESSID=47f7a4f18eefdd3c087e7de44bb557d3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/jpeg
content-length: 13493
last-modified: Sat, 06 Nov 2021 17:10:26 GMT
accept-ranges: bytes
expires: Sun, 08 Jan 2023 13:05:04 GMT
vary: User-Agent
front-end-https: on
date: Fri, 09 Dec 2022 13:05:04 GMT
cache-control: max-age=2592000, public
etag: W/"PSA-qF2fl0Iu5R"
X-Firefox-Spdy: h2

www.dump.xxx/media/thumbs/6/1/d/e/0/561ddfbec28379.mp4/561ddfbec28379.mp4-1.jpg

144.217.159.164

200 OK

11 kB

URL HTTP/2
www.dump.xxx/media/thumbs/6/1/d/e/0/561ddfbec28379.mp4/561ddfbec28379.mp4-1.jpg
IP
144.217.159.164:0
ASN
#16276 OVH SAS

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 278x170, components 3\012- data
Size
11 kB (11327 bytes)
Hash
784da035644ed50f23284eb5ae56f6d5
e6a023c6a30754aae8635505ea43d761b35e1f59
4188e14c3ec9b2647fc27250fa364f0782f26edf56f7e6e8108448f80b5d4858

HTTP Headers

GET /media/thumbs/6/1/d/e/0/561ddfbec28379.mp4/561ddfbec28379.mp4-1.jpg HTTP/1.1
Host: www.dump.xxx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dump.xxx/xxx/791/Barely_Legal_Blonde_Assign_To_Porn_Casting.html
Cookie: PHPSESSID=47f7a4f18eefdd3c087e7de44bb557d3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/jpeg
content-length: 11327
last-modified: Tue, 11 Jan 2022 22:25:54 GMT
accept-ranges: bytes
expires: Sun, 08 Jan 2023 13:49:23 GMT
vary: User-Agent
front-end-https: on
date: Fri, 09 Dec 2022 13:49:23 GMT
cache-control: max-age=2592000, public
etag: W/"PSA-eE2gNWRO1Q"
X-Firefox-Spdy: h2

www.dump.xxx/media/thumbs/embedded/1410.jpg

144.217.159.164

200 OK

15 kB

URL HTTP/2
www.dump.xxx/media/thumbs/embedded/1410.jpg
IP
144.217.159.164:0
ASN
#16276 OVH SAS

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 278x170, components 3\012- data
Size
15 kB (14973 bytes)
Hash
e86c36f41ac26bfd35ff2858cbfd82bb
842160d0d318e7f12b5457165bc99ee9bb416afe
943da8eb9581e30764ba688178df17664e42bb8acae76440a024db1f839fc6e2

HTTP Headers

GET /media/thumbs/embedded/1410.jpg HTTP/1.1
Host: www.dump.xxx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dump.xxx/xxx/791/Barely_Legal_Blonde_Assign_To_Porn_Casting.html
Cookie: PHPSESSID=47f7a4f18eefdd3c087e7de44bb557d3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/jpeg
content-length: 14973
last-modified: Sat, 06 Nov 2021 17:10:05 GMT
accept-ranges: bytes
expires: Sun, 08 Jan 2023 13:03:04 GMT
vary: User-Agent
front-end-https: on
date: Fri, 09 Dec 2022 13:03:04 GMT
cache-control: max-age=2592000, public
etag: W/"PSA-6Gw29BrCa_"
X-Firefox-Spdy: h2

www.dump.xxx/media/thumbs/6/3/4/6/7/563466fe28a422.mp4/563466fe28a422.mp4-1.jpg

144.217.159.164

200 OK

13 kB

URL HTTP/2
www.dump.xxx/media/thumbs/6/3/4/6/7/563466fe28a422.mp4/563466fe28a422.mp4-1.jpg
IP
144.217.159.164:0
ASN
#16276 OVH SAS

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 278x170, components 3\012- data
Size
13 kB (12878 bytes)
Hash
397ca201aca43f6c1838978f78484848
0011c1b3ad2c5337ce2c9fe7c13247c36979005b
c7d761ff052229e6fa871dffa16b2ba220c3e9c3e2a6aeaf77518192d8ec108f

HTTP Headers

GET /media/thumbs/6/3/4/6/7/563466fe28a422.mp4/563466fe28a422.mp4-1.jpg HTTP/1.1
Host: www.dump.xxx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dump.xxx/xxx/791/Barely_Legal_Blonde_Assign_To_Porn_Casting.html
Cookie: PHPSESSID=47f7a4f18eefdd3c087e7de44bb557d3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/jpeg
content-length: 12878
last-modified: Wed, 12 Oct 2022 09:02:29 GMT
accept-ranges: bytes
expires: Sun, 08 Jan 2023 13:07:04 GMT
vary: User-Agent
front-end-https: on
date: Fri, 09 Dec 2022 13:07:04 GMT
cache-control: max-age=2592000, public
etag: W/"PSA-OXyiAaykP2"
X-Firefox-Spdy: h2

www.dump.xxx/media/thumbs/embedded/2352.jpg

144.217.159.164

200 OK

19 kB

URL HTTP/2
www.dump.xxx/media/thumbs/embedded/2352.jpg
IP
144.217.159.164:0
ASN
#16276 OVH SAS

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 278x170, components 3\012- data
Size
19 kB (18766 bytes)
Hash
8ce45c956e64d3b19f128a9d50fc18d4
d539a98166f34782fa436df602b71c39a11cde21
94c5e0d456ccee7532c5599a8fd283c2c97111de9ba667ae559e239116a2fa43

HTTP Headers

GET /media/thumbs/embedded/2352.jpg HTTP/1.1
Host: www.dump.xxx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dump.xxx/xxx/791/Barely_Legal_Blonde_Assign_To_Porn_Casting.html
Cookie: PHPSESSID=47f7a4f18eefdd3c087e7de44bb557d3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/jpeg
content-length: 18766
last-modified: Sat, 06 Nov 2021 17:10:24 GMT
accept-ranges: bytes
expires: Sun, 08 Jan 2023 13:23:37 GMT
vary: User-Agent
front-end-https: on
date: Fri, 09 Dec 2022 13:23:37 GMT
cache-control: max-age=2592000, public
etag: W/"PSA-jORclW5k07"
X-Firefox-Spdy: h2

www.dump.xxx/media/thumbs/6/2/6/9/3/5626924ca9e910.mp4/5626924ca9e910.mp4-1.jpg

144.217.159.164

200 OK

14 kB

URL HTTP/2
www.dump.xxx/media/thumbs/6/2/6/9/3/5626924ca9e910.mp4/5626924ca9e910.mp4-1.jpg
IP
144.217.159.164:0
ASN
#16276 OVH SAS

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 278x170, components 3\012- data
Size
14 kB (13636 bytes)
Hash
73e1a99d6d4991ed25fe882bcfd087d2
cfbdb78b9e829f631a25130b6062bd5aa42a834c
86a109d31cc52b6a8767ae909e721a1b828de8dec63db440ecfb40e2cfcbffa0

HTTP Headers

GET /media/thumbs/6/2/6/9/3/5626924ca9e910.mp4/5626924ca9e910.mp4-1.jpg HTTP/1.1
Host: www.dump.xxx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dump.xxx/xxx/791/Barely_Legal_Blonde_Assign_To_Porn_Casting.html
Cookie: PHPSESSID=47f7a4f18eefdd3c087e7de44bb557d3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/jpeg
content-length: 13636
last-modified: Wed, 27 Apr 2022 13:54:17 GMT
accept-ranges: bytes
expires: Sun, 08 Jan 2023 13:14:34 GMT
vary: User-Agent
front-end-https: on
date: Fri, 09 Dec 2022 13:14:34 GMT
cache-control: max-age=2592000, public
etag: W/"PSA-c-GpnW1Jke"
X-Firefox-Spdy: h2

www.dump.xxx/media/thumbs/embedded/400.jpg

144.217.159.164

200 OK

16 kB

URL HTTP/2
www.dump.xxx/media/thumbs/embedded/400.jpg
IP
144.217.159.164:0
ASN
#16276 OVH SAS

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 278x170, components 3\012- data
Size
16 kB (15748 bytes)
Hash
1a98ff50a3d803e27ad37ed6549734d9
27a53ecfd18161abede086e95df054a9e388373c
86aeefbb4c61f5860d8cf47c720fb403d6ce11fcd1cdd07ca4238fb905c54205

HTTP Headers

GET /media/thumbs/embedded/400.jpg HTTP/1.1
Host: www.dump.xxx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dump.xxx/xxx/791/Barely_Legal_Blonde_Assign_To_Porn_Casting.html
Cookie: PHPSESSID=47f7a4f18eefdd3c087e7de44bb557d3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/jpeg
content-length: 15748
last-modified: Sat, 06 Nov 2021 17:09:48 GMT
accept-ranges: bytes
expires: Sun, 08 Jan 2023 13:27:00 GMT
vary: User-Agent
front-end-https: on
date: Fri, 09 Dec 2022 13:27:00 GMT
cache-control: max-age=2592000, public
etag: W/"PSA-Gpj_UKPYA-"
X-Firefox-Spdy: h2

www.dump.xxx/media/thumbs/embedded/2204.jpg

144.217.159.164

200 OK

17 kB

URL HTTP/2
www.dump.xxx/media/thumbs/embedded/2204.jpg
IP
144.217.159.164:0
ASN
#16276 OVH SAS

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 278x170, components 3\012- data
Size
17 kB (16955 bytes)
Hash
60ac28c045cf0038397bc7425a2b1b06
8f552a795f679834dcd4089017ca2293d324cfb6
55b857939bcd1a6708922ff03ff8764505aac8a321f363e18aacbc75fe668d5e

HTTP Headers

GET /media/thumbs/embedded/2204.jpg HTTP/1.1
Host: www.dump.xxx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dump.xxx/xxx/791/Barely_Legal_Blonde_Assign_To_Porn_Casting.html
Cookie: PHPSESSID=47f7a4f18eefdd3c087e7de44bb557d3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/jpeg
content-length: 16955
last-modified: Sat, 06 Nov 2021 17:10:21 GMT
accept-ranges: bytes
expires: Sun, 08 Jan 2023 13:21:44 GMT
vary: User-Agent
front-end-https: on
date: Fri, 09 Dec 2022 13:21:44 GMT
cache-control: max-age=2592000, public
etag: W/"PSA-YKwowEXPAD"
X-Firefox-Spdy: h2

www.dump.xxx/media/thumbs/embedded/2045.jpg

144.217.159.164

200 OK

14 kB

URL HTTP/2
www.dump.xxx/media/thumbs/embedded/2045.jpg
IP
144.217.159.164:0
ASN
#16276 OVH SAS

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 278x170, components 3\012- data
Size
14 kB (13660 bytes)
Hash
7704983dedb7163632e569cee6334f7e
e70dac5d86e8b4c2e20d29973caac809f6d63e37
3a873bf533fa2996cc604ba15fa61573aad6e80dbd40af80eeb483f6175dc4ba

HTTP Headers

GET /media/thumbs/embedded/2045.jpg HTTP/1.1
Host: www.dump.xxx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dump.xxx/xxx/791/Barely_Legal_Blonde_Assign_To_Porn_Casting.html
Cookie: PHPSESSID=47f7a4f18eefdd3c087e7de44bb557d3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/jpeg
content-length: 13660
last-modified: Sat, 06 Nov 2021 17:10:19 GMT
accept-ranges: bytes
expires: Sun, 08 Jan 2023 13:49:35 GMT
vary: User-Agent
front-end-https: on
date: Fri, 09 Dec 2022 13:49:35 GMT
cache-control: max-age=2592000, public
etag: W/"PSA-dwSYPe23Fj"
X-Firefox-Spdy: h2

www.dump.xxx/templates/dump_tube/css/overwrite.css

144.217.159.164

200 OK

0 B

URL HTTP/2
www.dump.xxx/templates/dump_tube/css/overwrite.css
IP
144.217.159.164:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /templates/dump_tube/css/overwrite.css HTTP/1.1
Host: www.dump.xxx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dump.xxx/xxx/791/Barely_Legal_Blonde_Assign_To_Porn_Casting.html
Cookie: PHPSESSID=47f7a4f18eefdd3c087e7de44bb557d3
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 16:24:05 GMT
content-type: text/css
content-length: 0
last-modified: Mon, 14 May 2018 07:35:31 GMT
accept-ranges: bytes
cache-control: max-age=604800, proxy-revalidate
expires: Fri, 16 Dec 2022 16:24:05 GMT
vary: User-Agent
front-end-https: on
X-Firefox-Spdy: h2

www.dump.xxx/templates/dump_tube/css/custom.css

144.217.159.164

200 OK

0 B

URL HTTP/2
www.dump.xxx/templates/dump_tube/css/custom.css
IP
144.217.159.164:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /templates/dump_tube/css/custom.css HTTP/1.1
Host: www.dump.xxx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dump.xxx/xxx/791/Barely_Legal_Blonde_Assign_To_Porn_Casting.html
Cookie: PHPSESSID=47f7a4f18eefdd3c087e7de44bb557d3
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 16:24:05 GMT
content-type: text/css
content-length: 0
last-modified: Tue, 25 Oct 2016 15:29:03 GMT
accept-ranges: bytes
cache-control: max-age=604800, proxy-revalidate
expires: Fri, 16 Dec 2022 16:24:05 GMT
vary: User-Agent
front-end-https: on
X-Firefox-Spdy: h2

www.dump.xxx/templates/dump_tube/js/bootstrap.min.js+lazyload.min.js.pagespeed.jc.M3XZ4xSlvO.js

144.217.159.164

200 OK

22 kB

URL HTTP/2
www.dump.xxx/templates/dump_tube/js/bootstrap.min.js+lazyload.min.js.pagespeed.jc.M3XZ4xSlvO.js
IP
144.217.159.164:0
ASN
#16276 OVH SAS

File type
ASCII text, with very long lines (65536), with no line terminators
Size
22 kB (21553 bytes)
Hash
cc3e81bf355508bb51571ef76ff3c300
2fe4638ac7c052ad646bece4069e97653851b460
51577d6110e07496b542917b4f5420c1ce50f094725a6e08c636434381a1eaaa

HTTP Headers

GET /templates/dump_tube/js/bootstrap.min.js+lazyload.min.js.pagespeed.jc.M3XZ4xSlvO.js HTTP/1.1
Host: www.dump.xxx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dump.xxx/xxx/791/Barely_Legal_Blonde_Assign_To_Porn_Casting.html
Cookie: PHPSESSID=47f7a4f18eefdd3c087e7de44bb557d3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: application/javascript
front-end-https: on
date: Fri, 09 Dec 2022 13:58:50 GMT
expires: Sat, 09 Dec 2023 13:58:50 GMT
cache-control: max-age=31536000
etag: W/"0"
last-modified: Fri, 09 Dec 2022 13:58:50 GMT
x-original-content-length: 73623
vary: Accept-Encoding
content-encoding: gzip
content-length: 21553
x-page-speed: 1.13.35.2-0
X-Firefox-Spdy: h2

www.dump.xxx/templates/dump_tube/js/bootstrap-select.min.js.pagespeed.jm.r7oG0__Cuc.js

144.217.159.164

200 OK

9.6 kB

URL HTTP/2
www.dump.xxx/templates/dump_tube/js/bootstrap-select.min.js.pagespeed.jm.r7oG0__Cuc.js
IP
144.217.159.164:0
ASN
#16276 OVH SAS

File type
ASCII text, with very long lines (33112), with no line terminators
Size
9.6 kB (9603 bytes)
Hash
a4999add4a15eeb21a0f20e134dcc2a6
215cbbba06247c00f640329694eb0ab7860a6f98
ce36674b4ae83c3b19213d8d7e3a97597ef07a8a82680f473e4d13d96692558a

HTTP Headers

GET /templates/dump_tube/js/bootstrap-select.min.js.pagespeed.jm.r7oG0__Cuc.js HTTP/1.1
Host: www.dump.xxx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dump.xxx/xxx/791/Barely_Legal_Blonde_Assign_To_Porn_Casting.html
Cookie: PHPSESSID=47f7a4f18eefdd3c087e7de44bb557d3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: application/javascript
front-end-https: on
date: Fri, 09 Dec 2022 13:16:11 GMT
expires: Sat, 09 Dec 2023 13:16:11 GMT
cache-control: max-age=31536000
etag: W/"0"
last-modified: Fri, 09 Dec 2022 13:16:11 GMT
x-original-content-length: 33335
vary: Accept-Encoding
content-encoding: gzip
content-length: 9603
x-page-speed: 1.13.35.2-0
X-Firefox-Spdy: h2

www.dump.xxx/templates/dump_tube/js/jquery.tinyscrollbar.min.js.pagespeed.jm.3FxXIp0s1A.js

144.217.159.164

200 OK

1.4 kB

URL HTTP/2
www.dump.xxx/templates/dump_tube/js/jquery.tinyscrollbar.min.js.pagespeed.jm.3FxXIp0s1A.js
IP
144.217.159.164:0
ASN
#16276 OVH SAS

File type
ASCII text, with very long lines (3927), with no line terminators
Size
1.4 kB (1412 bytes)
Hash
220fa1c58da89e0d11dd2ba41ae2517f
cd49b07c75e4c24b1f23f1f1ba5fc0bcb005b63a
685e1d263751bb5520346db25b6c0c1a7ad26c2052d8987aef7a2c8b0422679f

HTTP Headers

GET /templates/dump_tube/js/jquery.tinyscrollbar.min.js.pagespeed.jm.3FxXIp0s1A.js HTTP/1.1
Host: www.dump.xxx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dump.xxx/xxx/791/Barely_Legal_Blonde_Assign_To_Porn_Casting.html
Cookie: PHPSESSID=47f7a4f18eefdd3c087e7de44bb557d3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: application/javascript
front-end-https: on
date: Fri, 09 Dec 2022 13:16:11 GMT
expires: Sat, 09 Dec 2023 13:16:11 GMT
cache-control: max-age=31536000
etag: W/"0"
last-modified: Fri, 09 Dec 2022 13:16:11 GMT
x-original-content-length: 4105
vary: Accept-Encoding
content-encoding: gzip
content-length: 1412
x-page-speed: 1.13.35.2-0
X-Firefox-Spdy: h2

www.dump.xxx/templates/dump_tube/js/functions.js.pagespeed.jm.0knEcl_q6V.js

144.217.159.164

200 OK

5.1 kB

URL HTTP/2
www.dump.xxx/templates/dump_tube/js/functions.js.pagespeed.jm.0knEcl_q6V.js
IP
144.217.159.164:0
ASN
#16276 OVH SAS

File type
ASCII text, with very long lines (9719)
Size
5.1 kB (5116 bytes)
Hash
162b8fafc8189f3f15ca6418f35d36f1
11caded352825bb579e93f6eb20b7d4420053e22
5e6ea5b76568b7e3466835ced6363c609ee15de95f8f2638940a1b0d178710db

HTTP Headers

GET /templates/dump_tube/js/functions.js.pagespeed.jm.0knEcl_q6V.js HTTP/1.1
Host: www.dump.xxx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dump.xxx/xxx/791/Barely_Legal_Blonde_Assign_To_Porn_Casting.html
Cookie: PHPSESSID=47f7a4f18eefdd3c087e7de44bb557d3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: application/javascript
front-end-https: on
date: Fri, 09 Dec 2022 13:16:11 GMT
expires: Sat, 09 Dec 2023 13:16:11 GMT
cache-control: max-age=31536000
etag: W/"0"
last-modified: Fri, 09 Dec 2022 13:16:11 GMT
x-original-content-length: 26636
vary: Accept-Encoding
content-encoding: gzip
content-length: 5116
x-page-speed: 1.13.35.2-0
X-Firefox-Spdy: h2

www.dump.xxx/xxx/791/_,Mjo.Q8Szk-jnGf.js.pagespeed.jm.rtj3ylCGpu.js

144.217.159.164

200 OK

11 kB

URL HTTP/2
www.dump.xxx/xxx/791/_,Mjo.Q8Szk-jnGf.js.pagespeed.jm.rtj3ylCGpu.js
IP
144.217.159.164:0
ASN
#16276 OVH SAS

File type
ASCII text, with very long lines (45930), with no line terminators
Size
11 kB (11386 bytes)
Hash
4874619026ecc8ed7c4685d46c5d0541
1091ad62170ecea796d8af488492c75de53ff0f9
82cc791c258ebbec1c414848e46a893bf949db9853e565f0aa17ce14b58300aa

HTTP Headers

GET /xxx/791/_,Mjo.Q8Szk-jnGf.js.pagespeed.jm.rtj3ylCGpu.js HTTP/1.1
Host: www.dump.xxx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dump.xxx/xxx/791/Barely_Legal_Blonde_Assign_To_Porn_Casting.html
Cookie: PHPSESSID=47f7a4f18eefdd3c087e7de44bb557d3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: application/javascript
date: Fri, 09 Dec 2022 16:24:05 GMT
expires: Sat, 09 Dec 2023 16:24:05 GMT
cache-control: max-age=31536000
etag: W/"0"
last-modified: Fri, 09 Dec 2022 16:24:05 GMT
x-original-content-length: 45933
vary: Accept-Encoding
content-encoding: gzip
content-length: 11386
x-page-speed: 1.13.35.2-0
X-Firefox-Spdy: h2

www.dump.xxx/media/thumbs/6/2/6/7/e/56267e0d089d83.mp4/56267e0d089d83.mp4-1.jpg

144.217.159.164

200 OK

12 kB

URL HTTP/2
www.dump.xxx/media/thumbs/6/2/6/7/e/56267e0d089d83.mp4/56267e0d089d83.mp4-1.jpg
IP
144.217.159.164:0
ASN
#16276 OVH SAS

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 278x170, components 3\012- data
Size
12 kB (12152 bytes)
Hash
6c29b31588d6d4cd87bc7903b5b50bb5
0a87535b0fda543f023828f013901a23b23fa102
cbcd9af661712c82bd11c4a6ec30ac1ec44872edffe304951ea1c7383e05e220

HTTP Headers

GET /media/thumbs/6/2/6/7/e/56267e0d089d83.mp4/56267e0d089d83.mp4-1.jpg HTTP/1.1
Host: www.dump.xxx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dump.xxx/xxx/791/Barely_Legal_Blonde_Assign_To_Porn_Casting.html
Cookie: PHPSESSID=47f7a4f18eefdd3c087e7de44bb557d3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/jpeg
content-length: 12152
last-modified: Tue, 26 Apr 2022 13:01:45 GMT
accept-ranges: bytes
expires: Sun, 08 Jan 2023 13:00:24 GMT
vary: User-Agent
front-end-https: on
date: Fri, 09 Dec 2022 13:00:24 GMT
cache-control: max-age=2592000, public
etag: W/"PSA-bCmzFYjW1M"
X-Firefox-Spdy: h2

www.dump.xxx/media/thumbs/6/2/d/7/7/562d76e0b024ef.mp4/562d76e0b024ef.mp4-1.jpg

144.217.159.164

200 OK

12 kB

URL HTTP/2
www.dump.xxx/media/thumbs/6/2/d/7/7/562d76e0b024ef.mp4/562d76e0b024ef.mp4-1.jpg
IP
144.217.159.164:0
ASN
#16276 OVH SAS

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 278x170, components 3\012- data
Size
12 kB (12426 bytes)
Hash
947b419ca30a9ca4469efe827cd15d81
f74eefad72dbacf312165189de530e0481cd81f0
49f5bd4a573510fbea7379c799e4fc7547876c976888ef61ccb3cbba5f3b291d

HTTP Headers

GET /media/thumbs/6/2/d/7/7/562d76e0b024ef.mp4/562d76e0b024ef.mp4-1.jpg HTTP/1.1
Host: www.dump.xxx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dump.xxx/xxx/791/Barely_Legal_Blonde_Assign_To_Porn_Casting.html
Cookie: PHPSESSID=47f7a4f18eefdd3c087e7de44bb557d3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/jpeg
content-length: 12426
last-modified: Wed, 20 Jul 2022 03:48:25 GMT
accept-ranges: bytes
expires: Sun, 08 Jan 2023 13:42:13 GMT
vary: User-Agent
front-end-https: on
date: Fri, 09 Dec 2022 13:42:13 GMT
cache-control: max-age=2592000, public
etag: W/"PSA-lHtBnKMKnK"
X-Firefox-Spdy: h2

www.dump.xxx/media/thumbs/6/2/0/b/5/5620b57197415f.mp4/5620b57197415f.mp4-1.jpg

144.217.159.164

200 OK

11 kB

URL HTTP/2
www.dump.xxx/media/thumbs/6/2/0/b/5/5620b57197415f.mp4/5620b57197415f.mp4-1.jpg
IP
144.217.159.164:0
ASN
#16276 OVH SAS

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 278x170, components 3\012- data
Size
11 kB (11156 bytes)
Hash
3b178584be548cafcb011ec6304c6e15
e720e7b51b8560c770cc6b821dcf39331c65d4c8
87d7f6cea04d09222badd23e8ee40717ec84b3a45a5ed5b51239290cc8be3b2f

HTTP Headers

GET /media/thumbs/6/2/0/b/5/5620b57197415f.mp4/5620b57197415f.mp4-1.jpg HTTP/1.1
Host: www.dump.xxx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dump.xxx/xxx/791/Barely_Legal_Blonde_Assign_To_Porn_Casting.html
Cookie: PHPSESSID=47f7a4f18eefdd3c087e7de44bb557d3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/jpeg
content-length: 11156
last-modified: Tue, 15 Feb 2022 08:00:37 GMT
accept-ranges: bytes
expires: Sun, 08 Jan 2023 13:08:19 GMT
vary: User-Agent
front-end-https: on
date: Fri, 09 Dec 2022 13:08:19 GMT
cache-control: max-age=2592000, public
etag: W/"PSA-OxeFhL5UjK"
X-Firefox-Spdy: h2

www.dump.xxx/media/thumbs/embedded/2385.jpg

144.217.159.164

200 OK

15 kB

URL HTTP/2
www.dump.xxx/media/thumbs/embedded/2385.jpg
IP
144.217.159.164:0
ASN
#16276 OVH SAS

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 278x170, components 3\012- data
Size
15 kB (14928 bytes)
Hash
4103577b7ec911ab7d39b7599ae7c98d
1c19f2cd822071a5668ba309297320757235de37
791be63654d2adbd78509058dcf0dcb61b8ec5f0b60af979547855730bd47988

HTTP Headers

GET /media/thumbs/embedded/2385.jpg HTTP/1.1
Host: www.dump.xxx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dump.xxx/xxx/791/Barely_Legal_Blonde_Assign_To_Porn_Casting.html
Cookie: PHPSESSID=47f7a4f18eefdd3c087e7de44bb557d3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/jpeg
content-length: 14928
last-modified: Sat, 06 Nov 2021 17:10:25 GMT
accept-ranges: bytes
expires: Sun, 08 Jan 2023 13:12:48 GMT
vary: User-Agent
front-end-https: on
date: Fri, 09 Dec 2022 13:12:48 GMT
cache-control: max-age=2592000, public
etag: W/"PSA-QQNXe37JEa"
X-Firefox-Spdy: h2

www.dump.xxx/xxx/791/Barely_Legal_Blonde_Assign_To_Porn_Casting.html

144.217.159.164

404 Not Found

23 kB

URL HTTP/2
www.dump.xxx/xxx/791/Barely_Legal_Blonde_Assign_To_Porn_Casting.html
IP
144.217.159.164:0
ASN
#16276 OVH SAS

File type
data
Size
23 kB (22709 bytes)
Hash
5ed532a9cd16158afcb6c639b97ba51c
c7d0a82870884780bf1fe7c85b13227bc3efbaea
e64bc493c05809b84eb8e14e917962c6a7fbc5052fbadf22fe0ec678f203879d

HTTP Headers

GET /xxx/791/Barely_Legal_Blonde_Assign_To_Porn_Casting.html HTTP/1.1
Host: www.dump.xxx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 404 Not Found
server: nginx
content-type: text/html;charset=utf-8
pragma: no-cache
x-xss-protection: 1
x-content-type-options: nosniff
set-cookie: PHPSESSID=47f7a4f18eefdd3c087e7de44bb557d3; expires=Sat, 10-Dec-2022 16:24:05 GMT; Max-Age=86400; path=/
vary: Accept-Encoding, User-Agent
date: Fri, 09 Dec 2022 16:24:05 GMT
x-page-speed: 1.13.35.2-0
cache-control: max-age=0, no-cache, no-store
content-encoding: gzip
X-Firefox-Spdy: h2

www.dump.xxx/media/thumbs/embedded/422.jpg

144.217.159.164

200 OK

19 kB

URL HTTP/2
www.dump.xxx/media/thumbs/embedded/422.jpg
IP
144.217.159.164:0
ASN
#16276 OVH SAS

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 278x170, components 3\012- data
Size
19 kB (18978 bytes)
Hash
69337cba1639fa6304f5c06e16e3a14c
15cc3fff6a6642213ae120a04a6c17922d812f2a
f23a06fcc36b7c2ba1bd456c2fb33a455873875b88cca254f1e34cbd5c778896

HTTP Headers

GET /media/thumbs/embedded/422.jpg HTTP/1.1
Host: www.dump.xxx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dump.xxx/xxx/791/Barely_Legal_Blonde_Assign_To_Porn_Casting.html
Cookie: PHPSESSID=47f7a4f18eefdd3c087e7de44bb557d3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/jpeg
content-length: 18978
last-modified: Sat, 06 Nov 2021 17:09:48 GMT
accept-ranges: bytes
expires: Sun, 08 Jan 2023 13:30:50 GMT
vary: User-Agent
front-end-https: on
date: Fri, 09 Dec 2022 13:30:50 GMT
cache-control: max-age=2592000, public
etag: W/"PSA-aTN8uhY5-m"
X-Firefox-Spdy: h2

www.dump.xxx/media/thumbs/6/1/b/5/5/561b53d7370cce.mp4/561b53d7370cce.mp4-1.jpg

144.217.159.164

200 OK

13 kB

URL HTTP/2
www.dump.xxx/media/thumbs/6/1/b/5/5/561b53d7370cce.mp4/561b53d7370cce.mp4-1.jpg
IP
144.217.159.164:0
ASN
#16276 OVH SAS

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 278x170, components 3\012- data
Size
13 kB (12635 bytes)
Hash
b7a9402748e461ab6cbd86447921072d
2ce814c919842b6e22d613beb22b91c8966c44c5
7a828c4b67d98150e277b55ffbda72afec6845bfa2bc02b0e5e454bb750d5ee3

HTTP Headers

GET /media/thumbs/6/1/b/5/5/561b53d7370cce.mp4/561b53d7370cce.mp4-1.jpg HTTP/1.1
Host: www.dump.xxx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dump.xxx/xxx/791/Barely_Legal_Blonde_Assign_To_Porn_Casting.html
Cookie: PHPSESSID=47f7a4f18eefdd3c087e7de44bb557d3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/jpeg
content-length: 12635
last-modified: Sun, 12 Dec 2021 02:45:47 GMT
accept-ranges: bytes
expires: Sun, 08 Jan 2023 13:07:34 GMT
vary: User-Agent
front-end-https: on
date: Fri, 09 Dec 2022 13:07:34 GMT
cache-control: max-age=2592000, public
etag: W/"PSA-t6lAJ0jkYa"
X-Firefox-Spdy: h2

www.dump.xxx/media/thumbs/6/2/5/1/1/5625119ba3cd13.mp4/5625119ba3cd13.mp4-1.jpg

144.217.159.164

200 OK

12 kB

URL HTTP/2
www.dump.xxx/media/thumbs/6/2/5/1/1/5625119ba3cd13.mp4/5625119ba3cd13.mp4-1.jpg
IP
144.217.159.164:0
ASN
#16276 OVH SAS

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 278x170, components 3\012- data
Size
12 kB (12139 bytes)
Hash
a3f76cfd169124a8d01b7b4e8675bbf0
a6b0c253dc02bfd0fe193ab22b4b32069dfb4085
6e95d2bfbd73a30b9e20a8c2dd0a8b82d746e11a301b487a5d862025b0437ad5

HTTP Headers

GET /media/thumbs/6/2/5/1/1/5625119ba3cd13.mp4/5625119ba3cd13.mp4-1.jpg HTTP/1.1
Host: www.dump.xxx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dump.xxx/xxx/791/Barely_Legal_Blonde_Assign_To_Porn_Casting.html
Cookie: PHPSESSID=47f7a4f18eefdd3c087e7de44bb557d3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/jpeg
content-length: 12139
last-modified: Sat, 09 Apr 2022 06:11:48 GMT
accept-ranges: bytes
expires: Sun, 08 Jan 2023 14:14:20 GMT
vary: User-Agent
front-end-https: on
date: Fri, 09 Dec 2022 14:14:20 GMT
etag: W/"PSA-o_ds_RaRJK"
cache-control: max-age=2592000, public, s-maxage=10
X-Firefox-Spdy: h2

www.dump.xxx/media/thumbs/6/2/e/3/c/562e3b8f0cde41.mp4/562e3b8f0cde41.mp4-1.jpg

144.217.159.164

200 OK

11 kB

URL HTTP/2
www.dump.xxx/media/thumbs/6/2/e/3/c/562e3b8f0cde41.mp4/562e3b8f0cde41.mp4-1.jpg
IP
144.217.159.164:0
ASN
#16276 OVH SAS

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 278x170, components 3\012- data
Size
11 kB (10605 bytes)
Hash
6510af66c2508a3e3032c1c5fb2a1836
1c684af6b4eb32264c96e4a2345ef0b7f8d8fc7a
777376d879803c8fb68adf07cef67ea2e8b350f69ae0c4eab0868a5e89ef8307

HTTP Headers

GET /media/thumbs/6/2/e/3/c/562e3b8f0cde41.mp4/562e3b8f0cde41.mp4-1.jpg HTTP/1.1
Host: www.dump.xxx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dump.xxx/xxx/791/Barely_Legal_Blonde_Assign_To_Porn_Casting.html
Cookie: PHPSESSID=47f7a4f18eefdd3c087e7de44bb557d3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/jpeg
content-length: 10605
last-modified: Fri, 29 Jul 2022 11:57:01 GMT
accept-ranges: bytes
expires: Sun, 08 Jan 2023 14:02:52 GMT
vary: User-Agent
front-end-https: on
date: Fri, 09 Dec 2022 14:02:52 GMT
cache-control: max-age=2592000, public
etag: W/"PSA-ZRCvZsJQij"
X-Firefox-Spdy: h2

www.dump.xxx/media/thumbs/embedded/362.jpg

144.217.159.164

200 OK

15 kB

URL HTTP/2
www.dump.xxx/media/thumbs/embedded/362.jpg
IP
144.217.159.164:0
ASN
#16276 OVH SAS

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 278x170, components 3\012- data
Size
15 kB (14974 bytes)
Hash
e402696fc363ffd069327385a674b2ba
503fc6bec17b791535cbe1ba9c6d846611625bfc
3e157bb1b0c438a014b65dbb67399f1c0e29560c0602b5c01d350110bb86ddaa

HTTP Headers

GET /media/thumbs/embedded/362.jpg HTTP/1.1
Host: www.dump.xxx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dump.xxx/xxx/791/Barely_Legal_Blonde_Assign_To_Porn_Casting.html
Cookie: PHPSESSID=47f7a4f18eefdd3c087e7de44bb557d3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/jpeg
content-length: 14974
last-modified: Sat, 06 Nov 2021 17:09:47 GMT
accept-ranges: bytes
expires: Sun, 08 Jan 2023 15:53:24 GMT
vary: User-Agent
front-end-https: on
date: Fri, 09 Dec 2022 15:53:28 GMT
etag: W/"PSA-5AJpb8Nj_9"
cache-control: max-age=2592000, public, s-maxage=10
X-Firefox-Spdy: h2

www.dump.xxx/media/thumbs/embedded/1284.jpg

144.217.159.164

200 OK

13 kB

URL HTTP/2
www.dump.xxx/media/thumbs/embedded/1284.jpg
IP
144.217.159.164:0
ASN
#16276 OVH SAS

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 278x170, components 3\012- data
Size
13 kB (13390 bytes)
Hash
87426db510dafd217aea1d4ed5e5faec
87c27a0407a5e22e97b52b0315b0fbf411a5ddd4
be1bcb636899fa5e05948fc4bd9501aeec344064cddde2f49156430cfe34f46c

HTTP Headers

GET /media/thumbs/embedded/1284.jpg HTTP/1.1
Host: www.dump.xxx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dump.xxx/xxx/791/Barely_Legal_Blonde_Assign_To_Porn_Casting.html
Cookie: PHPSESSID=47f7a4f18eefdd3c087e7de44bb557d3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/jpeg
content-length: 13390
last-modified: Sat, 06 Nov 2021 17:10:03 GMT
accept-ranges: bytes
expires: Sun, 08 Jan 2023 13:14:02 GMT
vary: User-Agent
front-end-https: on
date: Fri, 09 Dec 2022 13:14:02 GMT
etag: W/"PSA-h0JttRDa_S"
cache-control: max-age=2592000, public, s-maxage=10
X-Firefox-Spdy: h2

www.dump.xxx/media/thumbs/embedded/1061.jpg

144.217.159.164

200 OK

15 kB

URL HTTP/2
www.dump.xxx/media/thumbs/embedded/1061.jpg
IP
144.217.159.164:0
ASN
#16276 OVH SAS

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 278x170, components 3\012- data
Size
15 kB (15227 bytes)
Hash
e84f506cc2add88d2c58f20899bf361b
f486cd338534fd2ba3bae95856c6b4cc33b4f775
7505cd4209f32364db67afa83aa52181fba67cb5d3226dafa8de5e1a763bd225

HTTP Headers

GET /media/thumbs/embedded/1061.jpg HTTP/1.1
Host: www.dump.xxx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dump.xxx/xxx/791/Barely_Legal_Blonde_Assign_To_Porn_Casting.html
Cookie: PHPSESSID=47f7a4f18eefdd3c087e7de44bb557d3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/jpeg
content-length: 15227
last-modified: Sat, 06 Nov 2021 17:09:58 GMT
accept-ranges: bytes
expires: Sun, 08 Jan 2023 14:17:50 GMT
vary: User-Agent
front-end-https: on
date: Fri, 09 Dec 2022 14:17:50 GMT
etag: W/"PSA-6E9QbMKt2I"
cache-control: max-age=2592000, public, s-maxage=10
X-Firefox-Spdy: h2

www.dump.xxx/templates/dump_tube/fonts/Roboto/Roboto-Medium.ttf

144.217.159.164

200 OK

172 kB

URL HTTP/2
www.dump.xxx/templates/dump_tube/fonts/Roboto/Roboto-Medium.ttf
IP
144.217.159.164:0
ASN
#16276 OVH SAS

File type
TrueType Font data, 18 tables, 1st "GDEF", 28 names, Macintosh, Copyright 2011 Google Inc. All Rights Reserved.Roboto MediumRegularVersion 2.137; 2017Roboto-Med\012- data
Size
172 kB (172064 bytes)
Hash
d08840599e05db7345652d3d417574a9
5f16f4d6dbb4a4f12d8ae96488ac209bb49762a5
f205cc511821ea56078a105557fcea6253129404d411c997e1866fbd006abb68

HTTP Headers

GET /templates/dump_tube/fonts/Roboto/Roboto-Medium.ttf HTTP/1.1
Host: www.dump.xxx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dump.xxx/templates/dump_tube/css/A.style.css.pagespeed.cf.2azX20yOiJ.css
Cookie: PHPSESSID=47f7a4f18eefdd3c087e7de44bb557d3
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 16:24:05 GMT
content-type: font/ttf
content-length: 172064
last-modified: Tue, 08 Jan 2013 23:00:00 GMT
accept-ranges: bytes
expires: Sun, 11 Dec 2022 16:24:05 GMT
vary: Accept-Encoding,User-Agent
front-end-https: on
cache-control: max-age=172800, s-maxage=10
X-Firefox-Spdy: h2

www.dump.xxx/templates/dump_tube/fonts/fontawesome_5.7.1/fa-solid-900.woff2

144.217.159.164

200 OK

74 kB

URL HTTP/2
www.dump.xxx/templates/dump_tube/fonts/fontawesome_5.7.1/fa-solid-900.woff2
IP
144.217.159.164:0
ASN
#16276 OVH SAS

File type
Web Open Font Format (Version 2), TrueType, length 74320, version 329.30998\012- data
Size
74 kB (74320 bytes)
Hash
3638e62ea50e6f5859b6a15276c25c87
f5aa1a463e223a294a42b314e1c63a614d594ec0
9e6bd5b2d75bba485d2337d020750744983a3521ec697adfe21b29ee4f14f6a9

HTTP Headers

GET /templates/dump_tube/fonts/fontawesome_5.7.1/fa-solid-900.woff2 HTTP/1.1
Host: www.dump.xxx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.dump.xxx/templates/dump_tube/css/A.style.css.pagespeed.cf.2azX20yOiJ.css
Cookie: PHPSESSID=47f7a4f18eefdd3c087e7de44bb557d3
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 16:24:05 GMT
content-type: font/woff2
content-length: 74320
last-modified: Tue, 12 Feb 2019 08:42:30 GMT
accept-ranges: bytes
expires: Sun, 11 Dec 2022 16:24:05 GMT
vary: User-Agent
front-end-https: on
cache-control: max-age=172800, s-maxage=10
X-Firefox-Spdy: h2

www.dump.xxx/media/thumbs/embedded/497.jpg

144.217.159.164

200 OK

16 kB

URL HTTP/2
www.dump.xxx/media/thumbs/embedded/497.jpg
IP
144.217.159.164:0
ASN
#16276 OVH SAS

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 278x170, components 3\012- data
Size
16 kB (16349 bytes)
Hash
837d074b4df1adec4d9635d49e89bb19
0e9e0f2614f027ad2dd0b18c336008516120d2ec
7621829b60c74bfeff2fe96b9033bbc02f65abc9241ffa79480fcc310ead5883

HTTP Headers

GET /media/thumbs/embedded/497.jpg HTTP/1.1
Host: www.dump.xxx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dump.xxx/xxx/791/Barely_Legal_Blonde_Assign_To_Porn_Casting.html
Cookie: PHPSESSID=47f7a4f18eefdd3c087e7de44bb557d3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 16:24:05 GMT
content-type: image/jpeg
content-length: 16349
last-modified: Sat, 06 Nov 2021 17:09:49 GMT
accept-ranges: bytes
expires: Sun, 08 Jan 2023 16:24:05 GMT
vary: User-Agent
front-end-https: on
cache-control: max-age=2592000, public, s-maxage=10
X-Firefox-Spdy: h2

www.dump.xxx/media/thumbs/embedded/1493.jpg

144.217.159.164

200 OK

14 kB

URL HTTP/2
www.dump.xxx/media/thumbs/embedded/1493.jpg
IP
144.217.159.164:0
ASN
#16276 OVH SAS

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 278x170, components 3\012- data
Size
14 kB (14330 bytes)
Hash
278c8283c05f54884b6d2df64296c1a9
5e8bb6e9deb510bb7c716d4a4fd32afdcb69609d
a224fab14cd044c845059a0eb77b7d4c3f4f7acce9794e467897f9f438666d18

HTTP Headers

GET /media/thumbs/embedded/1493.jpg HTTP/1.1
Host: www.dump.xxx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dump.xxx/xxx/791/Barely_Legal_Blonde_Assign_To_Porn_Casting.html
Cookie: PHPSESSID=47f7a4f18eefdd3c087e7de44bb557d3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 16:24:05 GMT
content-type: image/jpeg
content-length: 14330
last-modified: Sat, 06 Nov 2021 17:10:07 GMT
accept-ranges: bytes
expires: Sun, 08 Jan 2023 16:24:05 GMT
vary: User-Agent
front-end-https: on
cache-control: max-age=2592000, public, s-maxage=10
X-Firefox-Spdy: h2

www.dump.xxx/templates/dump_tube/fonts/Roboto/Roboto-Regular.ttf

144.217.159.164

200 OK

172 kB

URL HTTP/2
www.dump.xxx/templates/dump_tube/fonts/Roboto/Roboto-Regular.ttf
IP
144.217.159.164:0
ASN
#16276 OVH SAS

File type
TrueType Font data, 18 tables, 1st "GDEF", 26 names, Macintosh, Copyright 2011 Google Inc. All Rights Reserved.RobotoRegularVersion 2.137; 2017Roboto-RegularRob\012- data
Size
172 kB (171676 bytes)
Hash
3e1af3ef546b9e6ecef9f3ba197bf7d2
dd1b1db13ff1f72138c134c62f38fef83749f36a
79e851404657dac2106b3d22ad256d47824a9a5765458edb72c9102a45816d95

HTTP Headers

GET /templates/dump_tube/fonts/Roboto/Roboto-Regular.ttf HTTP/1.1
Host: www.dump.xxx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dump.xxx/templates/dump_tube/css/A.style.css.pagespeed.cf.2azX20yOiJ.css
Cookie: PHPSESSID=47f7a4f18eefdd3c087e7de44bb557d3
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 16:24:05 GMT
content-type: font/ttf
content-length: 171676
last-modified: Tue, 08 Jan 2013 23:00:00 GMT
accept-ranges: bytes
expires: Sun, 11 Dec 2022 16:24:05 GMT
vary: Accept-Encoding,User-Agent
front-end-https: on
cache-control: max-age=172800, s-maxage=10
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
606e3534ee01faea35dbd1ff71113671
e60579ad92de7b731fc67ed1d00e1d865eaf0492
dda482a6359af8811bef36e09c871db47d90665a24fa4e9809f247f7f8ec8a8f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DDA482A6359AF8811BEF36E09C871DB47D90665A24FA4E9809F247F7F8EC8A8F"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2049
Expires: Fri, 09 Dec 2022 16:58:15 GMT
Date: Fri, 09 Dec 2022 16:24:06 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1a61c2552d60d26f1fae5a7977c002cd
af90e005825272553f8dca275f83d4affc52e27d
e847f8dfffe6dc58abf1d89afe44ba4c7367a52df4d2863d3c90d97e3470b77d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E847F8DFFFE6DC58ABF1D89AFE44BA4C7367A52DF4D2863D3C90D97E3470B77D"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11131
Expires: Fri, 09 Dec 2022 19:29:37 GMT
Date: Fri, 09 Dec 2022 16:24:06 GMT
Connection: keep-alive

coreportions.com/10/53/04/105304e684ccab534731149ed1bdf124.js

173.233.139.164

200 OK

13 kB

URL HTTP/1.1
coreportions.com/10/53/04/105304e684ccab534731149ed1bdf124.js
IP
173.233.139.164:0
ASN
#7979 SERVERS-COM

File type
ASCII text, with very long lines (37190), with no line terminators
Size
13 kB (13441 bytes)
Hash
e5fb09704d467972415290610de9dd7c
065df11e695737df67bd73ae52332f9d9e8e2188
2d939d0c87561fb30cdf1cdb12ad122bf091e5a2e651cc0b02a24ffa7ca7be11

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /10/53/04/105304e684ccab534731149ed1bdf124.js HTTP/1.1
Host: coreportions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dump.xxx/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 09 Dec 2022 16:24:06 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a18045bfaa6725854e7da288ebea9b3b
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

coreportions.com/67/2d/85/672d85ea2c0a2440ce89a486df2fb3d3.js

173.233.139.164

200 OK

21 kB

URL HTTP/1.1
coreportions.com/67/2d/85/672d85ea2c0a2440ce89a486df2fb3d3.js
IP
173.233.139.164:0
ASN
#7979 SERVERS-COM

File type
HTML document, ASCII text, with very long lines (60203), with no line terminators
Size
21 kB (20741 bytes)
Hash
43c55c52557803f3bcbcca625a1eaea3
3d6493f54553458231f33c5d707ec25719eb6163
a259a0a62bd76abb34bbbf3bef027c904a356db8b065dfd41912d02323f0628e

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /67/2d/85/672d85ea2c0a2440ce89a486df2fb3d3.js HTTP/1.1
Host: coreportions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dump.xxx/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 09 Dec 2022 16:24:06 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: da07b42265b06cae812aeeae7979a521
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

www.dump.xxx/stats/u.php?id=8d6d3faa53499ef7a2662dcf1646cc4f&s=91

144.217.159.164

200 OK

0 B

URL HTTP/2
www.dump.xxx/stats/u.php?id=8d6d3faa53499ef7a2662dcf1646cc4f&s=91
IP
144.217.159.164:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /stats/u.php?id=8d6d3faa53499ef7a2662dcf1646cc4f&s=91 HTTP/1.1
Host: www.dump.xxx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dump.xxx/xxx/791/Barely_Legal_Blonde_Assign_To_Porn_Casting.html
Cookie: PHPSESSID=47f7a4f18eefdd3c087e7de44bb557d3; dump_xxx=bm9yZWZ8fHwxfDB8MHxub25lfDA6; dump_xxx_b=1670603045
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 16:24:06 GMT
content-type: text/html; charset=UTF-8
content-length: 0
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0, private, no-store, no-cache, must-revalidate
expires: Fri, 09 Dec 2022 16:24:07 GMT
vary: User-Agent
front-end-https: on
X-Firefox-Spdy: h2

e1.o.lencr.org/

95.101.11.115

200 OK

344 B

URL HTTP/1.1
e1.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
344 B (344 bytes)
Hash
903b57e9469c6f9aed96e4c10f8d335d
a6a4b2f07388b846299e86785a8c746a71632ed3
1ed983e83ea9a1c376a5b801250b9f22aecdffddf4f4600b5b92646fe0609f6a

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "1ED983E83EA9A1C376A5B801250B9F22AECDFFDDF4F4600B5B92646FE0609F6A"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3091
Expires: Fri, 09 Dec 2022 17:15:37 GMT
Date: Fri, 09 Dec 2022 16:24:06 GMT
Connection: keep-alive

ocsp.sca1b.amazontrust.com/

54.230.245.110

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
54.230.245.110:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
7a3b93489047f9ea14340f8606a4e869
6ed81d6bfa1507093680864ac2a93414473afcb2
ad23df78236e546d4650ec7b8b8f9094a4c927f0291c5f5ad86abfd997afae45

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Fri, 09 Dec 2022 16:24:06 GMT
Last-Modified: Fri, 09 Dec 2022 16:06:45 GMT
Server: ECS (nyb/1D06)
X-Cache: Miss from cloudfront
Via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: TYaFTGo15jLejmgvisU8Um1gLTLoO9oCsm4MD0hqmPmT-Gz_bFDArA==
Age: 1041

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8cd3be089cb19b3f640ea8cda3cc2af2
48f4c70d9a6f49b9f3671b811dd2fe37d8576c38
d95f3b2bf54014fbd6e4d5dc0df799c8ca655f63dd44a2b8f40e2205152b541b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D95F3B2BF54014FBD6E4D5DC0DF799C8CA655F63DD44A2B8F40E2205152B541B"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6327
Expires: Fri, 09 Dec 2022 18:09:33 GMT
Date: Fri, 09 Dec 2022 16:24:06 GMT
Connection: keep-alive

simplewebanalysis.com/stats

52.28.211.11

200 OK

40 B

URL HTTP/2
simplewebanalysis.com/stats
IP
52.28.211.11:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
b24b5c5d632fdf7ceedc5e56fdae59c0
6805f34c8711f9836cab2e334d9781225b2f2d36
11a5f2d6190b4f5797a5ec87e45d285eb2f33a7a0e0fcbb27891ecf6fda96c37

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.dump.xxx
Connection: keep-alive
Referer: https://www.dump.xxx/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:24:06 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://www.dump.xxx
access-control-allow-credentials: true
set-cookie: uid_id2=2d8a4906-a24b-4fd5-8431-ea9baed2d5ca:1:1; expires=Mon, 06 Dec 2032 16:24:06 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

ocsp.sca1b.amazontrust.com/

54.230.245.110

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
54.230.245.110:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
7a3b93489047f9ea14340f8606a4e869
6ed81d6bfa1507093680864ac2a93414473afcb2
ad23df78236e546d4650ec7b8b8f9094a4c927f0291c5f5ad86abfd997afae45

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=163566
Date: Fri, 09 Dec 2022 16:24:06 GMT
Etag: "6393389b-1d7"
Expires: Sun, 11 Dec 2022 13:50:12 GMT
Last-Modified: Fri, 09 Dec 2022 13:31:07 GMT
Server: ECS (bsa/EB24)
X-Cache: Miss from cloudfront
Via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: EX_pLoBed5NQrsX8xOWG4hkFmGAmjzjFO39jG2edBOR93ypeJ5q74w==
Age: 1145

simplewebanalysis.com/stats

52.28.211.11

200 OK

40 B

URL HTTP/2
simplewebanalysis.com/stats
IP
52.28.211.11:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
804376fcc1dcd133e01f49cd3efce9dc
32213e1745468bebe2851c1bde2f8394350f8009
1b1473910eefca58f5cdcaacda16602546cc0ed3e36725b9b5f0c33617bb7a16

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.dump.xxx
Connection: keep-alive
Referer: https://www.dump.xxx/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:24:06 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://www.dump.xxx
access-control-allow-credentials: true
set-cookie: uid_id2=591d61cf-0806-4cdf-827e-1bb0d66bb7ba:1:1; expires=Mon, 06 Dec 2032 16:24:06 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

e1.o.lencr.org/

95.101.11.115

200 OK

344 B

URL HTTP/1.1
e1.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
344 B (344 bytes)
Hash
903b57e9469c6f9aed96e4c10f8d335d
a6a4b2f07388b846299e86785a8c746a71632ed3
1ed983e83ea9a1c376a5b801250b9f22aecdffddf4f4600b5b92646fe0609f6a

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "1ED983E83EA9A1C376A5B801250B9F22AECDFFDDF4F4600B5B92646FE0609F6A"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3091
Expires: Fri, 09 Dec 2022 17:15:37 GMT
Date: Fri, 09 Dec 2022 16:24:06 GMT
Connection: keep-alive

fairfaxgeorgianayourself.com/pixel/purst?dl=0&th=0&sc=0&rs=1762&rd=1762&fd=945&bv=22.10.v.9&tmpl=70

173.233.137.36

200 OK

0 B

URL HTTP/1.1
fairfaxgeorgianayourself.com/pixel/purst?dl=0&th=0&sc=0&rs=1762&rd=1762&fd=945&bv=22.10.v.9&tmpl=70
IP
173.233.137.36:0
ASN
#7979 SERVERS-COM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pixel/purst?dl=0&th=0&sc=0&rs=1762&rd=1762&fd=945&bv=22.10.v.9&tmpl=70 HTTP/1.1
Host: fairfaxgeorgianayourself.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dump.xxx/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 09 Dec 2022 16:24:06 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

fairfaxgeorgianayourself.com/43/9b/c9/439bc92bde6d9b897c90c9694312cc38.js

173.233.137.36

200 OK

29 kB

URL HTTP/1.1
fairfaxgeorgianayourself.com/43/9b/c9/439bc92bde6d9b897c90c9694312cc38.js
IP
173.233.137.36:0
ASN
#7979 SERVERS-COM

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Size
29 kB (28765 bytes)
Hash
610d22de417d8f4b851533d623621e32
5e65fd5a04a511ea932bb0f17526aac59e6c1274
2eebdb72530167f433c85097ea03fbe0d381fd12983f3844b1f47fc77c10a555

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /43/9b/c9/439bc92bde6d9b897c90c9694312cc38.js HTTP/1.1
Host: fairfaxgeorgianayourself.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dump.xxx/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 09 Dec 2022 16:24:06 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 3e74ade3c0a1a8c6161f6eb2f772b02c
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3777
Expires: Fri, 09 Dec 2022 17:27:03 GMT
Date: Fri, 09 Dec 2022 16:24:06 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3777
Expires: Fri, 09 Dec 2022 17:27:03 GMT
Date: Fri, 09 Dec 2022 16:24:06 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3777
Expires: Fri, 09 Dec 2022 17:27:03 GMT
Date: Fri, 09 Dec 2022 16:24:06 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3777
Expires: Fri, 09 Dec 2022 17:27:03 GMT
Date: Fri, 09 Dec 2022 16:24:06 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3777
Expires: Fri, 09 Dec 2022 17:27:03 GMT
Date: Fri, 09 Dec 2022 16:24:06 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg

34.120.237.76

200 OK

7.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.6 kB (7557 bytes)
Hash
5de5d319f43d9c9c641419d96655541f
cde4c7fa0145d3645af17e34c83c63c08f76a076
fdb114eb142f035c7a54195d16af51b5b423642c312f4bccc0f407d8fcc245aa

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7557
x-amzn-requestid: 09204b5e-8af5-4d4b-8186-628443866e0f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ctlz5EISoAMFdWw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638ee9b2-357cd4f921c592e1319098dd;Sampled=0
x-amzn-remapped-date: Tue, 06 Dec 2022 07:05:22 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 3KZwQ5HqXa_-tUyDHA5m-65OprogFpFgbbKpEJ65k-Yy3lwoCg8M5w==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 07:13:15 GMT
age: 33051
etag: "cde4c7fa0145d3645af17e34c83c63c08f76a076"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a20bda5-6ca4-42c4-8729-6e975652e66a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.6 kB (6578 bytes)
Hash
8546542f00ea29ef4df6ab8d3c7c2164
5c8ffe91490006a9890188b53f875568c2b6bd8f
7fb11750ac339ac283da62fd370862c6b95a103a585ca5dd8c90038718d818a1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a20bda5-6ca4-42c4-8729-6e975652e66a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6578
x-amzn-requestid: 6392feb9-e33e-42fa-bc10-b5e31e654c9b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cw4beGG7oAMF8hA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63903aaf-2c890b7b0a16617346a0f7e7;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 07:03:11 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: nXaZ1pazAGWMI9GFYZjGlvVVIb8wX6feD0O8VpzjsL8F8l3mFmydAw==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 07:13:59 GMT
age: 33007
etag: "5c8ffe91490006a9890188b53f875568c2b6bd8f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60d2c55a-1a85-4fbf-b256-9d812a2b5ec2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.2 kB (5188 bytes)
Hash
fba9a3854df65740512f96efe7442e58
8fbff7725c842d70e047c635a725723a9dc9c55a
6e639298ebc82343cee9267d2910d15735af55f910e2c3de9218266b7c6fffc9

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60d2c55a-1a85-4fbf-b256-9d812a2b5ec2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5188
x-amzn-requestid: afb8cbd2-3674-4dac-9cd9-9ff83618ac0a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ck2-5G9joAMFlPA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638b6b92-2979ff216b9028aa70baef8b;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 15:30:26 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: dGxzuQ6zj6wXQbkBuKBnOKxwKJDHUyGoi7PgcugcpdX4QYruNiFxsQ==
via: 1.1 8ae6af4d17aae7471e5fe2792eb6abcc.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 21:51:24 GMT
age: 66762
etag: "8fbff7725c842d70e047c635a725723a9dc9c55a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F49a0678c-8bda-434a-a337-63696994d79c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.5 kB (5530 bytes)
Hash
a22fc7807fb3337f0af5e546c7ad366a
0d5969394b370a5c77c53ed58f55e5f8a45da3ab
98b4f4fd27dc036697fb0328083bce6e691b7493428f3a54991087d9d1165d97

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F49a0678c-8bda-434a-a337-63696994d79c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5530
x-amzn-requestid: adecbb8c-cec3-46a0-b32c-0026b8421fe5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cw4d8Fg6IAMF61g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63903abf-4bcb385f27cb438c36a2cd5e;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 07:03:27 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: uoulSfEOLxBRCmwK55huNOYSqpyZMFiibwTjm-HqOf67vsf-3o5jtg==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 13:33:54 GMT
age: 85181
etag: "0d5969394b370a5c77c53ed58f55e5f8a45da3ab"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2654f7a6-bd8b-4c13-9c46-9b7582ba979a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.2 kB (5169 bytes)
Hash
06514ce96ae21cb01f526a5febdcbeb4
ebb97e5b97f394e8c67098f55581d5329ce819a2
4099a2fb6ddc4feaa30f357a180d64aeb7c9fc73f115fc762d5fe5c221d2e89e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2654f7a6-bd8b-4c13-9c46-9b7582ba979a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5169
x-amzn-requestid: 277a1b04-4e19-4313-8aac-5f9ab9076305
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ctEdkFGrIAMFvHg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638eb456-5b21edd57297665012d536cc;Sampled=0
x-amzn-remapped-date: Tue, 06 Dec 2022 03:17:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: swNGUcNy2i0w9UGe-EJhwslE01TzTC3rrDhLhVVxHyhWMGSC1uq0mA==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 04:46:15 GMT
age: 41871
etag: "ebb97e5b97f394e8c67098f55581d5329ce819a2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbe602fad-66c2-48db-acd3-371ca6dcb8f6.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.9 kB (7897 bytes)
Hash
8c3214044657f3b876d1f1848bca5684
7558222788f06623ddae6e883413e38e1146281e
e1f9c9c445bba7765f371dbb655cab43c1e12de7cbd015f8034c494118f7f708

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbe602fad-66c2-48db-acd3-371ca6dcb8f6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7897
x-amzn-requestid: 032fd8ae-b7e9-4e12-8546-838191a73688
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cwVM_F51IAMFunw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63900252-345ae6cd107d207f5dbe29a8;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 03:02:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: oV7bB5Tek01MFi9x2tr_Wix13-UGlQPIt042XM0ALNUvVFYnu5DRcg==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 03:38:26 GMT
age: 45940
etag: "7558222788f06623ddae6e883413e38e1146281e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
583e393554c6c39e8b5e35445d44e256
ce70b1ecd95117cd989ff9b2f968afd16197f789
72d81586c02ab7ef1b7a89ca4611f72cfe6c023dede064ddb4b8cc8f1519490a

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "72D81586C02AB7EF1B7A89CA4611F72CFE6C023DEDE064DDB4B8CC8F1519490A"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9257
Expires: Fri, 09 Dec 2022 18:58:23 GMT
Date: Fri, 09 Dec 2022 16:24:06 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b4187bb7832fd2a3dbc269d981466f7a
c5129b0ee10e1ed34341cc13a5b7f979632e119f
c7d55fcd8889e65ece8ad1ab223432b882adaa26efe4289e0504705f988f9b35

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C7D55FCD8889E65ECE8AD1AB223432B882ADAA26EFE4289E0504705F988F9B35"
Last-Modified: Fri, 09 Dec 2022 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5947
Expires: Fri, 09 Dec 2022 18:03:13 GMT
Date: Fri, 09 Dec 2022 16:24:06 GMT
Connection: keep-alive

fairfaxgeorgianayourself.com/sbar.json?key=105304e684ccab534731149ed1bdf124&uuid=2d8a4906-a24b-4fd5-8431-ea9baed2d5ca%3A1%3A1

173.233.137.36

200 OK

3.4 kB

URL HTTP/1.1
fairfaxgeorgianayourself.com/sbar.json?key=105304e684ccab534731149ed1bdf124&uuid=2d8a4906-a24b-4fd5-8431-ea9baed2d5ca%3A1%3A1
IP
173.233.137.36:0
ASN
#7979 SERVERS-COM

File type
JSON data\012- , ASCII text, with very long lines (5983), with no line terminators
Size
3.4 kB (3439 bytes)
Hash
02aa59d728a1f0b550fc6ffd8f94f82c
cb53f8079898c17c59cb0a91244df6768b6322eb
943b2d49e1fa1e5ab6afcf6fbb06b4bbec6c7de93e22780ab6657e56092f86dd

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /sbar.json?key=105304e684ccab534731149ed1bdf124&uuid=2d8a4906-a24b-4fd5-8431-ea9baed2d5ca%3A1%3A1 HTTP/1.1
Host: fairfaxgeorgianayourself.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.dump.xxx
Connection: keep-alive
Referer: https://www.dump.xxx/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 09 Dec 2022 16:24:07 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://www.dump.xxx
Access-Control-Allow-Origin: https://www.dump.xxx
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17233750; expires=Sat, 10 Dec 2022 16:24:06 GMT; secure; SameSite=None
uid_id2=2d8a4906-a24b-4fd5-8431-ea9baed2d5ca:1:1; expires=Fri, 16 Dec 2022 16:24:06 GMT; secure; SameSite=None
pdhtkv=true; expires=Sat, 10 Dec 2022 16:24:07 GMT; secure; SameSite=None
uncs=1; expires=Sat, 10 Dec 2022 16:24:07 GMT; secure; SameSite=None
pdhtkv29=true; expires=Sat, 10 Dec 2022 16:24:07 GMT; secure; SameSite=None
uncs29=1; expires=Sat, 10 Dec 2022 16:24:07 GMT; secure; SameSite=None
slec105304e684ccab534731149ed1bdf124=[3843301]; expires=Fri, 09 Dec 2022 16:24:12 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9d8fa51cede4d6903498ddb910aa85f8
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

www.google-analytics.com/analytics.js

142.250.74.46

200 OK

20 kB

URL HTTP/2
www.google-analytics.com/analytics.js
IP
142.250.74.46:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1325)
Size
20 kB (20039 bytes)
Hash
47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e

HTTP Headers

GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dump.xxx/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Fri, 09 Dec 2022 15:34:02 GMT
expires: Fri, 09 Dec 2022 17:34:02 GMT
cache-control: public, max-age=7200
age: 3005
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

banquetunarmedgrater.com/advertisers.js

192.243.59.12

200 OK

0 B

URL HTTP/1.1
banquetunarmedgrater.com/advertisers.js
IP
192.243.59.12:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /advertisers.js HTTP/1.1
Host: banquetunarmedgrater.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dump.xxx/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Fri, 09 Dec 2022 16:24:07 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ba87c4653865a8d072d52c8a528d7842
Strict-Transport-Security: max-age=0; includeSubdomains

www.dump.xxx/favicon/android-icon-192x192.png

144.217.159.164

200 OK

40 kB

URL HTTP/2
www.dump.xxx/favicon/android-icon-192x192.png
IP
144.217.159.164:0
ASN
#16276 OVH SAS

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Size
40 kB (39483 bytes)
Hash
c6ea7d4edd7a519a51710282b883256a
778ae51d8e89f9c2466af45a4d63f87900a69f93
8d403a2598cd9029d279271c336439553e23959c6b4052ed1304f5cf8b00617c

HTTP Headers

GET /favicon/android-icon-192x192.png HTTP/1.1
Host: www.dump.xxx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dump.xxx/xxx/791/Barely_Legal_Blonde_Assign_To_Porn_Casting.html
Cookie: PHPSESSID=47f7a4f18eefdd3c087e7de44bb557d3; dump_xxx=bm9yZWZ8fHwxfDB8MHxub25lfDA6; dump_xxx_b=1670603045; ppu_show_on_672d85ea2c0a2440ce89a486df2fb3d3=1; dom3ic8zudi28v8lr6fgphwffqoz0j6c=591d61cf-0806-4cdf-827e-1bb0d66bb7ba%3A1%3A1; sb_page_105304e684ccab534731149ed1bdf124=1; sb_onpage_105304e684ccab534731149ed1bdf124=1; sb_main_105304e684ccab534731149ed1bdf124=1; sb_count_105304e684ccab534731149ed1bdf124=1; ppu_main_672d85ea2c0a2440ce89a486df2fb3d3=1; ppu_exp_672d85ea2c0a2440ce89a486df2fb3d3=1670604845904
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/png
content-length: 39483
last-modified: Mon, 08 Nov 2021 12:54:00 GMT
accept-ranges: bytes
expires: Sun, 08 Jan 2023 13:00:19 GMT
vary: User-Agent
front-end-https: on
date: Fri, 09 Dec 2022 13:00:19 GMT
cache-control: max-age=2592000, public
etag: W/"PSA-xup9Tt16UZ"
X-Firefox-Spdy: h2

www.dump.xxx/favicon/favicon-16x16.png

144.217.159.164

200 OK

1.6 kB

URL HTTP/2
www.dump.xxx/favicon/favicon-16x16.png
IP
144.217.159.164:0
ASN
#16276 OVH SAS

File type
PNG image data, 16 x 16, 8-bit colormap, non-interlaced\012- data
Size
1.6 kB (1633 bytes)
Hash
b2d6e31ab4b59fbd24bdcb2f2bc38516
234d0d3904278f758dbfcc06f61d7852632caea8
0fcf1ea6724b71e18fc1d09030c86ea76f4bd65223399ed8fd7f4c95cb321ca4

HTTP Headers

GET /favicon/favicon-16x16.png HTTP/1.1
Host: www.dump.xxx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dump.xxx/xxx/791/Barely_Legal_Blonde_Assign_To_Porn_Casting.html
Cookie: PHPSESSID=47f7a4f18eefdd3c087e7de44bb557d3; dump_xxx=bm9yZWZ8fHwxfDB8MHxub25lfDA6; dump_xxx_b=1670603045; ppu_show_on_672d85ea2c0a2440ce89a486df2fb3d3=1; dom3ic8zudi28v8lr6fgphwffqoz0j6c=591d61cf-0806-4cdf-827e-1bb0d66bb7ba%3A1%3A1; sb_page_105304e684ccab534731149ed1bdf124=1; sb_onpage_105304e684ccab534731149ed1bdf124=1; sb_main_105304e684ccab534731149ed1bdf124=1; sb_count_105304e684ccab534731149ed1bdf124=1; ppu_main_672d85ea2c0a2440ce89a486df2fb3d3=1; ppu_exp_672d85ea2c0a2440ce89a486df2fb3d3=1670604845904
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/png
content-length: 1633
last-modified: Mon, 08 Nov 2021 12:54:00 GMT
accept-ranges: bytes
expires: Sun, 08 Jan 2023 13:00:19 GMT
vary: User-Agent
front-end-https: on
date: Fri, 09 Dec 2022 13:00:19 GMT
cache-control: max-age=2592000, public
etag: W/"PSA-stbjGrS1n7"
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
96ffc94704e14c0a43103e77a67ea03c
16ac34abeb5c091f06142488f557b2aea78f146f
8ebd242e747c1d7010394568b6bc785cab76888767ebf9dea4e86e1951999efc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8EBD242E747C1D7010394568B6BC785CAB76888767EBF9DEA4E86E1951999EFC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7372
Expires: Fri, 09 Dec 2022 18:26:59 GMT
Date: Fri, 09 Dec 2022 16:24:07 GMT
Connection: keep-alive

recesslikeness.com/pixel/purst?dl=0&th=0&sc=0&rs=2191&rd=2191&fd=506&bv=22.10.v.10&tmpl=136

192.243.61.225

200 OK

0 B

URL HTTP/1.1
recesslikeness.com/pixel/purst?dl=0&th=0&sc=0&rs=2191&rd=2191&fd=506&bv=22.10.v.10&tmpl=136
IP
192.243.61.225:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pixel/purst?dl=0&th=0&sc=0&rs=2191&rd=2191&fd=506&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: recesslikeness.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dump.xxx/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 09 Dec 2022 16:24:07 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

fairfaxgeorgianayourself.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSQYgcRRStjpsgetHgRVAcUTCCO9s90727kxyWxLgSXJOQRHPxYFVX9Wy51V1tVff0ZE%2FBiEYQMtGLJ%2Bl9M8kSDWLuCqHXiwwIOx5kENdTwLskghdlJoOLH6r%2Br3r%2F8N77%2F6OtfI%2B4yOn47Jt6UypFF4K6WztyUSZcF7Z2%2BkLNc%2BvusdpFmSz6x2rdyWU6Rz03qLsv114X4YZeaLie63quV1uVRkS6uzBFIdPbLa%2Fecut%2Bo%2B4FPrrm%2F2%2BbO7DUAe%2FskcOQfHRw%2Fcc7kGGFJP72pLAbmU5feS3OFc20QYdvv5VsJLpIEO%2BXkXEQJduzbmg7IuSLA9DJ9kwBdGcwUQAmR8T5xQNLtmc0wTo3HjJlCiIB44%2Bj6FQQqoKkFUJ9BZLvEiDkOH0GSXzztDYFvfQQpRN0ROYe%2FAlZjMjcb08hib85oWS3dl6rPJM6sehGJWS3gmxXSPMdZJsOZLGDMPsAkv9EFh6sIYkHZ6zSkHz8YoMvU7%2FlLs7Ths%2Fm%2FYgH88t%2B05sXtMWo4A0ehHRqkZQVZFRBiR6odZBPjnSQRw7y1EHMxzUatCLXXYpY1Gwu%2B2EYNpthGCwv8oA3%2FeXIRR5ONPSQpT2EqofQXEZqLmNDfrYbHH4eJr8Lu17Ccgc2I%2BjwEoUgKCxBQQkKSVBkBEWnvMGVbdjyJlc2Z94sN2a5WfZ11t6iN3TWFgnZSvfIkxPznEN%2FvY0NMa55btB0fbE4YUlZ0PSXmp7ntwT3GI%2B8hg8rS0h7YCp1U47IM6tzSOXuCx%2BC0R1YtYNQPgGaPwta9JcaLuh63192sZncivL3hamHOgbXJdJsDtklZ0vtkaen8zs6uAcRDld2%2Fzn063fnxwhNidSUeE%2F%2BQNBWV%2FvndEEG53RhyZ0zaSZjuUknsz2f0Uwc%2FOoNcanQhp86aXu3jocTYFLeviBstkYTLpO2JV%2BfkJwLs6pNKMj3p%2BxFwc7mdv1EbpI8XTv76uqpODXCWqmTClSOCLn%2BO0I5Io99%2Bel0b5%2BL%2FoA0FUxeIs6HZBaQegdhehk2Ha7s%2Fn1fDh69CqsJjNrvYamDIi%2F7psH2P5UcEf%2Fje1BiuHL33rvHP1laA2UlrBiuVNfeOXK%2FugYm%2FjNly15F2zig2RUkcYmOKdFRJajqweaP9LPUDFd%2Bbk4DTDl9powzYMqo6w8NtnJcE0HkRsJtCBa1WLREXd6K%2FBajLU8ssYB6yOwo%2FJy%2B9C8AAAD%2F%2FwEAAP%2F%2FMt%2FoGpMEAAA%3D

173.233.137.36

200 OK

7 B

URL HTTP/1.1
fairfaxgeorgianayourself.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSQYgcRRStjpsgetHgRVAcUTCCO9s90727kxyWxLgSXJOQRHPxYFVX9Wy51V1tVff0ZE%2FBiEYQMtGLJ%2Bl9M8kSDWLuCqHXiwwIOx5kENdTwLskghdlJoOLH6r%2Br3r%2F8N77%2F6OtfI%2B4yOn47Jt6UypFF4K6WztyUSZcF7Z2%2BkLNc%2BvusdpFmSz6x2rdyWU6Rz03qLsv114X4YZeaLie63quV1uVRkS6uzBFIdPbLa%2Fecut%2Bo%2B4FPrrm%2F2%2BbO7DUAe%2FskcOQfHRw%2Fcc7kGGFJP72pLAbmU5feS3OFc20QYdvv5VsJLpIEO%2BXkXEQJduzbmg7IuSLA9DJ9kwBdGcwUQAmR8T5xQNLtmc0wTo3HjJlCiIB44%2Bj6FQQqoKkFUJ9BZLvEiDkOH0GSXzztDYFvfQQpRN0ROYe%2FAlZjMjcb08hib85oWS3dl6rPJM6sehGJWS3gmxXSPMdZJsOZLGDMPsAkv9EFh6sIYkHZ6zSkHz8YoMvU7%2FlLs7Ths%2Fm%2FYgH88t%2B05sXtMWo4A0ehHRqkZQVZFRBiR6odZBPjnSQRw7y1EHMxzUatCLXXYpY1Gwu%2B2EYNpthGCwv8oA3%2FeXIRR5ONPSQpT2EqofQXEZqLmNDfrYbHH4eJr8Lu17Ccgc2I%2BjwEoUgKCxBQQkKSVBkBEWnvMGVbdjyJlc2Z94sN2a5WfZ11t6iN3TWFgnZSvfIkxPznEN%2FvY0NMa55btB0fbE4YUlZ0PSXmp7ntwT3GI%2B8hg8rS0h7YCp1U47IM6tzSOXuCx%2BC0R1YtYNQPgGaPwta9JcaLuh63192sZncivL3hamHOgbXJdJsDtklZ0vtkaen8zs6uAcRDld2%2Fzn063fnxwhNidSUeE%2F%2BQNBWV%2FvndEEG53RhyZ0zaSZjuUknsz2f0Uwc%2FOoNcanQhp86aXu3jocTYFLeviBstkYTLpO2JV%2BfkJwLs6pNKMj3p%2BxFwc7mdv1EbpI8XTv76uqpODXCWqmTClSOCLn%2BO0I5Io99%2Bel0b5%2BL%2FoA0FUxeIs6HZBaQegdhehk2Ha7s%2Fn1fDh69CqsJjNrvYamDIi%2F7psH2P5UcEf%2Fje1BiuHL33rvHP1laA2UlrBiuVNfeOXK%2FugYm%2FjNly15F2zig2RUkcYmOKdFRJajqweaP9LPUDFd%2Bbk4DTDl9powzYMqo6w8NtnJcE0HkRsJtCBa1WLREXd6K%2FBajLU8ssYB6yOwo%2FJy%2B9C8AAAD%2F%2FwEAAP%2F%2FMt%2FoGpMEAAA%3D
IP
173.233.137.36:0
ASN
#7979 SERVERS-COM

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSQYgcRRStjpsgetHgRVAcUTCCO9s90727kxyWxLgSXJOQRHPxYFVX9Wy51V1tVff0ZE%2FBiEYQMtGLJ%2Bl9M8kSDWLuCqHXiwwIOx5kENdTwLskghdlJoOLH6r%2Br3r%2F8N77%2F6OtfI%2B4yOn47Jt6UypFF4K6WztyUSZcF7Z2%2BkLNc%2BvusdpFmSz6x2rdyWU6Rz03qLsv114X4YZeaLie63quV1uVRkS6uzBFIdPbLa%2Fecut%2Bo%2B4FPrrm%2F2%2BbO7DUAe%2FskcOQfHRw%2Fcc7kGGFJP72pLAbmU5feS3OFc20QYdvv5VsJLpIEO%2BXkXEQJduzbmg7IuSLA9DJ9kwBdGcwUQAmR8T5xQNLtmc0wTo3HjJlCiIB44%2Bj6FQQqoKkFUJ9BZLvEiDkOH0GSXzztDYFvfQQpRN0ROYe%2FAlZjMjcb08hib85oWS3dl6rPJM6sehGJWS3gmxXSPMdZJsOZLGDMPsAkv9EFh6sIYkHZ6zSkHz8YoMvU7%2FlLs7Ths%2Fm%2FYgH88t%2B05sXtMWo4A0ehHRqkZQVZFRBiR6odZBPjnSQRw7y1EHMxzUatCLXXYpY1Gwu%2B2EYNpthGCwv8oA3%2FeXIRR5ONPSQpT2EqofQXEZqLmNDfrYbHH4eJr8Lu17Ccgc2I%2BjwEoUgKCxBQQkKSVBkBEWnvMGVbdjyJlc2Z94sN2a5WfZ11t6iN3TWFgnZSvfIkxPznEN%2FvY0NMa55btB0fbE4YUlZ0PSXmp7ntwT3GI%2B8hg8rS0h7YCp1U47IM6tzSOXuCx%2BC0R1YtYNQPgGaPwta9JcaLuh63192sZncivL3hamHOgbXJdJsDtklZ0vtkaen8zs6uAcRDld2%2Fzn063fnxwhNidSUeE%2F%2BQNBWV%2FvndEEG53RhyZ0zaSZjuUknsz2f0Uwc%2FOoNcanQhp86aXu3jocTYFLeviBstkYTLpO2JV%2BfkJwLs6pNKMj3p%2BxFwc7mdv1EbpI8XTv76uqpODXCWqmTClSOCLn%2BO0I5Io99%2Bel0b5%2BL%2FoA0FUxeIs6HZBaQegdhehk2Ha7s%2Fn1fDh69CqsJjNrvYamDIi%2F7psH2P5UcEf%2Fje1BiuHL33rvHP1laA2UlrBiuVNfeOXK%2FugYm%2FjNly15F2zig2RUkcYmOKdFRJajqweaP9LPUDFd%2Bbk4DTDl9powzYMqo6w8NtnJcE0HkRsJtCBa1WLREXd6K%2FBajLU8ssYB6yOwo%2FJy%2B9C8AAAD%2F%2FwEAAP%2F%2FMt%2FoGpMEAAA%3D HTTP/1.1
Host: fairfaxgeorgianayourself.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dump.xxx/
Cookie: u_pl=17233750; uid_id2=2d8a4906-a24b-4fd5-8431-ea9baed2d5ca:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec105304e684ccab534731149ed1bdf124=[3843301]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 09 Dec 2022 16:24:07 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 3df5af16f94536d3f549789de5b7821d
Strict-Transport-Security: max-age=0; includeSubdomains

e1.o.lencr.org/

95.101.11.115

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
86fc724a00926b02780c2d6459b90fb7
dbf925559b90d11e9bdfbbc171f3ac1fe3210322
a096e53a81068e99d5caa600d62ae48d28b3f841598dfd85bfb61d5e050f890e

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "A096E53A81068E99D5CAA600D62AE48D28B3F841598DFD85BFB61D5E050F890E"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8924
Expires: Fri, 09 Dec 2022 18:52:51 GMT
Date: Fri, 09 Dec 2022 16:24:07 GMT
Connection: keep-alive

fairfaxgeorgianayourself.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2Fe6%2Fd7%2F97%2Fe6d797a3a7be0e7ec1877d1b33146dfa%2F1657714258.html&l=1190&fd=96

173.233.137.36

200 OK

0 B

URL HTTP/1.1
fairfaxgeorgianayourself.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2Fe6%2Fd7%2F97%2Fe6d797a3a7be0e7ec1877d1b33146dfa%2F1657714258.html&l=1190&fd=96
IP
173.233.137.36:0
ASN
#7979 SERVERS-COM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2Fe6%2Fd7%2F97%2Fe6d797a3a7be0e7ec1877d1b33146dfa%2F1657714258.html&l=1190&fd=96 HTTP/1.1
Host: fairfaxgeorgianayourself.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dump.xxx/
Cookie: u_pl=17233750; uid_id2=2d8a4906-a24b-4fd5-8431-ea9baed2d5ca:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec105304e684ccab534731149ed1bdf124=[3843301]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 09 Dec 2022 16:24:07 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

www.dump.xxx/templates/dump_tube/images/logo.svg

144.217.159.164

200 OK

24 kB

URL HTTP/2
www.dump.xxx/templates/dump_tube/images/logo.svg
IP
144.217.159.164:0
ASN
#16276 OVH SAS

File type
data
Size
24 kB (23930 bytes)
Hash
f962d76ed58e09f913cb3078c9a58191
004ac38d127b83d2ff126c2849913c368008047e
eaf43d3998341d9962e8529cd2a56c967054ea8da77fdb0d2a4c6189b0f5b96c

HTTP Headers

GET /templates/dump_tube/images/logo.svg HTTP/1.1
Host: www.dump.xxx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dump.xxx/xxx/791/Barely_Legal_Blonde_Assign_To_Porn_Casting.html
Cookie: PHPSESSID=47f7a4f18eefdd3c087e7de44bb557d3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 16:24:05 GMT
content-type: image/svg+xml
last-modified: Sat, 06 Nov 2021 21:14:06 GMT
expires: Sun, 11 Dec 2022 16:24:05 GMT
vary: Accept-Encoding, Accept-Encoding,User-Agent
front-end-https: on
content-encoding: gzip
cache-control: max-age=172800, s-maxage=10
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
d61883097c47c0fcb4a15cafc5bdbdfc
54411aba43093cafd1cb2acea7c2b4c69184611f
0aef2b974544f530bd591dd0201909a9c2a6b3f4451c69288bafc126d9a37e2c

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 16:24:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

e1.o.lencr.org/

95.101.11.115

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
86fc724a00926b02780c2d6459b90fb7
dbf925559b90d11e9bdfbbc171f3ac1fe3210322
a096e53a81068e99d5caa600d62ae48d28b3f841598dfd85bfb61d5e050f890e

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "A096E53A81068E99D5CAA600D62AE48D28B3F841598DFD85BFB61D5E050F890E"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8924
Expires: Fri, 09 Dec 2022 18:52:51 GMT
Date: Fri, 09 Dec 2022 16:24:07 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
0c8f51dc9f0403e9a4e798b49f977948
34ce92d502b92fd964f80d4c331cca9e42546954
ec4b08d6a0c6fd5733c3ceaf542b37eba10869511c0a782ece7c75bd74ee1084

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EC4B08D6A0C6FD5733C3CEAF542B37EBA10869511C0A782ECE7C75BD74EE1084"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12704
Expires: Fri, 09 Dec 2022 19:55:51 GMT
Date: Fri, 09 Dec 2022 16:24:07 GMT
Connection: keep-alive

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
d61883097c47c0fcb4a15cafc5bdbdfc
54411aba43093cafd1cb2acea7c2b4c69184611f
0aef2b974544f530bd591dd0201909a9c2a6b3f4451c69288bafc126d9a37e2c

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 16:24:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fairfaxgeorgianayourself.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2Fv2%2Fnew%2F3%2Fcss%2Fstyle.css&l=4649&fd=115

173.233.137.36

200 OK

0 B

URL HTTP/1.1
fairfaxgeorgianayourself.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2Fv2%2Fnew%2F3%2Fcss%2Fstyle.css&l=4649&fd=115
IP
173.233.137.36:0
ASN
#7979 SERVERS-COM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2Fv2%2Fnew%2F3%2Fcss%2Fstyle.css&l=4649&fd=115 HTTP/1.1
Host: fairfaxgeorgianayourself.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dump.xxx/
Cookie: u_pl=17233750; uid_id2=2d8a4906-a24b-4fd5-8431-ea9baed2d5ca:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec105304e684ccab534731149ed1bdf124=[3843301]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 09 Dec 2022 16:24:07 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

fairfaxgeorgianayourself.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2Fv2%2Fnew%2F3%2Fcss%2Fanimate.css&l=79313&fd=127

173.233.137.36

200 OK

0 B

URL HTTP/1.1
fairfaxgeorgianayourself.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2Fv2%2Fnew%2F3%2Fcss%2Fanimate.css&l=79313&fd=127
IP
173.233.137.36:0
ASN
#7979 SERVERS-COM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2Fv2%2Fnew%2F3%2Fcss%2Fanimate.css&l=79313&fd=127 HTTP/1.1
Host: fairfaxgeorgianayourself.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dump.xxx/
Cookie: u_pl=17233750; uid_id2=2d8a4906-a24b-4fd5-8431-ea9baed2d5ca:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec105304e684ccab534731149ed1bdf124=[3843301]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 09 Dec 2022 16:24:07 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

www.dump.xxx/ngx_pagespeed_beacon?url=https%3A%2F%2Fwww.dump.xxx%2Fxxx%2F791%2FBarely_Legal_Blonde_Assign_To_Porn_Casting.html

144.217.159.164

204 No Content

0 B

URL HTTP/2
www.dump.xxx/ngx_pagespeed_beacon?url=https%3A%2F%2Fwww.dump.xxx%2Fxxx%2F791%2FBarely_Legal_Blonde_Assign_To_Porn_Casting.html
IP
144.217.159.164:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /ngx_pagespeed_beacon?url=https%3A%2F%2Fwww.dump.xxx%2Fxxx%2F791%2FBarely_Legal_Blonde_Assign_To_Porn_Casting.html HTTP/1.1
Host: www.dump.xxx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 200
Origin: https://www.dump.xxx
Connection: keep-alive
Referer: https://www.dump.xxx/xxx/791/Barely_Legal_Blonde_Assign_To_Porn_Casting.html
Cookie: PHPSESSID=47f7a4f18eefdd3c087e7de44bb557d3; dump_xxx=bm9yZWZ8fHwxfDB8MHxub25lfDA6; dump_xxx_b=1670603045; ppu_show_on_672d85ea2c0a2440ce89a486df2fb3d3=1; dom3ic8zudi28v8lr6fgphwffqoz0j6c=591d61cf-0806-4cdf-827e-1bb0d66bb7ba%3A1%3A1; sb_page_105304e684ccab534731149ed1bdf124=1; sb_onpage_105304e684ccab534731149ed1bdf124=1; sb_main_105304e684ccab534731149ed1bdf124=1; sb_count_105304e684ccab534731149ed1bdf124=1; ppu_main_672d85ea2c0a2440ce89a486df2fb3d3=1; ppu_exp_672d85ea2c0a2440ce89a486df2fb3d3=1670604845904; _ga=GA1.2.1267906134.1670603046; _gid=GA1.2.730015050.1670603046; _gat_gtag_UA_8881943_10=1; pbpr0tpuw4isk85t8yg3jb2lj5vqf=fairfaxgeorgianayourself.com; ppu_idelay_439bc92bde6d9b897c90c9694312cc38=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Fri, 09 Dec 2022 16:24:07 GMT
cache-control: max-age=0, no-cache
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

cdn.cloudimagesb.com/si/d1/90/26/d190268dee103ee1f2ce0c8843373c8c/1669910386.png

45.133.44.10

200 OK

70 kB

URL HTTP/2
cdn.cloudimagesb.com/si/d1/90/26/d190268dee103ee1f2ce0c8843373c8c/1669910386.png
IP
45.133.44.10:0
ASN
#39572 DataWeb Global Group B.V.

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Size
70 kB (69836 bytes)
Hash
eafe1a0bfd2db8c1aa79136e4826d19e
1d67e0efb736dfd011ae8cb71440e2301a97dc4e
2bc894548ddaf6375cbd7a7f604d3b27a5b8971a5768d68ac7b6c5ed64d7a3c8

HTTP Headers

GET /si/d1/90/26/d190268dee103ee1f2ce0c8843373c8c/1669910386.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:24:07 GMT
content-type: image/png
content-length: 69836
server: nginx/1.17.6
last-modified: Thu, 01 Dec 2022 15:59:54 GMT
etag: "6388cf7a-110cc"
expires: Sun, 11 Dec 2022 16:24:07 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

fairfaxgeorgianayourself.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2Fv2%2Fnew%2F3%2Fjs%2Fscript.js&l=383&fd=40

173.233.137.36

200 OK

0 B

URL HTTP/1.1
fairfaxgeorgianayourself.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2Fv2%2Fnew%2F3%2Fjs%2Fscript.js&l=383&fd=40
IP
173.233.137.36:0
ASN
#7979 SERVERS-COM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2Fv2%2Fnew%2F3%2Fjs%2Fscript.js&l=383&fd=40 HTTP/1.1
Host: fairfaxgeorgianayourself.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dump.xxx/
Cookie: u_pl=17233750; uid_id2=2d8a4906-a24b-4fd5-8431-ea9baed2d5ca:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec105304e684ccab534731149ed1bdf124=[3843301]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 09 Dec 2022 16:24:07 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

www.dump.xxx/ngx_pagespeed_beacon?url=https%3A%2F%2Fwww.dump.xxx%2Fxxx%2F791%2FBarely_Legal_Blonde_Assign_To_Porn_Casting.html

144.217.159.164

204 No Content

0 B

URL HTTP/2
www.dump.xxx/ngx_pagespeed_beacon?url=https%3A%2F%2Fwww.dump.xxx%2Fxxx%2F791%2FBarely_Legal_Blonde_Assign_To_Porn_Casting.html
IP
144.217.159.164:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /ngx_pagespeed_beacon?url=https%3A%2F%2Fwww.dump.xxx%2Fxxx%2F791%2FBarely_Legal_Blonde_Assign_To_Porn_Casting.html HTTP/1.1
Host: www.dump.xxx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 1291
Origin: https://www.dump.xxx
Connection: keep-alive
Referer: https://www.dump.xxx/xxx/791/Barely_Legal_Blonde_Assign_To_Porn_Casting.html
Cookie: PHPSESSID=47f7a4f18eefdd3c087e7de44bb557d3; dump_xxx=bm9yZWZ8fHwxfDB8MHxub25lfDA6; dump_xxx_b=1670603045; ppu_show_on_672d85ea2c0a2440ce89a486df2fb3d3=1; dom3ic8zudi28v8lr6fgphwffqoz0j6c=591d61cf-0806-4cdf-827e-1bb0d66bb7ba%3A1%3A1; sb_page_105304e684ccab534731149ed1bdf124=1; sb_onpage_105304e684ccab534731149ed1bdf124=1; sb_main_105304e684ccab534731149ed1bdf124=1; sb_count_105304e684ccab534731149ed1bdf124=1; ppu_main_672d85ea2c0a2440ce89a486df2fb3d3=1; ppu_exp_672d85ea2c0a2440ce89a486df2fb3d3=1670604845904; _ga=GA1.2.1267906134.1670603046; _gid=GA1.2.730015050.1670603046; _gat_gtag_UA_8881943_10=1; pbpr0tpuw4isk85t8yg3jb2lj5vqf=fairfaxgeorgianayourself.com; ppu_idelay_439bc92bde6d9b897c90c9694312cc38=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Fri, 09 Dec 2022 16:24:07 GMT
cache-control: max-age=0, no-cache
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
43965e8362467edc064e07984ceb6468
6317037ffe022b657a87db808ae6641e7ca3325f
ff348f0f8947e883866aa8f1cab9b98eeb0ebcd4be85550d780c6282018f08c5

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FF348F0F8947E883866AA8F1CAB9B98EEB0EBCD4BE85550D780C6282018F08C5"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10688
Expires: Fri, 09 Dec 2022 19:22:15 GMT
Date: Fri, 09 Dec 2022 16:24:07 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
43965e8362467edc064e07984ceb6468
6317037ffe022b657a87db808ae6641e7ca3325f
ff348f0f8947e883866aa8f1cab9b98eeb0ebcd4be85550d780c6282018f08c5

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FF348F0F8947E883866AA8F1CAB9B98EEB0EBCD4BE85550D780C6282018F08C5"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10688
Expires: Fri, 09 Dec 2022 19:22:15 GMT
Date: Fri, 09 Dec 2022 16:24:07 GMT
Connection: keep-alive

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
8f6ab0debac98d11413e20fa98ba8286
e63543ba0f3a685edf4d8fee3f587efd5417015f
fe6bc081b1963c61a3af1ab7b7b1213ae5bc7b962c5474d8f6fe123547d5d309

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 16:24:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
8f6ab0debac98d11413e20fa98ba8286
e63543ba0f3a685edf4d8fee3f587efd5417015f
fe6bc081b1963c61a3af1ab7b7b1213ae5bc7b962c5474d8f6fe123547d5d309

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 16:24:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

142.250.74.35

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.dump.xxx
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 07 Dec 2022 19:33:54 GMT
expires: Thu, 07 Dec 2023 19:33:54 GMT
cache-control: public, max-age=31536000
age: 161413
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/js/script.js

172.64.108.13

200 OK

16 kB

URL HTTP/2
cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/js/script.js
IP
172.64.108.13:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
16 kB (16043 bytes)
Hash
16060ea9f36d475bee76eea6a900e287
6b552627a4f415889e3d9a7d051b55e7e50068a5
fbd1d173e8d66e6e1d7b303a29ba33582be9547be4d04e18fb30fee559cd936e

HTTP Headers

GET /sb/chat/mob/ssp/v2/new/3/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.dump.xxx
Connection: keep-alive
Referer: https://www.dump.xxx/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:24:07 GMT
content-type: application/javascript
last-modified: Wed, 13 Jul 2022 12:13:56 GMT
etag: W/"62ceb704-17f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 584095
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KzgSezOMa1Y6jXMFC7h9nrCAPdvsjvZsThJZ9CVIRnh1ljX2lX2FTB12UESn2J%2F8n%2B%2Bjjr35OZlpcTkqgFDe13mC9eeJiVp1KbDEdoiLomvtdtLW4oirYb40g4HAFP5XXKYX9wLEQODO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 776f16d77b4176a3-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

fairfaxgeorgianayourself.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSTYgcRRSujpsgetHgRVAcUTCCO9u%2FOzPJYUmMK8E1CUk0Fw9WV1Xvllvd1VZ1T2%2F2FIxoBCEbvXiS3m82WaJBzF0h9HqRBWHHgyziegp4l0TwosxkcPFB1XtV3zt83%2FfeR%2BvlHnFR0t2zb%2BpVqRSdidpu68hFmXFd2dbpCy3PbbvHWhdlNhsea62MLtM%2F6rlR23259bpgy3rGdz3X9VyvNS%2BNSPTKzBiFzG%2F3vHbPbYd%2B24tCrJj%2Fv23pwFIHvL9HDkPy4cGlH%2B9AsgZZ%2Bu1JYZcLnb%2FyWloqWmiDPt98K1vOdJUh3S8T4yDJNifd0HZIyBcHoLPNiQLo%2FsZIAWI5JM4vHuJsc0ITcf%2FGQ6axgsgQ88dR9RsI1UDSBkxfgeQ7BGAcp88gS2%2Be1qailx6idIQOydSDPyGrIZn67Slk6TcnlFxpndeqLKTOLFaSGnKlgVxskJdbKFYdyGoLrPgAkv9EZh4sIEs3zlilIfnuiz7v0rDnzk5TP4ynw4RH090w8KYF7cVUcJ9HjI4tkrKBTBoosQZqHZSjIx2UiYMyd5Dy3RaNeonrdpI4CYJuyBgLAsai7iyPeBB2ExclG2lYQ5Gvgak1MHMZubmMZfnZTnT4eZjyLuxSDcsd2IKgz2tUgqCyBBUlqCRBVRBU%2FfoGV9a39U2ubBl7k%2BxPclAPdLG4Tm%2FoYlFkZD3fI0%2BOzHMO%2FfU2lsVuy3OjwA3F7IgljaMg7ASeF%2FYE92KeeH4IK2tIe2AsdVUOyTPzU8jlzgsfIqZbsGoLTD4BWj4LWg06vgu6NAi7LlazW0n5vjBtplNwXSMvplBcctbVHnl6PL%2BjG%2Fcg2Pbczj%2BHfv3u%2FC6YqZGbGu%2FJHwgW1dXBOV2RjXO6suTOmbyQqVylo9meL2ghDn71hrhUacNPnbRrt46zETAqb18QtligGZfZoiVfn5CcCzOvDRPk%2B1P2oojPlnbpRGmyMl84%2B%2Br8qTQ3wlqpswZUDgm5%2FjuYHJLHvvx0vLfPJX9AmgamrJGW22QSkHoLLL8Mm2%2FP7fx9X248ehVWExi13xPnDqqyHhg%2F3v9UckjCj%2B9Bie25u%2FfePf5JZwE0rmHF9lxz7Z0j95triMV%2Fpqzbq1g0DmhxBVlao29q9FUNqtZgy0cGRW62534OxoFYOYNYGWcjVkZdf2iwlbutyAtFN%2B52GOexYNzr%2BEE3cF2f87DTE14PhR2yz%2BlL%2FwIAAP%2F%2FAQAA%2F%2F8m12b8kwQAAA%3D%3D

173.233.137.36

200 OK

7 B

URL HTTP/1.1
fairfaxgeorgianayourself.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSTYgcRRSujpsgetHgRVAcUTCCO9u%2FOzPJYUmMK8E1CUk0Fw9WV1Xvllvd1VZ1T2%2F2FIxoBCEbvXiS3m82WaJBzF0h9HqRBWHHgyziegp4l0TwosxkcPFB1XtV3zt83%2FfeR%2BvlHnFR0t2zb%2BpVqRSdidpu68hFmXFd2dbpCy3PbbvHWhdlNhsea62MLtM%2F6rlR23259bpgy3rGdz3X9VyvNS%2BNSPTKzBiFzG%2F3vHbPbYd%2B24tCrJj%2Fv23pwFIHvL9HDkPy4cGlH%2B9AsgZZ%2Bu1JYZcLnb%2FyWloqWmiDPt98K1vOdJUh3S8T4yDJNifd0HZIyBcHoLPNiQLo%2FsZIAWI5JM4vHuJsc0ITcf%2FGQ6axgsgQ88dR9RsI1UDSBkxfgeQ7BGAcp88gS2%2Be1qailx6idIQOydSDPyGrIZn67Slk6TcnlFxpndeqLKTOLFaSGnKlgVxskJdbKFYdyGoLrPgAkv9EZh4sIEs3zlilIfnuiz7v0rDnzk5TP4ynw4RH090w8KYF7cVUcJ9HjI4tkrKBTBoosQZqHZSjIx2UiYMyd5Dy3RaNeonrdpI4CYJuyBgLAsai7iyPeBB2ExclG2lYQ5Gvgak1MHMZubmMZfnZTnT4eZjyLuxSDcsd2IKgz2tUgqCyBBUlqCRBVRBU%2FfoGV9a39U2ubBl7k%2BxPclAPdLG4Tm%2FoYlFkZD3fI0%2BOzHMO%2FfU2lsVuy3OjwA3F7IgljaMg7ASeF%2FYE92KeeH4IK2tIe2AsdVUOyTPzU8jlzgsfIqZbsGoLTD4BWj4LWg06vgu6NAi7LlazW0n5vjBtplNwXSMvplBcctbVHnl6PL%2BjG%2Fcg2Pbczj%2BHfv3u%2FC6YqZGbGu%2FJHwgW1dXBOV2RjXO6suTOmbyQqVylo9meL2ghDn71hrhUacNPnbRrt46zETAqb18QtligGZfZoiVfn5CcCzOvDRPk%2B1P2oojPlnbpRGmyMl84%2B%2Br8qTQ3wlqpswZUDgm5%2FjuYHJLHvvx0vLfPJX9AmgamrJGW22QSkHoLLL8Mm2%2FP7fx9X248ehVWExi13xPnDqqyHhg%2F3v9UckjCj%2B9Bie25u%2FfePf5JZwE0rmHF9lxz7Z0j95triMV%2Fpqzbq1g0DmhxBVlao29q9FUNqtZgy0cGRW62534OxoFYOYNYGWcjVkZdf2iwlbutyAtFN%2B52GOexYNzr%2BEE3cF2f87DTE14PhR2yz%2BlL%2FwIAAP%2F%2FAQAA%2F%2F8m12b8kwQAAA%3D%3D
IP
173.233.137.36:0
ASN
#7979 SERVERS-COM

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSTYgcRRSujpsgetHgRVAcUTCCO9u%2FOzPJYUmMK8E1CUk0Fw9WV1Xvllvd1VZ1T2%2F2FIxoBCEbvXiS3m82WaJBzF0h9HqRBWHHgyziegp4l0TwosxkcPFB1XtV3zt83%2FfeR%2BvlHnFR0t2zb%2BpVqRSdidpu68hFmXFd2dbpCy3PbbvHWhdlNhsea62MLtM%2F6rlR23259bpgy3rGdz3X9VyvNS%2BNSPTKzBiFzG%2F3vHbPbYd%2B24tCrJj%2Fv23pwFIHvL9HDkPy4cGlH%2B9AsgZZ%2Bu1JYZcLnb%2FyWloqWmiDPt98K1vOdJUh3S8T4yDJNifd0HZIyBcHoLPNiQLo%2FsZIAWI5JM4vHuJsc0ITcf%2FGQ6axgsgQ88dR9RsI1UDSBkxfgeQ7BGAcp88gS2%2Be1qailx6idIQOydSDPyGrIZn67Slk6TcnlFxpndeqLKTOLFaSGnKlgVxskJdbKFYdyGoLrPgAkv9EZh4sIEs3zlilIfnuiz7v0rDnzk5TP4ynw4RH090w8KYF7cVUcJ9HjI4tkrKBTBoosQZqHZSjIx2UiYMyd5Dy3RaNeonrdpI4CYJuyBgLAsai7iyPeBB2ExclG2lYQ5Gvgak1MHMZubmMZfnZTnT4eZjyLuxSDcsd2IKgz2tUgqCyBBUlqCRBVRBU%2FfoGV9a39U2ubBl7k%2BxPclAPdLG4Tm%2FoYlFkZD3fI0%2BOzHMO%2FfU2lsVuy3OjwA3F7IgljaMg7ASeF%2FYE92KeeH4IK2tIe2AsdVUOyTPzU8jlzgsfIqZbsGoLTD4BWj4LWg06vgu6NAi7LlazW0n5vjBtplNwXSMvplBcctbVHnl6PL%2BjG%2Fcg2Pbczj%2BHfv3u%2FC6YqZGbGu%2FJHwgW1dXBOV2RjXO6suTOmbyQqVylo9meL2ghDn71hrhUacNPnbRrt46zETAqb18QtligGZfZoiVfn5CcCzOvDRPk%2B1P2oojPlnbpRGmyMl84%2B%2Br8qTQ3wlqpswZUDgm5%2FjuYHJLHvvx0vLfPJX9AmgamrJGW22QSkHoLLL8Mm2%2FP7fx9X248ehVWExi13xPnDqqyHhg%2F3v9UckjCj%2B9Bie25u%2FfePf5JZwE0rmHF9lxz7Z0j95triMV%2Fpqzbq1g0DmhxBVlao29q9FUNqtZgy0cGRW62534OxoFYOYNYGWcjVkZdf2iwlbutyAtFN%2B52GOexYNzr%2BEE3cF2f87DTE14PhR2yz%2BlL%2FwIAAP%2F%2FAQAA%2F%2F8m12b8kwQAAA%3D%3D HTTP/1.1
Host: fairfaxgeorgianayourself.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dump.xxx/
Cookie: u_pl=17233750; uid_id2=2d8a4906-a24b-4fd5-8431-ea9baed2d5ca:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec105304e684ccab534731149ed1bdf124=[3843301]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 09 Dec 2022 16:24:07 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 07764fb7088d8a709034004ecf7324fd
Strict-Transport-Security: max-age=0; includeSubdomains

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
8f6ab0debac98d11413e20fa98ba8286
e63543ba0f3a685edf4d8fee3f587efd5417015f
fe6bc081b1963c61a3af1ab7b7b1213ae5bc7b962c5474d8f6fe123547d5d309

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 16:24:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fairfaxgeorgianayourself.com/pixel/sbs?c=1

173.233.137.36

200 OK

0 B

URL HTTP/1.1
fairfaxgeorgianayourself.com/pixel/sbs?c=1
IP
173.233.137.36:0
ASN
#7979 SERVERS-COM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pixel/sbs?c=1 HTTP/1.1
Host: fairfaxgeorgianayourself.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dump.xxx/
Cookie: u_pl=17233750; uid_id2=2d8a4906-a24b-4fd5-8431-ea9baed2d5ca:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec105304e684ccab534731149ed1bdf124=[3843301]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 09 Dec 2022 16:24:07 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

unseenreport.com/pxf.gif?uuid=591d61cf-0806-4cdf-827e-1bb0d66bb7ba&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=672d85ea2c0a2440ce89a486df2fb3d3&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=16

192.243.59.13

200 OK

1 B

URL HTTP/1.1
unseenreport.com/pxf.gif?uuid=591d61cf-0806-4cdf-827e-1bb0d66bb7ba&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=672d85ea2c0a2440ce89a486df2fb3d3&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=16
IP
192.243.59.13:0
ASN
#39572 DataWeb Global Group B.V.

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=591d61cf-0806-4cdf-827e-1bb0d66bb7ba&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=672d85ea2c0a2440ce89a486df2fb3d3&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=16 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dump.xxx/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Fri, 09 Dec 2022 16:24:08 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: fbfe9a297999bbdd6c43b7ea3f279e58
Strict-Transport-Security: max-age=0; includeSubdomains

unseenreport.com/pxf.gif?uuid=591d61cf-0806-4cdf-827e-1bb0d66bb7ba&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=105304e684ccab534731149ed1bdf124&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=16

192.243.59.13

200 OK

1 B

URL HTTP/1.1
unseenreport.com/pxf.gif?uuid=591d61cf-0806-4cdf-827e-1bb0d66bb7ba&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=105304e684ccab534731149ed1bdf124&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=16
IP
192.243.59.13:0
ASN
#39572 DataWeb Global Group B.V.

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=591d61cf-0806-4cdf-827e-1bb0d66bb7ba&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=105304e684ccab534731149ed1bdf124&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=16 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dump.xxx/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Fri, 09 Dec 2022 16:24:08 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7488bc79bc5e70b2ffdce45af9f16ba0
Strict-Transport-Security: max-age=0; includeSubdomains

unseenreport.com/pxf.gif?uuid=591d61cf-0806-4cdf-827e-1bb0d66bb7ba&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=439bc92bde6d9b897c90c9694312cc38&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=16

192.243.59.13

200 OK

1 B

URL HTTP/1.1
unseenreport.com/pxf.gif?uuid=591d61cf-0806-4cdf-827e-1bb0d66bb7ba&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=439bc92bde6d9b897c90c9694312cc38&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=16
IP
192.243.59.13:0
ASN
#39572 DataWeb Global Group B.V.

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=591d61cf-0806-4cdf-827e-1bb0d66bb7ba&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=439bc92bde6d9b897c90c9694312cc38&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=16 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dump.xxx/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Fri, 09 Dec 2022 16:24:08 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f1d4efbb9e2fd7bdb427728e15075d3e
Strict-Transport-Security: max-age=0; includeSubdomains

34.120.237.76

200 OK

13 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf07b4f3-8986-4a9c-8c85-b126338852d2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
13 kB (12748 bytes)
Hash
730ba1a8edb79ba6f83b46d1ba5aed7b
55a236fedf6f5f7ca2bb88ae13e20846a50fd36d
f8043e76265c59073d111987fd4c08d05a3ac80989af9269cca9ebcc21af4013

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf07b4f3-8986-4a9c-8c85-b126338852d2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-length: 12748
x-amzn-requestid: edd028e3-c23e-4985-b12d-d3ebe760df47
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cjuciEptIAMFj9A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638af783-1c151eb66f590c9c0e0c4c82;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 07:15:15 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: -y4-_OwHl5_OFykJYYZSqwIopjKoYy1MhaGTpVXd4Grq2EsUP2c3IA==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 12:33:36 GMT
age: 13837
etag: "55a236fedf6f5f7ca2bb88ae13e20846a50fd36d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

friendshipmale.com/sfp.js

172.64.163.31

200 OK

0 B

URL HTTP/2
friendshipmale.com/sfp.js
IP
172.64.163.31:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dump.xxx/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:24:06 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 7d6d58e910dfa8dd4a1e91fe59abe900
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Fri, 09 Dec 2022 16:24:06 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OurDigehGAdgalLCxyxaTGhpgpufrP9f8KNfk5Zr81HUkbUt5TOJry0XZfogkkXeBiW1zv%2FeN7N5WehapoKubNmI2FUqGmy3nnBC13vC5cZgL4Y2Uaq2mG%2FWwCHPgIjXkqr10qg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 776f16cfdcfd72eb-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.barscreative1.com/sb/au/e6/d7/97/e6d797a3a7be0e7ec1877d1b33146dfa/1657714258.html

45.133.44.3

200 OK

0 B

URL HTTP/2
cdn.barscreative1.com/sb/au/e6/d7/97/e6d797a3a7be0e7ec1877d1b33146dfa/1657714258.html
IP
45.133.44.3:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /sb/au/e6/d7/97/e6d797a3a7be0e7ec1877d1b33146dfa/1657714258.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.dump.xxx
Connection: keep-alive
Referer: https://www.dump.xxx/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:24:07 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Wed, 13 Jul 2022 12:11:03 GMT
etag: W/"62ceb657-4a6"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Fri, 09 Dec 2022 17:24:07 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/css/animate.css

172.64.108.13

200 OK

0 B

URL HTTP/2
cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/css/animate.css
IP
172.64.108.13:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sb/chat/mob/ssp/v2/new/3/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.dump.xxx
Connection: keep-alive
Referer: https://www.dump.xxx/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:24:07 GMT
content-type: text/css
last-modified: Wed, 13 Jul 2022 12:13:56 GMT
etag: W/"62ceb704-135d1"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1123928
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iHtsLI6OC32VRY%2BUPod78Q%2FVIUdoQchRi8iLnhGsCcPCUSjsf6%2FZ2gPTFVED5DKFkGHyB9WH%2B2KsGGDUhHvCI1%2FP9KxN7DjaKKCcKwLplz86BxW1O8X8kocUEaOX91%2BcCbCflpqAIW%2B1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 776f16d6294b76a3-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/js/jquery.min.js

172.64.108.13

200 OK

0 B

URL HTTP/2
cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/js/jquery.min.js
IP
172.64.108.13:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sb/chat/mob/ssp/v2/new/3/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:24:07 GMT
content-type: application/javascript
last-modified: Wed, 13 Jul 2022 12:13:58 GMT
etag: W/"62ceb706-15d94"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 2082787
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k%2B4Ou2rvDfP1Cd02jKin%2BABVsF%2BXf3ivd2mjmvtjEcx%2BmCdAzXZAcsDXje2lM%2BT%2FtXbc6VZ8ZpmMC8l4p5FwpLVbMcbs3%2BwKW7h6%2FxwTA3%2BjCQsjRKb53Tp%2BfNDcC5HiJ%2FIrTcuzEuvT"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 776f16d679fe76a3-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (26)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations