r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash c21ba65e44ac95470c314e068e49a9eb
17a13b13738993d889d4afa3d848dc63bf6eba64
9bd0795b30e84ce63b6e2a365ca91bbffc395dd955e112152066c31e63a4ab66
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9BD0795B30E84CE63B6E2A365CA91BBFFC395DD955E112152066C31E63A4AB66"
Last-Modified: Sat, 04 Feb 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3826
Expires: Mon, 06 Feb 2023 23:25:21 GMT
Date: Mon, 06 Feb 2023 22:21:35 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 507011ccb9124dcd57e84a90a0965cc4
1a6575d0ac979c7184490cc9836ac4812ad2afd1
01626c18e1e68507aa33ef7448dbc3311901ab6f29adc2f51d449409b0680dce
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "01626C18E1E68507AA33EF7448DBC3311901AB6F29ADC2F51D449409B0680DCE"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8500
Expires: Tue, 07 Feb 2023 00:43:15 GMT
Date: Mon, 06 Feb 2023 22:21:35 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Content-Type, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 06 Feb 2023 21:34:06 GMT
content-type: application/json
age: 2849
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
192.99.211.122/male-vibrator-bondage-hentai.html
200 OK 13 kB URL HTTP/1.1 192.99.211.122/male-vibrator-bondage-hentai.html
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (5923)
Hash b8e378d2b5c4a85ebca6bd64376871dd
b60c27fba0677c061c6691661eb3cc0dd5630c98
a82b933da3d8e125da5e2bdca222f92de77d0b6aedd05a25e09d93b91a4fd4f2
Analyzer Verdict Alert quad9 Sinkholed
GET /male-vibrator-bondage-hentai.html HTTP/1.1
Host: 192.99.211.122
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 22:21:34 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Cache-Control: max-age=2592000
Expires: Wed, 08 Mar 2023 22:21:34 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 12804
Keep-Alive: timeout=2, max=1000
Content-Type: text/html; charset=UTF-8
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash fb7b6b46e708ad73eaaa3c21e74569ae
950663c025acad81556af5aa3022ecc9d55097fe
763f58b9fb838378c92033b59907b036f4c33081f5103d9bcc2ca2a8de500d64
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "763F58B9FB838378C92033B59907B036F4C33081F5103D9BCC2CA2A8DE500D64"
Last-Modified: Sat, 04 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10473
Expires: Tue, 07 Feb 2023 01:16:08 GMT
Date: Mon, 06 Feb 2023 22:21:35 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
IP
File type PEM certificate\012- , ASCII text
Hash e76071a28ee566dababb3834f46d68ed
aebb4e68c1ba2de0f90025283e8ed8470944fde0
78b6df2627172e5b35476bc31020f02898cdc412aaf4337af2c3b049a60912b6
GET /chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: TnnoYIZfHloTsVtbAAq70HirORZRYInCWSPhdMvk5B7nO4OX4Qvd997qC13NylUG/tMd/oJFY84=
x-amz-request-id: SKXTH7TAXNFFD7TA
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 06 Feb 2023 21:35:16 GMT
age: 2779
last-modified: Sun, 29 Jan 2023 18:44:47 GMT
etag: "e76071a28ee566dababb3834f46d68ed"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 06 Feb 2023 22:21:35 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
192.99.211.122/js/views.js
200 OK 2.2 kB URL HTTP/1.1 192.99.211.122/js/views.js
IP
File type ASCII text, with very long lines (548)
Hash 36d5c0301a23522546eae420d379aabb
d9b4fc62a56f4496d073a5900e46cc553e93fa5d
f07e981ea6242920fbc0313ea2c4b42553264af38abe6bc5a29e7aacef3345b2
Analyzer Verdict Alert quad9 Sinkholed
GET /js/views.js HTTP/1.1
Host: 192.99.211.122
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://192.99.211.122/male-vibrator-bondage-hentai.html
HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 22:21:35 GMT
Server: Apache
Last-Modified: Wed, 16 Jan 2019 16:57:18 GMT
ETag: "6f98291-21c1-57f962baaf780-gzip"
Accept-Ranges: bytes
Cache-Control: max-age=2592000, private
Expires: Wed, 08 Mar 2023 22:21:35 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2223
Keep-Alive: timeout=2, max=999
Connection: Keep-Alive
Content-Type: application/javascript
cdnp.kink.com/imagedb/103314/indexImage/103314_advertimage_001_full.png
200 OK 523 kB URL HTTP/2 cdnp.kink.com/imagedb/103314/indexImage/103314_advertimage_001_full.png
IP
File type PNG image data, 830 x 467, 8-bit/color RGB, non-interlaced\012- data
Size 523 kB (522810 bytes)
Hash 26ed4b9d33d45fcb5a1404d296884005
52f881e9b936b76ce79ba11ad6b93b774644be74
74197f9615d19e30483f4672a1b7adaa9b3fd03bc993aa9132bf61bd14311515
GET /imagedb/103314/indexImage/103314_advertimage_001_full.png HTTP/1.1
Host: cdnp.kink.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://192.99.211.122/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 22:21:35 GMT
etag: "1649361284"
cache-control: max-age=8368755
content-encoding: gzip
content-length: 522810
content-type: image/png
last-modified: Thu, 07 Apr 2022 19:54:44 GMT
accept-ranges: bytes
access-control-allow-credentials: true
x-hw: 1675722095.dop229.sk1.t,1675722095.cds256.sk1.hn,1675722095.cds205.sk1.c
X-Firefox-Spdy: h2
192.99.211.122/js/lazysizes.min.js
200 OK 3.1 kB URL HTTP/1.1 192.99.211.122/js/lazysizes.min.js
IP
File type ASCII text, with very long lines (6723), with no line terminators
Hash 8d2e27359a6b221112feef020e0d3796
c539234348b0a9dc3ff0526ce0c3537116dc6b60
9b90fac2d3f502df33c2d204c95a31df51e51acbad84176fb638947d71ca93fd
Analyzer Verdict Alert quad9 Sinkholed
GET /js/lazysizes.min.js HTTP/1.1
Host: 192.99.211.122
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://192.99.211.122/male-vibrator-bondage-hentai.html
HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 22:21:35 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Sat, 19 Jan 2019 16:57:28 GMT
ETag: "6f9828d-1a43-57fd285c9ae00-gzip"
Accept-Ranges: bytes
Cache-Control: max-age=2592000, private
Expires: Wed, 08 Mar 2023 22:21:35 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 3131
Keep-Alive: timeout=2, max=1000
Content-Type: application/javascript
192.99.211.122/css/screen.css
200 OK 3.2 kB URL HTTP/1.1 192.99.211.122/css/screen.css
IP
Hash 62f8fdff92ae4e89093f306bcbd4db7f
6d74c78553a955fc12223004497c1fdf87adc5c0
996f4d86cfb64084d8d8caac1d9e100e369852ecdc8f6c8facd0c1071c4822b8
Analyzer Verdict Alert quad9 Sinkholed
GET /css/screen.css HTTP/1.1
Host: 192.99.211.122
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://192.99.211.122/male-vibrator-bondage-hentai.html
HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 22:21:35 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Sun, 14 Nov 2021 15:10:45 GMT
ETag: "655d6914-317c-5d0c118afe740-gzip"
Accept-Ranges: bytes
Cache-Control: max-age=2592000, public
Expires: Wed, 08 Mar 2023 22:21:35 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 3174
Keep-Alive: timeout=2, max=1000
Content-Type: text/css
192.99.211.122/bondagesex-xxx/ph/l/921882_logo.png
200 OK 3.3 kB URL HTTP/1.1 192.99.211.122/bondagesex-xxx/ph/l/921882_logo.png
IP
File type PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced\012- data
Hash 96aa726508dbce3d2cae3966bfc4e0a3
a9f60fa938abc0d0c6a39e272a0d2580600d5b09
319e5b3d976dbc26c7ddab245f2168ae0ff273f714e4a438023cb9543ae7bfde
Analyzer Verdict Alert quad9 Sinkholed
GET /bondagesex-xxx/ph/l/921882_logo.png HTTP/1.1
Host: 192.99.211.122
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://192.99.211.122/male-vibrator-bondage-hentai.html
HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 22:21:35 GMT
Server: Apache
Last-Modified: Thu, 19 Dec 2019 22:48:43 GMT
ETag: "1cd3f4c-cf8-59a165cf3e8c0"
Accept-Ranges: bytes
Content-Length: 3320
Cache-Control: max-age=31536000, public
Expires: Tue, 06 Feb 2024 22:21:35 GMT
Access-Control-Allow-Origin: *
Keep-Alive: timeout=2, max=999
Connection: Keep-Alive
Content-Type: image/png
192.99.211.122/bondagesex-xxx/img/bdsm/015.jpg
200 OK 14 kB URL HTTP/1.1 192.99.211.122/bondagesex-xxx/img/bdsm/015.jpg
IP
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=8, orientation=upper-left, xresolution=110, yresolution=118, resolutionunit=2, software=ACD Systems Digital Imaging, datetime=2011:02:22 19:28:32], baseline, precision 8, 300x250, components 3\012- data
Hash d3bbb13ba7d145e944eed34f9d981df9
647b944946565472da17f516417283eefbc0dc87
5c74e34a2b9dd1bc43ec0f56cf7e8668e71d7b8a6a2c385b9d10181dc577ce28
Analyzer Verdict Alert quad9 Sinkholed
GET /bondagesex-xxx/img/bdsm/015.jpg HTTP/1.1
Host: 192.99.211.122
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://192.99.211.122/male-vibrator-bondage-hentai.html
HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 22:21:35 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Tue, 22 Feb 2011 16:24:20 GMT
ETag: "21f6acde-3663-49ce169983500"
Accept-Ranges: bytes
Content-Length: 13923
Cache-Control: max-age=31536000, public
Expires: Tue, 06 Feb 2024 22:21:35 GMT
Access-Control-Allow-Origin: *
Keep-Alive: timeout=2, max=1000
Content-Type: image/jpeg
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Retry-After, Content-Length, Content-Type, ETag, Cache-Control, Alert, Pragma, Backoff, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 06 Feb 2023 21:51:19 GMT
age: 1817
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
192.99.211.122/css/roboto-v18-latin-regular.woff2
200 OK 15 kB URL HTTP/1.1 192.99.211.122/css/roboto-v18-latin-regular.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Hash 5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
Analyzer Verdict Alert quad9 Sinkholed
GET /css/roboto-v18-latin-regular.woff2 HTTP/1.1
Host: 192.99.211.122
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://192.99.211.122/css/screen.css
HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 22:21:35 GMT
Server: Apache
Last-Modified: Sat, 19 Jan 2019 13:44:52 GMT
ETag: "655d6913-3bf0-57fcfd4ff1d00"
Accept-Ranges: bytes
Content-Length: 15344
Cache-Control: max-age=2592000
Expires: Wed, 08 Mar 2023 22:21:35 GMT
Access-Control-Allow-Origin: *
Keep-Alive: timeout=2, max=999
Connection: Keep-Alive
Content-Type: font/woff2
i2.wp.com/gelbooru.com/images/bd/75/bd75dcd07b9f7a2e607425db9b3272cd.jpeg
403 Forbidden 146 B URL HTTP/2 i2.wp.com/gelbooru.com/images/bd/75/bd75dcd07b9f7a2e607425db9b3272cd.jpeg
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 9fe3cb2b7313dc79bb477bc8fde184a7
4d7b3cb41e90618358d0ee066c45c76227a13747
32f2fa940d4b4fe19aca1e53a24e5aac29c57b7c5ee78588325b87f1b649c864
GET /gelbooru.com/images/bd/75/bd75dcd07b9f7a2e607425db9b3272cd.jpeg HTTP/1.1
Host: i2.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://192.99.211.122/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 403 Forbidden
server: nginx
date: Mon, 06 Feb 2023 22:21:36 GMT
content-type: text/html
content-length: 146
x-nc: MISS arn 6
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 9b88bae61bca33aba8aa99f6128db8d9
a07b61fb2458917699613fcae68710941b595416
54915c2f79822732e06a592d027da421ad1e7a6458c545f98333db25612b3dea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "54915C2F79822732E06A592D027DA421AD1E7A6458C545F98333DB25612B3DEA"
Last-Modified: Mon, 06 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2909
Expires: Mon, 06 Feb 2023 23:10:05 GMT
Date: Mon, 06 Feb 2023 22:21:36 GMT
Connection: keep-alive
ocsp.digicert.com/
200 OK 279 B IP
Hash 56220d689564caec640fb67c7c0e9045
8c19e6ee2c93751ec05b0f8360f17752360f5dab
0bedaa8981e8a2c99d4f22a70999aeee2f433c1ae65e92d4a33ee298a3aecaa0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3132
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 22:21:36 GMT
Last-Modified: Mon, 06 Feb 2023 21:29:24 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
200 OK 279 B IP
Hash 56220d689564caec640fb67c7c0e9045
8c19e6ee2c93751ec05b0f8360f17752360f5dab
0bedaa8981e8a2c99d4f22a70999aeee2f433c1ae65e92d4a33ee298a3aecaa0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5700
Cache-Control: max-age=166805
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 22:21:36 GMT
Etag: "63e14fc1-117"
Expires: Wed, 08 Feb 2023 20:41:41 GMT
Last-Modified: Mon, 06 Feb 2023 19:06:41 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
200 OK 279 B IP
Hash 56220d689564caec640fb67c7c0e9045
8c19e6ee2c93751ec05b0f8360f17752360f5dab
0bedaa8981e8a2c99d4f22a70999aeee2f433c1ae65e92d4a33ee298a3aecaa0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3132
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 22:21:36 GMT
Last-Modified: Mon, 06 Feb 2023 21:29:24 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
200 OK 279 B IP
Hash 6ebce377762568ed69ed510b8a29850f
a2e3fe5e458d8cf8f7cceead4feb03af2f585218
204b072b841325a2e46162e4fc23be1dcee763eb1d94303bc6028b8344ea74a0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6568
Cache-Control: max-age=123739
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 22:21:36 GMT
Etag: "63e0a423-117"
Expires: Wed, 08 Feb 2023 08:43:55 GMT
Last-Modified: Mon, 06 Feb 2023 06:54:27 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
200 OK 279 B IP
Hash 6ebce377762568ed69ed510b8a29850f
a2e3fe5e458d8cf8f7cceead4feb03af2f585218
204b072b841325a2e46162e4fc23be1dcee763eb1d94303bc6028b8344ea74a0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4781
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 22:21:36 GMT
Last-Modified: Mon, 06 Feb 2023 21:01:55 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
200 OK 279 B IP
Hash 934571031f0ffff86df7b450d2cdfb85
afef21458abc9dabcf2786e15a2d18dd3a71955f
693753cef4c3b070b8c296e4655fb5833abd89e9175913ec3aae4dab2c12b597
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6592
Cache-Control: max-age=150046
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 22:21:36 GMT
Etag: "63e10ace-117"
Expires: Wed, 08 Feb 2023 16:02:22 GMT
Last-Modified: Mon, 06 Feb 2023 14:12:30 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 279
us.rule34.xxx//images/468/f8e281038721d793cad7f539f41720313d2a5a22.jpg
200 OK 165 kB URL HTTP/2 us.rule34.xxx//images/468/f8e281038721d793cad7f539f41720313d2a5a22.jpg
IP
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 964x1010, components 3\012- data
Size 165 kB (164651 bytes)
Hash e9c1ce61e20b03dfcd19d728cdde1e19
2cbb5fdbd67d18581b9b8ccdbf2a2d7204f630d9
a2a17d2b273fc903cc844fd36f207a061a0ff10480ed5e986dd6e24b06f36a50
GET //images/468/f8e281038721d793cad7f539f41720313d2a5a22.jpg HTTP/1.1
Host: us.rule34.xxx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://192.99.211.122/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 06 Feb 2023 22:21:36 GMT
content-type: image/jpeg
content-length: 164651
cache-control: max-age=315360000
cf-bgj: imgq:100,h2pri
cf-polished: origSize=168439
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Sun, 14 Nov 2010 16:05:43 GMT
cf-cache-status: HIT
age: 39501
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P67aTZxOxGua8NXbiA4%2B4LDNyhVa1EWaDeKVbnWYD7dt8Irw7dyRQpxzBn8Yse2ZoNF%2BnhwRvZfC0KuI4nFBJTH%2FZYnwUx4lENJmP%2B%2BuF6V7fGQeGy%2FO3EAfVUjyoqk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7957479e68b60b45-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 279 B IP
Hash 6ebce377762568ed69ed510b8a29850f
a2e3fe5e458d8cf8f7cceead4feb03af2f585218
204b072b841325a2e46162e4fc23be1dcee763eb1d94303bc6028b8344ea74a0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4781
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 22:21:36 GMT
Last-Modified: Mon, 06 Feb 2023 21:01:55 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
200 OK 279 B IP
Hash 934571031f0ffff86df7b450d2cdfb85
afef21458abc9dabcf2786e15a2d18dd3a71955f
693753cef4c3b070b8c296e4655fb5833abd89e9175913ec3aae4dab2c12b597
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6592
Cache-Control: max-age=150046
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 22:21:36 GMT
Etag: "63e10ace-117"
Expires: Wed, 08 Feb 2023 16:02:22 GMT
Last-Modified: Mon, 06 Feb 2023 14:12:30 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
200 OK 279 B IP
Hash 56220d689564caec640fb67c7c0e9045
8c19e6ee2c93751ec05b0f8360f17752360f5dab
0bedaa8981e8a2c99d4f22a70999aeee2f433c1ae65e92d4a33ee298a3aecaa0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6181
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 22:21:36 GMT
Last-Modified: Mon, 06 Feb 2023 20:38:35 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
200 OK 279 B IP
Hash 868fcb075b23aa6bf3788b18b316f777
4ad5e6b88dd126f15ae33af333fb5a871d06d56a
d7ea57213c932315e5ba182b7bfb82f460569ef73e5d7209585bb64a1346d3e2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 22:21:36 GMT
Server: ECS (amb/6BC1)
Content-Length: 279
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: +ez/glmPGlwrcyed945rKg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: P9Kd7xvid3jYc8qEoND0VMvHf/8=
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 1909584a5efadf15775dff418a7517ad
943f2a847338831948f6a1ad273bf709743a4c58
16e39712ae0a971fa05b73fd4b8ee43bb49f83b362c9fa1438462165369561f8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "16E39712AE0A971FA05B73FD4B8EE43BB49F83B362C9FA1438462165369561F8"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8533
Expires: Tue, 07 Feb 2023 00:43:49 GMT
Date: Mon, 06 Feb 2023 22:21:36 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 1909584a5efadf15775dff418a7517ad
943f2a847338831948f6a1ad273bf709743a4c58
16e39712ae0a971fa05b73fd4b8ee43bb49f83b362c9fa1438462165369561f8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "16E39712AE0A971FA05B73FD4B8EE43BB49F83B362C9FA1438462165369561F8"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8533
Expires: Tue, 07 Feb 2023 00:43:49 GMT
Date: Mon, 06 Feb 2023 22:21:36 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 7a4428825a7265b1067e92c01c32d0ab
be0d24688231d8a41f79f0765435d478c5de60b7
694aea17842c6fc5a3bf2ad97c6aed8b1697b25de3d8c066892d17b6cb814c1b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "694AEA17842C6FC5A3BF2AD97C6AED8B1697B25DE3D8C066892D17B6CB814C1B"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4947
Expires: Mon, 06 Feb 2023 23:44:03 GMT
Date: Mon, 06 Feb 2023 22:21:36 GMT
Connection: keep-alive
img1.gelbooru.com/images/e9/cc/e9cc3327ca7e136c5727f4069963fc0f.jpeg
302 Found 424 B URL HTTP/2 img1.gelbooru.com/images/e9/cc/e9cc3327ca7e136c5727f4069963fc0f.jpeg
IP
Hash fdbfc23e83d702902885ee0964bfaf4c
becc11700124ae99584403421bbdf13f106f6758
b7885eabb3ff0ff52b98bf84591da07e7f338ddd8bd9aba26e4dd3d4431820fd
GET /images/e9/cc/e9cc3327ca7e136c5727f4069963fc0f.jpeg HTTP/1.1
Host: img1.gelbooru.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://192.99.211.122/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Mon, 06 Feb 2023 22:21:36 GMT
content-type: text/html
location: https://gelbooru.com/hotlink.php?hash=/images/e9/cc/e9cc3327ca7e136c5727f4069963fc0f.jpeg
expires: Mon, 06 Feb 2023 22:21:35 GMT
cache-control: no-cache
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3YXVRoPGcJt7jyCfaACxNDMWfZ7s2ay2Crfhd4s7Hp5K0SkaI0Nb1mMQCKY%2F5LlVH%2Fmvgmmo%2FC7VgFxDPmVo4%2BgyWaBI5M8pHzb0FFfGLhYlxViMlGgxBxY5AkVnz78bZQ40Dg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7957479e6cd523ea-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
tbib.org//images/1416/41968e4d9dbcc39415712ca00dcf811444106acd.jpg
200 OK 151 kB URL HTTP/2 tbib.org//images/1416/41968e4d9dbcc39415712ca00dcf811444106acd.jpg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 667x750, components 3\012- data
Size 151 kB (150809 bytes)
Hash f49a2a15f830b7d1e9075027f6072b11
ce882355ee3fce9a9e4e03fb8b932e1c159d0e00
dfa14bcb5a66396558aafa0b956aecdf0a5c787f1f3d1d0a517159d58944f8f0
GET //images/1416/41968e4d9dbcc39415712ca00dcf811444106acd.jpg HTTP/1.1
Host: tbib.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://192.99.211.122/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 06 Feb 2023 22:21:36 GMT
content-type: image/jpeg
content-length: 150809
last-modified: Thu, 10 Feb 2011 12:04:42 GMT
etag: "4d53d45a-24d19"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PEp6whpmUg4fuIrFm7%2FbmV4AZQnhDDz%2BHbYXxhD6xFpguOXciVsullxcpBcNmcPVXlzcHKaRdCpzdqdsAl5x0QrEyLCyODSPQ4rTAS7Kr0uqE09mSoMnExpVSA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7957479fec1276fb-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xxgasm.com/wp-content/upload/2020/09/gay_male_bo-9132.jpg
403 Forbidden 203 B URL HTTP/1.1 xxgasm.com/wp-content/upload/2020/09/gay_male_bo-9132.jpg
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 9798e9c83c8f72269d36724e24a8ab9b
03cfac5813be1e19cd7294e8a5a2ec5bd2f2cee5
bb2964cc2c7ee1063ddb3c02eb3d2c72086386a1d0111a6eb9eb61ccda2945bc
GET /wp-content/upload/2020/09/gay_male_bo-9132.jpg HTTP/1.1
Host: xxgasm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://192.99.211.122/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 403 Forbidden
Server: nginx
Date: Mon, 06 Feb 2023 22:21:36 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"6053faff-10f"
Content-Encoding: gzip
rule34.xxx/hotlink.php?img=e723d55b36349dcae4da9cf09e9d46a7fc97830a.jpg
301 Moved Permanently 536 B URL HTTP/1.1 rule34.xxx/hotlink.php?img=e723d55b36349dcae4da9cf09e9d46a7fc97830a.jpg
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (380)
Hash 8e43012a39673793ec9de9277d53982c
378b3a9caa0252d29c5c2cc8e3c03bcc3db4fc5c
68a9c899385fdafacaa8c13911e691c1eb218f318fc1f8d4820ed8a14ce8fd85
NIDS Severity Alert suricata high ET POLICY request to .xxx TLD
GET /hotlink.php?img=e723d55b36349dcae4da9cf09e9d46a7fc97830a.jpg HTTP/1.1
Host: rule34.xxx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://192.99.211.122/
Connection: keep-alive
HTTP/1.1 301 Moved Permanently
Date: Mon, 06 Feb 2023 22:21:36 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://rule34.xxx/hotlink.php?img=e723d55b36349dcae4da9cf09e9d46a7fc97830a.jpg
CF-Cache-Status: DYNAMIC
Server-Timing: cf-q-config;dur=4.9999998736894e-06
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2dOX2NHCXLnxL54v7bDIOya4%2B0EJCK06g5SKiQzj8ZqIYyrnT64IfEOYAgKTHY%2FiyijSUKcBG23nXcp12I5NLKERfLOJpYVKmirCbqxiUbrcIRBHs8Wbcqv%2BKpo%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 795747a1abbab50b-OSL
alt-svc: h2=":443"; ma=60
img.rule34.xxx/images/630/d239cd6607e3cc3ece1fc25b69901688eef71fab.jpg
302 Found 512 B URL HTTP/1.1 img.rule34.xxx/images/630/d239cd6607e3cc3ece1fc25b69901688eef71fab.jpg
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (380)
Hash 9c8c72bf66577861857353317c2eea0d
c64cb009f6f5891878d6b39b9240ee6c4626678e
df2ef8b3b670c0d4648a778f0839f6ec8581795e586c93d6750b8ae4213e0159
NIDS Severity Alert suricata high ET POLICY request to .xxx TLD
GET /images/630/d239cd6607e3cc3ece1fc25b69901688eef71fab.jpg HTTP/1.1
Host: img.rule34.xxx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://192.99.211.122/
HTTP/1.1 302 Found
Date: Mon, 06 Feb 2023 22:21:37 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://rule34.xxx/public/hotlink.php?img=d239cd6607e3cc3ece1fc25b69901688eef71fab.jpg
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: public, max-age=315360000
Pragma: public
CF-Cache-Status: MISS
Server-Timing: cf-q-config;dur=6.9999996412662e-06
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KV%2BVnajaqVPHYeZIWlTEKczjvs6K%2FpBsYG4zDS3HJZbBV1F8FilI%2FRWazOkJ8sTo66lPS6MaUZxgLWt0RceWROdxx4r3fxNQcv54i7L0pKFW2waDloITvG4%2Fb41K8YFW"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 795747a36c67b4e8-OSL
alt-svc: h2=":443"; ma=60
xxgasm.com/wp-content/upload/2019/12/anime_hentai_bondage-7354.jpg
403 Forbidden 203 B URL HTTP/1.1 xxgasm.com/wp-content/upload/2019/12/anime_hentai_bondage-7354.jpg
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 9798e9c83c8f72269d36724e24a8ab9b
03cfac5813be1e19cd7294e8a5a2ec5bd2f2cee5
bb2964cc2c7ee1063ddb3c02eb3d2c72086386a1d0111a6eb9eb61ccda2945bc
GET /wp-content/upload/2019/12/anime_hentai_bondage-7354.jpg HTTP/1.1
Host: xxgasm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://192.99.211.122/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 403 Forbidden
Server: nginx
Date: Mon, 06 Feb 2023 22:21:37 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"6053faff-10f"
Content-Encoding: gzip
rule34.xxx/index.php?page=post&s=view&id=2350093
301 Moved Permanently 536 B URL HTTP/1.1 rule34.xxx/index.php?page=post&s=view&id=2350093
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (380)
Hash bf904e0f8253d30c11a6ab1f286221ce
14c180d4a494739547f67f6a4b3501fac9c7864f
5c4f2ae0388baa050854a55235e8b30a15d4dd223850574f30041a013ede56f5
NIDS Severity Alert suricata high ET POLICY request to .xxx TLD
GET /index.php?page=post&s=view&id=2350093 HTTP/1.1
Host: rule34.xxx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://192.99.211.122/
Connection: keep-alive
HTTP/1.1 301 Moved Permanently
Date: Mon, 06 Feb 2023 22:21:37 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://rule34.xxx/index.php?page=post&s=view&id=2350093
CF-Cache-Status: DYNAMIC
Server-Timing: cf-q-config;dur=4.9999998736894e-06
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X7nPTxQqmRjndRJZrXnGFXsbGkBru%2Fq490XGO7VrOMbv4mLTos%2BIAY7aq87dqZbZBEMIuaGQzejLjDAXOjeaKT0bx1maRA42qAQWK%2F%2FrwR4uPQKfoEAnGo1BkTw%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 795747a3ae16b50b-OSL
alt-svc: h2=":443"; ma=60
gelbooru.com/index.php?page=post&s=view&id=1215702
200 OK 9.5 kB URL HTTP/2 gelbooru.com/index.php?page=post&s=view&id=1215702
IP
Hash 3c1cc9e5975ba5c571cc6c3951106666
6445ec78239eda0f605234f2e63d827746f517e6
d65530f1d84b93ca6a926ffad9b0532b3ff877acd56ecc85f41cd04396801a67
GET /index.php?page=post&s=view&id=1215702 HTTP/1.1
Host: gelbooru.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://192.99.211.122/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 06 Feb 2023 22:21:37 GMT
content-type: text/html; charset=UTF-8
set-cookie: PHPSESSID=d31710a85990ee2f445ba7a08d798042; path=/
content-encoding: gzip
X-Firefox-Spdy: h2
gelbooru.com/hotlink.php?hash=/images/0b/a1/0ba1ce3774c45e7ac53d1ee985b358b5.jpeg
302 Found 9.4 kB URL HTTP/2 gelbooru.com/hotlink.php?hash=/images/0b/a1/0ba1ce3774c45e7ac53d1ee985b358b5.jpeg
IP
File type gzip compressed data, max speed, from Unix\012- data
Hash ddadf9cfb7108099c53d80763c2f6ad7
4411147341fb22abc79cc688191231cd76b5ff4b
c7d8726f1e058fb2d4aa175a2aa75e8be4dc3bd5fd5762d2a435e3de2aa4f0e8
GET /hotlink.php?hash=/images/0b/a1/0ba1ce3774c45e7ac53d1ee985b358b5.jpeg HTTP/1.1
Host: gelbooru.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://192.99.211.122/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx/1.18.0
date: Mon, 06 Feb 2023 22:21:36 GMT
content-type: text/html; charset=UTF-8
location: index.php?page=post&s=view&id=914441
expires: Sun, 01 Jan 2014 00:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
X-Firefox-Spdy: h2
i0.wp.com/smutty.com/media_smutty/i/n/q/u/p/inquisitor-4iffu-c46c09.jpg
200 OK 80 kB URL HTTP/2 i0.wp.com/smutty.com/media_smutty/i/n/q/u/p/inquisitor-4iffu-c46c09.jpg
IP
Hash 93b5243ca3718a8c891273cfd728f7d5
69fe3fdc9c8ec8f34e13efccf3274411ba62095d
7da23ad60ac5c03f4a0d9daf09dab3bd7d009c6d6d7c1b38ab8c100030dafd12
GET /smutty.com/media_smutty/i/n/q/u/p/inquisitor-4iffu-c46c09.jpg HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://192.99.211.122/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 06 Feb 2023 22:21:37 GMT
content-type: image/webp
content-length: 66542
last-modified: Thu, 29 Dec 2022 23:54:09 GMT
expires: Sun, 29 Dec 2024 11:54:09 GMT
cache-control: public, max-age=63115200
link: <http://smutty.com/media_smutty/i/n/q/u/p/inquisitor-4iffu-c46c09.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "bdc8729405d7d501"
vary: Accept
x-nc: HIT arn 8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2
gelbooru.com/hotlink.php?hash=/images/bd/79/bd791f143156d4dfc18589daa411cbc9.jpeg
302 Found 10 kB URL HTTP/2 gelbooru.com/hotlink.php?hash=/images/bd/79/bd791f143156d4dfc18589daa411cbc9.jpeg
IP
File type gzip compressed data, max speed, from Unix\012- data
Hash d32512c4f2c7db0cb36d77e178774b28
2d00734edca300d14fb2d534dded9c0afbfeb12b
d2e0bcfdb2e0046919325faed8807592df93802af50fa373979aeee6422d5526
GET /hotlink.php?hash=/images/bd/79/bd791f143156d4dfc18589daa411cbc9.jpeg HTTP/1.1
Host: gelbooru.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://192.99.211.122/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx/1.18.0
date: Mon, 06 Feb 2023 22:21:36 GMT
content-type: text/html; charset=UTF-8
location: index.php?page=post&s=view&id=1420827
expires: Sun, 01 Jan 2014 00:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
X-Firefox-Spdy: h2
cumception.com/wp-content/upload/2019/11/yaoi_bondage_vi-2105.jpg
403 Forbidden 284 kB URL HTTP/2 cumception.com/wp-content/upload/2019/11/yaoi_bondage_vi-2105.jpg
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (501)
Size 284 kB (283534 bytes)
Hash 61d979c6f9968077dda25d324d397847
e08ecc9a0c62af598440b977adf53e3a289771db
3071278c0f9d21ebc6b0026f5d233e34b5a2a4ae49d5fde1703f1e0e7f9d061b
GET /wp-content/upload/2019/11/yaoi_bondage_vi-2105.jpg HTTP/1.1
Host: cumception.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://192.99.211.122/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 403 Forbidden
date: Mon, 06 Feb 2023 22:21:36 GMT
content-type: text/html; charset=UTF-8
vary: Referer, Accept-Encoding
x-frame-options: SAMEORIGIN
referrer-policy: same-origin
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eLz7Nto%2FOpEhTKRsv5OqtddUmvUUCRosG06OZfw1u0WCe4trVH5Dz7N3SSmZWXV%2FAAJ8gIHgA%2FpJejvoFJA959hiIZbqXHGMK%2BcI4dYiccTckvjeBw42z5LJ%2B3WvGCAwPA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7957479e7badb527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash f529a4316cef1af498adfa92b659853b
439acffe1b2a73a328348a356180adba02992d4b
6b27806b4f0552685fa67d804710c8070ee56e22cba1a06f52eb331f2d07c6ed
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6B27806B4F0552685FA67D804710C8070EE56E22CBA1A06F52EB331F2D07C6ED"
Last-Modified: Sun, 05 Feb 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3374
Expires: Mon, 06 Feb 2023 23:17:51 GMT
Date: Mon, 06 Feb 2023 22:21:37 GMT
Connection: keep-alive
img.tnaflix.com/a7:4q60w720r/thumbs/8e/6_998979l.jpg
200 OK 22 kB URL HTTP/2 img.tnaflix.com/a7:4q60w720r/thumbs/8e/6_998979l.jpg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=5, orientation=upper-left, xresolution=74, yresolution=82, resolutionunit=2], progressive, precision 8, 720x411, components 3\012- data
Hash b6962270df48c2c5bb042290f6041595
8a54a812a61b5765b5653dd74f611fb400b7b827
0a8aca4ba737d11b8bbccdf188ee3d39ab309287e7db211ba40dd8aaa0b87e8b
GET /a7:4q60w720r/thumbs/8e/6_998979l.jpg HTTP/1.1
Host: img.tnaflix.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://192.99.211.122/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 06 Feb 2023 22:21:37 GMT
content-length: 22188
content-type: image/jpeg
accept-ranges: bytes
server: nginx/1.23.1
cache-control: max-age=315360000
x-hw: 1675722097.dop009.sk1.t,1675722097.cds013.sk1.hn,1675722097.cds261.sk1.c
access-control-allow-origin: *
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 280 B IP
Hash 0fc5aa58e351d248131d59d0a4d82790
13705f9b6527edfd9a46d700660435170d9f32b9
52342d0562d1229544c0a45d10c6d605d186e7e5c6cd77fdebf2ddf0cac5ac62
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 0
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 22:21:37 GMT
Etag: "63e0acc6-118"
Last-Modified: Mon, 06 Feb 2023 22:21:37 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 280
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 3b4ea902c3e097daaa31810cb66d585a
97dfbd81d31b43196d8a4bd2fa3ff8a5cc115049
0291ed72c3115d6b6cf8c001b13bbc4ad517d76242b6cbed9db5ee1162572d3f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0291ED72C3115D6B6CF8C001B13BBC4AD517D76242B6CBED9DB5EE1162572D3F"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7191
Expires: Tue, 07 Feb 2023 00:21:28 GMT
Date: Mon, 06 Feb 2023 22:21:37 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 3b4ea902c3e097daaa31810cb66d585a
97dfbd81d31b43196d8a4bd2fa3ff8a5cc115049
0291ed72c3115d6b6cf8c001b13bbc4ad517d76242b6cbed9db5ee1162572d3f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0291ED72C3115D6B6CF8C001B13BBC4AD517D76242B6CBED9DB5EE1162572D3F"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7191
Expires: Tue, 07 Feb 2023 00:21:28 GMT
Date: Mon, 06 Feb 2023 22:21:37 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 3b4ea902c3e097daaa31810cb66d585a
97dfbd81d31b43196d8a4bd2fa3ff8a5cc115049
0291ed72c3115d6b6cf8c001b13bbc4ad517d76242b6cbed9db5ee1162572d3f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0291ED72C3115D6B6CF8C001B13BBC4AD517D76242B6CBED9DB5EE1162572D3F"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7191
Expires: Tue, 07 Feb 2023 00:21:28 GMT
Date: Mon, 06 Feb 2023 22:21:37 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 3b4ea902c3e097daaa31810cb66d585a
97dfbd81d31b43196d8a4bd2fa3ff8a5cc115049
0291ed72c3115d6b6cf8c001b13bbc4ad517d76242b6cbed9db5ee1162572d3f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0291ED72C3115D6B6CF8C001B13BBC4AD517D76242B6CBED9DB5EE1162572D3F"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7191
Expires: Tue, 07 Feb 2023 00:21:28 GMT
Date: Mon, 06 Feb 2023 22:21:37 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5ba57757-8c86-4311-801e-5e416095984a.jpeg
200 OK 5.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5ba57757-8c86-4311-801e-5e416095984a.jpeg
IP
Hash da4a1da160b56c5d0aa748cde48b57c3
79ff8649fa165f11f523861763ff88769f65d879
2c331e7946c52ac85c157561f4909bf90bc8ddfd7e3d02959785a79abe4d2178
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5ba57757-8c86-4311-801e-5e416095984a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4442
x-amzn-requestid: 1bb3d1b3-ff58-4b0d-9a2b-c25797530c5d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4oiQG1JoAMFRtg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e02141-1bb478453ececa9613e7e4a2;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:36:01 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: a6qwcT9sfonMVlyq2ZX6CSXWeW2upfeAWqqNEgVI2sqq7280sCfolw==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 3cd7af07832481c336aa1c93c9b4a6fe.cloudfront.net (CloudFront), 1.1 google
date: Mon, 06 Feb 2023 21:50:14 GMT
age: 1883
etag: "f2106be148fea23bf961fcdb69ea4cb127aa5f3e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
rule34.xxx/hotlink.php?img=a389d4c645926634427a6cef5733514daa043c5f.jpg
301 Moved Permanently 536 B URL HTTP/1.1 rule34.xxx/hotlink.php?img=a389d4c645926634427a6cef5733514daa043c5f.jpg
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (380)
Hash 93c290a551b92e72825c05765bdb3b1a
553ce7e663db0fcca0781db489e84d4e2578f3e1
0c2c1641a47dbde59f057985059927dfd93edeeb9d357e96b228413ebbd51ff6
NIDS Severity Alert suricata high ET POLICY request to .xxx TLD
GET /hotlink.php?img=a389d4c645926634427a6cef5733514daa043c5f.jpg HTTP/1.1
Host: rule34.xxx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://192.99.211.122/
Connection: keep-alive
HTTP/1.1 301 Moved Permanently
Date: Mon, 06 Feb 2023 22:21:37 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://rule34.xxx/hotlink.php?img=a389d4c645926634427a6cef5733514daa043c5f.jpg
CF-Cache-Status: DYNAMIC
Server-Timing: cf-q-config;dur=7.0000005507609e-06
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LPbDWerw8c8QSDqjnCe5Q4K43fCKj9wJw%2BYEHRm0MFxrf2TlkK5LCSyxFkpXHYUhU3f3dF5T0abW0BhdtC8mjYOKHDv72L3tPmdSwEqZRFLCIi8Z9A4UMkWYKoc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 795747a6cefdb4fa-OSL
alt-svc: h2=":443"; ma=60
us.rule34.xxx//samples/2166/sample_e723d55b36349dcae4da9cf09e9d46a7fc97830a.jpg
302 Found 9.7 kB URL HTTP/2 us.rule34.xxx//samples/2166/sample_e723d55b36349dcae4da9cf09e9d46a7fc97830a.jpg
IP
Hash 28c96cdfbaa601d473a9405c07064891
fe6648fc2a176d39cd47ff8d5e46a8afcca2b645
bc32432f2b92b817262b4a2c48df7dde275a28328450fcee1eefefe0e9790edf
GET //samples/2166/sample_e723d55b36349dcae4da9cf09e9d46a7fc97830a.jpg HTTP/1.1
Host: us.rule34.xxx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://192.99.211.122/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Mon, 06 Feb 2023 22:21:36 GMT
content-type: text/html
location: http://rule34.xxx/hotlink.php?img=e723d55b36349dcae4da9cf09e9d46a7fc97830a.jpg
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ea1vBOVLDxus3Hh66TQcKYZUXcYXXLSHyTE2Y1QHsG5N4KITMDTrNxZo3lvYs5oRz6HzSVxE0ReqSLGu3rQGINeOf19Zs0%2FevjqmeKi%2FzSW1n4gHdb8ofnbOGUf71mA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7957479e78bb0b45-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd3694634-2f5a-47ff-b75c-9cb394881acc.jpeg
200 OK 9.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd3694634-2f5a-47ff-b75c-9cb394881acc.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ccc8078cc937b7de0b299bcee1496f1b
395f04af71767acc9516387c8b07bde08968fdfe
cf959fc4a72d80dcab20c235bec6d21eadaab87efa7a8969744cd228628ba050
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd3694634-2f5a-47ff-b75c-9cb394881acc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9808
x-amzn-requestid: 75cc8041-19f5-4994-96b6-b14d3c90ec6e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4oiSFZAIAMF65g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e02141-355d272c345c8c37595b4bb2;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:36:01 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: bKYMmv-CTu5g0q9cDF0dV8USpQzNB7hfSUzT7ehM9z--o8QMqzjV6w==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Mon, 06 Feb 2023 22:10:59 GMT
age: 638
etag: "395f04af71767acc9516387c8b07bde08968fdfe"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b3e78aa-f2de-4a48-82bf-952d0a22f875.jpeg
200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b3e78aa-f2de-4a48-82bf-952d0a22f875.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f0f48a44e1aece8d271028a7b0684cac
9f7247a3bb9248cd281c568ebba6e52b38b00149
0a34b5dc66f170403e79b2315a7cacef1703ce3777a20914525f86d46c0cd637
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b3e78aa-f2de-4a48-82bf-952d0a22f875.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11481
x-amzn-requestid: b50de2d1-c23b-4908-8fc3-e84eea0382a4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4oiRFL-oAMFnSw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e02141-0254cda141886e0f39e8f8b3;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:36:01 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: MMng1v3N8xzpjYVfdSDS7QfZX6DmvbEt1pWXM5GXicjxt8lZwItNoA==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Mon, 06 Feb 2023 21:55:53 GMT
age: 1544
etag: "9f7247a3bb9248cd281c568ebba6e52b38b00149"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ad60ff0-69ec-4be2-9334-41be71ca4b7f.jpeg
200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ad60ff0-69ec-4be2-9334-41be71ca4b7f.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1a4eed23b240d04a3cd6b085cfa93375
f29b9dc3f6bbd2ba76a5a4570ce044d5f240fd00
93e8371f80c12d3753842e36001dbb8d3dc2223b10a594639752cd816c492d4e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ad60ff0-69ec-4be2-9334-41be71ca4b7f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10905
x-amzn-requestid: 093778fc-231c-452f-a6fc-15f4eb41ade0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fmNJCEDzIAMFmxA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d8c239-7f56d6e56392f373541db219;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 07:24:41 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: gcy4nCriTOJhhTqFJBuks649uy0s4r3TVV3-yAcUhImLwqKpn1d2_w==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Mon, 06 Feb 2023 14:03:29 GMT
age: 29888
etag: "f29b9dc3f6bbd2ba76a5a4570ce044d5f240fd00"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F731dc7de-ce12-4639-9ceb-3218584c3d56.jpeg
200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F731dc7de-ce12-4639-9ceb-3218584c3d56.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9046d887fd45a0940e31a74173d17798
1ff698b9cf660165e846dfc4770f29852aedce45
0c7b0e1250aa7718b7b35b80a1442f62e94ace1fb578fb781ec8204ee96386d0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F731dc7de-ce12-4639-9ceb-3218584c3d56.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10514
x-amzn-requestid: ac2a383b-833d-4dae-9bd9-43dc3d9e373d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4oiPEIyoAMFqUw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e02141-436bb6816b269ce45b9f8600;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:36:01 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: s4aaciuNuISH_IBccafT_H4hK8g0BRI7KaA1ZKSTIZCKAb3PcvGZTw==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Mon, 06 Feb 2023 21:50:12 GMT
age: 1885
etag: "1ff698b9cf660165e846dfc4770f29852aedce45"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
rule34.xxx/hotlink.php?img=7f0e35fd8dcd089dc345d02ead6c0aba.jpg
301 Moved Permanently 536 B URL HTTP/1.1 rule34.xxx/hotlink.php?img=7f0e35fd8dcd089dc345d02ead6c0aba.jpg
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (380)
Hash b5a70a36065a2769a7f561fb048f6ee0
1638c7335124870ab700bd552f4af7a8a43ce70f
307ff3040682e2bccbcc17a2cfedc5eaf6f108ca540cdd9e8fdc52110fd99f0f
NIDS Severity Alert suricata high ET POLICY request to .xxx TLD
GET /hotlink.php?img=7f0e35fd8dcd089dc345d02ead6c0aba.jpg HTTP/1.1
Host: rule34.xxx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://192.99.211.122/
Connection: keep-alive
HTTP/1.1 301 Moved Permanently
Date: Mon, 06 Feb 2023 22:21:37 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://rule34.xxx/hotlink.php?img=7f0e35fd8dcd089dc345d02ead6c0aba.jpg
CF-Cache-Status: DYNAMIC
Server-Timing: cf-q-config;dur=7.0000005507609e-06
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6wT4H8%2B9I3kPXJ2xRcVJV%2FbACmz13cUGkgYv4baCO6imv9qf0zcJ0tc4C9VpWtj9Qwm1Mg1FPnmBDp8C8qCtMvgUZjSMndgwbV4Hk6xRyDrnAnDXi%2FCgdsDhthc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 795747a6e9deb50b-OSL
alt-svc: h2=":443"; ma=60
ocsp.digicert.com/
200 OK 279 B IP
Hash 774199cb263a69cee73436615ce635da
a79813a82ee1e67eafd6bc313fd555e5dadd0e55
895518db9334b5266c9275ab7d35bb841893544e0a47996ddd7889a6830d2d8f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2990
Cache-Control: max-age=134556
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 22:21:37 GMT
Etag: "63e0dc5f-117"
Expires: Wed, 08 Feb 2023 11:44:13 GMT
Last-Modified: Mon, 06 Feb 2023 10:54:23 GMT
Server: ECS (amb/6BB5)
X-Cache: HIT
Content-Length: 279
sexdicted.com/wp-content/uploads/2019/11/yaoi_bondage_vibr-5004.jpg
200 OK 84 kB URL HTTP/2 sexdicted.com/wp-content/uploads/2019/11/yaoi_bondage_vibr-5004.jpg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 80", baseline, precision 8, 500x700, components 3\012- data
Hash 8a372d3c5871f648e381ad73851ec35d
bb126b468e9a3d169232f2ee1753e3d38e2aee00
8303e01c8e72308828620e279d3327eb07845c1d0ccdaa54c3b4880542503199
GET /wp-content/uploads/2019/11/yaoi_bondage_vibr-5004.jpg HTTP/1.1
Host: sexdicted.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://192.99.211.122/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 06 Feb 2023 22:21:37 GMT
content-type: image/jpeg
content-length: 83458
last-modified: Wed, 13 Nov 2019 16:21:59 GMT
etag: "5dcc2da7-14602"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 160593
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EYvlBCWek6ZfTICX8vM%2BAgw7ycw4jtZHTHUqRQXKBHI3QpzvvGrLTcf5ow%2FwmSCvTfdkAuBe7vA7ZiNL7h836LcKbqkL02XnDMoEISVfiovq8bbSAyy19q2oTx0P1gu3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 795747a78bc1b524-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 279 B IP
Hash 774199cb263a69cee73436615ce635da
a79813a82ee1e67eafd6bc313fd555e5dadd0e55
895518db9334b5266c9275ab7d35bb841893544e0a47996ddd7889a6830d2d8f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2990
Cache-Control: max-age=134556
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 22:21:37 GMT
Etag: "63e0dc5f-117"
Expires: Wed, 08 Feb 2023 11:44:13 GMT
Last-Modified: Mon, 06 Feb 2023 10:54:23 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 279
rule34.xxx/index.php?page=post&s=view&id=4625081
301 Moved Permanently 536 B URL HTTP/1.1 rule34.xxx/index.php?page=post&s=view&id=4625081
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (380)
Hash e51e0dc99144fbc5a0e6a8dc026f219e
db07cfce63c54cd51bb1e22bd5c4322d43a23cbe
9df3a82a852d1ee9c8d45f9f527e389db56bc4564d857ab4a25ec0c651fa2e16
NIDS Severity Alert suricata high ET POLICY request to .xxx TLD
GET /index.php?page=post&s=view&id=4625081 HTTP/1.1
Host: rule34.xxx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://192.99.211.122/
Connection: keep-alive
HTTP/1.1 301 Moved Permanently
Date: Mon, 06 Feb 2023 22:21:37 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://rule34.xxx/index.php?page=post&s=view&id=4625081
CF-Cache-Status: DYNAMIC
Server-Timing: cf-q-config;dur=4.9999998736894e-06
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vQdemxyI23Pv6I0nwBNh2yiX2dov5SDYNtdq60GCSJLdW4eH496Bj8ED1VpQSkhH1NpEM4rO15frV1vaQqFzrpUU%2FiU%2FYAjHSnhSi2%2BdmeN%2BriVh80GjkGNT3KU%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 795747a7bab1b50b-OSL
alt-svc: h2=":443"; ma=60
rule34.xxx/index.php?page=post&s=view&id=1058313
301 Moved Permanently 536 B URL HTTP/1.1 rule34.xxx/index.php?page=post&s=view&id=1058313
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (380)
Hash 1e3b20995b9c8339042560524a77f6d6
80ba6102f8d0c7dbb087e483eb05a9bd7d8fbd48
7ce200658c5fdfe83f1b030d7a0f457a00575d6eacc6cf2692542a83f1ba6e14
NIDS Severity Alert suricata high ET POLICY request to .xxx TLD
GET /index.php?page=post&s=view&id=1058313 HTTP/1.1
Host: rule34.xxx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://192.99.211.122/
Connection: keep-alive
HTTP/1.1 301 Moved Permanently
Date: Mon, 06 Feb 2023 22:21:37 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://rule34.xxx/index.php?page=post&s=view&id=1058313
CF-Cache-Status: DYNAMIC
Server-Timing: cf-q-config;dur=6.9999996412662e-06
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m5N7bjWMgAgh%2FdkSffDdjVw%2BsgGlRQ44%2Fey7UNbmkpTslxCB3gF%2F95mp%2Bz7GcNVRHxKRTHJaSAV6XMU%2Bi7eiaxzJMC2%2ByiRXSBorTS24bRWY2Z0WBim0WhGZAB0%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 795747a7b86bb4fa-OSL
alt-svc: h2=":443"; ma=60
i0.wp.com/xxgasm.com/wp-content/uploads/2017/08/hentai_vibra-5073.jpg
200 OK 55 kB URL HTTP/2 i0.wp.com/xxgasm.com/wp-content/uploads/2017/08/hentai_vibra-5073.jpg
IP
Hash 1b220478f9654956abb4a909abc22787
c770d9cf903de2b93e8bf453d3d5a310ca6dcfd3
3f104b50b7e89ed403864e9f3372e4c912c7704a7cc4c2235d6b977464a2b6cf
GET /xxgasm.com/wp-content/uploads/2017/08/hentai_vibra-5073.jpg HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://192.99.211.122/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 06 Feb 2023 22:21:38 GMT
content-type: image/webp
content-length: 55274
last-modified: Sat, 04 Feb 2023 15:04:37 GMT
expires: Tue, 04 Feb 2025 03:04:37 GMT
cache-control: public, max-age=63115200
link: <http://xxgasm.com/wp-content/uploads/2017/08/hentai_vibra-5073.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "e99a0442af45a9dc"
vary: Accept
x-nc: HIT arn 2
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2
rule34.xxx/hotlink.php?img=457c93cbfe82db784f6a7062438559cf.jpeg
301 Moved Permanently 1.0 kB URL HTTP/1.1 rule34.xxx/hotlink.php?img=457c93cbfe82db784f6a7062438559cf.jpeg
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (380)
Hash a34ef449b1f32563741fd667797714ab
207e846841158fc3a5f9c569d45e2367fdde8418
b685fa0082a3d484dcfa632b324d3af8c01336c83145a0a2ae3040b48847f372
NIDS Severity Alert suricata high ET POLICY request to .xxx TLD
GET /hotlink.php?img=457c93cbfe82db784f6a7062438559cf.jpeg HTTP/1.1
Host: rule34.xxx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://192.99.211.122/
Connection: keep-alive
HTTP/1.1 301 Moved Permanently
Date: Mon, 06 Feb 2023 22:21:38 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://rule34.xxx/hotlink.php?img=457c93cbfe82db784f6a7062438559cf.jpeg
CF-Cache-Status: DYNAMIC
Server-Timing: cf-q-config;dur=3.9999995351536e-06
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1WDW2lK1gSOJvw%2BEev48GZk94klkEgQRJQI7QvSxvU6p5OwFbaB0rs4syjn6ntzbwNJkvb8zp9%2Bfww3h6BwHmEy5%2FxusW8%2BQMP9hyMVRrLyzUsNiuqQfNFMizjU%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 795747aa4dbeb50b-OSL
alt-svc: h2=":443"; ma=60
onepiecehentai.org/toon_pics/picture_579.jpg
200 OK 181 kB URL HTTP/1.1 onepiecehentai.org/toon_pics/picture_579.jpg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 90x90, segment length 16, baseline, precision 8, 536x750, components 3\012- data
Size 181 kB (181149 bytes)
Hash 85dee5a92c07cbaae637a2a739cd96ef
8009c98ea393d520406bf77891bb27da73e8b416
d892633d5d37621a12b4b22bb39cf4a90003aa96c677d424a10cc76f941c114c
GET /toon_pics/picture_579.jpg HTTP/1.1
Host: onepiecehentai.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://192.99.211.122/
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Mon, 06 Feb 2023 22:21:37 GMT
Content-Type: image/jpeg
Content-Length: 181149
Last-Modified: Tue, 02 Oct 2018 10:01:13 GMT
Connection: keep-alive
Keep-Alive: timeout=30
ETag: "5bb341e9-2c39d"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Request-ID: 2124be9621fdf7db25d39c3082717a13
Accept-Ranges: bytes
ocsp.digicert.com/
200 OK 279 B IP
Hash 391956f3cc0c44496063f5d5c0963603
870f0234298e723c29597773388d5c53e8850d51
b4ad8a4a316ac2ab2a74285efff57b3333f93f3d6d037d800cead53cc9c26b41
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2500
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 22:21:38 GMT
Etag: "63e0b970-117"
Last-Modified: Mon, 06 Feb 2023 21:39:59 GMT
Server: ECS (amb/6BAC)
X-Cache: HIT
Content-Length: 279
rule34.xxx/index.php?page=post&s=view&id=4057304
301 Moved Permanently 536 B URL HTTP/1.1 rule34.xxx/index.php?page=post&s=view&id=4057304
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (380)
Hash 63421e48515bc9a1bf173bd6dce1b3eb
2e037f1688539281805ad1ccd2d8ee289c632708
231781720bee843a9e7dea18b9824b8183eb46fcdcc10573772189ba9a14e6b5
NIDS Severity Alert suricata high ET POLICY request to .xxx TLD
GET /index.php?page=post&s=view&id=4057304 HTTP/1.1
Host: rule34.xxx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://192.99.211.122/
Connection: keep-alive
HTTP/1.1 301 Moved Permanently
Date: Mon, 06 Feb 2023 22:21:38 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://rule34.xxx/index.php?page=post&s=view&id=4057304
CF-Cache-Status: DYNAMIC
Server-Timing: cf-q-config;dur=4.9999998736894e-06
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LhxDPiph7W9qYWb%2FBCmmeMkdC8XuqT%2FnRtBR3ug3lPuD%2BQmpWiL03TnfiSwvdjbgshj41faElnatO8FCYQHfv8oPuYf959J5Fyd9Uc6CeQwE3C9BLknDy9bPKI8%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 795747ac5f07b4fa-OSL
alt-svc: h2=":443"; ma=60
freehentaipic.com/images/2022/08/20/hentai-vibrator-0.jpg
200 OK 95 kB URL HTTP/2 freehentaipic.com/images/2022/08/20/hentai-vibrator-0.jpg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 800x1130, components 3\012- data
Hash acbb17e3e65ed56fae63340bcc5e7b36
2dceb14505b80d2257c475c5459edd6d936d335f
c2cc37ded67779726913617ca05851f6522bf89532110edab174ab8cee9c96cc
GET /images/2022/08/20/hentai-vibrator-0.jpg HTTP/1.1
Host: freehentaipic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://192.99.211.122/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 06 Feb 2023 22:21:38 GMT
content-type: image/jpeg
content-length: 95120
last-modified: Thu, 20 Oct 2022 13:22:55 GMT
etag: "63514baf-17390"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OoSan9QRGoM%2B0CRWf7VYDXBKkNJeQpu%2BxGBjbLEJzQro0ys%2FbwV%2FmZtGO9ABknhUZ0%2F9GBTFc8d6LAaM086eMk%2FAXXUrHynki2vni5Dt3%2B1isk4GlS2Xc57yMECIAipxlZ1pog%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 795747ac8943b4e8-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 6.5 kB IP
Hash 1a09ac732965cbb2018f5a52c6e665f6
c84bebfca340c7ff1af1a7c762f1c000d582fca4
319dc336b70edb7061f5622d65a9fffb24b3854decb6c8279bf51c5b157db73b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2500
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 22:21:38 GMT
Last-Modified: Mon, 06 Feb 2023 21:39:59 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 279
gelbooru.com/index.php?page=post&s=view&id=920779
200 OK 31 kB URL HTTP/2 gelbooru.com/index.php?page=post&s=view&id=920779
IP
Hash 26b7d8b9600fa40e9482b05043547ff0
ec6d8decef3060c108b2917770794ccc6216f6d6
e3b56c9ce7d0aacd7a867f1d7d33eab5f1ae579e22cb9e572a553f2017101508
GET /index.php?page=post&s=view&id=920779 HTTP/1.1
Host: gelbooru.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://192.99.211.122/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 06 Feb 2023 22:21:38 GMT
content-type: text/html; charset=UTF-8
set-cookie: PHPSESSID=016d98f60f58555efdd056f4b39c5778; path=/
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 279 B IP
Hash 25435cb3e3f71201105f58337560c757
7e3a3f73c8fd1ecb359a3cb95948959ae3391cd6
db424a82b8b350f1044e61bbc17de12d40d538d1d833187a3dee3d788699e178
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6075
Cache-Control: max-age=168247
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 22:21:38 GMT
Etag: "63e153ee-117"
Expires: Wed, 08 Feb 2023 21:05:45 GMT
Last-Modified: Mon, 06 Feb 2023 19:24:30 GMT
Server: ECS (amb/6BB6)
X-Cache: HIT
Content-Length: 279
gelbooru.com/hotlink.php?hash=/images/09/3f/093f2c789b13224e91c53b2637ef3797.jpeg
302 Found 471 B URL HTTP/2 gelbooru.com/hotlink.php?hash=/images/09/3f/093f2c789b13224e91c53b2637ef3797.jpeg
IP
Hash 2b382c61375dfa017c27c019139eac3e
68ead0c2a540839aa8b034a2ae0cf50830075511
71c576d5e419bf047f79485bf8b01a1e49096639d6e6db71aa0e52960c2efbdf
GET /hotlink.php?hash=/images/09/3f/093f2c789b13224e91c53b2637ef3797.jpeg HTTP/1.1
Host: gelbooru.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://192.99.211.122/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx/1.18.0
date: Mon, 06 Feb 2023 22:21:38 GMT
content-type: text/html; charset=UTF-8
location: index.php?page=post&s=view&id=920779
expires: Sun, 01 Jan 2014 00:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
X-Firefox-Spdy: h2
xxxpic.xyz/wp-content/uploads/2018/08/Anime-Yuri-Hentai-Bondage-Vibrator.jpg
200 OK 33 kB URL HTTP/2 xxxpic.xyz/wp-content/uploads/2018/08/Anime-Yuri-Hentai-Bondage-Vibrator.jpg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 630x445, components 3\012- data
Hash e3d38f5f769fd928b0ff53de4d09140b
eced3034e93df7cbc9cf42e8ab9add52ecc240c5
a37a1a123d3ad5fbe52ca9da235437b622b045ac7d59285b73a3d97d65a84fd0
GET /wp-content/uploads/2018/08/Anime-Yuri-Hentai-Bondage-Vibrator.jpg HTTP/1.1
Host: xxxpic.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://192.99.211.122/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 06 Feb 2023 22:21:38 GMT
content-type: image/jpeg
content-length: 32667
cache-control: public, max-age=31557600
expires: Tue, 06 Feb 2024 22:36:05 GMT
last-modified: Fri, 10 Dec 2021 22:37:03 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 20733
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lI8ukwSxGLTCJd0DeDpJbqEXSsnlyXDl8%2BSCLBvNC%2BAHgHbt1vVnRXnVvKXlXIrRftag1ETNftk3KaJfnWbNodrlh0e1g4ELElhMc0WXolR%2Fq6uXewSzCwsXGXlK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 795747ae1cd3fabc-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/R_ujQYuLols
200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/R_ujQYuLols
IP
Hash 2b382c61375dfa017c27c019139eac3e
68ead0c2a540839aa8b034a2ae0cf50830075511
71c576d5e419bf047f79485bf8b01a1e49096639d6e6db71aa0e52960c2efbdf
POST /s/gts1p5/R_ujQYuLols HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 22:21:38 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
rule34.xxx/hotlink.php?img=09ac5e4880fd7791859a508efd7b8018ed9366bd.png
301 Moved Permanently 1.0 kB URL HTTP/1.1 rule34.xxx/hotlink.php?img=09ac5e4880fd7791859a508efd7b8018ed9366bd.png
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (380)
Hash 970b7d76061cdc2f4fbd2a647dc83dca
24a3a61f086d2eb7f22195224c4c6431cc155d8d
02dcbe07e8f4687cb3ea68c99a1e5e3dac5e0f035b3e9ae008b789e5ae3cdd21
NIDS Severity Alert suricata high ET POLICY request to .xxx TLD
GET /hotlink.php?img=09ac5e4880fd7791859a508efd7b8018ed9366bd.png HTTP/1.1
Host: rule34.xxx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://192.99.211.122/
Connection: keep-alive
HTTP/1.1 301 Moved Permanently
Date: Mon, 06 Feb 2023 22:21:38 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://rule34.xxx/hotlink.php?img=09ac5e4880fd7791859a508efd7b8018ed9366bd.png
CF-Cache-Status: DYNAMIC
Server-Timing: cf-q-config;dur=6.0000002122251e-06
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HsoeADqrgLjcCeWztySOAizzT67AoaALXiMOxMH6uGansu80GpojQPGUfCCZI3WAo2KqWryKq8RDn6dnQTRwgOnJIzZEiGPsJqNasfzRzHvhTBw4KNcDrb6vRUw%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 795747ae2a87b50b-OSL
alt-svc: h2=":443"; ma=60
192.99.211.122/favicon.ico
200 OK 2.9 kB URL HTTP/1.1 192.99.211.122/favicon.ico
IP
File type MS Windows icon resource - 3 icons, 48x48, 24 bits/pixel, 32x32, 8 bits/pixel\012- data
Hash bcb5c17e9607351284f9810b2a3bb1d8
b4be032caef3f369604042fde3df641f9d92a998
2bcb3f37252d1bd9a4f3e0416f0e5017e0334afb15afdd5eee6a18c3beefb53c
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: 192.99.211.122
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://192.99.211.122/male-vibrator-bondage-hentai.html
HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 22:21:38 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Sun, 11 Dec 2022 06:03:42 GMT
ETag: "8c980a0-2aee-5ef872613ab80-gzip"
Accept-Ranges: bytes
Cache-Control: max-age=2592000, public
Expires: Wed, 08 Mar 2023 22:21:38 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2911
Keep-Alive: timeout=2, max=1000
Content-Type: image/x-icon
gelbooru.com/hotlink.php?hash=/images/c9/45/c945af1aa7e175b70fb8695627f538ee.png
302 Found 17 kB URL HTTP/2 gelbooru.com/hotlink.php?hash=/images/c9/45/c945af1aa7e175b70fb8695627f538ee.png
IP
File type gzip compressed data, max speed, from Unix\012- data
Hash 380cca0a29e96ef288006ddc0d8dc40e
5fa74a040a008afa1c0d4a14865c1af0ea989afc
ae30bf6385f5d1e6ba57e276511d2156933dba9cd815966cb40555bd8a20c611
GET /hotlink.php?hash=/images/c9/45/c945af1aa7e175b70fb8695627f538ee.png HTTP/1.1
Host: gelbooru.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://192.99.211.122/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx/1.18.0
date: Mon, 06 Feb 2023 22:21:38 GMT
content-type: text/html; charset=UTF-8
location: index.php?page=post&s=view&id=578265
expires: Sun, 01 Jan 2014 00:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 279 B IP
Hash 41b801746055b86cdfc7ad8dbeed36be
ac03aafae2f06a24ce3ca3123c493f7942d78799
35868ca8ad74cb1e6693d05cd2867b207b701f2bf7872e85f392a6f3fd8d1fca
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1
Cache-Control: max-age=162899
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 22:21:39 GMT
Etag: "63e156c5-117"
Expires: Wed, 08 Feb 2023 19:36:38 GMT
Last-Modified: Mon, 06 Feb 2023 19:36:37 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 279
furry.booru.org//images/560/6c72e1c16069bcb1a3f5a1f709ac0ce2d2fa8bc5.jpg
403 Forbidden 4.9 kB URL HTTP/2 furry.booru.org//images/560/6c72e1c16069bcb1a3f5a1f709ac0ce2d2fa8bc5.jpg
IP
Hash 9c43a821c41808ef7a251aaeaf2ced8a
faf76d93435e616b33fa75b4a1e3e1de7d6de9c8
1154333a217895c58ff2dfbafb190b171e78533b7290e6f621bf1021b0bb02af
GET //images/560/6c72e1c16069bcb1a3f5a1f709ac0ce2d2fa8bc5.jpg HTTP/1.1
Host: furry.booru.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://192.99.211.122/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 403 Forbidden
date: Mon, 06 Feb 2023 22:21:38 GMT
content-type: text/html; charset=UTF-8
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jraIFp30CKGraydmqv9v9EBf5y0P2hxQBbSjaYWs%2BXHAdqlyR5cr%2FTGlVP6kM6V7cHmoadKiKkReirv8uc07bnUiQb2oHuMmFG0q39Po8WiZX1l2hWcDT8akdqAX%2B3my9LI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 795747ae0dbfd180-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
rule34.xxx/index.php?page=post&s=view&id=1243442
301 Moved Permanently 536 B URL HTTP/1.1 rule34.xxx/index.php?page=post&s=view&id=1243442
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (380)
Hash 6c4f4f4e262eb482bb7450aecdd44897
0a0c3c811bb365c100001404104c9c0fbaabe2c8
9cafeef7b392b4276b1b395cfb24ff384109cc6517dc92bd1f832e5dd95119df
NIDS Severity Alert suricata high ET POLICY request to .xxx TLD
GET /index.php?page=post&s=view&id=1243442 HTTP/1.1
Host: rule34.xxx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://192.99.211.122/
Connection: keep-alive
HTTP/1.1 301 Moved Permanently
Date: Mon, 06 Feb 2023 22:21:39 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://rule34.xxx/index.php?page=post&s=view&id=1243442
CF-Cache-Status: DYNAMIC
Server-Timing: cf-q-config;dur=5.9999993027304e-06
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vtOUFFHaIOprn6unej1kUHXNDIwwfMxlTZWPxJGM6R%2FhFzD9a39%2B%2FlhfUAMqLJ%2FLlwyTXZ8EK1wCpq%2B8EGfW7TpZ887pVSqpCHl%2BzDKFCqalPNJIu5mk4Qo9GOY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 795747b01bdcb4fa-OSL
alt-svc: h2=":443"; ma=60
xxgasm.com/wp-content/upload/2017/09/anime_girl_-6968.jpg
403 Forbidden 203 B URL HTTP/1.1 xxgasm.com/wp-content/upload/2017/09/anime_girl_-6968.jpg
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 9798e9c83c8f72269d36724e24a8ab9b
03cfac5813be1e19cd7294e8a5a2ec5bd2f2cee5
bb2964cc2c7ee1063ddb3c02eb3d2c72086386a1d0111a6eb9eb61ccda2945bc
GET /wp-content/upload/2017/09/anime_girl_-6968.jpg HTTP/1.1
Host: xxgasm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://192.99.211.122/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 403 Forbidden
Server: nginx
Date: Mon, 06 Feb 2023 22:21:39 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"6053faff-10f"
Content-Encoding: gzip
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 53f0f06515898c9e7687642225f12127
fc7b29bff0b2bc3abc8dedaaf34dcb6c7428e63a
0e09042ed21560e5b665c8744b6fd6c7ca773db2dcc66a3dfa22143a7219b1de
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E09042ED21560E5B665C8744B6FD6C7CA773DB2DCC66A3DFA22143A7219B1DE"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18592
Expires: Tue, 07 Feb 2023 03:31:31 GMT
Date: Mon, 06 Feb 2023 22:21:39 GMT
Connection: keep-alive
s.smutty.com/media_smutty_2/g/a/g/a/p/gaga577-8icei-c5d407.png
200 OK 706 kB URL HTTP/2 s.smutty.com/media_smutty_2/g/a/g/a/p/gaga577-8icei-c5d407.png
IP
File type PNG image data, 620 x 1098, 8-bit/color RGB, non-interlaced\012- data
Size 706 kB (706546 bytes)
Hash 8b1f218ced57a68f27ca08065b2d6735
654cb28fc0170340402e2067d0b76216c12288d4
798eaf729f6a639a80587ef31154944826359f32fcf0bcdc45f2d632dee6e88f
GET /media_smutty_2/g/a/g/a/p/gaga577-8icei-c5d407.png HTTP/1.1
Host: s.smutty.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://192.99.211.122/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 06 Feb 2023 22:21:39 GMT
content-type: image/png
content-length: 706546
last-modified: Thu, 02 Aug 2018 04:29:43 GMT
etag: "5b6288b7-ac7f2"
expires: Sun, 26 Jul 2020 01:27:57 GMT
cache-control: max-age=2419200
access-control-allow-origin: *
access-control-allow-methods: GET,HEAD,OPTIONS
accept-ranges: bytes
x-cdn-diag: ams5-7619-3-47557-h-0-0---;7846-30-18212----0-0-1
X-Firefox-Spdy: h2
cumception.com/wp-content/upload/2018/05/male_bondage_mil-2830.jpg
403 Forbidden 2.0 kB URL HTTP/1.1 cumception.com/wp-content/upload/2018/05/male_bondage_mil-2830.jpg
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (501)
Hash 5cf2ec018d75dbe41c407ea4636f12ae
f8bca41a0856178b87abfa8162326c5869227c37
eecf3bf6ca672ad0903637591b937e615ed69c2950eda50b6027cbe9a1b5b52c
GET /wp-content/upload/2018/05/male_bondage_mil-2830.jpg HTTP/1.1
Host: cumception.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://192.99.211.122/
HTTP/1.1 403 Forbidden
Date: Mon, 06 Feb 2023 22:21:39 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Referer, Accept-Encoding
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bpe5mVJVs5ZpqZyvq7x8WxIbK6QSnZ4e2gjU4APEfIktOpOe0mwqAhyzdEWqwDztNbf3A63PYJ2rDsEkRXhfFd5dZ4jq%2By2ZgUkOUGR4ISX3jYp60xCOu1SYgq7QYzSJHw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 795747b3bf3cfab4-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
rule34.xxx/hotlink.php?img=7f339408cd9ad6ff86743968c31845a0f815b092.png
301 Moved Permanently 1.1 kB URL HTTP/1.1 rule34.xxx/hotlink.php?img=7f339408cd9ad6ff86743968c31845a0f815b092.png
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (380)
Hash aa809293ec3d8b13bd09f6bf750035d5
4af9e01730f5433288210cad2cf019d6dc58f93f
880b615b5766bd839bea0cf6b6cac118c1e7eb04c3699d84c0813bcf612f8f3f
NIDS Severity Alert suricata high ET POLICY request to .xxx TLD
GET /hotlink.php?img=7f339408cd9ad6ff86743968c31845a0f815b092.png HTTP/1.1
Host: rule34.xxx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://192.99.211.122/
Connection: keep-alive
HTTP/1.1 301 Moved Permanently
Date: Mon, 06 Feb 2023 22:21:39 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://rule34.xxx/hotlink.php?img=7f339408cd9ad6ff86743968c31845a0f815b092.png
CF-Cache-Status: DYNAMIC
Server-Timing: cf-q-config;dur=7.0000005507609e-06
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BPrq7Vc8ALo1JtnJvx8hxpE%2FW276wlA3lTD%2BLcACqehCOJzgG%2BSLSkRXGs75iImw%2FjVWNMWxJxDesE7vLXlRitdlSx6uUlveLyHIgktHFRrYOzDE7jJNLu8lTXQ%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 795747b3f9c1b50b-OSL
alt-svc: h2=":443"; ma=60
rule34.xxx/index.php?page=post&s=view&id=1402325
301 Moved Permanently 536 B URL HTTP/1.1 rule34.xxx/index.php?page=post&s=view&id=1402325
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (380)
Hash 17205040aefea471344fccbda5896a26
3a0e77b101cb634de123152b414f4d464886be7c
3e3e999328055decea7c32d777e598dbb07095a724e431305c749f1713801552
NIDS Severity Alert suricata high ET POLICY request to .xxx TLD
GET /index.php?page=post&s=view&id=1402325 HTTP/1.1
Host: rule34.xxx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://192.99.211.122/
Connection: keep-alive
HTTP/1.1 301 Moved Permanently
Date: Mon, 06 Feb 2023 22:21:40 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://rule34.xxx/index.php?page=post&s=view&id=1402325
CF-Cache-Status: DYNAMIC
Server-Timing: cf-q-config;dur=6.0000002122251e-06
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UV5GA3kf7lbhphBfwrTT8KrruZ7z4dj6AY9odwadmYp97khyO2Dnd782h0rpXJ7Aygl3nidrRmoIgiq7O%2FAPE4EdtJoFLIAlEnUUrAsoJlotZzZL2pRHh4WOzz0%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 795747b4dac3b4fa-OSL
alt-svc: h2=":443"; ma=60
cdnp.kink.com/imagedb/103314/trailer/103314_trailer_high.mp4
206 Partial Content 0 B URL HTTP/2 cdnp.kink.com/imagedb/103314/trailer/103314_trailer_high.mp4
IP
GET /imagedb/103314/trailer/103314_trailer_high.mp4 HTTP/1.1
Host: cdnp.kink.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: http://192.99.211.122/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 206 Partial Content
date: Mon, 06 Feb 2023 22:21:35 GMT
etag: "1646339351"
cache-control: max-age=8368755
content-length: 70390182
content-range: bytes 0-70390181/70390182
content-type: video/mp4
last-modified: Thu, 03 Mar 2022 20:29:11 GMT
accept-ranges: bytes
access-control-allow-credentials: true
x-hw: 1675722095.dop229.sk1.t,1675722095.cds256.sk1.hn,1675722095.cds213.sk1.c
X-Firefox-Spdy: h2
192.99.211.122/bondagesex-xxx/img/bdsm/103828.mp4
206 Partial Content 0 B URL HTTP/1.1 192.99.211.122/bondagesex-xxx/img/bdsm/103828.mp4
IP
Analyzer Verdict Alert quad9 Sinkholed
GET /bondagesex-xxx/img/bdsm/103828.mp4 HTTP/1.1
Host: 192.99.211.122
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: http://192.99.211.122/male-vibrator-bondage-hentai.html
HTTP/1.1 206 Partial Content
Date: Mon, 06 Feb 2023 22:21:35 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Thu, 03 Nov 2022 17:13:57 GMT
ETag: "2029e0c3-7cb64-5ec94151b9f40"
Accept-Ranges: bytes
Content-Length: 510820
Cache-Control: max-age=31536000, public
Expires: Wed, 08 Mar 2023 22:21:35 GMT
Access-Control-Allow-Origin: *
Content-Range: bytes 0-510819/510820
Keep-Alive: timeout=2, max=1000
Content-Type: video/mp4
img3.gelbooru.com/images/19/a0/19a01713027a67a4f2cc0032a4536137.jpeg
302 Found 0 B URL HTTP/2 img3.gelbooru.com/images/19/a0/19a01713027a67a4f2cc0032a4536137.jpeg
IP
GET /images/19/a0/19a01713027a67a4f2cc0032a4536137.jpeg HTTP/1.1
Host: img3.gelbooru.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://192.99.211.122/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Mon, 06 Feb 2023 22:21:36 GMT
content-type: text/html
location: https://gelbooru.com/hotlink.php?hash=/images/19/a0/19a01713027a67a4f2cc0032a4536137.jpeg
expires: Mon, 06 Feb 2023 22:21:35 GMT
cache-control: no-cache
strict-transport-security: max-age=3600;
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rAJ5pEwcRnl07STWQRPmf0%2FhTloA6WzkFACHU%2B%2BIsuSP5DmIEz5qTZPfCuMErtDyqC%2F6QoDlI%2FpcdKMypKpJ5CTg5HvzYVxFlDrIaHLRXuRrdn3SUSvGB97yibf8a9K9H%2BAY5A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7957479e4c9823ea-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
gelbooru.com/hotlink.php?hash=/images/68/c2/68c2bfa244f185d2c54608b17c697052.jpeg
302 Found 0 B URL HTTP/2 gelbooru.com/hotlink.php?hash=/images/68/c2/68c2bfa244f185d2c54608b17c697052.jpeg
IP
GET /hotlink.php?hash=/images/68/c2/68c2bfa244f185d2c54608b17c697052.jpeg HTTP/1.1
Host: gelbooru.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://192.99.211.122/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx/1.18.0
date: Mon, 06 Feb 2023 22:21:36 GMT
content-type: text/html; charset=UTF-8
location: index.php?page=post&s=view&id=994210
expires: Sun, 01 Jan 2014 00:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
X-Firefox-Spdy: h2
gelbooru.com/index.php?page=post&s=view&id=1408651
200 OK 0 B URL HTTP/2 gelbooru.com/index.php?page=post&s=view&id=1408651
IP
GET /index.php?page=post&s=view&id=1408651 HTTP/1.1
Host: gelbooru.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://192.99.211.122/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 06 Feb 2023 22:21:37 GMT
content-type: text/html; charset=UTF-8
set-cookie: PHPSESSID=bb6fabaea16344815af9b0f2e7c65852; path=/
content-encoding: gzip
X-Firefox-Spdy: h2
xpicse.com/pics/2284/bdsm-hentai-anime-bondage-vibrators.jpg
403 Forbidden 0 B URL HTTP/2 xpicse.com/pics/2284/bdsm-hentai-anime-bondage-vibrators.jpg
IP
GET /pics/2284/bdsm-hentai-anime-bondage-vibrators.jpg HTTP/1.1
Host: xpicse.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://192.99.211.122/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 403 Forbidden
date: Mon, 06 Feb 2023 22:21:39 GMT
content-type: text/html; charset=UTF-8
vary: Referer, Accept-Encoding
x-frame-options: SAMEORIGIN
referrer-policy: same-origin
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bJDgVgTaLMI3W0aUj3ise%2FzOEIv0Kjd27BCL9fchUZD%2Bajfa2k9uNUqX9o468hjf%2BkbOl7KaGHXR7oIECl3WzwHNY5KKyNLFMa7xdrfT9QgtlRBxGOPmKeVgRe9z"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 795747af1e44b511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img3.gelbooru.com/images/bd/79/bd791f143156d4dfc18589daa411cbc9.jpeg
302 Found 0 B URL HTTP/2 img3.gelbooru.com/images/bd/79/bd791f143156d4dfc18589daa411cbc9.jpeg
IP
GET /images/bd/79/bd791f143156d4dfc18589daa411cbc9.jpeg HTTP/1.1
Host: img3.gelbooru.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://192.99.211.122/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Mon, 06 Feb 2023 22:21:36 GMT
content-type: text/html
location: https://gelbooru.com/hotlink.php?hash=/images/bd/79/bd791f143156d4dfc18589daa411cbc9.jpeg
expires: Mon, 06 Feb 2023 22:21:35 GMT
cache-control: no-cache
strict-transport-security: max-age=3600;
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IUTrw6OuHHLII1xq3qdiNrY%2FSNsSJah0rzd4tXWN9vEazewRjDB0s2fCqINKGFSTYI4a2cVGqzGNar3WVSYrXR1%2FDcYj3L2TtgQK10PGW3Gr3NiSad7lulIs4UXbO05AvQ1O6Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7957479e4c9323ea-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img3.gelbooru.com/images/0b/a1/0ba1ce3774c45e7ac53d1ee985b358b5.jpeg
302 Found 0 B URL HTTP/2 img3.gelbooru.com/images/0b/a1/0ba1ce3774c45e7ac53d1ee985b358b5.jpeg
IP
GET /images/0b/a1/0ba1ce3774c45e7ac53d1ee985b358b5.jpeg HTTP/1.1
Host: img3.gelbooru.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://192.99.211.122/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Mon, 06 Feb 2023 22:21:36 GMT
content-type: text/html
location: https://gelbooru.com/hotlink.php?hash=/images/0b/a1/0ba1ce3774c45e7ac53d1ee985b358b5.jpeg
expires: Mon, 06 Feb 2023 22:21:35 GMT
cache-control: no-cache
strict-transport-security: max-age=3600;
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YzzZc%2FCgjSEJpX1OrdQWg9iH2WsuaMPoYTQQsNZ0VpHuvb4fSajXrpqW4vcWIaJtRZdU75lSMra0uRnm%2BQGS9RwRO%2FvMym9DTX9PVtCyIJXnYGOqAUypRhmVhqSt9TwfgzctJg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7957479e4c9723ea-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
gelbooru.com/hotlink.php?hash=/images/19/a0/19a01713027a67a4f2cc0032a4536137.jpeg
302 Found 0 B URL HTTP/2 gelbooru.com/hotlink.php?hash=/images/19/a0/19a01713027a67a4f2cc0032a4536137.jpeg
IP
GET /hotlink.php?hash=/images/19/a0/19a01713027a67a4f2cc0032a4536137.jpeg HTTP/1.1
Host: gelbooru.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://192.99.211.122/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx/1.18.0
date: Mon, 06 Feb 2023 22:21:36 GMT
content-type: text/html; charset=UTF-8
location: index.php?page=post&s=view&id=1215702
expires: Sun, 01 Jan 2014 00:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
X-Firefox-Spdy: h2
gelbooru.com/hotlink.php?hash=/images/e9/cc/e9cc3327ca7e136c5727f4069963fc0f.jpeg
302 Found 0 B URL HTTP/2 gelbooru.com/hotlink.php?hash=/images/e9/cc/e9cc3327ca7e136c5727f4069963fc0f.jpeg
IP
GET /hotlink.php?hash=/images/e9/cc/e9cc3327ca7e136c5727f4069963fc0f.jpeg HTTP/1.1
Host: gelbooru.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://192.99.211.122/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx/1.18.0
date: Mon, 06 Feb 2023 22:21:36 GMT
content-type: text/html; charset=UTF-8
location: index.php?page=post&s=view&id=1276816
expires: Sun, 01 Jan 2014 00:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
X-Firefox-Spdy: h2
img3.gelbooru.com/images/68/c2/68c2bfa244f185d2c54608b17c697052.jpeg
302 Found 0 B URL HTTP/2 img3.gelbooru.com/images/68/c2/68c2bfa244f185d2c54608b17c697052.jpeg
IP
GET /images/68/c2/68c2bfa244f185d2c54608b17c697052.jpeg HTTP/1.1
Host: img3.gelbooru.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://192.99.211.122/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Mon, 06 Feb 2023 22:21:36 GMT
content-type: text/html
location: https://gelbooru.com/hotlink.php?hash=/images/68/c2/68c2bfa244f185d2c54608b17c697052.jpeg
expires: Mon, 06 Feb 2023 22:21:35 GMT
cache-control: no-cache
strict-transport-security: max-age=3600;
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pxuzzvqpRRExH6%2F58mAV8FtVuRlQu8wKUcHTwClDzCzOShI%2BLXk%2B1RkBXOqCK%2FVA0Qi51US2gdusEoyEfWK%2BjR2ItcHWQDakJQEGe2Vts80FM99QdqgGUfHXuTHMj4X6HyV4kg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7957479e4c9223ea-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
gelbooru.com/hotlink.php?hash=//images/79/18/791880eccb5d07a47875bdf18fad4814.jpg
302 Found 0 B URL HTTP/2 gelbooru.com/hotlink.php?hash=//images/79/18/791880eccb5d07a47875bdf18fad4814.jpg
IP
GET /hotlink.php?hash=//images/79/18/791880eccb5d07a47875bdf18fad4814.jpg HTTP/1.1
Host: gelbooru.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://192.99.211.122/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx/1.18.0
date: Mon, 06 Feb 2023 22:21:37 GMT
content-type: text/html; charset=UTF-8
location: index.php?page=post&s=view&id=1408651
expires: Sun, 01 Jan 2014 00:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
X-Firefox-Spdy: h2
192.99.211.122
104.26.0.234
188.114.97.1
93.184.220.29
104.21.234.5
95.101.11.115
145.239.59.212