Report - sandra26.girlsfuckdudes.com/lps/wf/46

Report Overview

Submitted URL
sandra26.girlsfuckdudes.com/lps/wf/46
IP
104.26.0.193
ASN
#13335 CLOUDFLARENET
Submitted
2022-11-30 09:01:39
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
14

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
stats.topsrc.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.3 kB	2.0 kB	74.117.182.34
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	229 B	34.117.237.239
e1.o.lencr.org	6159	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	676 B	1.5 kB	23.36.76.226
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	57 kB	34.120.237.76
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.0 kB	2.1 kB	142.250.74.131
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	52.36.24.174
www.googletagmanager.com	75	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	397 B	44 kB	142.250.74.168
cdnjs.cloudflare.com	235	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	425 B	5.2 kB	104.17.25.14
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.0 kB	2.2 kB	93.184.220.29
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	34.102.187.140
assets.topsrcs.com	174256	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	759 B	36 kB	188.114.96.1
ers.topsrcs.dev	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	504 B	448 B	165.22.40.124
static.cloudflareinsights.com	1294	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	479 B	393 B	104.16.56.101
sandra26.girlsfuckdudes.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	4.3 kB	69 kB	172.67.73.42
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.7 kB	9.8 kB	23.36.77.32

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-11-30	medium	sandra26.girlsfuckdudes.com/lps/wf/46	Phishing
2022-11-30	medium	sandra26.girlsfuckdudes.com/lps/wf/46/Lora51/vid.mp4	Phishing
2022-11-30	medium	sandra26.girlsfuckdudes.com/cdn-cgi/rum?	Phishing
2022-11-30	medium	sandra26.girlsfuckdudes.com/lps/wf/46/Lora51/vid.mp4	Phishing
2022-11-30	medium	sandra26.girlsfuckdudes.com/cdn-cgi/rum?	Phishing
2022-11-30	medium	sandra26.girlsfuckdudes.com/lps/wf/46	Phishing
2022-11-30	medium	sandra26.girlsfuckdudes.com/lps/wf/46/	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (16)

	URL	Size	First Seen	Last Seen
	static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993	17 kB	2023-03-08	2024-02-28
Pretty URL static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993 IP 104.16.56.101 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:25:00 Last Seen2024-02-28 12:44:37 Times Seen1362 Hash 33100f2355611b2375f05486299abf05 0b2d1b75f6695e67b884bee2eb72165d6e881a26 0f48c5678ce459a596423b0e55344e7ad8eb3d3b1b27c54cd76a9d4cee7dd6c3 Loading...

	assets.topsrcs.com/js/jquery.js	96 kB	2023-03-07	2024-02-26
Pretty URL assets.topsrcs.com/js/jquery.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 18:01:22 Last Seen2024-02-26 03:33:22 Times Seen80 Hash 883c86def738830a961fce29330e744e c8829d8a389d29e740257e97c17fcabb78f8d102 0d6271f6c1c509d78ee10f14174542be0db49486fe7c23201c1b517a063f578e Loading...

	sandra26.girlsfuckdudes.com/lps/wf/46/	1.4 kB	2023-03-11	2023-03-11
Pretty URL sandra26.girlsfuckdudes.com/lps/wf/46/ IP 104.26.0.193 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 22:55:49 Last Seen2023-03-11 22:55:49 Times Seen1 Hash e0cc94d3da859209aaef24b0d4088e18 fcee71c5d4546f883881f17f8ce2cedf78122580 7fd428656e93b8c103318e2f5b32f7337e5a99ea59d561d6729ca09b7e0f5493 Loading...

	assets.topsrcs.com/js/script_pxl.js?_=1669798888430	9.6 kB	2023-03-08	2023-03-11
Pretty URL assets.topsrcs.com/js/script_pxl.js?_=1669798888430 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:36:32 Last Seen2023-03-11 22:57:46 Times Seen1 Hash 36ceb2e2960922957eed5b3fca8909ac 08c52064beb64204a4a53e09132d80b39ab35d2a fbcd9285cf66b707edbee52387f1782ca5e4bde7d7e67229cc71f26b118aca95 Loading...

	www.googletagmanager.com/gtag/js?id=[object%20Object]&_=1669798888433	95 kB	2023-03-11	2023-03-11
Pretty URL www.googletagmanager.com/gtag/js?id=[object%20Object]&_=1669798888433 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 22:55:49 Last Seen2023-03-11 22:55:49 Times Seen1 Hash 494f0a09550e17e836658f581cf950df fc60f02d5035de71d38c68e414afacecbab18d6b 04f8b5c3aa4535dd44c69b282e805524ba52a3f2cea3cdd04bb6faf861c6817b Loading...

	assets.topsrcs.com/js/script_tpsrcuid.js?_=1669798888429	9.2 kB	2023-03-08	2023-04-05
Pretty URL assets.topsrcs.com/js/script_tpsrcuid.js?_=1669798888429 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:36:32 Last Seen2023-04-05 02:09:27 Times Seen9 Hash 899b19819b58c3a74b6423c5583c4e13 285c6ac55d83eb58bc44b343a8cc94323b80009f 68ea02d140492e0dfca2e40df9247d95b8d18f0efc6561a938e171b472d753ad Loading...

	assets.topsrcs.com/js/script_wf_reg.js?_=1669798888431	1.8 kB	2023-03-09	2023-03-13
Pretty URL assets.topsrcs.com/js/script_wf_reg.js?_=1669798888431 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 13:09:24 Last Seen2023-03-13 07:38:27 Times Seen1 Hash bcc72dde9beb6fd0f6ea2ca5cc0e4d2e c8b22c88f7c93679a564b1ee66d7c9c7eaa26e24 f877f7676f9c1e3fe4ed054e0de13e4dbe30eb929c2025ea0f1f3595bd93b4e7 Loading...

	assets.topsrcs.com/js/paid.js?_=1669798888432	54 kB	2023-03-11	2023-03-11
Pretty URL assets.topsrcs.com/js/paid.js?_=1669798888432 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 22:55:49 Last Seen2023-03-11 22:57:46 Times Seen1 Hash 1448c1a51bcde5127e1c87a39defcebb 0b67520fee962ce146c76b2161213517db5631a6 d322f3c0ec65476c0975d66163d1e17e9ae3174667a5e8954f10cb30668ed8f2 Loading...

	www.googletagmanager.com/gtag/js?id=UA-145157900-3	112 kB	2023-03-11	2023-03-11
Pretty URL www.googletagmanager.com/gtag/js?id=UA-145157900-3 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 22:55:49 Last Seen2023-03-11 22:55:49 Times Seen1 Hash 20b2fb6ed90134afdbd97817ff932dc4 34d2ce208e73c5ac2fe19aa4e173aa3f5549d17a 09845d9b40e3612de285d468da7baf235061718262f2bd11ae2b6c3434081188 Loading...

	assets.topsrcs.com/js/script_wf.js	6.7 kB	2023-03-09	2023-05-29
Pretty URL assets.topsrcs.com/js/script_wf.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 13:09:24 Last Seen2023-05-29 14:23:55 Times Seen11 Hash 69ad82a364658be501c26fff0aab80f6 264201361d9d098b50b0540d88521a230bfdb614 cffeafa479febf65b073058bbf2affa53c519f531b7fd21cd1b06060f2e948de Loading...

	sandra26.girlsfuckdudes.com/lps/wf/46/script.js	2.9 kB	2023-03-11	2023-03-11
Pretty URL sandra26.girlsfuckdudes.com/lps/wf/46/script.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 22:55:49 Last Seen2023-03-11 22:55:49 Times Seen1 Hash 2c91c62bd2b762c0ec524bac0daf07f7 b83999c3078df9171013fbb070f83c4311d7d9c3 a4eb295124861f497a0c70c7fae6fcd42c2b0162b1fbd52eb67c4ff4b0e5b24b Loading...

	http:blank	580 B	2023-03-11	2023-03-11
Pretty URL http:blank IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 22:55:49 Last Seen2023-03-11 22:55:49 Times Seen1 Hash 932cfe63dac549da81e719e20a8d320c d37f7bba1f9b5ffa121f9977572a145ba68ca1d7 be429675d127fbebf183bdbe2d400a041d3700b9c367f62d9549e1d137fd99b4 Loading...

	sandra26.girlsfuckdudes.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1669795200	32 kB	2023-03-11	2023-03-11
Pretty URL sandra26.girlsfuckdudes.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1669795200 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 22:55:49 Last Seen2023-03-11 22:55:49 Times Seen1 Hash 11e1bc514988d669d5cf6a597b77c4d2 eede333a832ed66cae6ae05f3b7d0b994291a434 19f9f0efa90bbd05fee150117f3ca1c14c91657a6f608eccac7fe5ec2c3aacf5 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 163f94798f8112a77dbfeb0cd70d1ff3	100 B	2023-03-08	2023-03-17
Pretty Observations First Seen2023-03-08 00:36:32 Last Seen2023-03-17 10:35:45 Times Seen1 Hash 163f94798f8112a77dbfeb0cd70d1ff3 b5634ab6c35deb378b147177ee6ba4ac2323750a 9b73261e1353d35b007fffba7f24e202e8b6566244b14622e649c312fe6eb906 Loading...

	#2 Eval - abb6cc9ea2a6e49eceb5aa36cb80246b	100 B	2023-03-08	2023-03-17
Pretty Observations First Seen2023-03-08 00:36:32 Last Seen2023-03-17 10:35:45 Times Seen1 Hash abb6cc9ea2a6e49eceb5aa36cb80246b 068e9120376e9ccdce7eaf2246611b32db26fabd bd3f4c16ba525ab97d1d19528aa2d230830366606543f0eeedc3eca319f8c0e7 Loading...

	#3 Eval - a1221c6c87de1bd9698e549dbed2810c	100 B	2023-03-08	2023-03-17
Pretty Observations First Seen2023-03-08 00:36:32 Last Seen2023-03-17 10:35:45 Times Seen1 Hash a1221c6c87de1bd9698e549dbed2810c a1ffb72c5587ce623b3e507c480a4a39a1f9814c b6acb390ab6cf6310fc63d6276731390d12c9fcaaa1f89f93a8740ad8f765f31 Loading...

HTTP Transactions (48)

URL IP Response Size

sandra26.girlsfuckdudes.com/lps/wf/46

172.67.73.42

301 Moved Permanently

0 B

URL HTTP/1.1
sandra26.girlsfuckdudes.com/lps/wf/46
IP
172.67.73.42:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /lps/wf/46 HTTP/1.1
Host: sandra26.girlsfuckdudes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Date: Wed, 30 Nov 2022 09:01:28 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Wed, 30 Nov 2022 10:01:28 GMT
Location: https://sandra26.girlsfuckdudes.com/lps/wf/46
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=byPjMBUwBjUV1w6Xg6E%2F8pNB5OdEXB2nRbKb2PG8O7qBTsrNyy34LSiq7I%2Bes40xiwjBopVeBwcZAkoYcCyEds5tT4QCXh8KYgyH3v3P4PhhK%2FwLLlreCq2RSF4UiR46QLQ4gXORv4eniGt3aQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7722660a6b21b512-OSL
alt-svc: h2=":443"; ma=60

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
2d2e7649ce9e9ba6fc8b68aa89352e3c
0153d1d3d830a457043e16bb40d48a0b9ddef4b8
8eed57c91b42ef7b2d5eff1309e306e23e13c3de21219af24a693cbf3e8977fc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8EED57C91B42EF7B2D5EFF1309E306E23E13C3DE21219AF24A693CBF3E8977FC"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15079
Expires: Wed, 30 Nov 2022 13:12:47 GMT
Date: Wed, 30 Nov 2022 09:01:28 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
4ed065cb23b5fca1a179dd73b3c5b7b2
4422eb24688f5e056fc1b18b127c7f63b1dbf5e0
b723d770d0dec7441d8505dc5a4e7d34f55c9f564ec52f20d9b70c7c3a0d9d35

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3574
Cache-Control: max-age=95357
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 09:01:28 GMT
Etag: "6385df6f-1d7"
Expires: Thu, 01 Dec 2022 11:30:45 GMT
Last-Modified: Tue, 29 Nov 2022 10:31:11 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
9fce5679881bf302a8978a0b462f01a9
b699fe030ea13ac73813e655c42ed9b531925e2b
a3ec545a8f9364ac9062eddb41279e1465687a1b60f9c1dec6b3a3df8b033eb3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A3EC545A8F9364AC9062EDDB41279E1465687A1B60F9C1DEC6B3A3DF8B033EB3"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12959
Expires: Wed, 30 Nov 2022 12:37:27 GMT
Date: Wed, 30 Nov 2022 09:01:28 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 30 Nov 2022 08:19:41 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2507
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: ZhvjMXJ/+B6BbbPYGdEND99vtH2YU+YfTURjZYeuj3Ogb3LILg20n44XLiZL6KzHjFnZyrTCmXw=
x-amz-request-id: B95DPE6ZXT5D24VG
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 30 Nov 2022 08:45:10 GMT
age: 978
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.pki.goog/s/gts1p5/wzYnJFRn-mI

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1p5/wzYnJFRn-mI
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
5a222cb0f73de402fb546440b2746733
73f14cb7f1d1d8d9518dec819d1dcdbe4628022a
7c998bce82ba803c247b825f8374e8cbf5de7e44467789ca1d14148caea40c61

HTTP Headers

POST /s/gts1p5/wzYnJFRn-mI HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 09:01:28 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 09:01:28 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 30 Nov 2022 08:08:56 GMT
cache-control: public,max-age=3600
age: 3152
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
3c8c689bd654417640d85f3da51af313
85123b6d46230a23d03768bf304b386e5d301305
516138ca79703b45e904d32d7dde1c1e9fd35995b9f1bb1331c547542745676d

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3573
Cache-Control: max-age=90292
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 09:01:29 GMT
Etag: "6385cba8-1d7"
Expires: Thu, 01 Dec 2022 10:06:21 GMT
Last-Modified: Tue, 29 Nov 2022 09:06:48 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
33f732b4dfbd5fb3ed7345eba2896fe6
2652f214cf7127302cc65b1d4e42f48a80907d5d
904ce722469d356f8ec20c14bd51ca3ce459012ea0869f7d14821a963310a494

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 09:01:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
4a97a1bfa6628e650263b4fa7ca74f6b
4cb78834b08d9d5def0c12f271f0fff9589a4ff0
d39fb3f530e100f5e51271869f0e0e8abf8654c5cd9e71f5e651d30ebdcb75fa

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3571
Cache-Control: max-age=168044
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 09:01:29 GMT
Etag: "6386fb62-117"
Expires: Fri, 02 Dec 2022 07:42:13 GMT
Last-Modified: Wed, 30 Nov 2022 06:42:42 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 279

push.services.mozilla.com/

52.36.24.174

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.36.24.174:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: GXsaGGTekEyES0hbwEmy7A==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: jh7yJZcKq3mmkvOu8kTtxcYK9Jk=

www.googletagmanager.com/gtag/js?id=UA-145157900-3

142.250.74.168

200 OK

44 kB

URL HTTP/2
www.googletagmanager.com/gtag/js?id=UA-145157900-3
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1921)
Size
44 kB (43582 bytes)
Hash
bdccaea1e877b216575e37e19f0a4dd3
459a378063f207d0cefc41677a25faa26a701d2a
c8f2eda7e11af46fb67f768f9414e70451b898a008bf277930cadbcc7f644ca8

HTTP Headers

GET /gtag/js?id=UA-145157900-3 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sandra26.girlsfuckdudes.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 30 Nov 2022 09:01:29 GMT
expires: Wed, 30 Nov 2022 09:01:29 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43582
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
33f732b4dfbd5fb3ed7345eba2896fe6
2652f214cf7127302cc65b1d4e42f48a80907d5d
904ce722469d356f8ec20c14bd51ca3ce459012ea0869f7d14821a963310a494

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 09:01:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

e1.o.lencr.org/

23.36.76.226

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
aae9881837014832c1b1047df718f433
2df67a75d3a92d7cec5128b20bd49b07803f5822
0423aafff8dcc78e2a0f500744559aef5635506e5b0ff2e9baf08ab7b87ec559

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "0423AAFFF8DCC78E2A0F500744559AEF5635506E5B0FF2E9BAF08AB7B87EC559"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21574
Expires: Wed, 30 Nov 2022 15:01:03 GMT
Date: Wed, 30 Nov 2022 09:01:29 GMT
Connection: keep-alive

e1.o.lencr.org/

23.36.76.226

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
aae9881837014832c1b1047df718f433
2df67a75d3a92d7cec5128b20bd49b07803f5822
0423aafff8dcc78e2a0f500744559aef5635506e5b0ff2e9baf08ab7b87ec559

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "0423AAFFF8DCC78E2A0F500744559AEF5635506E5B0FF2E9BAF08AB7B87EC559"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21558
Expires: Wed, 30 Nov 2022 15:00:47 GMT
Date: Wed, 30 Nov 2022 09:01:29 GMT
Connection: keep-alive

assets.topsrcs.com/js/jquery.js

188.114.96.1

200 OK

35 kB

URL HTTP/2
assets.topsrcs.com/js/jquery.js
IP
188.114.96.1:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65536), with no line terminators
Size
35 kB (34677 bytes)
Hash
11ce7ef7df07675212266d954e1825c5
2715b5d6a85deb499eef0d48f274b36861746b61
600d28c04e53c7d25707f6467235ac386b59a2c718b85ce432cf4ec07955793c

HTTP Headers

GET /js/jquery.js HTTP/1.1
Host: assets.topsrcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sandra26.girlsfuckdudes.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 30 Nov 2022 09:01:29 GMT
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-bgj: minify
cf-polished: origSize=95870
access-control-allow-origin: *
etag: W/"5f681294-1767e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Mon, 21 Sep 2020 02:40:20 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 36795
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tCvNLyO683tiOje3WFaujeEh2aal%2FJW36yoog8Dxk%2FGMXOnqB2giJ3pTYNIAW5Kzxs2BwWIaPrbory9PkH6%2Fggw1HIkQY8PIFTP2ccY7vJwXoW1rirgJ%2F02FYWmXS0LQQ%2BSibLY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 772266136b8bb4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/animate.css/4.1.1/animate.min.css

104.17.25.14

200 OK

4.2 kB

URL HTTP/2
cdnjs.cloudflare.com/ajax/libs/animate.css/4.1.1/animate.min.css
IP
104.17.25.14:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65348)
Size
4.2 kB (4216 bytes)
Hash
eefc9abe5bc10d658a2393a70d052566
dd49deafcd3ebe1306cda0b843f2da265f8a90e1
6011c33e447455e96e1d4926b0e15ca399eb993163a8e5ee0c523947396d66c3

HTTP Headers

GET /ajax/libs/animate.css/4.1.1/animate.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sandra26.girlsfuckdudes.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 30 Nov 2022 09:01:29 GMT
content-type: text/css; charset=utf-8
content-length: 4216
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5f5628a2-11846"
last-modified: Mon, 07 Sep 2020 12:33:38 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 2955697
expires: Mon, 20 Nov 2023 09:01:29 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GnQP%2FP3KMyBRo3dPfKvFC3Ft9zJ%2B6TjXvZStHfejtGU8WRVHp%2F2ZdpcNdPC%2BN3s89AzukMJK%2F7LoDvpqfT8oFNUtB2nnPA4z6Or0GqjIARziIsPa7xMqllR2zV5Lq5M3GIO51CjV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 772266159df1b527-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
90afd6154b162559b32dc48450949eae
c458aac33c03948c32f76d972f368de42ac5e30a
584ba47e21d4004f49788b62a90ee39bcad13142f2e22e26ff08135d03296b54

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "584BA47E21D4004F49788B62A90EE39BCAD13142F2E22E26FF08135D03296B54"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21501
Expires: Wed, 30 Nov 2022 14:59:51 GMT
Date: Wed, 30 Nov 2022 09:01:30 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12142
Expires: Wed, 30 Nov 2022 12:23:52 GMT
Date: Wed, 30 Nov 2022 09:01:30 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12142
Expires: Wed, 30 Nov 2022 12:23:52 GMT
Date: Wed, 30 Nov 2022 09:01:30 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12142
Expires: Wed, 30 Nov 2022 12:23:52 GMT
Date: Wed, 30 Nov 2022 09:01:30 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12142
Expires: Wed, 30 Nov 2022 12:23:52 GMT
Date: Wed, 30 Nov 2022 09:01:30 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12142
Expires: Wed, 30 Nov 2022 12:23:52 GMT
Date: Wed, 30 Nov 2022 09:01:30 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg

34.120.237.76

200 OK

4.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.8 kB (4803 bytes)
Hash
cc0a257323f882caff067adb86d906e4
cedf2f21be7cd366bd46055b62b5513db3011dfc
c16a9296d5e840a468fef7fb2764b9f7d4b3131d7ade2ce4999de1eead5469e0

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4803
x-amzn-requestid: 80f7f1c8-0316-4181-83ac-2787b1ae825f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cOo4iFHoIAMF2-g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63828836-2c0a081b07e0785b4350c10c;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 21:42:14 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: CJiSRzIK7-rQE81gaP2We0LhgKX1YmuJKEGYEqW34Bm1KMx6NB8yhQ==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 23:32:45 GMT
age: 34125
etag: "cedf2f21be7cd366bd46055b62b5513db3011dfc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

sandra26.girlsfuckdudes.com/lps/wf/46/Lora51/img.jpg

104.26.0.193

200 OK

64 kB

URL HTTP/2
sandra26.girlsfuckdudes.com/lps/wf/46/Lora51/img.jpg
IP
104.26.0.193:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 750x750, components 3\012- data
Size
64 kB (63961 bytes)
Hash
b5748df160118f990658476e638811e3
bca4f20381ec1c05f6c2265fea124eba1d804832
b98612bfb10c9579f5d82f5a130fcfe36aa0bc58f805d3f068c3cfa77d918330

HTTP Headers

GET /lps/wf/46/Lora51/img.jpg HTTP/1.1
Host: sandra26.girlsfuckdudes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sandra26.girlsfuckdudes.com/lps/wf/46/
Cookie: tpsrcuid=MTY2OTc5ODkxMjUwNQ==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 30 Nov 2022 09:01:30 GMT
content-type: image/jpeg
content-length: 63961
last-modified: Tue, 24 Mar 2020 16:21:52 GMT
etag: "5e7a33a0-f9d9"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RjM3Woe1YX3EEpL0yQSdl%2FRXFUkFuUiIpUg4uuQi5Ip7jSHFhoJf2iIeliPu3w34xAmu0CxCkJSObBBA2uceRx5XsVSeIYIqB1T4YQKz%2FTgWUApNajDzg9Cs%2FhOCCCu0043EKGERYb8KVhoXdg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77226615994c0afa-OSL
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F48df8a6f-5803-4ce0-ab84-1efc8ca3e251.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.9 kB (8885 bytes)
Hash
8825a2c5c0d98323f489e0b816b7f1d8
05f46985ea4ace57460120876da8e19db08857b3
1d12590a78b32146d6f1d107fb93bdb6cb45228d15babd087c0111495d7138e1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F48df8a6f-5803-4ce0-ab84-1efc8ca3e251.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8885
x-amzn-requestid: 67e1ba67-b4fb-42c8-985d-f34164101c7b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYhIGGtloAMFxjw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867bcd-295995bb1123430c55659fe3;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:38:21 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: d64lSE184IwrwZKVC8KOUINEBclth9b7xRGV9T1uNfAptgXz0bxKhw==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 22:14:25 GMT
age: 38825
etag: "05f46985ea4ace57460120876da8e19db08857b3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29e8368b-e5a8-4256-a456-b724e13819e4.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10068 bytes)
Hash
f621857774e4b4adda95f58081644859
639165dc66d171b8266f22cd495181427112bc80
341fd33d3d9486079c182d60e21c355244b6597e6e09ba51ecee2e331b38ca2e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29e8368b-e5a8-4256-a456-b724e13819e4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10068
x-amzn-requestid: 7f386e94-3c17-44a1-a36b-3d0eeff4623d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYhGvEQQoAMFihA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867bc4-5069acfd038ffb2c124b7bd8;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:38:12 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Ec2HkhHmHE2ddGBpLsJ5Rn7SCMjyR5kzaTyrguDoI9xOohgsCi08CQ==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 21:44:26 GMT
age: 40624
etag: "639165dc66d171b8266f22cd495181427112bc80"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fde294fb7-e851-4e57-83be-aa3374862dcb.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.0 kB (7971 bytes)
Hash
9e135c29a8769eb12ef8c26f99097400
87447d20e9c0a6a6aeefe6ca107f93cd3598cd0d
ce41ff79c382efc54aa2fd3ab64293d2d2b706a7f21585f4bd8bbcd9a3566126

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fde294fb7-e851-4e57-83be-aa3374862dcb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7971
x-amzn-requestid: e47d10e4-2b60-4998-b5fa-5b145e60aac2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYhgWHgGoAMFcLA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867c68-5b9710a07b0a59730e73dce4;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:40:56 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: OURSF_raDXrHV3-3ScaEdorNpW9ZKSIQjv6WUCQYHhruGz372BU_QA==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 22:11:32 GMT
age: 38998
etag: "87447d20e9c0a6a6aeefe6ca107f93cd3598cd0d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F966ff24e-ea85-4a2e-aead-22f1a723c59f.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.7 kB (9674 bytes)
Hash
5508d05a290b663fd89ead9b58f2efd8
53650399f9a986ba54addd668b4557109d12003b
65704a961410fdd318c491fedf002c8e9b184cd34b76fe1b67026d42ce21be3f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F966ff24e-ea85-4a2e-aead-22f1a723c59f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9674
x-amzn-requestid: 7e7d0183-9667-462a-8d44-d125998c1ae3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYgEoHVAoAMFvAQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867a1d-280ba97e3fe1bf7244cbde35;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:31:09 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: qftF-GQkcjKTs30KMGCTDymw2SVSXeAYKGNWUnaMfvIb8HjtfHUx8A==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 21:44:46 GMT
etag: "53650399f9a986ba54addd668b4557109d12003b"
content-type: image/jpeg
age: 40604
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff2730750-552d-4852-8ce1-503874565f75.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.1 kB (9051 bytes)
Hash
05196ec43964cf559caa0c0279148d62
6170d6776615503e3e29f86783febc3e3e78ca66
47f3a5cde661987e3496ce110a0170b10087dd9ba8d4fd691c4830587ba3fa3f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff2730750-552d-4852-8ce1-503874565f75.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9051
x-amzn-requestid: 1032dd9c-a15e-4e8a-9c81-07419e8caf67
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYhGvEMNIAMFaKw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867bc4-1005c20a33320dbf6567ca31;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:38:12 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: rtfl896JX35oFFEVmqyH9Nm62iSY6rqwzkLwZMcM45p_ySF6J2QwEQ==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 21:44:47 GMT
age: 40603
etag: "6170d6776615503e3e29f86783febc3e3e78ca66"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
13f5e734853ca599633fd721f1e9945e
a5b169109ad3d51d9872f06baf411ec3aef8db67
a481d354317dff03db6c39084852ee9bc46c0984cfdb4df90b9c9f27871b445b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A481D354317DFF03DB6C39084852EE9BC46C0984CFDB4DF90B9C9F27871B445B"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9685
Expires: Wed, 30 Nov 2022 11:42:55 GMT
Date: Wed, 30 Nov 2022 09:01:30 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
4579a732d998e1105856f20eacb69127
69acfd19eaa37e29e9c6c35cee668b911e65dbe0
483c19438fe60e387345939837011ecda07c9359ac6658a948c0f83a449f6736

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "483C19438FE60E387345939837011ECDA07C9359AC6658A948C0F83A449F6736"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21565
Expires: Wed, 30 Nov 2022 15:00:55 GMT
Date: Wed, 30 Nov 2022 09:01:30 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
4579a732d998e1105856f20eacb69127
69acfd19eaa37e29e9c6c35cee668b911e65dbe0
483c19438fe60e387345939837011ecda07c9359ac6658a948c0f83a449f6736

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "483C19438FE60E387345939837011ECDA07C9359AC6658A948C0F83A449F6736"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21556
Expires: Wed, 30 Nov 2022 15:00:46 GMT
Date: Wed, 30 Nov 2022 09:01:30 GMT
Connection: keep-alive

stats.topsrc.com/tracking/segment?key=75025220-350b-434d-97cd-24a7efcee1bd

74.117.182.34

200

49 B

URL HTTP/1.1
stats.topsrc.com/tracking/segment?key=75025220-350b-434d-97cd-24a7efcee1bd
IP
74.117.182.34:0
ASN
#40824 WZCOM

File type
GIF image data, version 89a, 1 x 1\012- data
Size
49 B (49 bytes)
Hash
56398e76be6355ad5999b262208a17c9
a1fdee122b95748d81cee426d717c05b5174fe96
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

HTTP Headers

GET /tracking/segment?key=75025220-350b-434d-97cd-24a7efcee1bd HTTP/1.1
Host: stats.topsrc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sandra26.girlsfuckdudes.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 
last-modified: Wed, 30 Nov 2022 09:01:30 GMT
etag: W/"b8fb65382ccbd68d81dd13c481addc4bfc9a7b987894c016066fdbe4ce72b474"
cache-control: no-cache, no-store, no-transform, must-revalidate
x-responded-by: cors-support-provider
access-control-expose-headers: set-cookie
access-control-allow-origin: *
access-control-request-headers: origin,accept,content-type,x-requested-with
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-max-age: 86400
content-type: image/gif
content-length: 49
date: Wed, 30 Nov 2022 09:01:30 GMT

stats.topsrc.com/tracking/segment?key=98b2c431-516f-49d3-8645-dc33500c58e3

74.117.182.34

200

49 B

URL HTTP/1.1
stats.topsrc.com/tracking/segment?key=98b2c431-516f-49d3-8645-dc33500c58e3
IP
74.117.182.34:0
ASN
#40824 WZCOM

File type
GIF image data, version 89a, 1 x 1\012- data
Size
49 B (49 bytes)
Hash
56398e76be6355ad5999b262208a17c9
a1fdee122b95748d81cee426d717c05b5174fe96
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

HTTP Headers

GET /tracking/segment?key=98b2c431-516f-49d3-8645-dc33500c58e3 HTTP/1.1
Host: stats.topsrc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sandra26.girlsfuckdudes.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 
last-modified: Wed, 30 Nov 2022 09:01:30 GMT
etag: W/"67bbf32f6f3385ce78883d5c192c9618dda93056ba6cb2a2ee86aedf7c36c5f7"
cache-control: no-cache, no-store, no-transform, must-revalidate
x-responded-by: cors-support-provider
access-control-expose-headers: set-cookie
access-control-allow-origin: *
access-control-request-headers: origin,accept,content-type,x-requested-with
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-max-age: 86400
content-type: image/gif
content-length: 49
date: Wed, 30 Nov 2022 09:01:30 GMT

stats.topsrc.com/tracking/segment?key=37ed61b3-beaa-4984-99a7-1b5dcb9cb1ed

74.117.182.34

200

49 B

URL HTTP/1.1
stats.topsrc.com/tracking/segment?key=37ed61b3-beaa-4984-99a7-1b5dcb9cb1ed
IP
74.117.182.34:0
ASN
#40824 WZCOM

File type
GIF image data, version 89a, 1 x 1\012- data
Size
49 B (49 bytes)
Hash
56398e76be6355ad5999b262208a17c9
a1fdee122b95748d81cee426d717c05b5174fe96
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

HTTP Headers

GET /tracking/segment?key=37ed61b3-beaa-4984-99a7-1b5dcb9cb1ed HTTP/1.1
Host: stats.topsrc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sandra26.girlsfuckdudes.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 
last-modified: Wed, 30 Nov 2022 09:01:30 GMT
etag: W/"317fe8ecd991f7359538baee004dcabdabed86b8b0ac1595f5a4929f5c170050"
cache-control: no-cache, no-store, no-transform, must-revalidate
x-responded-by: cors-support-provider
access-control-expose-headers: set-cookie
access-control-allow-origin: *
access-control-request-headers: origin,accept,content-type,x-requested-with
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-max-age: 86400
content-type: image/gif
content-length: 49
date: Wed, 30 Nov 2022 09:01:30 GMT

sandra26.girlsfuckdudes.com/lps/wf/46/Lora51/vid.mp4

104.26.0.193

206 Partial Content

0 B

URL HTTP/2
sandra26.girlsfuckdudes.com/lps/wf/46/Lora51/vid.mp4
IP
104.26.0.193:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /lps/wf/46/Lora51/vid.mp4 HTTP/1.1
Host: sandra26.girlsfuckdudes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://sandra26.girlsfuckdudes.com/lps/wf/46/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 206 Partial Content
date: Wed, 30 Nov 2022 09:01:30 GMT
content-type: video/mp4
content-length: 10464903
last-modified: Tue, 24 Mar 2020 15:48:31 GMT
etag: "5e7a2bcf-9fae87"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: MISS
content-range: bytes 0-10464902/10464903
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A3xCM02jZtqRN6fCa%2FcnKdVAHWAyNQeGBNH5QcfzMfGLi6Rqzrc9Sg3%2BLX04TxweSOmupa%2FOAW2qhCZt5kxaTSrG9aw0X0Oyf4k4sXaT8FK2a9wycGomHbur%2FPi5IO42awLWSU2wy%2BJg2Z1eNQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77226614c8990afa-OSL
X-Firefox-Spdy: h2

sandra26.girlsfuckdudes.com/cdn-cgi/rum?

104.26.0.193

200 OK

0 B

URL HTTP/2
sandra26.girlsfuckdudes.com/cdn-cgi/rum?
IP
104.26.0.193:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

POST /cdn-cgi/rum? HTTP/1.1
Host: sandra26.girlsfuckdudes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: application/json
Content-Length: 1141
Origin: https://sandra26.girlsfuckdudes.com
Connection: keep-alive
Referer: https://sandra26.girlsfuckdudes.com/lps/wf/46/
Cookie: tpsrcuid=MTY2OTc5ODkxMjUwNQ==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 30 Nov 2022 09:01:30 GMT
server: cloudflare
cf-ray: 7722661bfe7b0afa-OSL
x-frame-options: DENY
x-content-type-options: nosniff
X-Firefox-Spdy: h2

ers.topsrcs.dev/api/proc/visit

165.22.40.124

200 OK

0 B

URL HTTP/2
ers.topsrcs.dev/api/proc/visit
IP
165.22.40.124:0
ASN
#14061 DIGITALOCEAN-ASN

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

POST /api/proc/visit HTTP/1.1
Host: ers.topsrcs.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 298
Origin: https://sandra26.girlsfuckdudes.com
Connection: keep-alive
Referer: https://sandra26.girlsfuckdudes.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache, private
date: Wed, 30 Nov 2022 09:01:31 GMT
access-control-allow-origin: *
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
x-ratelimit-limit: 60
x-ratelimit-remaining: 59
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993

104.16.56.101

200 OK

0 B

URL HTTP/2
static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993
IP
104.16.56.101:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://sandra26.girlsfuckdudes.com
Connection: keep-alive
Referer: https://sandra26.girlsfuckdudes.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 30 Nov 2022 09:01:29 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/2022.10.1
last-modified: Fri, 21 Oct 2022 01:56:09 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 772266125fecb521-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

sandra26.girlsfuckdudes.com/lps/wf/46/style.css

104.26.0.193

200 OK

0 B

URL HTTP/2
sandra26.girlsfuckdudes.com/lps/wf/46/style.css
IP
104.26.0.193:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /lps/wf/46/style.css HTTP/1.1
Host: sandra26.girlsfuckdudes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sandra26.girlsfuckdudes.com/lps/wf/46/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 30 Nov 2022 09:01:29 GMT
content-type: text/css
last-modified: Mon, 20 Apr 2020 11:37:42 GMT
etag: W/"5e9d8986-1bd1"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mHzV3yOJ3evv6Xh45vZOCD43AJ4qDrI1R3E7HPCEwhh%2FYpNnHTxjUB80mzLbdks8Yw%2BletcJpD1VXdxd78DPY7R7uILH0yFROub8Hy75d74mu3Ga7EqsQX92TjsSjev%2B%2FbdS873R790F7n17dg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77226611ee050afa-OSL
content-encoding: br
X-Firefox-Spdy: h2

sandra26.girlsfuckdudes.com/lps/wf/46/Lora51/vid.mp4

104.26.0.193

206 Partial Content

0 B

URL HTTP/2
sandra26.girlsfuckdudes.com/lps/wf/46/Lora51/vid.mp4
IP
104.26.0.193:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /lps/wf/46/Lora51/vid.mp4 HTTP/1.1
Host: sandra26.girlsfuckdudes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://sandra26.girlsfuckdudes.com/lps/wf/46/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 206 Partial Content
date: Wed, 30 Nov 2022 09:01:29 GMT
content-type: video/mp4
content-length: 10464903
last-modified: Tue, 24 Mar 2020 15:48:31 GMT
etag: "5e7a2bcf-9fae87"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 0
content-range: bytes 0-10464902/10464903
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1YTILiq87oZOikIfQ5DTDjbgi73ZtJZ30s2xuIkGsoL5VIfaKiQN2nOqEakVCeXdEudG1cDv16QrbSzgkGViX3gcCv5ADkDtZ0yCqaMfP%2Fb27P5VW0iIh6QqkgeBH%2FtjdOoaCILLwo1DaJ344w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77226614c89a0afa-OSL
X-Firefox-Spdy: h2

sandra26.girlsfuckdudes.com/cdn-cgi/rum?

104.26.0.193

200 OK

0 B

URL HTTP/2
sandra26.girlsfuckdudes.com/cdn-cgi/rum?
IP
104.26.0.193:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

POST /cdn-cgi/rum? HTTP/1.1
Host: sandra26.girlsfuckdudes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 607
Origin: https://sandra26.girlsfuckdudes.com
Connection: keep-alive
Referer: https://sandra26.girlsfuckdudes.com/lps/wf/46/
Cookie: tpsrcuid=MTY2OTc5ODkxMjUwNQ==; tpsrccnst=0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 30 Nov 2022 09:01:37 GMT
server: cloudflare
cf-ray: 7722664359da0afa-OSL
x-frame-options: DENY
x-content-type-options: nosniff
X-Firefox-Spdy: h2

sandra26.girlsfuckdudes.com/lps/wf/46

104.26.0.193

301 Moved Permanently

0 B

URL HTTP/2
sandra26.girlsfuckdudes.com/lps/wf/46
IP
104.26.0.193:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /lps/wf/46 HTTP/1.1
Host: sandra26.girlsfuckdudes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 301 Moved Permanently
date: Wed, 30 Nov 2022 09:01:28 GMT
content-type: text/html; charset=iso-8859-1
location: https://sandra26.girlsfuckdudes.com/lps/wf/46/
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n%2FAqqaE4a1tBJiWK7pxhCRUKaTHW1da8PhsdEx%2BNztmLm7KrPMkbx3P2qTrhlwKCfrkl0kaiIMgmQHPyp7Dv4j8WzJprgxXyfrUelZl8WqNsOdT8CfyFRA4QL%2BHTENsSFbpem%2B9NG1ifURVO3g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7722660d19a50afa-OSL
X-Firefox-Spdy: h2

sandra26.girlsfuckdudes.com/lps/wf/46/

104.26.0.193

200 OK

0 B

URL HTTP/2
sandra26.girlsfuckdudes.com/lps/wf/46/
IP
104.26.0.193:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /lps/wf/46/ HTTP/1.1
Host: sandra26.girlsfuckdudes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers

HTTP/2 200 OK
date: Wed, 30 Nov 2022 09:01:29 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bD4p9RlukC3tzyL0GOf8V7oveEMWxMVOZrXVed0v5GlMtXyWXX7RnOXvpcZ03DAWMXc5kuN6IgLmTKAtLfyHHPwcLW0olffFkRZ2rZUZ5aXO%2BiVogxe9SRfsZcUSDsc6%2FM6eBA6pFTU08ddapg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 772266100c320afa-OSL
content-encoding: br
X-Firefox-Spdy: h2

assets.topsrcs.com/js/script_wf.js

188.114.96.1

200 OK

0 B

URL HTTP/2
assets.topsrcs.com/js/script_wf.js
IP
188.114.96.1:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /js/script_wf.js HTTP/1.1
Host: assets.topsrcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sandra26.girlsfuckdudes.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 30 Nov 2022 09:01:29 GMT
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-bgj: minify
cf-polished: origSize=11133
access-control-allow-origin: *
etag: W/"636cf7c1-2b7d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Thu, 10 Nov 2022 13:08:17 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 36794
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s3cv6Rr7h%2FsfRvtuvRS2dVpv8xO4obTHp0VAlkRhfY8OdXFJEEjIbML%2FtIlzcvJW5exx4eoU0GnsCIeZVFYHiETtZUdEdHHn5sqeWIZfiGtU4WNoYywQsUlB4hCLaygVozlKbq8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 772266135b68b4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (16)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations