ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
185.178.208.130301 Moved Permanently 568 B URL HTTP/1.1 ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
IP 185.178.208.130:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (564), with no line terminators
Hash 2761b98db33884ab29711096ab315edb
8cea6e53464aea178b72e06a906205d040f14ca5
9f7a07f69d9b9a5af186a79159ccea18935ab4103128ca967e3f3f8ae45fb3ee
GET /leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: ddos-guard
Date: Sat, 24 Sep 2022 19:31:10 GMT
Connection: keep-alive
Keep-Alive: timeout=60
Location: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Content-Type: text/html; charset=utf8
Content-Length: 568
firefox.settings.services.mozilla.com/v1/
143.204.55.36200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.36:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sat, 24 Sep 2022 19:14:34 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 277d0e3af1ffdcb1ee40b7dc9f040146.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Lh6eH2ebrNAdoBLUA1DSgddeELKi0SDJb1_UCuNWyBUgNKC_pVAGrQ==
Age: 997
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 09a973de929ab7452edc342c780d3668
3f14f6e0a36f76863c0aea6fb561c266404a7ea3
e82ca5f310e37267fbf792427747e65c2bb35e684d3f629c0aa302f688bc4f80
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E82CA5F310E37267FBF792427747E65C2BB35E684D3F629C0AA302F688BC4F80"
Last-Modified: Fri, 23 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19598
Expires: Sun, 25 Sep 2022 00:57:49 GMT
Date: Sat, 24 Sep 2022 19:31:11 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b3e81b5bd7bd8e12288a8159e44ceb3f
977945964ffcbf49ac78f840db9da822c50c82f0
4721814da286852318f7ebf9857bd4bf01f0beea2c9eb7ddb9f290e3fa472232
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4721814DA286852318F7EBF9857BD4BF01F0BEEA2C9EB7DDB9F290E3FA472232"
Last-Modified: Fri, 23 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17774
Expires: Sun, 25 Sep 2022 00:27:25 GMT
Date: Sat, 24 Sep 2022 19:31:11 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 4zE7lQUyPrUr+kkFP9lXEFdtTG8IKQi2etvsmB2ha6N61NSoLjsyA4pVDeNX4mBKIHxdWReoS7TQ/V2I15TDgQ==
x-amz-request-id: 8WDZ984C59GFBHGB
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 24 Sep 2022 18:45:17 GMT
age: 2754
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
etag: "6113f8408c59aebe188d6af273b90743"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f72eab7d05a12dc23485d55291ab112a
5f275e06b2fe42aa7010822106106a9a3fe619fe
0c9d2e7d61be2f1bf3cea3d26e74b10957b8c510447f42d1b583571e4db9f4d0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0C9D2E7D61BE2F1BF3CEA3D26E74B10957B8C510447F42D1B583571E4DB9F4D0"
Last-Modified: Sat, 24 Sep 2022 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12179
Expires: Sat, 24 Sep 2022 22:54:10 GMT
Date: Sat, 24 Sep 2022 19:31:11 GMT
Connection: keep-alive
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 19:31:11 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
cdn.linearicons.com/free/1.0.0/icon-font.min.css
54.230.111.71200 OK 1.7 kB URL HTTP/2 cdn.linearicons.com/free/1.0.0/icon-font.min.css
IP 54.230.111.71:0
File type ASCII text, with very long lines (7191)
Hash 0b704046d76bb4d3929be4f7f20472f5
564f70325044cf9834f70d9689463cbfb8a53b71
511ae4f5d6a1803848d68c82cd61d2ad1ed3a1c65037e2cbcf9a7edd2fa6fa5d
GET /free/1.0.0/icon-font.min.css HTTP/1.1
Host: cdn.linearicons.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css
content-length: 1672
date: Sat, 21 May 2022 07:14:44 GMT
access-control-allow-origin: *
access-control-allow-methods: GET
last-modified: Wed, 27 May 2015 16:04:10 GMT
etag: "0b704046d76bb4d3929be4f7f20472f5"
cache-control: max-age=31000000
content-encoding: gzip
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 e2f427863e6bdb72ad8bed72b596d81e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: nG36a2xR_xbG6fj32zNc27DLNasc1oq2X-I5ztEOQH5GGcZxnrUQZw==
age: 10930588
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/require.js/2.3.5/require.min.js
104.17.24.14200 OK 5.9 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/require.js/2.3.5/require.min.js
IP 104.17.24.14:0
File type ASCII text, with very long lines (17536), with no line terminators
Hash 6edb11616167a0f44d5877a0813866f4
92685c66877bdfa5dafb74574d087e6663a6ac71
285780a791cc1dd87a80c336807c33cdb4e1c0c595bdb345eacd82f58b440402
GET /ajax/libs/require.js/2.3.5/require.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 24 Sep 2022 19:31:11 GMT
content-type: application/javascript; charset=utf-8
content-length: 5879
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03fbf-4480"
last-modified: Mon, 04 May 2020 16:15:59 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 8134056
expires: Thu, 14 Sep 2023 19:31:11 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VR9hhbzf32RI0ftJgTVg0NtBX8fsud6ZlzsbO0U7JM5fEX6DongVUb4C95qA5wEZ3IBF8mOIiKwCvh2Oa0pSeDovOg1QUVcGnDYsX6LFgeK5fpYZuTJOPfknqcsWnTo4Q1kfqIh9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 74fdf05d4becb524-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 4fb51016b82f43bc6ee9f5ace001690c
5390a86aa0a7b82f5d09605b10812567b309d27a
73283fa4b416ee80d2ac87c30d2183afa1ae487a8650563b79adc1f001030f73
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 19:31:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ibradome.com/Uploads/Icons/cat-1.png
185.178.208.130200 OK 5.3 kB URL HTTP/2 ibradome.com/Uploads/Icons/cat-1.png
IP 185.178.208.130:0
File type PNG image data, 70 x 70, 8-bit/color RGBA, interlaced\012- data
Hash 4ee329676a23b240d9e7777ed5c496ce
3c20ccfeda1efba2fe06b28af324f4158ffd16d8
4b84d2b09e3bd6bd48ee8b53f691be5801779772b5e4cd86fe6e9897c15165e8
GET /Uploads/Icons/cat-1.png HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:12 GMT
content-type: image/png
last-modified: Sun, 02 Sep 2018 16:25:07 GMT
accept-ranges: bytes
content-length: 5291
date: Sat, 24 Sep 2022 19:31:12 GMT
vary: User-Agent
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2
ibradome.com/Uploads/Icons/cat-8.png
185.178.208.130200 OK 3.2 kB URL HTTP/2 ibradome.com/Uploads/Icons/cat-8.png
IP 185.178.208.130:0
File type PNG image data, 70 x 70, 8-bit/color RGBA, interlaced\012- data
Hash 83c9e6c3b6378303283d7bfa50260fff
a759bd92f8b128f434a0b92cebe6a09a99b83ff6
445ed7ea6a73e872347bd98aa64a6a9e1eee666d823369c23dc494a3c0039362
GET /Uploads/Icons/cat-8.png HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:12 GMT
content-type: image/png
last-modified: Sun, 02 Sep 2018 16:32:38 GMT
accept-ranges: bytes
content-length: 3174
date: Sat, 24 Sep 2022 19:31:12 GMT
vary: User-Agent
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 58b52380a6b5c598d1ad88e8da148137
a56206a0277aea6e8e2f7629793aba713d8edd0c
561a57c27dfa1f8651a89292428576b626e8700b9cd6b8173a0ce121aa8f9f4a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 19:31:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
vjs.zencdn.net/7.20.3/video-js.css
151.101.86.217200 OK 11 kB URL HTTP/2 vjs.zencdn.net/7.20.3/video-js.css
IP 151.101.86.217:0
File type Unicode text, UTF-8 text, with very long lines (5844)
Hash fe56250286f5ded89eae50b54b7d1100
fa5e7d94f4604ab819f42f8b08257a70c86a6b54
76423f3d7320b1178fce25d069e2ff6c6cdc68f1ff8feb2181ea89bb348a80c4
GET /7.20.3/video-js.css HTTP/1.1
Host: vjs.zencdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Fri, 09 Sep 2022 18:11:04 GMT
etag: "92c4f5bba6e24134f07a508819300d2e"
content-type: text/css
content-encoding: gzip
date: Sat, 24 Sep 2022 19:31:11 GMT
x-served-by: cache-bma1662-BMA
x-cache: HIT
x-cache-hits: 1
vary: Accept-Encoding
access-control-allow-origin: *
timing-allow-origin: *
content-length: 10964
X-Firefox-Spdy: h2
ibradome.com/Uploads/Icons/cat-11.png
185.178.208.130200 OK 7.6 kB URL HTTP/2 ibradome.com/Uploads/Icons/cat-11.png
IP 185.178.208.130:0
File type PNG image data, 70 x 70, 8-bit/color RGBA, interlaced\012- data
Hash 82475de8d7329bedf21a34dea891865c
46ba0d95f608cd4d37b6a9200709e5c9db3d1ded
276536fef1d707c1e158b0be467583a31227eb7d8598632e92949ae6503dd018
GET /Uploads/Icons/cat-11.png HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:12 GMT
content-type: image/png
last-modified: Sun, 02 Sep 2018 16:31:24 GMT
accept-ranges: bytes
content-length: 7619
date: Sat, 24 Sep 2022 19:31:12 GMT
vary: User-Agent
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2
ibradome.com/Uploads/Icons/cat-5.png
185.178.208.130200 OK 9.2 kB URL HTTP/2 ibradome.com/Uploads/Icons/cat-5.png
IP 185.178.208.130:0
File type PNG image data, 70 x 70, 8-bit/color RGBA, interlaced\012- data
Hash d344810ccc6c97e531273132c0363082
3c85f1f92b1a891bbfe82951f46e010e379f77a9
07f9045fd63e17fd9065a4af53fa9baa1004ddeaa68cdddebb8bfc8e727082b3
GET /Uploads/Icons/cat-5.png HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:12 GMT
content-type: image/png
last-modified: Sun, 02 Sep 2018 16:27:04 GMT
accept-ranges: bytes
content-length: 9232
date: Sat, 24 Sep 2022 19:31:12 GMT
vary: User-Agent
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2
ibradome.com/Uploads/Icons/cat-12.png
185.178.208.130200 OK 5.6 kB URL HTTP/2 ibradome.com/Uploads/Icons/cat-12.png
IP 185.178.208.130:0
File type PNG image data, 70 x 70, 8-bit/color RGBA, interlaced\012- data
Hash f6404456fb72e6af153a145b4ee513f8
ebef201c25cbd8250a74eef3a668bdfaaf03cd2a
14c9e517e3b543bbdfbe46751b3547a15794d9497ecf309aa6d94d85a1dcc9f0
GET /Uploads/Icons/cat-12.png HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:12 GMT
content-type: image/png
last-modified: Mon, 03 Sep 2018 12:44:27 GMT
accept-ranges: bytes
content-length: 5600
date: Sat, 24 Sep 2022 19:31:12 GMT
vary: User-Agent
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2
ibradome.com/Uploads/Icons/cat-4.png
185.178.208.130200 OK 5.9 kB URL HTTP/2 ibradome.com/Uploads/Icons/cat-4.png
IP 185.178.208.130:0
File type PNG image data, 70 x 70, 8-bit/color RGBA, interlaced\012- data
Hash 58a844947bb2dddc69968bd5a1a92bdc
401f875d8363760ed26d9fa438de4af850808753
34f377a3ff342dd2d2c6bbe598a48871f3beb00f6f20db37805e279466c60d02
GET /Uploads/Icons/cat-4.png HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:12 GMT
content-type: image/png
last-modified: Sun, 02 Sep 2018 16:31:56 GMT
accept-ranges: bytes
content-length: 5903
date: Sat, 24 Sep 2022 19:31:12 GMT
vary: User-Agent
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2
ibradome.com/Uploads/Icons/cat-10.png
185.178.208.130200 OK 4.7 kB URL HTTP/2 ibradome.com/Uploads/Icons/cat-10.png
IP 185.178.208.130:0
File type PNG image data, 70 x 70, 8-bit/color RGBA, interlaced\012- data
Hash 8e7d304b00fc5534bd2c30d8b39e1c78
3bc5fbac6eb210f540141964e32991c89902c938
334edf51111372a33c7261f6bf67aecd8af37f769e900e9d8b598bf07a30ec10
GET /Uploads/Icons/cat-10.png HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:12 GMT
content-type: image/png
last-modified: Sun, 02 Sep 2018 16:30:40 GMT
accept-ranges: bytes
content-length: 4680
date: Sat, 24 Sep 2022 19:31:12 GMT
vary: User-Agent
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2
ibradome.com/Uploads/Icons/cat-9.png
185.178.208.130200 OK 14 kB URL HTTP/2 ibradome.com/Uploads/Icons/cat-9.png
IP 185.178.208.130:0
File type PNG image data, 70 x 70, 8-bit/color RGBA, interlaced\012- data
Hash 3b5ba603c866e607427b064b4f230167
78b697af19d148f6b51172985b575ab722cfb27f
4885368c7fa4d162da5b96d62f3e83396d33bfba05f9f0b0d59783947656ad28
GET /Uploads/Icons/cat-9.png HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:12 GMT
content-type: image/png
last-modified: Sun, 02 Sep 2018 16:27:46 GMT
accept-ranges: bytes
content-length: 14212
date: Sat, 24 Sep 2022 19:31:12 GMT
vary: User-Agent
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2
vjs.zencdn.net/7.20.3/video.min.js
151.101.86.217200 OK 163 kB URL HTTP/2 vjs.zencdn.net/7.20.3/video.min.js
IP 151.101.86.217:0
File type Unicode text, UTF-8 text, with very long lines (48447)
Size 163 kB (163091 bytes)
Hash 8f05db01eec5f2735bf694d0fca4ac45
0c03336d9c9c1004650d7a879a3e39649cf47449
667dd653ec4d1d3add3a16045e91f1f9097cf639a3f96b1f3e461a0ddd7f67ac
GET /7.20.3/video.min.js HTTP/1.1
Host: vjs.zencdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Fri, 09 Sep 2022 18:11:04 GMT
etag: "e8501cee3dd39de15e41eeb3298c9576"
content-type: application/javascript
content-encoding: gzip
date: Sat, 24 Sep 2022 19:31:11 GMT
x-served-by: cache-bma1662-BMA
x-cache: HIT
x-cache-hits: 1
vary: Accept-Encoding
access-control-allow-origin: *
timing-allow-origin: *
content-length: 163091
X-Firefox-Spdy: h2
ibradome.com/Uploads/Icons/cat-2.png
185.178.208.130200 OK 3.4 kB URL HTTP/2 ibradome.com/Uploads/Icons/cat-2.png
IP 185.178.208.130:0
File type PNG image data, 70 x 70, 8-bit/color RGBA, interlaced\012- data
Hash 05e63182f447f30c2125e06b119e2fe7
1252f51660f3568230cc12de6273639561f1f164
5febf31f517e18ec5a6f397675652c4470a35ce4d168b0e4ecb28d72895a3230
GET /Uploads/Icons/cat-2.png HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:12 GMT
content-type: image/png
last-modified: Sun, 02 Sep 2018 16:30:11 GMT
accept-ranges: bytes
content-length: 3422
date: Sat, 24 Sep 2022 19:31:12 GMT
vary: User-Agent
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2
ibradome.com/Template/Css/bundle.min.css?3.1
185.178.208.130200 OK 32 kB URL HTTP/2 ibradome.com/Template/Css/bundle.min.css?3.1
IP 185.178.208.130:0
File type Unicode text, UTF-8 text, with very long lines (65534), with no line terminators
Hash b6dddf678083e2b1ecaca2a2e9061b79
745c333330f5167a222294615058f0e9859d9f1d
c8495e987940177433fd199aad35ab847054ca7655f217607c07684995b9f068
GET /Template/Css/bundle.min.css?3.1 HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=31536000
expires: Sun, 24 Sep 2023 19:31:12 GMT
content-type: text/css; charset=utf-8
last-modified: Sat, 24 Sep 2022 07:39:03 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 31742
date: Sat, 24 Sep 2022 19:31:12 GMT
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2
ibradome.com/Uploads/Icons/cat-19.png
185.178.208.130200 OK 4.1 kB URL HTTP/2 ibradome.com/Uploads/Icons/cat-19.png
IP 185.178.208.130:0
File type PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced\012- data
Hash 5cc26606876953fad6e069ee47d791ac
10dc49b8f41d76929c5aaf5cc2b75333d21bf1bf
b6909b92aadbd2b3104fcbf8ac54fc0e5a959a1cecaaa8df7e2b1c49dab982a1
GET /Uploads/Icons/cat-19.png HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:12 GMT
content-type: image/png
last-modified: Sun, 11 Sep 2022 16:51:52 GMT
accept-ranges: bytes
content-length: 4074
date: Sat, 24 Sep 2022 19:31:12 GMT
vary: User-Agent
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2
ibradome.com/Uploads/Icons/cat-16.png
185.178.208.130200 OK 4.1 kB URL HTTP/2 ibradome.com/Uploads/Icons/cat-16.png
IP 185.178.208.130:0
File type PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced\012- data
Hash ae0b71b14287f0302783511d12650787
2bb411a88faa6a5da7e69b83fb8c8ee172d6e7ac
706453ec1af1cbe36e35b048020952d0ffaddde196a6c88696ece922e62feb7d
GET /Uploads/Icons/cat-16.png HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:12 GMT
content-type: image/png
last-modified: Thu, 25 Jun 2020 13:34:27 GMT
accept-ranges: bytes
content-length: 4064
date: Sat, 24 Sep 2022 19:31:12 GMT
vary: User-Agent
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=UA-41025924-3
142.250.74.72200 OK 42 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-41025924-3
IP 142.250.74.72:0
File type ASCII text, with very long lines (1720)
Hash bbd4840ba0cd66a4c895dff32cd58a1d
70dfe8cbdef6e75164f893ea7047bef54f087585
137d599e9500a33f4a6f3017205f699f490917a7a2b531ec1097e5de190a2398
GET /gtag/js?id=UA-41025924-3 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 24 Sep 2022 19:31:11 GMT
expires: Sat, 24 Sep 2022 19:31:11 GMT
cache-control: private, max-age=900
last-modified: Sat, 24 Sep 2022 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 42225
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
i.pixl.is/logoefd8b8470be94b63.png
104.21.234.75200 OK 3.3 kB URL HTTP/2 i.pixl.is/logoefd8b8470be94b63.png
IP 104.21.234.75:0
File type PNG image data, 75 x 58, 8-bit/color RGBA, non-interlaced\012- data
Hash f91f89b04931d9faf4ca6cac6b5e4aeb
d6b19ebec4ac9942052e2bbe97c411d33ea98893
cbdf85fece6f17a1457d7ea606e0300746c507557d644402fc178edd3e5703a5
GET /logoefd8b8470be94b63.png HTTP/1.1
Host: i.pixl.is
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 24 Sep 2022 19:31:11 GMT
content-type: image/png
content-length: 3255
last-modified: Fri, 16 Sep 2022 20:59:45 GMT
etag: "6324e3c1-cb7"
x-powered-by: dot-SEC
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT
cf-cache-status: HIT
age: 685849
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VN2A0BYIZSWbAmwUeclFjSvGxggCo57pfkHnW2sfZU2Gri0h9hwsHsOtC8wrQx4fGvSwZhj0vIdlODI60CCMrolI7JKQmiDQc9H1EISd%2FtJlHNxgJ9jbl6bX1qk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 74fdf05db83171f2-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
i.pixl.is/tpd-b-24px.png
104.21.234.75200 OK 2.4 kB IP 104.21.234.75:0
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash abbfc76d055cdcc328045f3aa74e8a6e
6fc57c476e8b524aa244a57cfdea32b45401b43a
da12d3951fbbeaae494541313ccf71787d64d36656f39b80d7d85573494f565c
GET /tpd-b-24px.png HTTP/1.1
Host: i.pixl.is
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 24 Sep 2022 19:31:11 GMT
content-type: image/png
content-length: 2363
last-modified: Fri, 16 Sep 2022 21:01:01 GMT
etag: "6324e40d-93b"
x-powered-by: dot-SEC
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT
cf-cache-status: HIT
age: 685765
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l88SFpVBTIyJohU67ijefTg17FjLD0SSGTMfOskdBtRZr0xThvrlBkvjc4VRV1%2FuMho5Xa49jOWJk2hN8vt%2B8HX2gR3xhW0uOUZgcsBmo4kbkIomgFDJwJXAI%2FM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 74fdf05db83c71f2-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ibradome.com/Uploads/Avatars/admin.jpg
185.178.208.130200 OK 48 kB URL HTTP/2 ibradome.com/Uploads/Avatars/admin.jpg
IP 185.178.208.130:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 95", progressive, precision 8, 300x355, components 3\012- data
Hash 1a3ef41f1aa6dd76a510e252d1e56456
2d51b6025f51fd6985826aa800306a7ea77ba41e
13bd6e0f3d3842e71e1d3e5c78ba262626f817fa984765d06042e0bb928bd5b4
GET /Uploads/Avatars/admin.jpg HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:12 GMT
content-type: image/jpeg
last-modified: Thu, 19 May 2022 20:29:50 GMT
accept-ranges: bytes
content-length: 48492
date: Sat, 24 Sep 2022 19:31:12 GMT
vary: User-Agent
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 4fb51016b82f43bc6ee9f5ace001690c
5390a86aa0a7b82f5d09605b10812567b309d27a
73283fa4b416ee80d2ac87c30d2183afa1ae487a8650563b79adc1f001030f73
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 19:31:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash f81d321c15c87e7147d792d08ebb7513
47f30d4ca38e6753a393965219321b0394ebb597
390ae5f5435d3f8c8b7f1fa8d7e2a3ebf55ea5dbe98aa3528dd562df4c295753
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 19:31:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ibradome.com/Uploads/Icons/cat-17.png
185.178.208.130200 OK 3.5 kB URL HTTP/2 ibradome.com/Uploads/Icons/cat-17.png
IP 185.178.208.130:0
File type PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced\012- data
Hash 06847777c3b030cec93413eda7f40f52
c40fe72fd9ee8a6ddd201d35d508b50b0e1937e1
9c80f39303e284e8a9170c7bf73346f35db50de3b6be136f6ffff567e50c34e7
GET /Uploads/Icons/cat-17.png HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:12 GMT
content-type: image/png
last-modified: Wed, 24 Nov 2021 14:27:53 GMT
accept-ranges: bytes
content-length: 3465
date: Sat, 24 Sep 2022 19:31:12 GMT
vary: User-Agent
alt-svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2
ibradome.com/Libs/Javascript/LoginModal/loginmodal.css?3.1
185.178.208.130200 OK 1.7 kB URL HTTP/2 ibradome.com/Libs/Javascript/LoginModal/loginmodal.css?3.1
IP 185.178.208.130:0
File type ASCII text, with very long lines (7311), with no line terminators
Hash 5dae93229accbf85e1d1801dcb48f100
556bbbb5323d62afc5b33da1a1fc6d2dc7248ab4
88e9d3f1b7ba90294ee9e64c1176962725695a713dc6d4c892354a15378ac5fe
GET /Libs/Javascript/LoginModal/loginmodal.css?3.1 HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=31536000
expires: Sun, 24 Sep 2023 19:31:12 GMT
content-type: text/css; charset=utf-8
last-modified: Sun, 01 Mar 2020 14:52:34 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 1709
date: Sat, 24 Sep 2022 19:31:12 GMT
alt-svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2
ibradome.com/Uploads/Icons/cat-15.png
185.178.208.130200 OK 3.7 kB URL HTTP/2 ibradome.com/Uploads/Icons/cat-15.png
IP 185.178.208.130:0
File type PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced\012- data
Hash 90ffdb8b3f54f8530c2c3cde619d9794
31af49fe82eaa73b22cc07331d1f0d15aa610942
292ec9b16dd1807f09e03af5f17d2910bc8fc8c0b867e73a12dd27ce4341697a
GET /Uploads/Icons/cat-15.png HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:12 GMT
content-type: image/png
last-modified: Sat, 16 May 2020 01:00:22 GMT
accept-ranges: bytes
content-length: 3740
date: Sat, 24 Sep 2022 19:31:12 GMT
vary: User-Agent
alt-svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2
ibradome.com/Uploads/Icons/cat-18.png
185.178.208.130200 OK 6.0 kB URL HTTP/2 ibradome.com/Uploads/Icons/cat-18.png
IP 185.178.208.130:0
File type PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced\012- data
Hash d86cd55a573567c5135aa8a33a860cb8
55cc99bbce908f837db595e46463414c05f876ca
80f48172de54052f9bfa27ce00c72e5e33716abac6aab4e82a34c0558aa0b7b4
GET /Uploads/Icons/cat-18.png HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:12 GMT
content-type: image/png
last-modified: Fri, 27 May 2022 23:59:16 GMT
accept-ranges: bytes
content-length: 5968
date: Sat, 24 Sep 2022 19:31:12 GMT
vary: User-Agent
alt-svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2
ibradome.com/Uploads/Media/May22/Mon16/12926/c2e3dd88.jpg
185.178.208.130200 OK 148 kB URL HTTP/2 ibradome.com/Uploads/Media/May22/Mon16/12926/c2e3dd88.jpg
IP 185.178.208.130:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 100", progressive, precision 8, 478x848, components 3\012- data
Size 148 kB (147952 bytes)
Hash 6d972ecfdea905692983e33bdbc5187b
ac39e6627f806386e1757bc847ec96605c2cacf1
35a0bae78c4a7e642ec667d71a82fff0d8bdbbd1aa5ef09deec397135dc0e088
GET /Uploads/Media/May22/Mon16/12926/c2e3dd88.jpg HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:12 GMT
content-type: image/jpeg
last-modified: Mon, 16 May 2022 09:27:01 GMT
accept-ranges: bytes
content-length: 147952
date: Sat, 24 Sep 2022 19:31:12 GMT
vary: User-Agent
alt-svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.36200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.36:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Sat, 24 Sep 2022 19:04:17 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Sat, 24 Sep 2022 19:53:07 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 61C6GY0KmOZ8ZuDgJw0eRWus4cL7G468ZEi0-fTxyygekkRqIYyI4g==
Age: 1614
ibradome.com/Template/Reactions/like.png
185.178.208.130200 OK 5.9 kB URL HTTP/2 ibradome.com/Template/Reactions/like.png
IP 185.178.208.130:0
File type PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced\012- data
Hash a8642343ef065822ffa6e0a5c9d0d1e6
54d9f05cb2bc5972b63ffc680278fa313f2a8e09
2f2c0960bdf2cf973ed70b3d8583a88c5016601e55d6d8717559b56cf49b8d56
GET /Template/Reactions/like.png HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/Template/Css/bundle.min.css?3.1
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:12 GMT
content-type: image/png
last-modified: Wed, 06 Nov 2019 16:30:36 GMT
accept-ranges: bytes
content-length: 5892
date: Sat, 24 Sep 2022 19:31:12 GMT
vary: User-Agent
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2
ibradome.com/Uploads/Icons/cat-14.png
185.178.208.130200 OK 22 kB URL HTTP/2 ibradome.com/Uploads/Icons/cat-14.png
IP 185.178.208.130:0
File type Web Open Font Format (Version 2), TrueType, length 21780, version 1.0\012- data
Hash 03e91f122aa5fd425abbe23c85546eb0
c87a3db06c5db4e75e639382f174eafa439aeb27
296945e5922e764eef17b1b4a3ee3e60dc202b3c7f074150b62158915bf74e33
GET /Uploads/Icons/cat-14.png HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:12 GMT
content-type: image/png
last-modified: Tue, 15 Oct 2019 14:59:43 GMT
accept-ranges: bytes
content-length: 11546
date: Sat, 24 Sep 2022 19:31:12 GMT
vary: User-Agent
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2
ibradome.com/Template/Reactions/love.png
185.178.208.130200 OK 1.8 kB URL HTTP/2 ibradome.com/Template/Reactions/love.png
IP 185.178.208.130:0
File type PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced\012- data
Hash 75e5767fb1ed6f94398f6376d7cd027b
1022a1756c775c775f788d630d3b8bf843e58730
340b0a43f06a9a983df308017d26401c0cdac56df9b388f30738c4232fc133a4
GET /Template/Reactions/love.png HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/Template/Css/bundle.min.css?3.1
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:13 GMT
content-type: image/png
last-modified: Wed, 06 Nov 2019 16:30:37 GMT
accept-ranges: bytes
content-length: 1790
date: Sat, 24 Sep 2022 19:31:13 GMT
vary: User-Agent
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2
ibradome.com/Template/Reactions/what.png
185.178.208.130200 OK 2.4 kB URL HTTP/2 ibradome.com/Template/Reactions/what.png
IP 185.178.208.130:0
File type PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced\012- data
Hash 5ad8755d33228cf692cbd3f744c2cdaf
c5a2e2ce2870a48c55f10e6c2e62ff9c671ff9d4
36bf9b5073e37717a8d5f950bcb138d44a4214826d6e7d3cfa26fc26ebe67e38
GET /Template/Reactions/what.png HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/Template/Css/bundle.min.css?3.1
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:13 GMT
content-type: image/png
last-modified: Wed, 06 Nov 2019 16:30:38 GMT
accept-ranges: bytes
content-length: 2416
date: Sat, 24 Sep 2022 19:31:13 GMT
vary: User-Agent
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2
ibradome.com/Template/Reactions/lol.png
185.178.208.130200 OK 5.7 kB URL HTTP/2 ibradome.com/Template/Reactions/lol.png
IP 185.178.208.130:0
File type gzip compressed data, max compression\012- data
Hash c6e5c14479e36fbb987825d5ac37aca3
b4382c0f1420af254d21fe0b4711c626be27f1ef
f6cff9fb60348d3a3abfbf4a445b72f37b85063e24d5798845853557b0cc8b86
GET /Template/Reactions/lol.png HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/Template/Css/bundle.min.css?3.1
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:13 GMT
content-type: image/png
last-modified: Wed, 06 Nov 2019 16:30:36 GMT
accept-ranges: bytes
content-length: 4289
date: Sat, 24 Sep 2022 19:31:13 GMT
vary: User-Agent
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2
ibradome.com/Template/Reactions/sad.png
185.178.208.130200 OK 2.8 kB URL HTTP/2 ibradome.com/Template/Reactions/sad.png
IP 185.178.208.130:0
File type PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced\012- data
Hash 2cd863281adb695fb3b1d6c9eb71d3fe
4dc3595f82628f8cb29e00bc488c3447b7117486
b41d8ce86fd25313e50b26b06473693e28f1b56459dba2c909bdb06403c7af09
GET /Template/Reactions/sad.png HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/Template/Css/bundle.min.css?3.1
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:13 GMT
content-type: image/png
last-modified: Wed, 06 Nov 2019 16:30:38 GMT
accept-ranges: bytes
content-length: 2843
date: Sat, 24 Sep 2022 19:31:13 GMT
vary: User-Agent
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2
ibradome.com/Template/Reactions/angry.png
185.178.208.130200 OK 2.3 kB URL HTTP/2 ibradome.com/Template/Reactions/angry.png
IP 185.178.208.130:0
File type PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced\012- data
Hash 227b117f97d994ad8624cf100dd1453e
4e02832d766dca6802c5cbdaf180fcc56153d198
98d04fda35987ceb7cb1e25eaa8da7db4fac873fb09e879b07b3b8945f9da862
GET /Template/Reactions/angry.png HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/Template/Css/bundle.min.css?3.1
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:12 GMT
content-type: image/png
last-modified: Wed, 06 Nov 2019 16:30:35 GMT
accept-ranges: bytes
content-length: 2294
date: Sat, 24 Sep 2022 19:31:12 GMT
vary: User-Agent
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash fa5a7fd1c3d5eed2a8816ac62ad73e51
6536f3880457c6ced9534d5cf10615b6daf42aea
3c3a74be5d72d9e2b5ecdaeafbbf3d0029cd5848d2483cfa10da14859deff436
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 19:31:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash fa5a7fd1c3d5eed2a8816ac62ad73e51
6536f3880457c6ced9534d5cf10615b6daf42aea
3c3a74be5d72d9e2b5ecdaeafbbf3d0029cd5848d2483cfa10da14859deff436
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 19:31:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ibradome.com/Template/Images/homepage_intro_bg.jpg
185.178.208.130200 OK 69 kB URL HTTP/2 ibradome.com/Template/Images/homepage_intro_bg.jpg
IP 185.178.208.130:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], baseline, precision 8, 1436x660, components 3\012- data
Hash 97f892af0cd4e9fdb4822e42e9074be5
1a62984eb2e7d4b48da199ea13aaa99398e4ea8e
a2eb1fba78a4b39fd12a02ff85f978a3e9529c50f878cefe077b64dbe05bb2ff
GET /Template/Images/homepage_intro_bg.jpg HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:12 GMT
content-type: image/jpeg
last-modified: Wed, 08 Apr 2020 23:30:10 GMT
accept-ranges: bytes
content-length: 68611
date: Sat, 24 Sep 2022 19:31:12 GMT
vary: User-Agent
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2
kw3y5otoeuniv7e9rsi.com/aas/r45d/vki/1845010/30627ec4.js
62.122.171.6200 OK 42 kB URL HTTP/2 kw3y5otoeuniv7e9rsi.com/aas/r45d/vki/1845010/30627ec4.js
IP 62.122.171.6:0
Hash 6a005fb2fdd4133b09d5afb1d96ebd66
5e9f7c575a97dca2ef3d64bb8a6f4bf8702f5b26
b6e3c4293cb06649d50a0699816ddbcb794eabc0fd4f7938118b01caa7bf927d
Analyzer Verdict Alert quad9 Sinkholed
GET /aas/r45d/vki/1845010/30627ec4.js HTTP/1.1
Host: kw3y5otoeuniv7e9rsi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 19:31:11 GMT
content-type: application/javascript
last-modified: Wed, 07 Sep 2022 13:38:24 GMT
vary: Accept-Encoding
etag: W/"63189ed0-1091a"
x-js-ab1: current
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash fa5a7fd1c3d5eed2a8816ac62ad73e51
6536f3880457c6ced9534d5cf10615b6daf42aea
3c3a74be5d72d9e2b5ecdaeafbbf3d0029cd5848d2483cfa10da14859deff436
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 19:31:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ibradome.com/Template/Fonts/icomoon.ttf?hk79cy
185.178.208.130200 OK 24 kB URL HTTP/2 ibradome.com/Template/Fonts/icomoon.ttf?hk79cy
IP 185.178.208.130:0
File type TrueType Font data, 11 tables, 1st "OS/2", 14 names, Macintosh, type 1 string, icomoon \012- data
Hash 9c882c87c4a2b92865c5b251b7313e1f
f73b8c97b3f0d3b9ef05d9ab04a57b63e9b75015
daddfd58f5077fb62171f3bacc4753b6187bd6f32fa61ccce39614d1a3e009d4
GET /Template/Fonts/icomoon.ttf?hk79cy HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/Template/Css/bundle.min.css?3.1
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:13 GMT
content-type: application/x-font-ttf
last-modified: Wed, 06 Nov 2019 16:30:17 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 23979
date: Sat, 24 Sep 2022 19:31:13 GMT
access-control-allow-origin: *
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash fa5a7fd1c3d5eed2a8816ac62ad73e51
6536f3880457c6ced9534d5cf10615b6daf42aea
3c3a74be5d72d9e2b5ecdaeafbbf3d0029cd5848d2483cfa10da14859deff436
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 19:31:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
142.250.74.163200 OK 31 kB URL HTTP/2 fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 30928, version 1.0\012- data
Hash ac0d2859ea5f8fd6bcb3c305c08ec184
7f6c17e3e592cd8bd346b9cc261d8dd961b8aef7
ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780
GET /s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ibradome.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 30928
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 22 Sep 2022 16:40:18 GMT
expires: Fri, 22 Sep 2023 16:40:18 GMT
cache-control: public, max-age=31536000
age: 183053
last-modified: Mon, 11 Jul 2022 18:57:39 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/oswald/v49/TK3_WkUHHAIjg75cFRf3bXL8LICs1_FvsUZiZQ.woff2
142.250.74.163200 OK 9.8 kB URL HTTP/2 fonts.gstatic.com/s/oswald/v49/TK3_WkUHHAIjg75cFRf3bXL8LICs1_FvsUZiZQ.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 9840, version 1.0\012- data
Hash afda6e429fd299054de28e1f157c683d
c1847d6f3df5fe11d5e96fd5e6a59b73ff7ed96b
81cd29d1413ecf75834fb3ce1da572fe5c39e53b22c61f5dafec5b14ed4ee12e
GET /s/oswald/v49/TK3_WkUHHAIjg75cFRf3bXL8LICs1_FvsUZiZQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ibradome.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 9840
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 19 Sep 2022 21:09:41 GMT
expires: Tue, 19 Sep 2023 21:09:41 GMT
cache-control: public, max-age=31536000
age: 426090
last-modified: Mon, 18 Jul 2022 19:24:04 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/rajdhani/v15/LDIxapCSOBg7S-QT7p4HM-Y.woff2
142.250.74.163200 OK 15 kB URL HTTP/2 fonts.gstatic.com/s/rajdhani/v15/LDIxapCSOBg7S-QT7p4HM-Y.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 14976, version 1.0\012- data
Hash cac31f26b77ee8053a76a54ce2f8ce48
c92bcfc9121164049c1b30655db9481d0e454464
759a9000e47b028799d7a4ca602634a7ac7adf415775df070a335d18d9b66f38
GET /s/rajdhani/v15/LDIxapCSOBg7S-QT7p4HM-Y.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ibradome.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 14976
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 21 Sep 2022 20:55:20 GMT
expires: Thu, 21 Sep 2023 20:55:20 GMT
cache-control: public, max-age=31536000
age: 254151
last-modified: Wed, 27 Apr 2022 15:42:00 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/raleway/v28/1Ptxg8zYS_SKggPN4iEgvnHyvveLxVvaorCIPrE.woff2
142.250.74.163200 OK 21 kB URL HTTP/2 fonts.gstatic.com/s/raleway/v28/1Ptxg8zYS_SKggPN4iEgvnHyvveLxVvaorCIPrE.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 21280, version 1.0\012- data
Hash 16911581ab7ea10687a5aee74cbc5612
b0b24248345739209d753a4ac77ccfc1f627b219
c78a1da5fd0868a547cf285748c7fb73006571190385eb71c0d601b6b240ffaf
GET /s/raleway/v28/1Ptxg8zYS_SKggPN4iEgvnHyvveLxVvaorCIPrE.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ibradome.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 21280
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 19 Sep 2022 21:07:37 GMT
expires: Tue, 19 Sep 2023 21:07:37 GMT
cache-control: public, max-age=31536000
age: 426215
last-modified: Mon, 18 Jul 2022 19:57:59 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
142.250.74.163200 OK 13 kB URL HTTP/2 fonts.gstatic.com/s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 13036, version 1.0\012- data
Hash 0ad032b3d07aaf33b160ac4799dda40f
06b931e0d0bf37f5037d9e66d6feedfddd21c0ba
c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0
GET /s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ibradome.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 13036
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 21 Sep 2022 19:26:57 GMT
expires: Thu, 21 Sep 2023 19:26:57 GMT
cache-control: public, max-age=31536000
age: 259455
last-modified: Wed, 27 Apr 2022 16:04:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4ff0de9a953b1a45b09e14cead693110
64211bc797cdd8043b2d7b910ac68c2b82daa7d9
ec2e4e21cd628c313988a5ee3ffc3ddab3d8a0a165cc84cc82ce65c25bcce27d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EC2E4E21CD628C313988A5EE3FFC3DDAB3D8A0A165CC84CC82CE65C25BCCE27D"
Last-Modified: Fri, 23 Sep 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10210
Expires: Sat, 24 Sep 2022 22:21:22 GMT
Date: Sat, 24 Sep 2022 19:31:12 GMT
Connection: keep-alive
fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2
142.250.74.163200 OK 7.9 kB URL HTTP/2 fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 7884, version 1.0\012- data
Hash 9212f6f9860f9fc6c69b02fedf6db8c3
ac6d71b4d5fdd2b3dabc9a06ff6c001e4251da0b
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
GET /s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ibradome.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7884
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 21 Sep 2022 19:32:09 GMT
expires: Thu, 21 Sep 2023 19:32:09 GMT
cache-control: public, max-age=31536000
age: 259143
last-modified: Wed, 27 Apr 2022 17:03:52 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
142.250.74.163200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ibradome.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 24 Sep 2022 18:01:25 GMT
expires: Sun, 24 Sep 2023 18:01:25 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
age: 5387
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash a7809de115ea73f8b61f3d20a9978493
01fc65a2b694d7aadd5204d21801e87b2b55b73e
72692486033feeb149424c59576c6c75b17228dfc89b4c369d2e17cc4bff3d52
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2464
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 19:31:12 GMT
Last-Modified: Sat, 24 Sep 2022 18:50:08 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash da681c2f112645651e5b32be2cfcd052
2e57e4163b8ed8ceebe8c6dde5ff1aa5efc7b946
302a7e1f8156051b7c793c61fbe3e81096374431e22bd9821b4aa38e1a5772f7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 19:31:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ibradome.com/Uploads/Media/Apr20/Mon27/2021/m_f330919b.jpg
185.178.208.130200 OK 9.7 kB URL HTTP/2 ibradome.com/Uploads/Media/Apr20/Mon27/2021/m_f330919b.jpg
IP 185.178.208.130:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 80", progressive, precision 8, 400x225, components 3\012- data
Hash 303b7c15c8c1a8ff85a8a0d8ef72f892
e2d47bcc60e4492c87583a24ca43de359063b3ae
6ab11b270a3906891f82c3542a40f9dee1827c15ad2b800e9e4ea6defc9b88a5
GET /Uploads/Media/Apr20/Mon27/2021/m_f330919b.jpg HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:13 GMT
content-type: image/jpeg
last-modified: Mon, 27 Apr 2020 03:34:07 GMT
accept-ranges: bytes
content-length: 9728
date: Sat, 24 Sep 2022 19:31:13 GMT
vary: User-Agent
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 542f48d043489354b329279417c1c73b
c659807cae086df7e23c6f8791cd699a8172d383
fde78da84b1ab6ede882559ff1fd2b8f44f6f0412d07bb6c2a0881fb4e5cc318
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FDE78DA84B1AB6EDE882559FF1FD2B8F44F6F0412D07BB6C2A0881FB4E5CC318"
Last-Modified: Fri, 23 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5059
Expires: Sat, 24 Sep 2022 20:55:31 GMT
Date: Sat, 24 Sep 2022 19:31:12 GMT
Connection: keep-alive
kw3y5otoeuniv7e9rsi.com/solid.gif?z=1845010&abvar=0
62.122.171.6200 OK 43 B URL HTTP/2 kw3y5otoeuniv7e9rsi.com/solid.gif?z=1845010&abvar=0
IP 62.122.171.6:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84
Analyzer Verdict Alert quad9 Sinkholed
POST /solid.gif?z=1845010&abvar=0 HTTP/1.1
Host: kw3y5otoeuniv7e9rsi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ibradome.com
Connection: keep-alive
Referer: https://ibradome.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 19:31:12 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.tag.loaded
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
ibradome.com/Uploads/Media/Sep22/Sat24/15296/m_68c7fc3a.jpg
185.178.208.130200 OK 16 kB URL HTTP/2 ibradome.com/Uploads/Media/Sep22/Sat24/15296/m_68c7fc3a.jpg
IP 185.178.208.130:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 60", progressive, precision 8, 300x437, components 3\012- data
Hash bfebd01cd04ec9f1ff00c2e1f36c9e17
1b2e2b8223e39ac29db970dacf55e83ded55d75a
c4396b71f9eead561d9cd0145dea0b7b7d9cb7373fcea2d65156f632620cc5e7
GET /Uploads/Media/Sep22/Sat24/15296/m_68c7fc3a.jpg HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:13 GMT
content-type: image/jpeg
last-modified: Sat, 24 Sep 2022 05:37:34 GMT
accept-ranges: bytes
content-length: 15871
date: Sat, 24 Sep 2022 19:31:13 GMT
vary: User-Agent
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2
ibradome.com/Uploads/Media/Sep22/Sat24/15295/m_c8f04d28.jpg
185.178.208.130200 OK 19 kB URL HTTP/2 ibradome.com/Uploads/Media/Sep22/Sat24/15295/m_c8f04d28.jpg
IP 185.178.208.130:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 60", progressive, precision 8, 300x533, components 3\012- data
Hash 27e17467c48afd2460fc89d61f63f801
18978295b3274702494caebc820bdbcd14697ce3
d647608c7d3729baa77f1828a180c977606da7fa7f238b7ed9bb543511019385
GET /Uploads/Media/Sep22/Sat24/15295/m_c8f04d28.jpg HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:13 GMT
content-type: image/jpeg
last-modified: Sat, 24 Sep 2022 05:37:22 GMT
accept-ranges: bytes
content-length: 18827
date: Sat, 24 Sep 2022 19:31:13 GMT
vary: User-Agent
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2
ibradome.com/Uploads/Media/Sep22/Sat24/15294/m_15b7a3ae.jpg
185.178.208.130200 OK 15 kB URL HTTP/2 ibradome.com/Uploads/Media/Sep22/Sat24/15294/m_15b7a3ae.jpg
IP 185.178.208.130:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 60", progressive, precision 8, 300x533, components 3\012- data
Hash e048d97fbfa8ea2bc6bf427edea4243c
5d19110fb640c39986ca45e69da0fd33d4e01021
9712fcfb089adf79b811142cf38c4b0b42bcf28282e5bb7545a723a7a761f034
GET /Uploads/Media/Sep22/Sat24/15294/m_15b7a3ae.jpg HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:13 GMT
content-type: image/jpeg
last-modified: Sat, 24 Sep 2022 05:37:03 GMT
accept-ranges: bytes
content-length: 14942
date: Sat, 24 Sep 2022 19:31:13 GMT
vary: User-Agent
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2
ibradome.com/Uploads/Media/Sep22/Sat24/15292/m_2ce477f5.jpg
185.178.208.130200 OK 14 kB URL HTTP/2 ibradome.com/Uploads/Media/Sep22/Sat24/15292/m_2ce477f5.jpg
IP 185.178.208.130:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 60", progressive, precision 8, 300x534, components 3\012- data
Hash f77af14b3a70c4aaf782913aeb816708
417778a5671fc1999fe7eb284da5b829b39421b4
5624a2303519d5115d26421a240c3bf3aa498f50dc84ecf33ca978b9cf39d398
GET /Uploads/Media/Sep22/Sat24/15292/m_2ce477f5.jpg HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:13 GMT
content-type: image/jpeg
last-modified: Sat, 24 Sep 2022 05:36:35 GMT
accept-ranges: bytes
content-length: 14184
date: Sat, 24 Sep 2022 19:31:13 GMT
vary: User-Agent
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2
ibradome.com/Uploads/Media/Sep22/Sat24/15293/m_9820493e.jpg
185.178.208.130200 OK 17 kB URL HTTP/2 ibradome.com/Uploads/Media/Sep22/Sat24/15293/m_9820493e.jpg
IP 185.178.208.130:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 60", progressive, precision 8, 300x534, components 3\012- data
Hash 64413ffc3f4af7442f00552f06740f5b
7018ab7ce669c5dbf8871adb3e3c7256e53b20f5
eb172ea43be62cd9a4df163c0048fc39645e8f0bd778e55e4714b704cb5cb61f
GET /Uploads/Media/Sep22/Sat24/15293/m_9820493e.jpg HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:13 GMT
content-type: image/jpeg
last-modified: Sat, 24 Sep 2022 05:36:50 GMT
accept-ranges: bytes
content-length: 16587
date: Sat, 24 Sep 2022 19:31:13 GMT
vary: User-Agent
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2
ibradome.com/Uploads/Media/Sep22/Sat24/15287/m_da6d2adc.jpg
185.178.208.130200 OK 16 kB URL HTTP/2 ibradome.com/Uploads/Media/Sep22/Sat24/15287/m_da6d2adc.jpg
IP 185.178.208.130:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 60", progressive, precision 8, 300x400, components 3\012- data
Hash c5774647a8981a5222dfe955ae856563
9c514a51258bca2b8fa5ee72408beede59b31e5f
ac48b3937bfb23c6a642033e79a48aacfbb9d73cd929efb9b454120ff6859072
GET /Uploads/Media/Sep22/Sat24/15287/m_da6d2adc.jpg HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:13 GMT
content-type: image/jpeg
last-modified: Sat, 24 Sep 2022 05:24:33 GMT
accept-ranges: bytes
content-length: 15634
date: Sat, 24 Sep 2022 19:31:13 GMT
vary: User-Agent
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2
ibradome.com/Uploads/Media/Jul20/Sat11/3596/m_28c8cdac.jpg
185.178.208.130200 OK 18 kB URL HTTP/2 ibradome.com/Uploads/Media/Jul20/Sat11/3596/m_28c8cdac.jpg
IP 185.178.208.130:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 80", progressive, precision 8, 500x385, components 3\012- data
Hash 94d09ce74f95d1542782b1f22b7eaeb0
959bc3f539f2f1c54b3061f9b8f0213a24f4f42b
e6046e6875cc564bbe16ef8893264c35befc9255b9e8b2a10567e076c35187e1
GET /Uploads/Media/Jul20/Sat11/3596/m_28c8cdac.jpg HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:13 GMT
content-type: image/jpeg
last-modified: Sat, 11 Jul 2020 18:36:05 GMT
accept-ranges: bytes
content-length: 17989
date: Sat, 24 Sep 2022 19:31:13 GMT
vary: User-Agent
alt-svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2
rallydisprove.com/0a/9a/ec/0a9aec252ec8cc83b9f56ec6b45fa3a9.js
192.243.59.13200 OK 13 kB URL HTTP/1.1 rallydisprove.com/0a/9a/ec/0a9aec252ec8cc83b9f56ec6b45fa3a9.js
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (37149), with no line terminators
Hash f0b1979dc3f4830fea3b298e130eeab4
b8122c0563f0fbc79b424ef876e77ac3f073ed09
9fb24ad7c0ab496c372ae1c0674ee4b72d0497c2fefe6bbd39bd9334ae93b714
GET /0a/9a/ec/0a9aec252ec8cc83b9f56ec6b45fa3a9.js HTTP/1.1
Host: rallydisprove.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sat, 24 Sep 2022 19:31:12 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 17115dae10ddc2f4802363e318e469be
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
push.services.mozilla.com/
52.89.20.60101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.89.20.60:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Y/+XAkivY/UnlnsOiW6qng==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: NN0+zsElswaw2YCKJWrgxM4AD+I=
ibradome.com/Uploads/Media/Oct21/Mon25/9122/m_e76411a2.jpg
185.178.208.130200 OK 214 kB URL HTTP/2 ibradome.com/Uploads/Media/Oct21/Mon25/9122/m_e76411a2.jpg
IP 185.178.208.130:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 100", progressive, precision 8, 500x666, components 3\012- data
Size 214 kB (213819 bytes)
Hash 31c42a810554f09405cf6d3991a9b8ce
b6fc09dda6a55eced3f1ab581ac0eec8d4128c94
ffe14781ca4d92e3973e9a7f907e70ea0c892d473a53932318f1d96a56081bb4
GET /Uploads/Media/Oct21/Mon25/9122/m_e76411a2.jpg HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:13 GMT
content-type: image/jpeg
last-modified: Mon, 25 Oct 2021 17:41:43 GMT
accept-ranges: bytes
content-length: 213819
date: Sat, 24 Sep 2022 19:31:13 GMT
vary: User-Agent
alt-svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 915f02e7338e993f5d10f4f54c95b629
474f359544eb5fe40a941487eb2d8f8e711f9934
848147b73f373d6d09b177205cc3294a93b5f57b863c454217ee7cdaf07a422f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1051
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 19:31:12 GMT
Last-Modified: Sat, 24 Sep 2022 19:13:41 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 280
go6shde9nj2itle.com/solid.gif?z=1846181&abvar=0
62.122.171.6200 OK 43 B URL HTTP/2 go6shde9nj2itle.com/solid.gif?z=1846181&abvar=0
IP 62.122.171.6:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84
Analyzer Verdict Alert quad9 Sinkholed
POST /solid.gif?z=1846181&abvar=0 HTTP/1.1
Host: go6shde9nj2itle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://kw3y5otoeuniv7e9rsi.com
Connection: keep-alive
Referer: https://kw3y5otoeuniv7e9rsi.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 19:31:12 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.tag.loaded
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
54.230.245.118200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.118:0
Hash 0748503adde2cb95a8d0b7a1611c5f80
eee215487ae9ac3cae37a92a4c761fc6d01f3320
67f8645c49b34ea64abd33c9f9429c2b032517d904fd0cddaa5e3d1c44458fa3
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sat, 24 Sep 2022 19:31:12 GMT
Last-Modified: Sat, 24 Sep 2022 18:47:22 GMT
Server: ECS (bsa/EB1D)
X-Cache: Miss from cloudfront
Via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: gcFLtnwx-Gk-wUviqj1AHuGxCu3jORglHdqzsoq5ffS7Mj61sRfLpA==
Age: 2630
cdn.pncloudfl.com/pn/087/982/9a0/0879829a09c40b64dbdc0f242a35b72ffac08aa6.png
104.22.59.221200 OK 48 kB URL HTTP/2 cdn.pncloudfl.com/pn/087/982/9a0/0879829a09c40b64dbdc0f242a35b72ffac08aa6.png
IP 104.22.59.221:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 42bb8b4570405a983f11eff4dcd64805
56c53e3cd3ce629d4abc85fdc51eb0f24707490b
0acafaf87c21729534ca344a86bf598dc835166b211241b8f221d28fa90f0851
GET /pn/087/982/9a0/0879829a09c40b64dbdc0f242a35b72ffac08aa6.png HTTP/1.1
Host: cdn.pncloudfl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 24 Sep 2022 19:31:12 GMT
content-type: image/webp
content-length: 47686
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
cache-control: max-age=172800
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=78045
content-disposition: inline; filename="0879829a09c40b64dbdc0f242a35b72ffac08aa6.webp"
etag: 0713b5bb31c6e4567cfad608b49c7b62
expires: Sat, 24 Sep 2022 22:06:48 GMT
last-modified: Sat, 25 Jun 2022 11:34:30 GMT
vary: Accept
x-openstack-request-id: tx91ee5175127347938240f-0062b6fb07
x-proxy-cache: HIT
x-timestamp: 1656156869.15703
x-trans-id: tx91ee5175127347938240f-0062b6fb07
cf-cache-status: HIT
age: 163464
accept-ranges: bytes
access-control-allow-origin: *
server: cloudflare
cf-ray: 74fdf0645a2cfab4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
go6shde9nj2itle.com/solid.gif?z=1846181&abvar=0
62.122.171.6200 OK 43 B URL HTTP/2 go6shde9nj2itle.com/solid.gif?z=1846181&abvar=0
IP 62.122.171.6:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84
Analyzer Verdict Alert quad9 Sinkholed
POST /solid.gif?z=1846181&abvar=0 HTTP/1.1
Host: go6shde9nj2itle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://kw3y5otoeuniv7e9rsi.com
Connection: keep-alive
Referer: https://kw3y5otoeuniv7e9rsi.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 19:31:12 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.tag.loaded
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
cdn.pncloudfl.com/pn/ce1/4c0/15d/ce14c015dc32237df6ee0b4319a9952840ed89ec.jpg
104.22.59.221200 OK 42 kB URL HTTP/2 cdn.pncloudfl.com/pn/ce1/4c0/15d/ce14c015dc32237df6ee0b4319a9952840ed89ec.jpg
IP 104.22.59.221:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash d0d7cdcb7856ba645516b837997b1a2e
59fa3994087ba24980ec328ecacbc97ca6b9ba3f
0d48126bc699e3dab7f668341590cad7dcff3533552a814385f8455059fa1f25
GET /pn/ce1/4c0/15d/ce14c015dc32237df6ee0b4319a9952840ed89ec.jpg HTTP/1.1
Host: cdn.pncloudfl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 24 Sep 2022 19:31:12 GMT
content-type: image/webp
content-length: 42516
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
cache-control: max-age=172800
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=76368
content-disposition: inline; filename="ce14c015dc32237df6ee0b4319a9952840ed89ec.webp"
etag: 475c434979fcb4908d05a8aad91d8894
expires: Sat, 24 Sep 2022 22:41:33 GMT
last-modified: Thu, 22 Sep 2022 15:43:35 GMT
vary: Accept
x-openstack-request-id: txc0b2142227144ae999d77-00632c82b5
x-proxy-cache: HIT
x-timestamp: 1663861414.47190
x-trans-id: txc0b2142227144ae999d77-00632c82b5
cf-cache-status: HIT
age: 161379
accept-ranges: bytes
access-control-allow-origin: *
server: cloudflare
cf-ray: 74fdf0645a2dfab4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
go6shde9nj2itle.com/solid.gif?z=1846181&abvar=0
62.122.171.6200 OK 43 B URL HTTP/2 go6shde9nj2itle.com/solid.gif?z=1846181&abvar=0
IP 62.122.171.6:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84
Analyzer Verdict Alert quad9 Sinkholed
POST /solid.gif?z=1846181&abvar=0 HTTP/1.1
Host: go6shde9nj2itle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://kw3y5otoeuniv7e9rsi.com
Connection: keep-alive
Referer: https://kw3y5otoeuniv7e9rsi.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 19:31:12 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.tag.loaded
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
simplewebanalysis.com/stats
3.66.118.16200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 3.66.118.16:0
File type ASCII text, with no line terminators
Hash 178d79503e3c09c95cedb42de38ad3c0
28cfe0ff9e537d58343ba5528e8046664c3784a8
a5f9e8250a5e24b83bf3b60edb436792dd1cc54d659ddd9ab843ed6306f01957
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ibradome.com
Connection: keep-alive
Referer: https://ibradome.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 24 Sep 2022 19:31:12 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://ibradome.com
access-control-allow-credentials: true
set-cookie: uid_id2=f27d47e7-d9f5-407d-9675-74ea0a68e259:3:1; expires=Tue, 21 Sep 2032 19:31:12 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
cdn.pncloudfl.com/pn/b3c/a46/243/b3ca46243dd1beb6a1169d26cfa361bac2d7b97e.jpg
104.22.59.221200 OK 44 kB URL HTTP/2 cdn.pncloudfl.com/pn/b3c/a46/243/b3ca46243dd1beb6a1169d26cfa361bac2d7b97e.jpg
IP 104.22.59.221:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 5b5185d2fccd2dca3c94db1ba3359efc
5be904c10086b3af052ea9a79f6b60e1150ecf4b
a4834b0c05e82cc70c7778348a3c205f25f3a22e9775e137c3d8187b3f6a3fb5
GET /pn/b3c/a46/243/b3ca46243dd1beb6a1169d26cfa361bac2d7b97e.jpg HTTP/1.1
Host: cdn.pncloudfl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 24 Sep 2022 19:31:12 GMT
content-type: image/webp
content-length: 43534
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
cache-control: max-age=172800
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=77637
content-disposition: inline; filename="b3ca46243dd1beb6a1169d26cfa361bac2d7b97e.webp"
etag: 1b8a2ca51633977e4d71e0297479bdcf
expires: Sat, 24 Sep 2022 21:22:18 GMT
last-modified: Thu, 22 Sep 2022 10:27:55 GMT
vary: Accept
x-openstack-request-id: txe70ca3ba19e54f508ede7-00632c38e6
x-proxy-cache: HIT
x-timestamp: 1663842474.88163
x-trans-id: txe70ca3ba19e54f508ede7-00632c38e6
cf-cache-status: HIT
age: 166134
accept-ranges: bytes
access-control-allow-origin: *
server: cloudflare
cf-ray: 74fdf0647a44fab4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 915f02e7338e993f5d10f4f54c95b629
474f359544eb5fe40a941487eb2d8f8e711f9934
848147b73f373d6d09b177205cc3294a93b5f57b863c454217ee7cdaf07a422f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1051
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 19:31:12 GMT
Last-Modified: Sat, 24 Sep 2022 19:13:41 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 280
go6shde9nj2itle.com/solid.gif?z=1846181&abvar=0
62.122.171.6200 OK 43 B URL HTTP/2 go6shde9nj2itle.com/solid.gif?z=1846181&abvar=0
IP 62.122.171.6:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84
Analyzer Verdict Alert quad9 Sinkholed
POST /solid.gif?z=1846181&abvar=0 HTTP/1.1
Host: go6shde9nj2itle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ibradome.com
Connection: keep-alive
Referer: https://ibradome.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 19:31:12 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.tag.loaded
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
ocsp.usertrust.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 1ae59b7e309b88531e3bb1678d637bef
14e3f78a5a4fd062c102a6092bc4e047eecebfa9
c7f6bacb3be3cd02747bfe33e4576f56ffc62e8caf1f7527ad5aedde302b2dca
POST / HTTP/1.1
Host: ocsp.usertrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 19:31:12 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 23 Sep 2022 02:07:02 GMT
Expires: Fri, 30 Sep 2022 02:07:01 GMT
Etag: "14e3f78a5a4fd062c102a6092bc4e047eecebfa9"
Cache-Control: max-age=601260,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 1167
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74fdf06539ad0afe-OSL
kw3y5otoeuniv7e9rsi.com/chicken.gif?z=1882687&pb=c388c215cb18a53264728231afc0eab11664055072&psp=XvvVV2yMgti1ey6h2QEA5nHjwNsW98S5DF8x6oZHYkFbt4KVYvpbaljWAGMardPzLTdsNXVysCgJyGm0ufByYb2c-JvobZGgEOXQ5DQK_c3SM3aSPQxkFBsfgwMUeCJ-JRv_NRCBAuMyKu0PhFDtW9gV38blkZv6SwvIehfmDZ_7HA037clARlPW6a9wbvBjNccGBzSwBxLAPMrUX7_af9svrc-1WjkGOE4ChWwKIk3xISmnPDq-yobDp-nIYmr5S-O52CMSXcCdHz9omWzReiYMnuDyH-oam18Nd0Q-M0EhERTz8xXdLLz1a_gl-FSxpvTH5ienwCSnUq8ByIhcibts0TEAsOgttIKJ6xdMJSv-15meL57TBUGsMYEkjnqVYeij3SZL3mjRaFsCnCN3rnUC5tXkFcwE_KPSMwnAehwUuUHIrHP42Za0FEg35IcDjYaGM5N3FHICr_3VjxhHv6roRyrTbS-_MJkk_uOkWTd53kGEamiHGTjAshW4bTMotj5ZQGFs-RLCGP23faABep5L7KpTSYPYeyDQ1msy1Ol3CVpQ7Nrxilt8H8eegDn8_Snre6aMcpklXo93GBgYW5_Ao7Mq-QuCwoz171CXKRqqXfPygoj0cTFTwcWbcg8nS7TrEYzDyDmCRmZSALCTIFh2s9w2xCDHfzrNBbwruzZLn9fIJ8Hqh6qTcWGY148yxLuL4u-RI9OYj5bqbKodSRJr7ZM=&abvar=0&os=0
62.122.171.6200 OK 43 B URL HTTP/2 kw3y5otoeuniv7e9rsi.com/chicken.gif?z=1882687&pb=c388c215cb18a53264728231afc0eab11664055072&psp=XvvVV2yMgti1ey6h2QEA5nHjwNsW98S5DF8x6oZHYkFbt4KVYvpbaljWAGMardPzLTdsNXVysCgJyGm0ufByYb2c-JvobZGgEOXQ5DQK_c3SM3aSPQxkFBsfgwMUeCJ-JRv_NRCBAuMyKu0PhFDtW9gV38blkZv6SwvIehfmDZ_7HA037clARlPW6a9wbvBjNccGBzSwBxLAPMrUX7_af9svrc-1WjkGOE4ChWwKIk3xISmnPDq-yobDp-nIYmr5S-O52CMSXcCdHz9omWzReiYMnuDyH-oam18Nd0Q-M0EhERTz8xXdLLz1a_gl-FSxpvTH5ienwCSnUq8ByIhcibts0TEAsOgttIKJ6xdMJSv-15meL57TBUGsMYEkjnqVYeij3SZL3mjRaFsCnCN3rnUC5tXkFcwE_KPSMwnAehwUuUHIrHP42Za0FEg35IcDjYaGM5N3FHICr_3VjxhHv6roRyrTbS-_MJkk_uOkWTd53kGEamiHGTjAshW4bTMotj5ZQGFs-RLCGP23faABep5L7KpTSYPYeyDQ1msy1Ol3CVpQ7Nrxilt8H8eegDn8_Snre6aMcpklXo93GBgYW5_Ao7Mq-QuCwoz171CXKRqqXfPygoj0cTFTwcWbcg8nS7TrEYzDyDmCRmZSALCTIFh2s9w2xCDHfzrNBbwruzZLn9fIJ8Hqh6qTcWGY148yxLuL4u-RI9OYj5bqbKodSRJr7ZM=&abvar=0&os=0
IP 62.122.171.6:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84
Analyzer Verdict Alert quad9 Sinkholed
GET /chicken.gif?z=1882687&pb=c388c215cb18a53264728231afc0eab11664055072&psp=XvvVV2yMgti1ey6h2QEA5nHjwNsW98S5DF8x6oZHYkFbt4KVYvpbaljWAGMardPzLTdsNXVysCgJyGm0ufByYb2c-JvobZGgEOXQ5DQK_c3SM3aSPQxkFBsfgwMUeCJ-JRv_NRCBAuMyKu0PhFDtW9gV38blkZv6SwvIehfmDZ_7HA037clARlPW6a9wbvBjNccGBzSwBxLAPMrUX7_af9svrc-1WjkGOE4ChWwKIk3xISmnPDq-yobDp-nIYmr5S-O52CMSXcCdHz9omWzReiYMnuDyH-oam18Nd0Q-M0EhERTz8xXdLLz1a_gl-FSxpvTH5ienwCSnUq8ByIhcibts0TEAsOgttIKJ6xdMJSv-15meL57TBUGsMYEkjnqVYeij3SZL3mjRaFsCnCN3rnUC5tXkFcwE_KPSMwnAehwUuUHIrHP42Za0FEg35IcDjYaGM5N3FHICr_3VjxhHv6roRyrTbS-_MJkk_uOkWTd53kGEamiHGTjAshW4bTMotj5ZQGFs-RLCGP23faABep5L7KpTSYPYeyDQ1msy1Ol3CVpQ7Nrxilt8H8eegDn8_Snre6aMcpklXo93GBgYW5_Ao7Mq-QuCwoz171CXKRqqXfPygoj0cTFTwcWbcg8nS7TrEYzDyDmCRmZSALCTIFh2s9w2xCDHfzrNBbwruzZLn9fIJ8Hqh6qTcWGY148yxLuL4u-RI9OYj5bqbKodSRJr7ZM=&abvar=0&os=0 HTTP/1.1
Host: kw3y5otoeuniv7e9rsi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: UID=22092414316ca5fb431f3b4a61ab85fcb89a
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 19:31:12 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.impression
set-cookie: OACICAP=ACH1gAAAAAAAAAAB; Path=/; Expires=Mon, 24 Oct 2022 19:31:12 GMT; Secure; SameSite=None
OACIBLOCK=ACH1gAAAAABjLo7Q; Path=/; Expires=Mon, 24 Oct 2022 19:31:12 GMT; Secure; SameSite=None
ppucnt=0; Path=/; Expires=Sun, 25 Sep 2022 19:31:12 GMT; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
kw3y5otoeuniv7e9rsi.com/chicken.gif?z=1846521&pb=c388c215cb18a53264728231afc0eab11664055072&psp=D8ZY7Y9qqnB_TJAnzsxt6cUkbWhxJWRe_6B4qmPlZOzjHIAa9lAhdYQCTTalWQSq8NdB5FZBdUmMXeXcMw8EFhrypy2p5_mTnwP9kJL6aNVyjQLrhM5-Ggm6_igxMyUzEkAA4GhG-2OBl32B6a2zccuiS1kOMUrSzG7Emwy0EI1aRkgokAYWJsN5hbLWd1UZc0SoAxeKphv9YM-HptXvasV4EyMIxxOVuKp1dcZEX3VA3ua7wTwEA754__kyVG5SRNu3cqW5yECHm5zI22UKd5UKmUXkTLZEWJtoFH94E4UpIITyXQMNvHBCtZodBiRQz57gq8DbeRsN3oOWKnlN4hyNTgwtTNKHj3U1_O9dWr0ZA3A8qTK29UOfcF8y9z9peunM8Ga10ZNChJIA2kIuJTNTjUlrpVrPtukj4h1YhoXZZRXZlomYJp-CAZcjFpPEmWx88oFPipJhiTBtgYNIA1oyTVzN-xbE0zK9bOmjAT5q3iInssdUR6G_Jv7ppToalBBLhcin0ktAhiAeFhjFMS-0Pk2bfcE1quhr86kb2tihh0HtI1YTBCoBSmvhffPGrl6Qnk-OIDkrCrN4_UkgKWCG59yZB9a3o3u95YJFBCldbeMmrgJRun4Opgk09Dli16SS7_JmYtvLE9k_WN0WNYWkEinZyR8GP7rH9l-aH9gYsV4njkAynaWw_BY1e01mV9abau8WNSVvcn45WaU_-c59vtc=&abvar=0&os=0
62.122.171.6200 OK 43 B URL HTTP/2 kw3y5otoeuniv7e9rsi.com/chicken.gif?z=1846521&pb=c388c215cb18a53264728231afc0eab11664055072&psp=D8ZY7Y9qqnB_TJAnzsxt6cUkbWhxJWRe_6B4qmPlZOzjHIAa9lAhdYQCTTalWQSq8NdB5FZBdUmMXeXcMw8EFhrypy2p5_mTnwP9kJL6aNVyjQLrhM5-Ggm6_igxMyUzEkAA4GhG-2OBl32B6a2zccuiS1kOMUrSzG7Emwy0EI1aRkgokAYWJsN5hbLWd1UZc0SoAxeKphv9YM-HptXvasV4EyMIxxOVuKp1dcZEX3VA3ua7wTwEA754__kyVG5SRNu3cqW5yECHm5zI22UKd5UKmUXkTLZEWJtoFH94E4UpIITyXQMNvHBCtZodBiRQz57gq8DbeRsN3oOWKnlN4hyNTgwtTNKHj3U1_O9dWr0ZA3A8qTK29UOfcF8y9z9peunM8Ga10ZNChJIA2kIuJTNTjUlrpVrPtukj4h1YhoXZZRXZlomYJp-CAZcjFpPEmWx88oFPipJhiTBtgYNIA1oyTVzN-xbE0zK9bOmjAT5q3iInssdUR6G_Jv7ppToalBBLhcin0ktAhiAeFhjFMS-0Pk2bfcE1quhr86kb2tihh0HtI1YTBCoBSmvhffPGrl6Qnk-OIDkrCrN4_UkgKWCG59yZB9a3o3u95YJFBCldbeMmrgJRun4Opgk09Dli16SS7_JmYtvLE9k_WN0WNYWkEinZyR8GP7rH9l-aH9gYsV4njkAynaWw_BY1e01mV9abau8WNSVvcn45WaU_-c59vtc=&abvar=0&os=0
IP 62.122.171.6:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84
Analyzer Verdict Alert quad9 Sinkholed
GET /chicken.gif?z=1846521&pb=c388c215cb18a53264728231afc0eab11664055072&psp=D8ZY7Y9qqnB_TJAnzsxt6cUkbWhxJWRe_6B4qmPlZOzjHIAa9lAhdYQCTTalWQSq8NdB5FZBdUmMXeXcMw8EFhrypy2p5_mTnwP9kJL6aNVyjQLrhM5-Ggm6_igxMyUzEkAA4GhG-2OBl32B6a2zccuiS1kOMUrSzG7Emwy0EI1aRkgokAYWJsN5hbLWd1UZc0SoAxeKphv9YM-HptXvasV4EyMIxxOVuKp1dcZEX3VA3ua7wTwEA754__kyVG5SRNu3cqW5yECHm5zI22UKd5UKmUXkTLZEWJtoFH94E4UpIITyXQMNvHBCtZodBiRQz57gq8DbeRsN3oOWKnlN4hyNTgwtTNKHj3U1_O9dWr0ZA3A8qTK29UOfcF8y9z9peunM8Ga10ZNChJIA2kIuJTNTjUlrpVrPtukj4h1YhoXZZRXZlomYJp-CAZcjFpPEmWx88oFPipJhiTBtgYNIA1oyTVzN-xbE0zK9bOmjAT5q3iInssdUR6G_Jv7ppToalBBLhcin0ktAhiAeFhjFMS-0Pk2bfcE1quhr86kb2tihh0HtI1YTBCoBSmvhffPGrl6Qnk-OIDkrCrN4_UkgKWCG59yZB9a3o3u95YJFBCldbeMmrgJRun4Opgk09Dli16SS7_JmYtvLE9k_WN0WNYWkEinZyR8GP7rH9l-aH9gYsV4njkAynaWw_BY1e01mV9abau8WNSVvcn45WaU_-c59vtc=&abvar=0&os=0 HTTP/1.1
Host: kw3y5otoeuniv7e9rsi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: UID=22092414316ca5fb431f3b4a61ab85fcb89a
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 19:31:12 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.impression
set-cookie: OACICAP=ACH1gAAAAAAAAAAB; Path=/; Expires=Mon, 24 Oct 2022 19:31:12 GMT; Secure; SameSite=None
OACIBLOCK=ACH1gAAAAABjLo7Q; Path=/; Expires=Mon, 24 Oct 2022 19:31:12 GMT; Secure; SameSite=None
ppucnt=0; Path=/; Expires=Sun, 25 Sep 2022 19:31:12 GMT; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
kw3y5otoeuniv7e9rsi.com/chicken.gif?z=1882688&pb=c388c215cb18a53264728231afc0eab11664055072&psp=8S22anKQJCuihyI7G-bvGwF-fw7nSRY83oTX9rPs4UHdly2qfbK1acTvl-5IiynaM7AvMdWQ-x2lbunJT2m_PPEK-xsGyshj87e7NMe_6CGk79wPeahXonkvgRlH7-mYRH6c-kDnr1ZgoXsYq51ylM4ASXmJrLdzYbut-M2-6uT6iNuigEqwPeWaMwWnW2c58FH80pO9XamYf3y3q04px6P-XpTyojWmofXms_8ZIezyZgBisM2nC0Oe0hNRCBCjMI4mPX7zT6BO-nQf71zgwe9cqXe1lCM8E5LdCOM2HdEPuKeZBg7a_E3BBHTXoM4R_xKngzfhQ3bLPTXIGL3x02danc-GVFYM0ovbOIMVA-xBpLdT-680FBSqtHOG_pg4PofL6kx8dNQlw3QQgJEmkmc4gtOejikExBAjPKnHDLKI8r5J5ZyhfQVbtcLkQL7lsby4NFk-TEDACRCE9Gh5a26XbTrX-K4DUa8bMJs8-ekNGlWVVLjeUyYP8VC6sS0ZKkrEilDncrKo5zskGSHFg2sskS_VSYjcsf--oC3MyU0UhECbWefBD38vYKSqpJtTbRIADd7mkKOhCkMjiIf_K5c0S897hxWjq7bLwOWCNzFXK0H3ly7b1yxk_melJ6b-AdW4DnKPSNhFRLGcUJuAPzhfw7nXcx5EqsdrUIK4nk933BNIem7BfUGTJ4SUB0UrgPJw8JgDJdqwHbKKfGhrVwCRRBBT0DZe8Mi5VeSc3O0T&abvar=0&os=0
62.122.171.6200 OK 43 B URL HTTP/2 kw3y5otoeuniv7e9rsi.com/chicken.gif?z=1882688&pb=c388c215cb18a53264728231afc0eab11664055072&psp=8S22anKQJCuihyI7G-bvGwF-fw7nSRY83oTX9rPs4UHdly2qfbK1acTvl-5IiynaM7AvMdWQ-x2lbunJT2m_PPEK-xsGyshj87e7NMe_6CGk79wPeahXonkvgRlH7-mYRH6c-kDnr1ZgoXsYq51ylM4ASXmJrLdzYbut-M2-6uT6iNuigEqwPeWaMwWnW2c58FH80pO9XamYf3y3q04px6P-XpTyojWmofXms_8ZIezyZgBisM2nC0Oe0hNRCBCjMI4mPX7zT6BO-nQf71zgwe9cqXe1lCM8E5LdCOM2HdEPuKeZBg7a_E3BBHTXoM4R_xKngzfhQ3bLPTXIGL3x02danc-GVFYM0ovbOIMVA-xBpLdT-680FBSqtHOG_pg4PofL6kx8dNQlw3QQgJEmkmc4gtOejikExBAjPKnHDLKI8r5J5ZyhfQVbtcLkQL7lsby4NFk-TEDACRCE9Gh5a26XbTrX-K4DUa8bMJs8-ekNGlWVVLjeUyYP8VC6sS0ZKkrEilDncrKo5zskGSHFg2sskS_VSYjcsf--oC3MyU0UhECbWefBD38vYKSqpJtTbRIADd7mkKOhCkMjiIf_K5c0S897hxWjq7bLwOWCNzFXK0H3ly7b1yxk_melJ6b-AdW4DnKPSNhFRLGcUJuAPzhfw7nXcx5EqsdrUIK4nk933BNIem7BfUGTJ4SUB0UrgPJw8JgDJdqwHbKKfGhrVwCRRBBT0DZe8Mi5VeSc3O0T&abvar=0&os=0
IP 62.122.171.6:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84
Analyzer Verdict Alert quad9 Sinkholed
GET /chicken.gif?z=1882688&pb=c388c215cb18a53264728231afc0eab11664055072&psp=8S22anKQJCuihyI7G-bvGwF-fw7nSRY83oTX9rPs4UHdly2qfbK1acTvl-5IiynaM7AvMdWQ-x2lbunJT2m_PPEK-xsGyshj87e7NMe_6CGk79wPeahXonkvgRlH7-mYRH6c-kDnr1ZgoXsYq51ylM4ASXmJrLdzYbut-M2-6uT6iNuigEqwPeWaMwWnW2c58FH80pO9XamYf3y3q04px6P-XpTyojWmofXms_8ZIezyZgBisM2nC0Oe0hNRCBCjMI4mPX7zT6BO-nQf71zgwe9cqXe1lCM8E5LdCOM2HdEPuKeZBg7a_E3BBHTXoM4R_xKngzfhQ3bLPTXIGL3x02danc-GVFYM0ovbOIMVA-xBpLdT-680FBSqtHOG_pg4PofL6kx8dNQlw3QQgJEmkmc4gtOejikExBAjPKnHDLKI8r5J5ZyhfQVbtcLkQL7lsby4NFk-TEDACRCE9Gh5a26XbTrX-K4DUa8bMJs8-ekNGlWVVLjeUyYP8VC6sS0ZKkrEilDncrKo5zskGSHFg2sskS_VSYjcsf--oC3MyU0UhECbWefBD38vYKSqpJtTbRIADd7mkKOhCkMjiIf_K5c0S897hxWjq7bLwOWCNzFXK0H3ly7b1yxk_melJ6b-AdW4DnKPSNhFRLGcUJuAPzhfw7nXcx5EqsdrUIK4nk933BNIem7BfUGTJ4SUB0UrgPJw8JgDJdqwHbKKfGhrVwCRRBBT0DZe8Mi5VeSc3O0T&abvar=0&os=0 HTTP/1.1
Host: kw3y5otoeuniv7e9rsi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: UID=22092414316ca5fb431f3b4a61ab85fcb89a
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 19:31:12 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.impression
set-cookie: OACICAP=ACH1gAAAAAAAAAAB; Path=/; Expires=Mon, 24 Oct 2022 19:31:12 GMT; Secure; SameSite=None
OACIBLOCK=ACH1gAAAAABjLo7Q; Path=/; Expires=Mon, 24 Oct 2022 19:31:12 GMT; Secure; SameSite=None
ppucnt=0; Path=/; Expires=Sun, 25 Sep 2022 19:31:12 GMT; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
kw3y5otoeuniv7e9rsi.com/chicken.gif?z=1882688&pb=c388c215cb18a53264728231afc0eab11664055072&psp=CExlOw30EzAkPEF7mTzi8LqIz_SeGjBiew9uACaUEEx8rCWPeJ8iuWRkpaFCtqgsRELmDUPt9U5nI5gpYJdbsQEy_Yl7PIEtMGPPoc7KLSQshfqbSeR5tCKNN7q4YnaLDvgY5uO6CshznwfdGAb3y0izUslAzKRMdsjioq-Vpri3fhxDbHSXmEsyn8YBxiw_NBAmi_hkioOfn6zJ3Ounv552102kD-Mkv6ZZhziwbQp0EuQzm8I1iygvYUpLua3eVuayzMAxpBd1_T3AUy0F68XRLhhDPW6_9BykO8iUAlyPVqzb8RXUDL2x_eO6Hdk2u3Ezoax89UNwyFbT0IS7c-K5ZTz0QOhRmo0JgHdvMvXwuxI_w0JA0wNuemORY7_YWLBzZjJsbpO2ALmXEhuO9v4HWqynKOiaqeiLRFqAjnZvwiSgusGZOUy3LMhbEDqAH7j5VGArIoA3I2S3-qOTIXWiNjDYdccjxhcmecxczjDpL_EfpYXAyckjyknr_Ct-0bK1gX__kcvrTm7oUOO8mZ0oAfeiEfJL1ZOCIGvQm7teBDmsFbg1T6Ap246o4veL3jZSLk8luORTcPb3UpXdnJOuqZBVLfhcDt-cyJ7KSoIzrmBrHpr5H2UdfGoIYmmoz1FRAGvD3HpoBgBXAGTf1keJAxXfxTpkukNnShbOpvRAmHIfQ-WedzM3YaNiSfmwAlqA3p9c8mQxQflKTYkR5yoWlrVYVNnj8wgv6Skuucc=&abvar=0&os=0
62.122.171.6200 OK 43 B URL HTTP/2 kw3y5otoeuniv7e9rsi.com/chicken.gif?z=1882688&pb=c388c215cb18a53264728231afc0eab11664055072&psp=CExlOw30EzAkPEF7mTzi8LqIz_SeGjBiew9uACaUEEx8rCWPeJ8iuWRkpaFCtqgsRELmDUPt9U5nI5gpYJdbsQEy_Yl7PIEtMGPPoc7KLSQshfqbSeR5tCKNN7q4YnaLDvgY5uO6CshznwfdGAb3y0izUslAzKRMdsjioq-Vpri3fhxDbHSXmEsyn8YBxiw_NBAmi_hkioOfn6zJ3Ounv552102kD-Mkv6ZZhziwbQp0EuQzm8I1iygvYUpLua3eVuayzMAxpBd1_T3AUy0F68XRLhhDPW6_9BykO8iUAlyPVqzb8RXUDL2x_eO6Hdk2u3Ezoax89UNwyFbT0IS7c-K5ZTz0QOhRmo0JgHdvMvXwuxI_w0JA0wNuemORY7_YWLBzZjJsbpO2ALmXEhuO9v4HWqynKOiaqeiLRFqAjnZvwiSgusGZOUy3LMhbEDqAH7j5VGArIoA3I2S3-qOTIXWiNjDYdccjxhcmecxczjDpL_EfpYXAyckjyknr_Ct-0bK1gX__kcvrTm7oUOO8mZ0oAfeiEfJL1ZOCIGvQm7teBDmsFbg1T6Ap246o4veL3jZSLk8luORTcPb3UpXdnJOuqZBVLfhcDt-cyJ7KSoIzrmBrHpr5H2UdfGoIYmmoz1FRAGvD3HpoBgBXAGTf1keJAxXfxTpkukNnShbOpvRAmHIfQ-WedzM3YaNiSfmwAlqA3p9c8mQxQflKTYkR5yoWlrVYVNnj8wgv6Skuucc=&abvar=0&os=0
IP 62.122.171.6:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84
Analyzer Verdict Alert quad9 Sinkholed
GET /chicken.gif?z=1882688&pb=c388c215cb18a53264728231afc0eab11664055072&psp=CExlOw30EzAkPEF7mTzi8LqIz_SeGjBiew9uACaUEEx8rCWPeJ8iuWRkpaFCtqgsRELmDUPt9U5nI5gpYJdbsQEy_Yl7PIEtMGPPoc7KLSQshfqbSeR5tCKNN7q4YnaLDvgY5uO6CshznwfdGAb3y0izUslAzKRMdsjioq-Vpri3fhxDbHSXmEsyn8YBxiw_NBAmi_hkioOfn6zJ3Ounv552102kD-Mkv6ZZhziwbQp0EuQzm8I1iygvYUpLua3eVuayzMAxpBd1_T3AUy0F68XRLhhDPW6_9BykO8iUAlyPVqzb8RXUDL2x_eO6Hdk2u3Ezoax89UNwyFbT0IS7c-K5ZTz0QOhRmo0JgHdvMvXwuxI_w0JA0wNuemORY7_YWLBzZjJsbpO2ALmXEhuO9v4HWqynKOiaqeiLRFqAjnZvwiSgusGZOUy3LMhbEDqAH7j5VGArIoA3I2S3-qOTIXWiNjDYdccjxhcmecxczjDpL_EfpYXAyckjyknr_Ct-0bK1gX__kcvrTm7oUOO8mZ0oAfeiEfJL1ZOCIGvQm7teBDmsFbg1T6Ap246o4veL3jZSLk8luORTcPb3UpXdnJOuqZBVLfhcDt-cyJ7KSoIzrmBrHpr5H2UdfGoIYmmoz1FRAGvD3HpoBgBXAGTf1keJAxXfxTpkukNnShbOpvRAmHIfQ-WedzM3YaNiSfmwAlqA3p9c8mQxQflKTYkR5yoWlrVYVNnj8wgv6Skuucc=&abvar=0&os=0 HTTP/1.1
Host: kw3y5otoeuniv7e9rsi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: UID=22092414316ca5fb431f3b4a61ab85fcb89a
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 19:31:12 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.impression
set-cookie: OACICAP=ACIPDQAAAAAAAAAB; Path=/; Expires=Mon, 24 Oct 2022 19:31:12 GMT; Secure; SameSite=None
OACIBLOCK=ACIPDQAAAABjLo7Q; Path=/; Expires=Mon, 24 Oct 2022 19:31:12 GMT; Secure; SameSite=None
ppucnt=0; Path=/; Expires=Sun, 25 Sep 2022 19:31:12 GMT; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
cdn18685953.ahacdn.me/skins/bannerdating4.png
45.133.44.20200 OK 9.6 kB URL HTTP/2 cdn18685953.ahacdn.me/skins/bannerdating4.png
IP 45.133.44.20:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 147 x 153, 8-bit/color RGBA, non-interlaced\012- data
Hash 56f07e0d933a1f7211667b4cc4a7db80
daf466fe3e15cc69bcf6b1d2592ba2d33357250f
5cc8d7fef92d8de943e1979813099b5f825d12443a29cf008928de90197b7118
GET /skins/bannerdating4.png HTTP/1.1
Host: cdn18685953.ahacdn.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 24 Sep 2022 19:31:12 GMT
content-type: image/png
content-length: 9644
server: nginx/1.16.1
last-modified: Wed, 28 Jul 2021 08:50:24 GMT
etag: 56f07e0d933a1f7211667b4cc4a7db80
x-timestamp: 1627462223.18881
x-trans-id: tx9ec40df6ae564c1abf95a-0061c43775
x-openstack-request-id: tx9ec40df6ae564c1abf95a-0061c43775
cache-control: max-age=172800
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
expires: Mon, 26 Sep 2022 19:31:12 GMT
vary: Accept-Encoding
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
kw3y5otoeuniv7e9rsi.com/chicken.gif?z=1846179&pb=c388c215cb18a53264728231afc0eab11664055072&psp=_QzCiesGsF2uuFRx00XFHEPwhz88lzeJiE0xrYqyynrwpZH9J8GVK3fjXlrpTPtwvCL-DgHdfMb8WBJwyTVKCPDI5zK_IskzLcR7jQU39bcdNgb0O7ZrERb7oQkg_ULCZLU5voumG29rZ_vpx4zZnMc-8v5ymdE6EzpKVrWOrotcYOvHejPBLTKJ2gh4LzpRjO_IMMN8IAoG-nHPr3HrnZEcPpEoTSMR6X53B45X7twP1F6MQ5V-WXgNwGT4o5XkNw0yGVoKsdcKlli24GrQfvPPTMOw2bqXRb_7Fs7ngQVHRbv6kkv195yVAVyCfuvXmpAg6JQ824cgxQHf8iEQA_99c03SeyRHAjv1OMipgiUegn00fJHc0hUZgbPoAY1bk33VF1x5wCycBw9ocMwPFrOFNMgEOMI6_Bh2xqunXrp_cpJuxrvTt0B0kdi6bAGXzOPDSADAGdO9MxwrQTSJWJpZGvoqkA0c8Ey9j4s7WEJIr6ImqhH_U3--CiXThjIr6kC1W4vETx0HMhqC8NTtMm1fAXBcjeHcMt5WBSXQtdRf6rqEYveWo1OaupdK1TyQ56s-0lqiveupRMLTY1goUiPnH0QJFvPkIaA7nF8BVl5rIkN1TJUJn_Y7XwlVDMgoYgZr6FtUu_qWWCHFEvkkrJrCzjJr4uTkCEhtZ0WTbx2XyAhs0EbilNf4mQ6d8gbAq-3KgGEczrnuO2BUWwPYPKNDHx3taL3jPMcBBrQJDv1_dWv5aqrVPTfTQ0pM4nl-6C7W_ZtbEbNt6ePdMQGTbA==&abvar=29&os=0
62.122.171.6200 OK 43 B URL HTTP/2 kw3y5otoeuniv7e9rsi.com/chicken.gif?z=1846179&pb=c388c215cb18a53264728231afc0eab11664055072&psp=_QzCiesGsF2uuFRx00XFHEPwhz88lzeJiE0xrYqyynrwpZH9J8GVK3fjXlrpTPtwvCL-DgHdfMb8WBJwyTVKCPDI5zK_IskzLcR7jQU39bcdNgb0O7ZrERb7oQkg_ULCZLU5voumG29rZ_vpx4zZnMc-8v5ymdE6EzpKVrWOrotcYOvHejPBLTKJ2gh4LzpRjO_IMMN8IAoG-nHPr3HrnZEcPpEoTSMR6X53B45X7twP1F6MQ5V-WXgNwGT4o5XkNw0yGVoKsdcKlli24GrQfvPPTMOw2bqXRb_7Fs7ngQVHRbv6kkv195yVAVyCfuvXmpAg6JQ824cgxQHf8iEQA_99c03SeyRHAjv1OMipgiUegn00fJHc0hUZgbPoAY1bk33VF1x5wCycBw9ocMwPFrOFNMgEOMI6_Bh2xqunXrp_cpJuxrvTt0B0kdi6bAGXzOPDSADAGdO9MxwrQTSJWJpZGvoqkA0c8Ey9j4s7WEJIr6ImqhH_U3--CiXThjIr6kC1W4vETx0HMhqC8NTtMm1fAXBcjeHcMt5WBSXQtdRf6rqEYveWo1OaupdK1TyQ56s-0lqiveupRMLTY1goUiPnH0QJFvPkIaA7nF8BVl5rIkN1TJUJn_Y7XwlVDMgoYgZr6FtUu_qWWCHFEvkkrJrCzjJr4uTkCEhtZ0WTbx2XyAhs0EbilNf4mQ6d8gbAq-3KgGEczrnuO2BUWwPYPKNDHx3taL3jPMcBBrQJDv1_dWv5aqrVPTfTQ0pM4nl-6C7W_ZtbEbNt6ePdMQGTbA==&abvar=29&os=0
IP 62.122.171.6:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84
Analyzer Verdict Alert quad9 Sinkholed
GET /chicken.gif?z=1846179&pb=c388c215cb18a53264728231afc0eab11664055072&psp=_QzCiesGsF2uuFRx00XFHEPwhz88lzeJiE0xrYqyynrwpZH9J8GVK3fjXlrpTPtwvCL-DgHdfMb8WBJwyTVKCPDI5zK_IskzLcR7jQU39bcdNgb0O7ZrERb7oQkg_ULCZLU5voumG29rZ_vpx4zZnMc-8v5ymdE6EzpKVrWOrotcYOvHejPBLTKJ2gh4LzpRjO_IMMN8IAoG-nHPr3HrnZEcPpEoTSMR6X53B45X7twP1F6MQ5V-WXgNwGT4o5XkNw0yGVoKsdcKlli24GrQfvPPTMOw2bqXRb_7Fs7ngQVHRbv6kkv195yVAVyCfuvXmpAg6JQ824cgxQHf8iEQA_99c03SeyRHAjv1OMipgiUegn00fJHc0hUZgbPoAY1bk33VF1x5wCycBw9ocMwPFrOFNMgEOMI6_Bh2xqunXrp_cpJuxrvTt0B0kdi6bAGXzOPDSADAGdO9MxwrQTSJWJpZGvoqkA0c8Ey9j4s7WEJIr6ImqhH_U3--CiXThjIr6kC1W4vETx0HMhqC8NTtMm1fAXBcjeHcMt5WBSXQtdRf6rqEYveWo1OaupdK1TyQ56s-0lqiveupRMLTY1goUiPnH0QJFvPkIaA7nF8BVl5rIkN1TJUJn_Y7XwlVDMgoYgZr6FtUu_qWWCHFEvkkrJrCzjJr4uTkCEhtZ0WTbx2XyAhs0EbilNf4mQ6d8gbAq-3KgGEczrnuO2BUWwPYPKNDHx3taL3jPMcBBrQJDv1_dWv5aqrVPTfTQ0pM4nl-6C7W_ZtbEbNt6ePdMQGTbA==&abvar=29&os=0 HTTP/1.1
Host: kw3y5otoeuniv7e9rsi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: UID=22092414316ca5fb431f3b4a61ab85fcb89a; OACICAP=ACIPDQAAAAAAAAAB; OACIBLOCK=ACIPDQAAAABjLo7Q; ppucnt=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 19:31:12 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.impression
set-cookie: OACICAP=ACIPDQAAAAAAAAABACIntwAAAAAAAAAB; Path=/; Expires=Mon, 24 Oct 2022 19:31:12 GMT; Secure; SameSite=None
OACIBLOCK=ACIPDQAAAABjLo7QACIntwAAAABjLo7Q; Path=/; Expires=Mon, 24 Oct 2022 19:31:12 GMT; Secure; SameSite=None
ppucnt=0; Path=/; Expires=Sun, 25 Sep 2022 19:31:12 GMT; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
kw3y5otoeuniv7e9rsi.com/chicken.gif?z=1846269&pb=c388c215cb18a53264728231afc0eab11664055072&psp=_JTWNbcfF-Y_vf7EKZcIvSsCavXcLRLt1F6I1i-KVjLFw3ApRd2IuTGboxUNvgMqCMiGYf03wBmlAxqBZQGzJ3Z7o513yQ2QWZ-DlSzTw-7crzBNqb6eybZ_wDAtGhVDRc-3rg-dPyk3xFlhKA_FxT-uohWEoTK-_R6s5U3e-FkMBGu38_lcEjpsRoB0kquNdURbPmt1jHkbu46tCA3GN1iZYoe5CLGdOl5j32hyUEntdoRNRcKJDxmvZxtav3qTVZoyCTEw_CWVkdBB2Olnj3p5HlK5YO8FaJXKhEv5z4IJBR5z7Exg3Yt2IpXTLrfkd4ynB6uIZB8dJdSnYEpcRcStQ4fYbxPQu7D-iFDAsxwg6Clvt0_N3EBFXN7QULxbwOr8KtGcaB_AW4IRsbqkTOrW4WR9hcXuOxq24gG45A-jSTaiUtgoXVPN69IAyz6NdmPPQfT2kZe_1_W1Au-BtGkYUWuFVIrpCKBjZRSx-p22Ce2asd5zW-rU_eYVxwP7Nt_nc9TWzm45okPEXrxH9soEF5kQ6-f3bSkF7nMz570BCD1D358sgieRzpAY9ugjvyrpjpglOW3h_-wahH4h0RX4CY968FkCmgb_8geVC0NKlUGg8TbkwoRcmQKnuxtPHorgflYuR63EmSQrMq8t62MDty69RnE4G0s5Rri95byrtH3hNrCF9may71jyB2GPiiFCoiXiZQXso9WRObj9IrPAqWKvJSVHh_lalfSCsoi4TL2-0zZGiR-WbXOMWojcDjQp3JJUd9GoSn4c34h8cA==&abvar=0&os=0
62.122.171.6200 OK 43 B URL HTTP/2 kw3y5otoeuniv7e9rsi.com/chicken.gif?z=1846269&pb=c388c215cb18a53264728231afc0eab11664055072&psp=_JTWNbcfF-Y_vf7EKZcIvSsCavXcLRLt1F6I1i-KVjLFw3ApRd2IuTGboxUNvgMqCMiGYf03wBmlAxqBZQGzJ3Z7o513yQ2QWZ-DlSzTw-7crzBNqb6eybZ_wDAtGhVDRc-3rg-dPyk3xFlhKA_FxT-uohWEoTK-_R6s5U3e-FkMBGu38_lcEjpsRoB0kquNdURbPmt1jHkbu46tCA3GN1iZYoe5CLGdOl5j32hyUEntdoRNRcKJDxmvZxtav3qTVZoyCTEw_CWVkdBB2Olnj3p5HlK5YO8FaJXKhEv5z4IJBR5z7Exg3Yt2IpXTLrfkd4ynB6uIZB8dJdSnYEpcRcStQ4fYbxPQu7D-iFDAsxwg6Clvt0_N3EBFXN7QULxbwOr8KtGcaB_AW4IRsbqkTOrW4WR9hcXuOxq24gG45A-jSTaiUtgoXVPN69IAyz6NdmPPQfT2kZe_1_W1Au-BtGkYUWuFVIrpCKBjZRSx-p22Ce2asd5zW-rU_eYVxwP7Nt_nc9TWzm45okPEXrxH9soEF5kQ6-f3bSkF7nMz570BCD1D358sgieRzpAY9ugjvyrpjpglOW3h_-wahH4h0RX4CY968FkCmgb_8geVC0NKlUGg8TbkwoRcmQKnuxtPHorgflYuR63EmSQrMq8t62MDty69RnE4G0s5Rri95byrtH3hNrCF9may71jyB2GPiiFCoiXiZQXso9WRObj9IrPAqWKvJSVHh_lalfSCsoi4TL2-0zZGiR-WbXOMWojcDjQp3JJUd9GoSn4c34h8cA==&abvar=0&os=0
IP 62.122.171.6:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84
Analyzer Verdict Alert quad9 Sinkholed
GET /chicken.gif?z=1846269&pb=c388c215cb18a53264728231afc0eab11664055072&psp=_JTWNbcfF-Y_vf7EKZcIvSsCavXcLRLt1F6I1i-KVjLFw3ApRd2IuTGboxUNvgMqCMiGYf03wBmlAxqBZQGzJ3Z7o513yQ2QWZ-DlSzTw-7crzBNqb6eybZ_wDAtGhVDRc-3rg-dPyk3xFlhKA_FxT-uohWEoTK-_R6s5U3e-FkMBGu38_lcEjpsRoB0kquNdURbPmt1jHkbu46tCA3GN1iZYoe5CLGdOl5j32hyUEntdoRNRcKJDxmvZxtav3qTVZoyCTEw_CWVkdBB2Olnj3p5HlK5YO8FaJXKhEv5z4IJBR5z7Exg3Yt2IpXTLrfkd4ynB6uIZB8dJdSnYEpcRcStQ4fYbxPQu7D-iFDAsxwg6Clvt0_N3EBFXN7QULxbwOr8KtGcaB_AW4IRsbqkTOrW4WR9hcXuOxq24gG45A-jSTaiUtgoXVPN69IAyz6NdmPPQfT2kZe_1_W1Au-BtGkYUWuFVIrpCKBjZRSx-p22Ce2asd5zW-rU_eYVxwP7Nt_nc9TWzm45okPEXrxH9soEF5kQ6-f3bSkF7nMz570BCD1D358sgieRzpAY9ugjvyrpjpglOW3h_-wahH4h0RX4CY968FkCmgb_8geVC0NKlUGg8TbkwoRcmQKnuxtPHorgflYuR63EmSQrMq8t62MDty69RnE4G0s5Rri95byrtH3hNrCF9may71jyB2GPiiFCoiXiZQXso9WRObj9IrPAqWKvJSVHh_lalfSCsoi4TL2-0zZGiR-WbXOMWojcDjQp3JJUd9GoSn4c34h8cA==&abvar=0&os=0 HTTP/1.1
Host: kw3y5otoeuniv7e9rsi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: UID=22092414316ca5fb431f3b4a61ab85fcb89a; OACICAP=ACIPDQAAAAAAAAAB; OACIBLOCK=ACIPDQAAAABjLo7Q; ppucnt=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 19:31:12 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.impression
set-cookie: OACICAP=ACIPDQAAAAAAAAABACImvAAAAAAAAAAB; Path=/; Expires=Mon, 24 Oct 2022 19:31:12 GMT; Secure; SameSite=None
OACIBLOCK=ACIPDQAAAABjLo7QACImvAAAAABjLo7Q; Path=/; Expires=Mon, 24 Oct 2022 19:31:12 GMT; Secure; SameSite=None
ppucnt=0; Path=/; Expires=Sun, 25 Sep 2022 19:31:12 GMT; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
ibradome.com/Libs/Javascript/rconfig.js?3.1
185.178.208.130200 OK 21 kB URL HTTP/2 ibradome.com/Libs/Javascript/rconfig.js?3.1
IP 185.178.208.130:0
File type ASCII text, with very long lines (62972), with no line terminators
Hash b3bd643eb106c6ad55cd04809341f5f7
1c101c699bb086aaa59b7c45a6d9c9366c6a8f8f
aab3363e4a712da7e89ff066f2f60dd9d6852e1996a6363ef930be6e9e6fb93c
GET /Libs/Javascript/rconfig.js?3.1 HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=31536000
expires: Sun, 24 Sep 2023 19:31:14 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 23 Sep 2022 07:06:25 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 20841
date: Sat, 24 Sep 2022 19:31:14 GMT
age: 1
ddg-cache-status: MISS
X-Firefox-Spdy: h2
ibradome.com/Libs/Javascript/jquery.js?3.1
185.178.208.130200 OK 33 kB URL HTTP/2 ibradome.com/Libs/Javascript/jquery.js?3.1
IP 185.178.208.130:0
File type ASCII text, with very long lines (65451)
Hash c56a2769aa52764e01fd66fc7a86c5f4
f7cde6562360dcfcaf4f9687170d4811c3f33856
65768e7c30b2bfe63f5bb443134708f0fca239a3519af566277b2dbeb947abbe
GET /Libs/Javascript/jquery.js?3.1 HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4; _ga_QVV6LWHMJT=GS1.1.1664047871.1.0.1664047871.0.0.0; _ga=GA1.1.618316747.1664047872; sb_page_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_onpage_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_main_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_count_0a9aec252ec8cc83b9f56ec6b45fa3a9=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=31536000
expires: Sun, 24 Sep 2023 19:31:14 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sun, 01 Mar 2020 14:52:21 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 32834
date: Sat, 24 Sep 2022 19:31:14 GMT
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2
limurol.com/ssp/req/1845010/?pb=c388c215cb18a53264728231afc0eab11664055072&psp=H2mAUa03kCkAtdzoXqS7pWNypPRrPFJ1wO7bS__IyCRMXJiqCxN_pKcy-mBjBb5xjehRZaSsNPxgzWnCFd3_E9ljSEnj-khXkEYxTt9hAK_no5n54S0QNQMZ-cEJXDNpb98-6R-y2JPziGfNQenba_hk_Hbp0llYSiUGbsvZZaxlrIJScRX1BVLl9D61vTSvBRzHM_TBo_1V0TDHE_wIyRP3ZVe1RUicCm8iol0o4hiSBoLyHg9jynmPkJ1_kKmSDWhK0d30HkbFxyh978RXNB0X_cxwHekeT83gDejdFDrmgjmqUQ0Vj4uxks9hP24Ch-Oo5z5hqRxFYsMmVclPqyNAePbtakjmiAQVomDpDTka6thJjyXXmSJtYPiFBZGJymMcIY_djJOz_sP6FE480sonruQkMixlLBGjFWE_tK3UYe4Cff8_6Ca_rSQh7BDLUboLM4q97izBd-k9bTyoNyj97AZSdQeBgKNhMskflHLYOFXdYBJ_2YWlXa0LjNYoLG_EgWa30FFt_rvX_E_9T5ff7kdIcOmycZAyo7gr8bfTujD_A94_MlhQQQRo_p9PuHo2H0DoJNQgvuiCLzysr0QnzZ0=&cb=_cle4ya2ma2hl3zibql7oup&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24
62.122.171.6200 OK 7 B URL HTTP/2 limurol.com/ssp/req/1845010/?pb=c388c215cb18a53264728231afc0eab11664055072&psp=H2mAUa03kCkAtdzoXqS7pWNypPRrPFJ1wO7bS__IyCRMXJiqCxN_pKcy-mBjBb5xjehRZaSsNPxgzWnCFd3_E9ljSEnj-khXkEYxTt9hAK_no5n54S0QNQMZ-cEJXDNpb98-6R-y2JPziGfNQenba_hk_Hbp0llYSiUGbsvZZaxlrIJScRX1BVLl9D61vTSvBRzHM_TBo_1V0TDHE_wIyRP3ZVe1RUicCm8iol0o4hiSBoLyHg9jynmPkJ1_kKmSDWhK0d30HkbFxyh978RXNB0X_cxwHekeT83gDejdFDrmgjmqUQ0Vj4uxks9hP24Ch-Oo5z5hqRxFYsMmVclPqyNAePbtakjmiAQVomDpDTka6thJjyXXmSJtYPiFBZGJymMcIY_djJOz_sP6FE480sonruQkMixlLBGjFWE_tK3UYe4Cff8_6Ca_rSQh7BDLUboLM4q97izBd-k9bTyoNyj97AZSdQeBgKNhMskflHLYOFXdYBJ_2YWlXa0LjNYoLG_EgWa30FFt_rvX_E_9T5ff7kdIcOmycZAyo7gr8bfTujD_A94_MlhQQQRo_p9PuHo2H0DoJNQgvuiCLzysr0QnzZ0=&cb=_cle4ya2ma2hl3zibql7oup&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24
IP 62.122.171.6:0
File type ASCII text, with no line terminators
Hash a97eb6fbe6f13b601d5d48c0eba8baae
736efb938caf3d0edec406932ada889f1a4f2268
a04bf061f53e0011fd2f43bdf081526344f003c50146c88c42c2d95ef22c1821
Analyzer Verdict Alert quad9 Sinkholed
GET /ssp/req/1845010/?pb=c388c215cb18a53264728231afc0eab11664055072&psp=H2mAUa03kCkAtdzoXqS7pWNypPRrPFJ1wO7bS__IyCRMXJiqCxN_pKcy-mBjBb5xjehRZaSsNPxgzWnCFd3_E9ljSEnj-khXkEYxTt9hAK_no5n54S0QNQMZ-cEJXDNpb98-6R-y2JPziGfNQenba_hk_Hbp0llYSiUGbsvZZaxlrIJScRX1BVLl9D61vTSvBRzHM_TBo_1V0TDHE_wIyRP3ZVe1RUicCm8iol0o4hiSBoLyHg9jynmPkJ1_kKmSDWhK0d30HkbFxyh978RXNB0X_cxwHekeT83gDejdFDrmgjmqUQ0Vj4uxks9hP24Ch-Oo5z5hqRxFYsMmVclPqyNAePbtakjmiAQVomDpDTka6thJjyXXmSJtYPiFBZGJymMcIY_djJOz_sP6FE480sonruQkMixlLBGjFWE_tK3UYe4Cff8_6Ca_rSQh7BDLUboLM4q97izBd-k9bTyoNyj97AZSdQeBgKNhMskflHLYOFXdYBJ_2YWlXa0LjNYoLG_EgWa30FFt_rvX_E_9T5ff7kdIcOmycZAyo7gr8bfTujD_A94_MlhQQQRo_p9PuHo2H0DoJNQgvuiCLzysr0QnzZ0=&cb=_cle4ya2ma2hl3zibql7oup&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24 HTTP/1.1
Host: limurol.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/
Cookie: UID=220924143158a9ff5673944401860e82dafa
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 19:31:13 GMT
content-type: text/javascript
content-length: 7
x-route-id: ssp.bet
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
ibradome.com/Libs/Functions/conf.php
185.178.208.130200 OK 13 kB URL HTTP/2 ibradome.com/Libs/Functions/conf.php
IP 185.178.208.130:0
File type JSON data\012- , ASCII text, with very long lines (44081), with no line terminators
Hash b762e4b8b7beae27c2b2f9929c9287c7
87866a4ade61a17c98b38fede8591f751f18a250
9cb09c9a9d9fb426c88d029a5573ab0b2d75c616480db2d97f35e3d0a948c3ce
GET /Libs/Functions/conf.php HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4; _ga_QVV6LWHMJT=GS1.1.1664047871.1.0.1664047871.0.0.0; _ga=GA1.1.618316747.1664047872; sb_page_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_onpage_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_main_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_count_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; dom3ic8zudi28v8lr6fgphwffqoz0j6c=f27d47e7-d9f5-407d-9675-74ea0a68e259%3A3%3A1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-type: text/html; charset=UTF-8
etag: "22674395-1664047765;br"
x-litespeed-cache: hit
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 13389
date: Sat, 24 Sep 2022 19:31:14 GMT
x-ua-compatible: IE=edge
X-Firefox-Spdy: h2
limurol.com/ssp/req/1845010/?pb=c388c215cb18a53264728231afc0eab11664055072&psp=H2mAUa03kCkAtdzoXqS7pWNypPRrPFJ1wO7bS__IyCRMXJiqCxN_pKcy-mBjBb5xjehRZaSsNPxgzWnCFd3_E9ljSEnj-khXkEYxTt9hAK_no5n54S0QNQMZ-cEJXDNpb98-6R-y2JPziGfNQenba_hk_Hbp0llYSiUGbsvZZaxlrIJScRX1BVLl9D61vTSvBRzHM_TBo_1V0TDHE_wIyRP3ZVe1RUicCm8iol0o4hiSBoLyHg9jynmPkJ1_kKmSDWhK0d30HkbFxyh978RXNB0X_cxwHekeT83gDejdFDrmgjmqUQ0Vj4uxks9hP24Ch-Oo5z5hqRxFYsMmVclPqyNAePbtakjmiAQVomDpDTka6thJjyXXmSJtYPiFBZGJymMcIY_djJOz_sP6FE480sonruQkMixlLBGjFWE_tK3UYe4Cff8_6Ca_rSQh7BDLUboLM4q97izBd-k9bTyoNyj97AZSdQeBgKNhMskflHLYOFXdYBJ_2YWlXa0LjNYoLG_EgWa30FFt_rvX_E_9T5ff7kdIcOmycZAyo7gr8bfTujD_A94_MlhQQQRo_p9PuHo2H0DoJNQgvuiCLzysr0QnzZ0=&cb=_cle4ya2ma2hl3zibql7oup&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24
62.122.171.6200 OK 7 B URL HTTP/2 limurol.com/ssp/req/1845010/?pb=c388c215cb18a53264728231afc0eab11664055072&psp=H2mAUa03kCkAtdzoXqS7pWNypPRrPFJ1wO7bS__IyCRMXJiqCxN_pKcy-mBjBb5xjehRZaSsNPxgzWnCFd3_E9ljSEnj-khXkEYxTt9hAK_no5n54S0QNQMZ-cEJXDNpb98-6R-y2JPziGfNQenba_hk_Hbp0llYSiUGbsvZZaxlrIJScRX1BVLl9D61vTSvBRzHM_TBo_1V0TDHE_wIyRP3ZVe1RUicCm8iol0o4hiSBoLyHg9jynmPkJ1_kKmSDWhK0d30HkbFxyh978RXNB0X_cxwHekeT83gDejdFDrmgjmqUQ0Vj4uxks9hP24Ch-Oo5z5hqRxFYsMmVclPqyNAePbtakjmiAQVomDpDTka6thJjyXXmSJtYPiFBZGJymMcIY_djJOz_sP6FE480sonruQkMixlLBGjFWE_tK3UYe4Cff8_6Ca_rSQh7BDLUboLM4q97izBd-k9bTyoNyj97AZSdQeBgKNhMskflHLYOFXdYBJ_2YWlXa0LjNYoLG_EgWa30FFt_rvX_E_9T5ff7kdIcOmycZAyo7gr8bfTujD_A94_MlhQQQRo_p9PuHo2H0DoJNQgvuiCLzysr0QnzZ0=&cb=_cle4ya2ma2hl3zibql7oup&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24
IP 62.122.171.6:0
File type ASCII text, with no line terminators
Hash a97eb6fbe6f13b601d5d48c0eba8baae
736efb938caf3d0edec406932ada889f1a4f2268
a04bf061f53e0011fd2f43bdf081526344f003c50146c88c42c2d95ef22c1821
Analyzer Verdict Alert quad9 Sinkholed
GET /ssp/req/1845010/?pb=c388c215cb18a53264728231afc0eab11664055072&psp=H2mAUa03kCkAtdzoXqS7pWNypPRrPFJ1wO7bS__IyCRMXJiqCxN_pKcy-mBjBb5xjehRZaSsNPxgzWnCFd3_E9ljSEnj-khXkEYxTt9hAK_no5n54S0QNQMZ-cEJXDNpb98-6R-y2JPziGfNQenba_hk_Hbp0llYSiUGbsvZZaxlrIJScRX1BVLl9D61vTSvBRzHM_TBo_1V0TDHE_wIyRP3ZVe1RUicCm8iol0o4hiSBoLyHg9jynmPkJ1_kKmSDWhK0d30HkbFxyh978RXNB0X_cxwHekeT83gDejdFDrmgjmqUQ0Vj4uxks9hP24Ch-Oo5z5hqRxFYsMmVclPqyNAePbtakjmiAQVomDpDTka6thJjyXXmSJtYPiFBZGJymMcIY_djJOz_sP6FE480sonruQkMixlLBGjFWE_tK3UYe4Cff8_6Ca_rSQh7BDLUboLM4q97izBd-k9bTyoNyj97AZSdQeBgKNhMskflHLYOFXdYBJ_2YWlXa0LjNYoLG_EgWa30FFt_rvX_E_9T5ff7kdIcOmycZAyo7gr8bfTujD_A94_MlhQQQRo_p9PuHo2H0DoJNQgvuiCLzysr0QnzZ0=&cb=_cle4ya2ma2hl3zibql7oup&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24 HTTP/1.1
Host: limurol.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/
Cookie: UID=220924143158a9ff5673944401860e82dafa
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 19:31:13 GMT
content-type: text/javascript
content-length: 7
x-route-id: ssp.bet
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
ibradome.com/Libs/Javascript/auth.js?3.1
185.178.208.130200 OK 1.4 kB URL HTTP/2 ibradome.com/Libs/Javascript/auth.js?3.1
IP 185.178.208.130:0
File type ASCII text, with very long lines (4320), with no line terminators
Hash beaf15b0ce5d70e195b58024da989265
74aa795648b32f4bd2f266f7d4550a83041921e6
4e318af3690e16ea77e013a74128ae912d745f25a3a71d5dde33da2a3a8f0177
GET /Libs/Javascript/auth.js?3.1 HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4; _ga_QVV6LWHMJT=GS1.1.1664047871.1.0.1664047871.0.0.0; _ga=GA1.1.618316747.1664047872; sb_page_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_onpage_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_main_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_count_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; dom3ic8zudi28v8lr6fgphwffqoz0j6c=f27d47e7-d9f5-407d-9675-74ea0a68e259%3A3%3A1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=31536000
expires: Sun, 24 Sep 2023 19:31:14 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sun, 01 Mar 2020 14:52:31 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 1389
date: Sat, 24 Sep 2022 19:31:14 GMT
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2
ibradome.com/Libs/Javascript/nanoscroller.js?3.1
185.178.208.130200 OK 3.2 kB URL HTTP/2 ibradome.com/Libs/Javascript/nanoscroller.js?3.1
IP 185.178.208.130:0
File type ASCII text, with very long lines (10006), with no line terminators
Hash 6fa0b60ab58fc1ac887777a5287ec9c7
1aea37b77ab13fec28cbb8fdbcb594be2ccb8a3a
0384d7c7667533f7ee2a6b02c6e0e799e500a08f3c43708d0dcc95594fd2ac43
GET /Libs/Javascript/nanoscroller.js?3.1 HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4; _ga_QVV6LWHMJT=GS1.1.1664047871.1.0.1664047871.0.0.0; _ga=GA1.1.618316747.1664047872; sb_page_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_onpage_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_main_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_count_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; dom3ic8zudi28v8lr6fgphwffqoz0j6c=f27d47e7-d9f5-407d-9675-74ea0a68e259%3A3%3A1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=31536000
expires: Sun, 24 Sep 2023 19:31:14 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sun, 01 Mar 2020 14:52:22 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 3154
date: Sat, 24 Sep 2022 19:31:14 GMT
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2
ibradome.com/Libs/Javascript/Pages/post.js?3.1
185.178.208.130200 OK 2.3 kB URL HTTP/2 ibradome.com/Libs/Javascript/Pages/post.js?3.1
IP 185.178.208.130:0
File type ASCII text, with very long lines (6423), with no line terminators
Hash 6fd5fc9e3e8301c4660aea30991b0764
48f5b2e5748ab9ce86b6cafe57c5da24566d48fc
bcc609872264d53079dc81e0b5d7c11846e7276414eabe5e5d451699dfbeec87
GET /Libs/Javascript/Pages/post.js?3.1 HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4; _ga_QVV6LWHMJT=GS1.1.1664047871.1.0.1664047871.0.0.0; _ga=GA1.1.618316747.1664047872; sb_page_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_onpage_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_main_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_count_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; dom3ic8zudi28v8lr6fgphwffqoz0j6c=f27d47e7-d9f5-407d-9675-74ea0a68e259%3A3%3A1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=31536000
expires: Sun, 24 Sep 2023 19:31:14 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 17 Mar 2021 02:00:01 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 2276
date: Sat, 24 Sep 2022 19:31:14 GMT
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7c7ea800ead2098437c53ff8af72fc54
6f92ca434ac508c6ade9e6dd4b5b7128b9cf09d3
c0b6c2602c3851630a6037f345a0ea0097ebc3249d1d40eed57d1493be69bd1d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C0B6C2602C3851630A6037F345A0EA0097EBC3249D1D40EED57D1493BE69BD1D"
Last-Modified: Sat, 24 Sep 2022 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17819
Expires: Sun, 25 Sep 2022 00:28:12 GMT
Date: Sat, 24 Sep 2022 19:31:13 GMT
Connection: keep-alive
ibradome.com/Libs/Javascript/players.js?3.1
185.178.208.130200 OK 1.9 kB URL HTTP/2 ibradome.com/Libs/Javascript/players.js?3.1
IP 185.178.208.130:0
File type ASCII text, with very long lines (5722), with no line terminators
Hash a4193460f7e7a063eaabd8f7c0f7f216
28274ad30ce33ba7d7d5363454c287ff92b6ea75
16bc0088ea1dfd0866d3d8342ab671bb26bece10d80a48da0d8f7e8eabf85761
GET /Libs/Javascript/players.js?3.1 HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4; _ga_QVV6LWHMJT=GS1.1.1664047871.1.0.1664047871.0.0.0; _ga=GA1.1.618316747.1664047872; sb_page_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_onpage_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_main_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_count_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; dom3ic8zudi28v8lr6fgphwffqoz0j6c=f27d47e7-d9f5-407d-9675-74ea0a68e259%3A3%3A1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=31536000
expires: Sun, 24 Sep 2023 19:31:14 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 22 Dec 2021 03:16:31 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 1928
date: Sat, 24 Sep 2022 19:31:14 GMT
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2
region1.google-analytics.com/g/collect?v=2&tid=G-QVV6LWHMJT>m=2oe9l0&_p=673350161&cid=618316747.1664047872&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1664047871&sct=1&seg=0&dl=https%3A%2F%2Fibradome.com%2Fleaked%2Fvideo%2F12926%2Fjulieta-allegretti-girlofnox-leaks-video-vi&dt=Julieta%20Allegretti%20GirlofNox%20Leaks%20Video%20VI%20-%20Leaked%20Nudes&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
216.239.34.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-QVV6LWHMJT>m=2oe9l0&_p=673350161&cid=618316747.1664047872&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1664047871&sct=1&seg=0&dl=https%3A%2F%2Fibradome.com%2Fleaked%2Fvideo%2F12926%2Fjulieta-allegretti-girlofnox-leaks-video-vi&dt=Julieta%20Allegretti%20GirlofNox%20Leaks%20Video%20VI%20-%20Leaked%20Nudes&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
IP 216.239.34.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-QVV6LWHMJT>m=2oe9l0&_p=673350161&cid=618316747.1664047872&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1664047871&sct=1&seg=0&dl=https%3A%2F%2Fibradome.com%2Fleaked%2Fvideo%2F12926%2Fjulieta-allegretti-girlofnox-leaks-video-vi&dt=Julieta%20Allegretti%20GirlofNox%20Leaks%20Video%20VI%20-%20Leaked%20Nudes&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ibradome.com
Connection: keep-alive
Referer: https://ibradome.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://ibradome.com
date: Sat, 24 Sep 2022 19:31:13 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3858
Expires: Sat, 24 Sep 2022 20:35:31 GMT
Date: Sat, 24 Sep 2022 19:31:13 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3858
Expires: Sat, 24 Sep 2022 20:35:31 GMT
Date: Sat, 24 Sep 2022 19:31:13 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3858
Expires: Sat, 24 Sep 2022 20:35:31 GMT
Date: Sat, 24 Sep 2022 19:31:13 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3858
Expires: Sat, 24 Sep 2022 20:35:31 GMT
Date: Sat, 24 Sep 2022 19:31:13 GMT
Connection: keep-alive
kw3y5otoeuniv7e9rsi.com/lvesnk.html?zoneid=1846269
62.122.171.6200 OK 8.0 kB URL HTTP/2 kw3y5otoeuniv7e9rsi.com/lvesnk.html?zoneid=1846269
IP 62.122.171.6:0
Hash 02a682b4703bb9d6381c762726c05531
1d7f7b4cfdd7425213a21afdd1d5a5d8d11d0e54
fb672de67420a239fe5d7e2588f640150ed29883fe2a46ded160385e3265004c
Analyzer Verdict Alert quad9 Sinkholed
GET /lvesnk.html?zoneid=1846269 HTTP/1.1
Host: kw3y5otoeuniv7e9rsi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 19:31:11 GMT
content-type: text/html
last-modified: Tue, 23 Aug 2022 09:43:36 GMT
vary: Accept-Encoding
etag: W/"6304a148-e1"
x-js-ab1: current
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2
go6shde9nj2itle.com/get/1846181?zoneid=1846181&jp=_clel2rty8vznxumz6s0mkb&nojs=0&ix=0&abvar=0&t=0&x=801&y=801&wcks=0&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=953479971430025
62.122.171.6200 OK 6.4 kB URL HTTP/2 go6shde9nj2itle.com/get/1846181?zoneid=1846181&jp=_clel2rty8vznxumz6s0mkb&nojs=0&ix=0&abvar=0&t=0&x=801&y=801&wcks=0&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=953479971430025
IP 62.122.171.6:0
Hash cdcb834a48d78fb5488c298f516a11db
102db8a01a2d52a98cfa38d18898bd23900922ea
0a08a2af11e19d97f5efcaf3a680ea1d35080f4011515f44ddf2121043444975
Analyzer Verdict Alert quad9 Sinkholed
GET /get/1846181?zoneid=1846181&jp=_clel2rty8vznxumz6s0mkb&nojs=0&ix=0&abvar=0&t=0&x=801&y=801&wcks=0&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=953479971430025 HTTP/1.1
Host: go6shde9nj2itle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kw3y5otoeuniv7e9rsi.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 19:31:12 GMT
content-type: text/javascript
vary: Accept-Encoding
x-route-id: config
set-cookie: UID=220924143114e20b6fe87b4a3ba04c444e45; Path=/; Expires=Sun, 24 Sep 2023 19:31:12 GMT; HttpOnly; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5039669-74cb-4d54-9208-94257c765b35.jpeg
34.120.237.76200 OK 9.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5039669-74cb-4d54-9208-94257c765b35.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 55d224ac83a417772c98bc5080fb6689
a30f9044330824e70dde0dcc785890d981e6fdf5
b2ea4dea200109019a65834b98e31e8fac718a199513810a2819858be2b4470a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5039669-74cb-4d54-9208-94257c765b35.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9935
x-amzn-requestid: 9eb8463d-172a-40a2-8eed-3c97b1260afe
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y7sQ5FARoAMFXQQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632e2738-3709a2f22ecc033532223b26;Sampled=0
x-amzn-remapped-date: Fri, 23 Sep 2022 21:38:00 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: e5eETCL5yFnoG4HPx0Qv8hjGnlXx5vOL4syMx9uato8nuIHkSvMezg==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Sep 2022 21:53:50 GMT
age: 77843
etag: "a30f9044330824e70dde0dcc785890d981e6fdf5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F85d1d130-04e1-43f4-81d7-b15e9286f813.jpeg
34.120.237.76200 OK 8.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F85d1d130-04e1-43f4-81d7-b15e9286f813.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e1087dcce202bbbc8c84196bd2050662
670d89082f8da643e1196b11fb64bf71707f0e8d
f6a7b6e07177431d7845e2f2b7b1b3b76088671db32aeef580a72e9bd3ddae00
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F85d1d130-04e1-43f4-81d7-b15e9286f813.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8354
x-amzn-requestid: 3ec3470c-2268-4102-af88-27dcfed76bfc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y7sPCGOcoAMF2xQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632e272c-481aa98b413690636fc3a2f0;Sampled=0
x-amzn-remapped-date: Fri, 23 Sep 2022 21:37:48 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: dXqPCGTGK8gW86McTltPuNYKXQgUuSqcL_XbyRQitinH5LsUscmU2w==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 1481cc55c02c3a782ad420b6bac2cb32.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Sep 2022 21:47:49 GMT
age: 78204
etag: "670d89082f8da643e1196b11fb64bf71707f0e8d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd719f7db-20e1-4834-9525-3117f1824f36.webp
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd719f7db-20e1-4834-9525-3117f1824f36.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash aa150280eb113504d61a25935c0f0127
ed04f74fbb4c77b21e2babc51a82857f5e23d169
07df17fffb391aa82efb09e30d97e88fa4dbe6df00e37bb90304f69179f4848e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd719f7db-20e1-4834-9525-3117f1824f36.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10032
x-amzn-requestid: 521c4012-9834-4100-a7ed-30093502f1a9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y7sPBHGYoAMFh-Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632e272c-77b03c321240d76a572d603a;Sampled=0
x-amzn-remapped-date: Fri, 23 Sep 2022 21:37:48 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: lAQOV9_fZ2RFvhRKMtDOeRTWJc-Jo1u-DrtJshcQuCSOUXVbNMjhaw==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 ee8246c5442dace7525c74f6a799bb46.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Sep 2022 21:56:56 GMT
age: 77657
etag: "ed04f74fbb4c77b21e2babc51a82857f5e23d169"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb77ad616-c829-40b4-8b70-2be46252d64c.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb77ad616-c829-40b4-8b70-2be46252d64c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8ea5f06ad31f0cedd2cb5c6df82f35f4
60a83a1618ffae06e49ca3002bac1db9980dcfe8
5f6a4cb92c016ef0f229b11d727e9680a15b10782b5bfe9e66ad9d100b458d8d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb77ad616-c829-40b4-8b70-2be46252d64c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10279
x-amzn-requestid: 0f361c26-1f12-421a-9752-7d4fcdf839ac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4V65GTXIAMF9-Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632cd045-25677a637307879044de8242;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:14:45 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: NcnEyVD-vG10pOpPCBMjKGqVw-rstkPIt-oqkIc5urAGE934fxL0VQ==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Sep 2022 04:12:38 GMT
age: 55115
etag: "60a83a1618ffae06e49ca3002bac1db9980dcfe8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ibradome.com/Libs/Javascript/waypoints.js?3.1
185.178.208.130200 OK 2.4 kB URL HTTP/2 ibradome.com/Libs/Javascript/waypoints.js?3.1
IP 185.178.208.130:0
File type ASCII text, with very long lines (8835), with no line terminators
Hash 6056309ae353de4841b897fe6db8011c
b882aedea5d8d9ba17c8ca52ecfc4b273baf7102
5e2429536605edcc0d1d1e6a51c672309ce82fb6b175e8d78c3d9e775d20ba94
GET /Libs/Javascript/waypoints.js?3.1 HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4; _ga_QVV6LWHMJT=GS1.1.1664047871.1.0.1664047871.0.0.0; _ga=GA1.1.618316747.1664047872; sb_page_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_onpage_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_main_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_count_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; dom3ic8zudi28v8lr6fgphwffqoz0j6c=f27d47e7-d9f5-407d-9675-74ea0a68e259%3A3%3A1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=31536000
expires: Sun, 24 Sep 2023 19:31:14 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sun, 01 Mar 2020 14:52:31 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 2441
date: Sat, 24 Sep 2022 19:31:14 GMT
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2
ibradome.com/Libs/Javascript/media.js?3.1
185.178.208.130200 OK 12 kB URL HTTP/2 ibradome.com/Libs/Javascript/media.js?3.1
IP 185.178.208.130:0
File type ASCII text, with very long lines (45027), with no line terminators
Hash e71c47019c0e825b31621aa6c8a69326
f310401f2ca4d5e985caf712a25044ec5e605cce
b593356791bd4b5c6b801db898ae3544d059d238f9dc721e00eaa501fe557632
GET /Libs/Javascript/media.js?3.1 HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4; _ga_QVV6LWHMJT=GS1.1.1664047871.1.0.1664047871.0.0.0; _ga=GA1.1.618316747.1664047872; sb_page_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_onpage_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_main_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_count_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; dom3ic8zudi28v8lr6fgphwffqoz0j6c=f27d47e7-d9f5-407d-9675-74ea0a68e259%3A3%3A1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=31536000
expires: Sun, 24 Sep 2023 19:31:14 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sat, 30 Apr 2022 04:25:19 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 11976
date: Sat, 24 Sep 2022 19:31:14 GMT
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2
ibradome.com/Libs/Javascript/fbsdk.js?3.1
185.178.208.130200 OK 558 B URL HTTP/2 ibradome.com/Libs/Javascript/fbsdk.js?3.1
IP 185.178.208.130:0
File type ASCII text, with very long lines (1146), with no line terminators
Hash 16257de536576926d5a820a8f596de02
c20ddfc57d774a45c6898f540037617a4b860c9f
303945e576b83c683781722d374d445f86536fb3e6d21b2aaf133413d8e7f5f1
GET /Libs/Javascript/fbsdk.js?3.1 HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4; _ga_QVV6LWHMJT=GS1.1.1664047871.1.0.1664047871.0.0.0; _ga=GA1.1.618316747.1664047872; sb_page_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_onpage_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_main_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_count_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; dom3ic8zudi28v8lr6fgphwffqoz0j6c=f27d47e7-d9f5-407d-9675-74ea0a68e259%3A3%3A1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=31536000
expires: Sun, 24 Sep 2023 19:31:15 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sun, 01 Mar 2020 14:52:17 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 558
date: Sat, 24 Sep 2022 19:31:15 GMT
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2
ibradome.com/love.gif
185.178.208.130200 OK 32 kB IP 185.178.208.130:0
File type GIF image data, version 89a, 64 x 64\012- data
Hash 4fa57f916a2b44a3ff27425249bcc938
9383b3d39d29be770876843b2d9a56019711b639
6b9638958497274e16a9b6f4ef5b5ed4377a5881c4ac2e4613685caa88cf1915
GET /love.gif HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4; _ga_QVV6LWHMJT=GS1.1.1664047871.1.0.1664047871.0.0.0; _ga=GA1.1.618316747.1664047872; sb_page_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_onpage_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_main_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_count_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; dom3ic8zudi28v8lr6fgphwffqoz0j6c=f27d47e7-d9f5-407d-9675-74ea0a68e259%3A3%3A1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:14 GMT
content-type: image/gif
last-modified: Fri, 08 Apr 2022 06:21:07 GMT
accept-ranges: bytes
content-length: 32033
date: Sat, 24 Sep 2022 19:31:14 GMT
vary: User-Agent
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2
ibradome.com/like.gif
185.178.208.130200 OK 28 kB IP 185.178.208.130:0
File type GIF image data, version 89a, 64 x 64\012- data
Hash b8a1352e88c5f175477da0b274d4ebb4
bfeac8115b51e9c44278b97ba4b335d075938e19
f4c145ba8f7830fec576f681e499c0a22942f2d95820d2ec79409ad5668ddf7d
GET /like.gif HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4; _ga_QVV6LWHMJT=GS1.1.1664047871.1.0.1664047871.0.0.0; _ga=GA1.1.618316747.1664047872; sb_page_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_onpage_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_main_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_count_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; dom3ic8zudi28v8lr6fgphwffqoz0j6c=f27d47e7-d9f5-407d-9675-74ea0a68e259%3A3%3A1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:14 GMT
content-type: image/gif
last-modified: Fri, 08 Apr 2022 06:21:20 GMT
accept-ranges: bytes
content-length: 27944
date: Sat, 24 Sep 2022 19:31:14 GMT
vary: User-Agent
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash b63ad57f4ed114ed59cd97a96f14cc62
ded02ddf1ff1985651d264c00f65fba4b0c94dcb
4379a370cec60c404f43ced5cd5b32bde1de5158bdef04cacc7541638331de11
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6565
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 19:31:13 GMT
Last-Modified: Sat, 24 Sep 2022 17:41:48 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 279
ibradome.com/angry.gif
185.178.208.130200 OK 68 kB IP 185.178.208.130:0
File type GIF image data, version 89a, 64 x 64\012- data
Hash 3ff8f13714102ea71c0c9340b7d78bb6
796fcdec979daa1c8b9c4270f0acc92e2858ea04
c41782f1f100d012fb640afe06fedaae222ce96c602c3c84c138ee3b7398c70c
GET /angry.gif HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4; _ga_QVV6LWHMJT=GS1.1.1664047871.1.0.1664047871.0.0.0; _ga=GA1.1.618316747.1664047872; sb_page_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_onpage_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_main_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_count_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; dom3ic8zudi28v8lr6fgphwffqoz0j6c=f27d47e7-d9f5-407d-9675-74ea0a68e259%3A3%3A1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:14 GMT
content-type: image/gif
last-modified: Fri, 08 Apr 2022 06:20:48 GMT
accept-ranges: bytes
content-length: 67846
date: Sat, 24 Sep 2022 19:31:14 GMT
vary: User-Agent
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2
ibradome.com/lol.gif
185.178.208.130200 OK 52 kB IP 185.178.208.130:0
File type GIF image data, version 89a, 64 x 64\012- data
Hash 16d494f1076a6bd937b8c059704c27c1
2ab548a9590922c356870a27b701463f440566da
dc59dcd7db6f7245c78b5c7af69c8c98fc574bc63fa3cd6ce3644f8ee6f6b90e
GET /lol.gif HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4; _ga_QVV6LWHMJT=GS1.1.1664047871.1.0.1664047871.0.0.0; _ga=GA1.1.618316747.1664047872; sb_page_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_onpage_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_main_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_count_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; dom3ic8zudi28v8lr6fgphwffqoz0j6c=f27d47e7-d9f5-407d-9675-74ea0a68e259%3A3%3A1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:14 GMT
content-type: image/gif
last-modified: Fri, 08 Apr 2022 06:21:14 GMT
accept-ranges: bytes
content-length: 51452
date: Sat, 24 Sep 2022 19:31:14 GMT
vary: User-Agent
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2
ibradome.com/sad.gif
185.178.208.130200 OK 72 kB IP 185.178.208.130:0
File type GIF image data, version 89a, 64 x 64\012- data
Hash 911500da121727b7f61c6d22dab3c998
2ab1a8683238bf9264ce7dc17fa5deaa0b64312e
88e2a8efef662991a23d5672fd45266a6e19f002bec49edc65b29e3243e6687d
GET /sad.gif HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4; _ga_QVV6LWHMJT=GS1.1.1664047871.1.0.1664047871.0.0.0; _ga=GA1.1.618316747.1664047872; sb_page_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_onpage_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_main_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_count_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; dom3ic8zudi28v8lr6fgphwffqoz0j6c=f27d47e7-d9f5-407d-9675-74ea0a68e259%3A3%3A1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:14 GMT
content-type: image/gif
last-modified: Fri, 08 Apr 2022 06:21:00 GMT
accept-ranges: bytes
content-length: 71661
date: Sat, 24 Sep 2022 19:31:14 GMT
vary: User-Agent
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2
ibradome.com/what.gif
185.178.208.130200 OK 86 kB IP 185.178.208.130:0
File type GIF image data, version 89a, 64 x 64\012- data
Hash da7f597dd42e2d4face718db07381179
3b0c0ddd42ea0f250ebba30dba725d02a044f44f
06db4240728fe4c12213e97b4493995905d9929311cb6cd8f060897c763017b2
GET /what.gif HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4; _ga_QVV6LWHMJT=GS1.1.1664047871.1.0.1664047871.0.0.0; _ga=GA1.1.618316747.1664047872; sb_page_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_onpage_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_main_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_count_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; dom3ic8zudi28v8lr6fgphwffqoz0j6c=f27d47e7-d9f5-407d-9675-74ea0a68e259%3A3%3A1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:15 GMT
content-type: image/gif
last-modified: Fri, 08 Apr 2022 06:20:54 GMT
accept-ranges: bytes
content-length: 85606
date: Sat, 24 Sep 2022 19:31:15 GMT
vary: User-Agent
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2
wadmargincling.com/sbar.json?key=0a9aec252ec8cc83b9f56ec6b45fa3a9
192.243.61.225200 OK 4.1 kB URL HTTP/1.1 wadmargincling.com/sbar.json?key=0a9aec252ec8cc83b9f56ec6b45fa3a9
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (5930), with no line terminators
Hash a042cfb3ec9a7c6eda9ae96fe98342bb
6d4c8d683a4a9c07bfe2b989d46089c57d0af007
6d510c3508761efeeb9bb519b627f51971c99500c425e88b07e4ccff99fabbd4
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /sbar.json?key=0a9aec252ec8cc83b9f56ec6b45fa3a9 HTTP/1.1
Host: wadmargincling.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ibradome.com
Connection: keep-alive
Referer: https://ibradome.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sat, 24 Sep 2022 19:31:13 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://ibradome.com
Access-Control-Allow-Origin: https://ibradome.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17037017; expires=Sun, 25 Sep 2022 19:31:13 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 25 Sep 2022 19:31:13 GMT; secure; SameSite=None
uncs=1; expires=Sun, 25 Sep 2022 19:31:13 GMT; secure; SameSite=None
pdhtkv29=true; expires=Sun, 25 Sep 2022 19:31:13 GMT; secure; SameSite=None
uncs29=1; expires=Sun, 25 Sep 2022 19:31:13 GMT; secure; SameSite=None
slec0a9aec252ec8cc83b9f56ec6b45fa3a9=[3551994]; expires=Sat, 24 Sep 2022 19:31:18 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1f9042803219751c1cf5e495d17b36e9
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash b63ad57f4ed114ed59cd97a96f14cc62
ded02ddf1ff1985651d264c00f65fba4b0c94dcb
4379a370cec60c404f43ced5cd5b32bde1de5158bdef04cacc7541638331de11
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6565
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 19:31:13 GMT
Last-Modified: Sat, 24 Sep 2022 17:41:48 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 419de8bd44f32435f5730ab5925e843b
6b352afe88897d6f3c3c2944de370eb96c670644
0c74e6e47c5fb7501624f8e88e5e53ad25e0d059a07ff5df2882bcb86b94a62a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6310
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 19:31:14 GMT
Last-Modified: Sat, 24 Sep 2022 17:46:04 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471
connect.facebook.net/en_EN/sdk.js
157.240.200.14200 OK 1.7 kB URL HTTP/2 connect.facebook.net/en_EN/sdk.js
IP 157.240.200.14:0
File type ASCII text, with very long lines (1961)
Hash fa147f69438c529a612f2fa6c1772bd7
bbbac48429e15936d732cd178cc07978c2d8b2df
f140d20e2a6d84aa8bb38d32db33c13a31e261fef1bc947ecc7ecb9cac028182
GET /en_EN/sdk.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: ef8a452728766e8757c20d1f986bc09a
etag: "4c4425f8e0fcc6d50251b9495ff260da"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Sat, 24 Sep 2022 19:33:46 GMT
cache-control: public,max-age=1200,stale-while-revalidate=3600
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: +hR/aUOMUpphLy+mwXcr1w==
x-fb-debug: gS3tlChqkSkqMixfCZS+TCLxbZDeShRaPg83g+ova5iczgkWUT/WvHXYSUS2+mcpnaVS7W+EY6B7IL1Rz9ym8g==
content-length: 1687
x-fb-trip-id: 1679558926
date: Sat, 24 Sep 2022 19:31:14 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 18f73dcabd57eb79e247a6f74eaef381
0cc2a2a586323c4aed2b530f0bb3a3ea39ec6b80
2cce5a62bdfc3e16ea9faeebf636e5ae092ca45c2d7efedfd42ab5abde1518b1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2CCE5A62BDFC3E16EA9FAEEBF636E5AE092CA45C2D7EFEDFD42AB5ABDE1518B1"
Last-Modified: Thu, 22 Sep 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3195
Expires: Sat, 24 Sep 2022 20:24:29 GMT
Date: Sat, 24 Sep 2022 19:31:14 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 419de8bd44f32435f5730ab5925e843b
6b352afe88897d6f3c3c2944de370eb96c670644
0c74e6e47c5fb7501624f8e88e5e53ad25e0d059a07ff5df2882bcb86b94a62a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6310
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 19:31:14 GMT
Last-Modified: Sat, 24 Sep 2022 17:46:04 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471
static.addtoany.com/menu/page.js
104.22.71.197200 OK 1.4 kB URL HTTP/2 static.addtoany.com/menu/page.js
IP 104.22.71.197:0
File type ASCII text, with very long lines (2983), with no line terminators
Hash dda777b3fb809e44fe83a28e92db4c19
963329d580e16f69eea8aff79c89860c10bb9fbd
99ebc91c1fdfbae92ffa1bffded744fe6ba12cf60403e3a97b91cd477d8342bb
GET /menu/page.js HTTP/1.1
Host: static.addtoany.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 24 Sep 2022 19:31:13 GMT
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=172800
cf-bgj: minify
access-control-allow-origin: *
age: 159823
etag: W/"ba7-5e7bb5238fa5f"
last-modified: Sat, 03 Sep 2022 00:56:47 GMT
vary: Accept-Encoding
via: e4s
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 74fdf06c1b4715e8-ARN
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
connect.facebook.net/en_US/sdk.js?hash=8a9d053cab155bced53139a776051d86
157.240.200.14200 OK 87 kB URL HTTP/2 connect.facebook.net/en_US/sdk.js?hash=8a9d053cab155bced53139a776051d86
IP 157.240.200.14:0
File type ASCII text, with very long lines (13260)
Hash 056037d968422b97062fbe0fcb88f272
208ee5050ff0028af76365cf40c05f5d8c89a7f2
43b3a0a03c7e5307b932f53ba4b4488397a044af018abd18030249c339fe98c9
GET /en_US/sdk.js?hash=8a9d053cab155bced53139a776051d86 HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ibradome.com
Connection: keep-alive
Referer: https://ibradome.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: 874ace7593043634cabc79cb7877b6a1
etag: "6941d8b3596168c65be3ab564ec9569b"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Sun, 24 Sep 2023 17:21:11 GMT
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: BWA32WhCK5cGL74Py4jycg==
x-fb-debug: d6us3Hoqbjzm38xXX8hhHkblU+7GE0z42WiieaMrNYAWTzIbGDz13YMegbVBW6OnpWyuH+hWW0qQ+CuZWVBN7w==
priority: u=3,i
content-length: 87332
x-fb-trip-id: 1679558926
date: Sat, 24 Sep 2022 19:31:14 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.addtoany.com/menu/modules/core.e18d3993.js
104.22.71.197200 OK 26 kB URL HTTP/2 static.addtoany.com/menu/modules/core.e18d3993.js
IP 104.22.71.197:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash de4f7edb69961e9bb11c2d5bc134d567
8ecff4fc515c9e765388c6370b27420bd5ae19e7
8661b19b9be07023fd81effa9fdd6f0f335b5099a513aa4e4e607fbf51b32f4e
GET /menu/modules/core.e18d3993.js HTTP/1.1
Host: static.addtoany.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ibradome.com
Connection: keep-alive
Referer: https://ibradome.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 24 Sep 2022 19:31:14 GMT
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000, immutable
cf-bgj: minify
access-control-allow-origin: *
age: 850990
etag: W/"11891-5e7bb52267bff"
last-modified: Sat, 03 Sep 2022 00:56:46 GMT
vary: Accept-Encoding
via: e3s
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 74fdf06c789b1685-ARN
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a0f884d959b986684bb199e29ea6c2af
91d2654bea2dd92ae95b844b32cc345d16c398b7
3d98dc7fc457cb7b3ed70e41609f5f4d5e1c14da530dc876d2a695db704238ed
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "3D98DC7FC457CB7B3ED70E41609F5F4D5E1C14DA530DC876D2A695DB704238ED"
Last-Modified: Sat, 24 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10199
Expires: Sat, 24 Sep 2022 22:21:13 GMT
Date: Sat, 24 Sep 2022 19:31:14 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a0f884d959b986684bb199e29ea6c2af
91d2654bea2dd92ae95b844b32cc345d16c398b7
3d98dc7fc457cb7b3ed70e41609f5f4d5e1c14da530dc876d2a695db704238ed
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "3D98DC7FC457CB7B3ED70E41609F5F4D5E1C14DA530DC876D2A695DB704238ED"
Last-Modified: Sat, 24 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10199
Expires: Sat, 24 Sep 2022 22:21:13 GMT
Date: Sat, 24 Sep 2022 19:31:14 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a0f884d959b986684bb199e29ea6c2af
91d2654bea2dd92ae95b844b32cc345d16c398b7
3d98dc7fc457cb7b3ed70e41609f5f4d5e1c14da530dc876d2a695db704238ed
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "3D98DC7FC457CB7B3ED70E41609F5F4D5E1C14DA530DC876D2A695DB704238ED"
Last-Modified: Sat, 24 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10199
Expires: Sat, 24 Sep 2022 22:21:13 GMT
Date: Sat, 24 Sep 2022 19:31:14 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a0f884d959b986684bb199e29ea6c2af
91d2654bea2dd92ae95b844b32cc345d16c398b7
3d98dc7fc457cb7b3ed70e41609f5f4d5e1c14da530dc876d2a695db704238ed
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "3D98DC7FC457CB7B3ED70E41609F5F4D5E1C14DA530DC876D2A695DB704238ED"
Last-Modified: Sat, 24 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10199
Expires: Sat, 24 Sep 2022 22:21:13 GMT
Date: Sat, 24 Sep 2022 19:31:14 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a0f884d959b986684bb199e29ea6c2af
91d2654bea2dd92ae95b844b32cc345d16c398b7
3d98dc7fc457cb7b3ed70e41609f5f4d5e1c14da530dc876d2a695db704238ed
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "3D98DC7FC457CB7B3ED70E41609F5F4D5E1C14DA530DC876D2A695DB704238ED"
Last-Modified: Sat, 24 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10199
Expires: Sat, 24 Sep 2022 22:21:13 GMT
Date: Sat, 24 Sep 2022 19:31:14 GMT
Connection: keep-alive
wadmargincling.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Ffacebook%2Fjs%2Fscript.js&l=444&fd=273
192.243.61.225200 OK 0 B URL HTTP/1.1 wadmargincling.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Ffacebook%2Fjs%2Fscript.js&l=444&fd=273
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Ffacebook%2Fjs%2Fscript.js&l=444&fd=273 HTTP/1.1
Host: wadmargincling.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/
Cookie: u_pl=17037017; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec0a9aec252ec8cc83b9f56ec6b45fa3a9=[3551994]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sat, 24 Sep 2022 19:31:14 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d6ee5ae00f81eebec5b2df19615bf961
a5dad2f2ab11f399da5016e8d944fd3422a03974
2b0151b6a2c52676ab8de2403c9d6854439051654eacea98975c1ae070659439
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2B0151B6A2C52676AB8DE2403C9D6854439051654EACEA98975C1AE070659439"
Last-Modified: Sat, 24 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16138
Expires: Sun, 25 Sep 2022 00:00:12 GMT
Date: Sat, 24 Sep 2022 19:31:14 GMT
Connection: keep-alive
www.facebook.com/v2.8/plugins/comments.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2b4a8ec200312a%26domain%3Dibradome.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fibradome.com%252Ff67f8a1bc4c456%26relation%3Dparent.parent&container_width=0&height=100&href=https%3A%2F%2Fibradome.com%2Fleaked%2Fvideo%2F12926%2Fjulieta-allegretti-girlofnox-leaks-video-vi%3Fid%3D12926%26tytul%3Djulieta-allegretti-girlofnox-leaks-video-vi&locale=en_US&numposts=5&sdk=joey&version=v2.8&width=
157.240.200.35200 OK 0 B URL HTTP/2 www.facebook.com/v2.8/plugins/comments.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2b4a8ec200312a%26domain%3Dibradome.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fibradome.com%252Ff67f8a1bc4c456%26relation%3Dparent.parent&container_width=0&height=100&href=https%3A%2F%2Fibradome.com%2Fleaked%2Fvideo%2F12926%2Fjulieta-allegretti-girlofnox-leaks-video-vi%3Fid%3D12926%26tytul%3Djulieta-allegretti-girlofnox-leaks-video-vi&locale=en_US&numposts=5&sdk=joey&version=v2.8&width=
IP 157.240.200.35:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v2.8/plugins/comments.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2b4a8ec200312a%26domain%3Dibradome.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fibradome.com%252Ff67f8a1bc4c456%26relation%3Dparent.parent&container_width=0&height=100&href=https%3A%2F%2Fibradome.com%2Fleaked%2Fvideo%2F12926%2Fjulieta-allegretti-girlofnox-leaks-video-vi%3Fid%3D12926%26tytul%3Djulieta-allegretti-girlofnox-leaks-video-vi&locale=en_US&numposts=5&sdk=joey&version=v2.8&width= HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html;charset=utf-8
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
x-fb-debug: J4456qpaZV3hLGF6LlCgELFSDW3wRxDjTefM6pNRrbdtz+lvHE3Zq9CDtC/55hVoxrLfytDHUc2g6GujdPY9dg==
content-length: 0
date: Sat, 24 Sep 2022 19:31:14 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
142.250.74.163200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ibradome.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 21 Sep 2022 19:34:08 GMT
expires: Thu, 21 Sep 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 259026
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.cloudimagesb.com/si/a5/38/82/a538823dc3936f2d56da6943c137a79d/1658144826.jpg
45.133.44.10200 OK 17 kB URL HTTP/2 cdn.cloudimagesb.com/si/a5/38/82/a538823dc3936f2d56da6943c137a79d/1658144826.jpg
IP 45.133.44.10:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3\012- data
Hash 11e8fa77a29b9c78b6a9b759abff4667
b67f409f364c567805e7fcd0d9f14fe882cf0592
27e7345cc77747f44f5acbc02bf5afbebb0d831a4e4f06a171d7876382ffd049
GET /si/a5/38/82/a538823dc3936f2d56da6943c137a79d/1658144826.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 24 Sep 2022 19:31:14 GMT
content-type: image/jpeg
content-length: 16913
server: nginx/1.17.6
last-modified: Mon, 18 Jul 2022 11:47:14 GMT
etag: "62d54842-4211"
expires: Mon, 26 Sep 2022 19:31:14 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
wadmargincling.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Ffacebook%2Fcss%2Fanimate.css&l=79245&fd=278
192.243.61.225200 OK 0 B URL HTTP/1.1 wadmargincling.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Ffacebook%2Fcss%2Fanimate.css&l=79245&fd=278
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Ffacebook%2Fcss%2Fanimate.css&l=79245&fd=278 HTTP/1.1
Host: wadmargincling.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/
Cookie: u_pl=17037017; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec0a9aec252ec8cc83b9f56ec6b45fa3a9=[3551994]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sat, 24 Sep 2022 19:31:14 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.sb4you1.com/sb/ssp/utility/social-media/facebook/img/close.svg
172.64.200.2200 OK 1.1 kB URL HTTP/2 cdn.sb4you1.com/sb/ssp/utility/social-media/facebook/img/close.svg
IP 172.64.200.2:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash ed6d7fbf91f25a61e46c6f8db4640bc4
2639032594e452b42246306c541338d3bada03b7
5a0443b84126cc154925c4d5a3cecdc647050a561366f1de2be997e9ff68d018
GET /sb/ssp/utility/social-media/facebook/img/close.svg HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 24 Sep 2022 19:31:14 GMT
content-type: image/svg+xml
last-modified: Thu, 11 Feb 2021 15:13:59 GMT
etag: W/"602549b7-52a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 4526816
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wmgMAOxAVw0hDWQPtenWE2KA6p7ZNcjM%2BDpQwD6TSTNSdFrRrGZkqmpg66qXbf%2BcGTVqtovv5IWWPES3aOgwOZ25RlpHiC98W4x2Dj2eYqJioRM43XqtSVFNQn9oW4jns04%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74fdf06f5c0071f3-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
wadmargincling.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSzWskRRytTuJBvKjkIqgMeFlFJt3zPe4hGGOWYPbDXUXBg9RXT2pT3dVUdU9PxktwQfbgYfwPOm%2BSDWp20avgIp0FYXPKeMrBwP4NC3vwIDKzwegPit%2Breq%2Fg%2FT6%2B2c3OiI%2BMnq5eNUOlNV1qVv3Kpc%2BD4HJlQ8XZoDLotL5sNS5XbP%2B9bqvqv125IvmWWar5ge8HflBZU1aGZrA0JaGSw25Q7frVRq0aNBsY2P%2FfXebBUQ%2Bif0ZehRKThUfeIhQvEUc%2FrUq3lZrk3Q%2BjTNPUWPTFwafxVmzyGNEFDK2HMD44V8O4k7WHMPH%2BzC5M%2F18hUxPi%2Ff4QLD44NwnW35v5ZBoyBhMvIe%2BXkLqEoiW4uQMlTgjABa5dRxzdu2ZsTrefs3TKTsjCs6dQ%2BYQs%2FLmIOHqwotWgcsvoLFUmdhiEBdSghOqVSLIjpMM5qPwIPP0aShDEUQElilnNSpVQYQktR6DOQzY9ykMWesgSD5E4rfAgCNq%2B4NTvdDmvi7ZkLeEHtB0GNPBbHWR8amuENBmB6xG43UFid7ClRrDZb3CbBZzw4NIJ8T7eQV8UyCVB7ghySpArgjwlyPvFvtCu5op7QruMBee5dp7rxdikvV26b9KejMluckZemfbDm392ii15WvFpl0pea9Yk73DeqbNu2GxJ3mKNZkjrtAunCig3Nyt1qCZk7p23kEzzpToYPYLTR%2BDqZdDsDdB83K75oJvjRsfHMD5UzFJhIlnlJoIwBZL0BaTb3q4%2BI6%2FN5tKq%2FQXJj5cfP7nyYHH4BNwWSGyB2%2BoRQU%2FfHd80Odm7aXJHfr6epCpSQzqd2a2UpnL%2Bh4%2Fkdm6sWF91o%2B%2Ff51NiCg8%2FkS7doLFQcc%2BRH1eUENKuGcsl%2BXXdfSbZjcxtrmQ2zpKNGx%2BsrUeJlc4pE5eg6sR9C64m5EVqZsv4%2Bu1foGwJmxWIsmNyHlDmCDzZgUsu3DszD6svNCzxkGfF2NbYxaNWE1J7%2BhhaHi%2Ff%2F4pfvR%2F8DcoKOPmfjxd4191Fz74Jmt6Z7WHfFujrAlSP4LL5cZrY4%2BU%2F6rMA096YaevtMW31d8%2Fb69Rppe6LNpOhbDPZaDZCyQVrNpnPQ87qotPhSN2EL33h%2FQMAAP%2F%2FAQAA%2F%2F9y5kmSWwQAAA%3D%3D
192.243.61.225200 OK 7 B URL HTTP/1.1 wadmargincling.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSzWskRRytTuJBvKjkIqgMeFlFJt3zPe4hGGOWYPbDXUXBg9RXT2pT3dVUdU9PxktwQfbgYfwPOm%2BSDWp20avgIp0FYXPKeMrBwP4NC3vwIDKzwegPit%2Breq%2Fg%2FT6%2B2c3OiI%2BMnq5eNUOlNV1qVv3Kpc%2BD4HJlQ8XZoDLotL5sNS5XbP%2B9bqvqv125IvmWWar5ge8HflBZU1aGZrA0JaGSw25Q7frVRq0aNBsY2P%2FfXebBUQ%2Bif0ZehRKThUfeIhQvEUc%2FrUq3lZrk3Q%2BjTNPUWPTFwafxVmzyGNEFDK2HMD44V8O4k7WHMPH%2BzC5M%2F18hUxPi%2Ff4QLD44NwnW35v5ZBoyBhMvIe%2BXkLqEoiW4uQMlTgjABa5dRxzdu2ZsTrefs3TKTsjCs6dQ%2BYQs%2FLmIOHqwotWgcsvoLFUmdhiEBdSghOqVSLIjpMM5qPwIPP0aShDEUQElilnNSpVQYQktR6DOQzY9ykMWesgSD5E4rfAgCNq%2B4NTvdDmvi7ZkLeEHtB0GNPBbHWR8amuENBmB6xG43UFid7ClRrDZb3CbBZzw4NIJ8T7eQV8UyCVB7ghySpArgjwlyPvFvtCu5op7QruMBee5dp7rxdikvV26b9KejMluckZemfbDm392ii15WvFpl0pea9Yk73DeqbNu2GxJ3mKNZkjrtAunCig3Nyt1qCZk7p23kEzzpToYPYLTR%2BDqZdDsDdB83K75oJvjRsfHMD5UzFJhIlnlJoIwBZL0BaTb3q4%2BI6%2FN5tKq%2FQXJj5cfP7nyYHH4BNwWSGyB2%2BoRQU%2FfHd80Odm7aXJHfr6epCpSQzqd2a2UpnL%2Bh4%2Fkdm6sWF91o%2B%2Ff51NiCg8%2FkS7doLFQcc%2BRH1eUENKuGcsl%2BXXdfSbZjcxtrmQ2zpKNGx%2BsrUeJlc4pE5eg6sR9C64m5EVqZsv4%2Bu1foGwJmxWIsmNyHlDmCDzZgUsu3DszD6svNCzxkGfF2NbYxaNWE1J7%2BhhaHi%2Ff%2F4pfvR%2F8DcoKOPmfjxd4191Fz74Jmt6Z7WHfFujrAlSP4LL5cZrY4%2BU%2F6rMA096YaevtMW31d8%2Fb69Rppe6LNpOhbDPZaDZCyQVrNpnPQ87qotPhSN2EL33h%2FQMAAP%2F%2FAQAA%2F%2F9y5kmSWwQAAA%3D%3D
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSzWskRRytTuJBvKjkIqgMeFlFJt3zPe4hGGOWYPbDXUXBg9RXT2pT3dVUdU9PxktwQfbgYfwPOm%2BSDWp20avgIp0FYXPKeMrBwP4NC3vwIDKzwegPit%2Breq%2Fg%2FT6%2B2c3OiI%2BMnq5eNUOlNV1qVv3Kpc%2BD4HJlQ8XZoDLotL5sNS5XbP%2B9bqvqv125IvmWWar5ge8HflBZU1aGZrA0JaGSw25Q7frVRq0aNBsY2P%2FfXebBUQ%2Bif0ZehRKThUfeIhQvEUc%2FrUq3lZrk3Q%2BjTNPUWPTFwafxVmzyGNEFDK2HMD44V8O4k7WHMPH%2BzC5M%2F18hUxPi%2Ff4QLD44NwnW35v5ZBoyBhMvIe%2BXkLqEoiW4uQMlTgjABa5dRxzdu2ZsTrefs3TKTsjCs6dQ%2BYQs%2FLmIOHqwotWgcsvoLFUmdhiEBdSghOqVSLIjpMM5qPwIPP0aShDEUQElilnNSpVQYQktR6DOQzY9ykMWesgSD5E4rfAgCNq%2B4NTvdDmvi7ZkLeEHtB0GNPBbHWR8amuENBmB6xG43UFid7ClRrDZb3CbBZzw4NIJ8T7eQV8UyCVB7ghySpArgjwlyPvFvtCu5op7QruMBee5dp7rxdikvV26b9KejMluckZemfbDm392ii15WvFpl0pea9Yk73DeqbNu2GxJ3mKNZkjrtAunCig3Nyt1qCZk7p23kEzzpToYPYLTR%2BDqZdDsDdB83K75oJvjRsfHMD5UzFJhIlnlJoIwBZL0BaTb3q4%2BI6%2FN5tKq%2FQXJj5cfP7nyYHH4BNwWSGyB2%2BoRQU%2FfHd80Odm7aXJHfr6epCpSQzqd2a2UpnL%2Bh4%2Fkdm6sWF91o%2B%2Ff51NiCg8%2FkS7doLFQcc%2BRH1eUENKuGcsl%2BXXdfSbZjcxtrmQ2zpKNGx%2BsrUeJlc4pE5eg6sR9C64m5EVqZsv4%2Bu1foGwJmxWIsmNyHlDmCDzZgUsu3DszD6svNCzxkGfF2NbYxaNWE1J7%2BhhaHi%2Ff%2F4pfvR%2F8DcoKOPmfjxd4191Fz74Jmt6Z7WHfFujrAlSP4LL5cZrY4%2BU%2F6rMA096YaevtMW31d8%2Fb69Rppe6LNpOhbDPZaDZCyQVrNpnPQ87qotPhSN2EL33h%2FQMAAP%2F%2FAQAA%2F%2F9y5kmSWwQAAA%3D%3D HTTP/1.1
Host: wadmargincling.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/
Cookie: u_pl=17037017; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec0a9aec252ec8cc83b9f56ec6b45fa3a9=[3551994]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sat, 24 Sep 2022 19:31:14 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7cc0e54c514d3c7231fb4a9b14e24273
Strict-Transport-Security: max-age=0; includeSubdomains
wadmargincling.com/pixel/sbs?c=1
192.243.61.225200 OK 0 B URL HTTP/1.1 wadmargincling.com/pixel/sbs?c=1
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: wadmargincling.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/
Cookie: u_pl=17037017; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec0a9aec252ec8cc83b9f56ec6b45fa3a9=[3551994]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sat, 24 Sep 2022 19:31:14 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
wadmargincling.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Ffacebook%2Fcss%2Fstyle.css&l=6334&fd=278
192.243.61.225200 OK 0 B URL HTTP/1.1 wadmargincling.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Ffacebook%2Fcss%2Fstyle.css&l=6334&fd=278
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Ffacebook%2Fcss%2Fstyle.css&l=6334&fd=278 HTTP/1.1
Host: wadmargincling.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/
Cookie: u_pl=17037017; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec0a9aec252ec8cc83b9f56ec6b45fa3a9=[3551994]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sat, 24 Sep 2022 19:31:14 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
unseenreport.com/pxf.gif?uuid=f27d47e7-d9f5-407d-9675-74ea0a68e259&eb=da08d6844107154a138edda4653a0f4b&te=f6ce28b9ffd697cd2ee52a12f20448bb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.31&b_frame=0&pk=0a9aec252ec8cc83b9f56ec6b45fa3a9&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=19
192.243.59.12200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=f27d47e7-d9f5-407d-9675-74ea0a68e259&eb=da08d6844107154a138edda4653a0f4b&te=f6ce28b9ffd697cd2ee52a12f20448bb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.31&b_frame=0&pk=0a9aec252ec8cc83b9f56ec6b45fa3a9&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=19
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=f27d47e7-d9f5-407d-9675-74ea0a68e259&eb=da08d6844107154a138edda4653a0f4b&te=f6ce28b9ffd697cd2ee52a12f20448bb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.31&b_frame=0&pk=0a9aec252ec8cc83b9f56ec6b45fa3a9&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=19 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sat, 24 Sep 2022 19:31:15 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ad9e842d63ab0c1e90d57b15c42fc29b
Strict-Transport-Security: max-age=0; includeSubdomains
kw3y5otoeuniv7e9rsi.com/get/1846521?zoneid=1846521&jp=_clk93c161iqyclnqt2u7z2&nojs=0&ix=0&abvar=0&t=0&x=801&y=801&wcks=0&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=953479971379929
62.122.171.6200 OK 0 B URL HTTP/2 kw3y5otoeuniv7e9rsi.com/get/1846521?zoneid=1846521&jp=_clk93c161iqyclnqt2u7z2&nojs=0&ix=0&abvar=0&t=0&x=801&y=801&wcks=0&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=953479971379929
IP 62.122.171.6:0
Analyzer Verdict Alert quad9 Sinkholed
GET /get/1846521?zoneid=1846521&jp=_clk93c161iqyclnqt2u7z2&nojs=0&ix=0&abvar=0&t=0&x=801&y=801&wcks=0&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=953479971379929 HTTP/1.1
Host: kw3y5otoeuniv7e9rsi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kw3y5otoeuniv7e9rsi.com/lvesnk.html?zoneid=1846521
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 19:31:12 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-route-id: config
set-cookie: UID=22092414316ca5fb431f3b4a61ab85fcb89a; Path=/; Expires=Sun, 24 Sep 2023 19:31:12 GMT; HttpOnly; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
kw3y5otoeuniv7e9rsi.com/lvesnk.html?zoneid=1882689
62.122.171.6200 OK 0 B URL HTTP/2 kw3y5otoeuniv7e9rsi.com/lvesnk.html?zoneid=1882689
IP 62.122.171.6:0
Analyzer Verdict Alert quad9 Sinkholed
GET /lvesnk.html?zoneid=1882689 HTTP/1.1
Host: kw3y5otoeuniv7e9rsi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 19:31:11 GMT
content-type: text/html
last-modified: Tue, 23 Aug 2022 09:43:36 GMT
vary: Accept-Encoding
etag: W/"6304a148-e1"
x-js-ab1: current
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2
kw3y5otoeuniv7e9rsi.com/lvesnk.html?zoneid=1882689
62.122.171.6200 OK 0 B URL HTTP/2 kw3y5otoeuniv7e9rsi.com/lvesnk.html?zoneid=1882689
IP 62.122.171.6:0
Analyzer Verdict Alert quad9 Sinkholed
GET /lvesnk.html?zoneid=1882689 HTTP/1.1
Host: kw3y5otoeuniv7e9rsi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 19:31:11 GMT
content-type: text/html
last-modified: Tue, 23 Aug 2022 09:43:36 GMT
vary: Accept-Encoding
etag: W/"6304a148-e1"
x-js-ab1: current
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2
ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
185.178.208.130200 OK 0 B URL HTTP/2 ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
IP 185.178.208.130:0
GET /leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
set-cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4; Domain=.ibradome.com; HttpOnly; Path=/; Expires=Sun, 24-Sep-2023 19:31:11 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-type: text/html; charset=UTF-8
etag: "22675397-1664047865;br"
x-litespeed-cache: hit
content-encoding: br
vary: Accept-Encoding,User-Agent
date: Sat, 24 Sep 2022 19:31:12 GMT
x-ua-compatible: IE=edge
X-Firefox-Spdy: h2
kw3y5otoeuniv7e9rsi.com/lvesnk.html?zoneid=1846179
62.122.171.6200 OK 0 B URL HTTP/2 kw3y5otoeuniv7e9rsi.com/lvesnk.html?zoneid=1846179
IP 62.122.171.6:0
Analyzer Verdict Alert quad9 Sinkholed
GET /lvesnk.html?zoneid=1846179 HTTP/1.1
Host: kw3y5otoeuniv7e9rsi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 19:31:11 GMT
content-type: text/html
last-modified: Tue, 23 Aug 2022 09:43:36 GMT
vary: Accept-Encoding
etag: W/"6304a148-e1"
x-js-ab1: var29
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2
kw3y5otoeuniv7e9rsi.com/get/1882689?zoneid=1882689&jp=_clmszzvpgq38wl3pqpe4ez&nojs=0&ix=0&abvar=0&t=0&x=801&y=801&wcks=0&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=8553304342657739
62.122.171.6200 OK 0 B URL HTTP/2 kw3y5otoeuniv7e9rsi.com/get/1882689?zoneid=1882689&jp=_clmszzvpgq38wl3pqpe4ez&nojs=0&ix=0&abvar=0&t=0&x=801&y=801&wcks=0&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=8553304342657739
IP 62.122.171.6:0
Analyzer Verdict Alert quad9 Sinkholed
GET /get/1882689?zoneid=1882689&jp=_clmszzvpgq38wl3pqpe4ez&nojs=0&ix=0&abvar=0&t=0&x=801&y=801&wcks=0&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=8553304342657739 HTTP/1.1
Host: kw3y5otoeuniv7e9rsi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kw3y5otoeuniv7e9rsi.com/lvesnk.html?zoneid=1882689
Cookie: UID=22092414316ca5fb431f3b4a61ab85fcb89a
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 19:31:12 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-route-id: config
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
kw3y5otoeuniv7e9rsi.com/lvesnk.html?zoneid=1882687
62.122.171.6200 OK 0 B URL HTTP/2 kw3y5otoeuniv7e9rsi.com/lvesnk.html?zoneid=1882687
IP 62.122.171.6:0
Analyzer Verdict Alert quad9 Sinkholed
GET /lvesnk.html?zoneid=1882687 HTTP/1.1
Host: kw3y5otoeuniv7e9rsi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 19:31:11 GMT
content-type: text/html
last-modified: Tue, 23 Aug 2022 09:43:36 GMT
vary: Accept-Encoding
etag: W/"6304a148-e1"
x-js-ab1: current
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2
kw3y5otoeuniv7e9rsi.com/get/1846179?zoneid=1846179&jp=_clqtt9rvy7qi3ev16pul5i&nojs=0&ix=0&abvar=29&t=0&x=801&y=801&wcks=0&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=8553304342586463
62.122.171.6200 OK 0 B URL HTTP/2 kw3y5otoeuniv7e9rsi.com/get/1846179?zoneid=1846179&jp=_clqtt9rvy7qi3ev16pul5i&nojs=0&ix=0&abvar=29&t=0&x=801&y=801&wcks=0&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=8553304342586463
IP 62.122.171.6:0
Analyzer Verdict Alert quad9 Sinkholed
GET /get/1846179?zoneid=1846179&jp=_clqtt9rvy7qi3ev16pul5i&nojs=0&ix=0&abvar=29&t=0&x=801&y=801&wcks=0&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=8553304342586463 HTTP/1.1
Host: kw3y5otoeuniv7e9rsi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kw3y5otoeuniv7e9rsi.com/lvesnk.html?zoneid=1846179
Cookie: UID=22092414316ca5fb431f3b4a61ab85fcb89a
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 19:31:12 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-route-id: config
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
static.addtoany.com/menu/svg/icons.30.svg.js
104.22.71.197200 OK 0 B URL HTTP/2 static.addtoany.com/menu/svg/icons.30.svg.js
IP 104.22.71.197:0
GET /menu/svg/icons.30.svg.js HTTP/1.1
Host: static.addtoany.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 24 Sep 2022 19:31:13 GMT
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000, immutable
cf-bgj: minify
access-control-allow-origin: *
age: 851027
etag: W/"132a9-5d0656e4a26b3"
last-modified: Wed, 10 Nov 2021 01:49:04 GMT
vary: Accept-Encoding
via: e3s
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 74fdf06c5bc215e8-ARN
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.sb4you1.com/sb/ssp/utility/social-media/facebook/js/script.js
172.64.200.2200 OK 0 B URL HTTP/2 cdn.sb4you1.com/sb/ssp/utility/social-media/facebook/js/script.js
IP 172.64.200.2:0
GET /sb/ssp/utility/social-media/facebook/js/script.js HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ibradome.com
Connection: keep-alive
Referer: https://ibradome.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 24 Sep 2022 19:31:14 GMT
content-type: application/javascript
last-modified: Sat, 20 Feb 2021 08:47:14 GMT
etag: W/"6030cc92-1bc"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 31005
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r9PH5Rq2wDwLkjO16Cw4qIkOaSpNEa69xE0Dm%2Fb96Ji5uScZABPRC7FF6avUyk%2FpPQ4CNFGiTNHw7X80fITpV0xUkeYoLdDcOZPgb715WAIWfaujhnLqo3nrlj6S9fZmA%2Bg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74fdf06f5c295476-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
kw3y5otoeuniv7e9rsi.com/lvesnk.html?zoneid=1846521
62.122.171.6200 OK 0 B URL HTTP/2 kw3y5otoeuniv7e9rsi.com/lvesnk.html?zoneid=1846521
IP 62.122.171.6:0
Analyzer Verdict Alert quad9 Sinkholed
GET /lvesnk.html?zoneid=1846521 HTTP/1.1
Host: kw3y5otoeuniv7e9rsi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 19:31:11 GMT
content-type: text/html
last-modified: Tue, 23 Aug 2022 09:43:36 GMT
vary: Accept-Encoding
etag: W/"6304a148-e1"
x-js-ab1: current
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2
ibradome.com/Uploads/Icons/cat-13.png
185.178.208.130200 OK 0 B URL HTTP/2 ibradome.com/Uploads/Icons/cat-13.png
IP 185.178.208.130:0
GET /Uploads/Icons/cat-13.png HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:12 GMT
content-type: image/png
last-modified: Mon, 03 Sep 2018 16:41:26 GMT
accept-ranges: bytes
content-length: 12424
date: Sat, 24 Sep 2022 19:31:12 GMT
vary: User-Agent
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2
go6shde9nj2itle.com/get/1846181?zoneid=1846181&jp=_cl8ldpn4q59lrgz34a25yt&nojs=0&ix=0&abvar=0&t=0&x=801&y=801&wcks=0&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=7427404435798260
62.122.171.6200 OK 0 B URL HTTP/2 go6shde9nj2itle.com/get/1846181?zoneid=1846181&jp=_cl8ldpn4q59lrgz34a25yt&nojs=0&ix=0&abvar=0&t=0&x=801&y=801&wcks=0&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=7427404435798260
IP 62.122.171.6:0
Analyzer Verdict Alert quad9 Sinkholed
GET /get/1846181?zoneid=1846181&jp=_cl8ldpn4q59lrgz34a25yt&nojs=0&ix=0&abvar=0&t=0&x=801&y=801&wcks=0&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=7427404435798260 HTTP/1.1
Host: go6shde9nj2itle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kw3y5otoeuniv7e9rsi.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 19:31:12 GMT
content-type: text/javascript
vary: Accept-Encoding
x-route-id: config
set-cookie: UID=22092414313dba3a79cf4044e3b2e32b82f7; Path=/; Expires=Sun, 24 Sep 2023 19:31:12 GMT; HttpOnly; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
static.addtoany.com/menu/sm.23.html
104.22.71.197200 OK 0 B URL HTTP/2 static.addtoany.com/menu/sm.23.html
IP 104.22.71.197:0
GET /menu/sm.23.html HTTP/1.1
Host: static.addtoany.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 24 Sep 2022 19:31:13 GMT
content-type: text/html; charset=utf-8
last-modified: Wed, 22 Sep 2021 23:42:51 GMT
etag: W/"2e5-5cc9e128a4c38"
cache-control: max-age=315360000, immutable
age: 851027
vary: Accept-Encoding
via: e1s
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 74fdf06c5bc315e8-ARN
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
theporngrid.com/Uploads/Media/May22/Mon16/12926/c2e3dd88.mp4
185.178.208.131206 Partial Content 0 B URL HTTP/2 theporngrid.com/Uploads/Media/May22/Mon16/12926/c2e3dd88.mp4
IP 185.178.208.131:0
GET /Uploads/Media/May22/Mon16/12926/c2e3dd88.mp4 HTTP/1.1
Host: theporngrid.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://ibradome.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 206 Partial Content
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
set-cookie: __ddg1_=uHjD1e8EPilHkqlHnyfX; Domain=.theporngrid.com; HttpOnly; Path=/; Expires=Sun, 24-Sep-2023 19:31:12 GMT
date: Sat, 24 Sep 2022 19:31:12 GMT
content-type: video/mp4
content-length: 1901320
last-modified: Mon, 16 May 2022 18:22:49 GMT
etag: "62829679-1d0308"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-range: bytes 0-1901319/1901320
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2
go6shde9nj2itle.com/aas/r45d/vki/1846181/e4f5b7dc.js
62.122.171.6200 OK 0 B URL HTTP/2 go6shde9nj2itle.com/aas/r45d/vki/1846181/e4f5b7dc.js
IP 62.122.171.6:0
Analyzer Verdict Alert quad9 Sinkholed
GET /aas/r45d/vki/1846181/e4f5b7dc.js HTTP/1.1
Host: go6shde9nj2itle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kw3y5otoeuniv7e9rsi.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 19:31:12 GMT
content-type: application/javascript
last-modified: Wed, 07 Sep 2022 13:38:24 GMT
vary: Accept-Encoding
etag: W/"63189ed0-1091a"
x-js-ab1: current
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.sb4you1.com/sb/ssp/utility/social-media/facebook/css/animate.css
172.64.200.2200 OK 0 B URL HTTP/2 cdn.sb4you1.com/sb/ssp/utility/social-media/facebook/css/animate.css
IP 172.64.200.2:0
GET /sb/ssp/utility/social-media/facebook/css/animate.css HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ibradome.com
Connection: keep-alive
Referer: https://ibradome.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 24 Sep 2022 19:31:14 GMT
content-type: text/css
last-modified: Sat, 20 Feb 2021 08:44:40 GMT
etag: W/"6030cbf8-1358d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 76793
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HRlGiznICtTR9r5hbE0yo6ssZs4mO%2B5jcPXPxQO4l0OTCNvQrCQ%2B4VS%2FBiCELWcHM2iVTPht2EdMLZGFmjuTMOuXzJ6e4q83tKQs9xrs597STqw0HRkrr1HelF%2FFXqwdZOU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74fdf06f5c2f5476-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
kw3y5otoeuniv7e9rsi.com/lvesnk.html?zoneid=1882688
62.122.171.6200 OK 0 B URL HTTP/2 kw3y5otoeuniv7e9rsi.com/lvesnk.html?zoneid=1882688
IP 62.122.171.6:0
Analyzer Verdict Alert quad9 Sinkholed
GET /lvesnk.html?zoneid=1882688 HTTP/1.1
Host: kw3y5otoeuniv7e9rsi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 19:31:11 GMT
content-type: text/html
last-modified: Tue, 23 Aug 2022 09:43:36 GMT
vary: Accept-Encoding
etag: W/"6304a148-e1"
x-js-ab1: current
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2
kw3y5otoeuniv7e9rsi.com/lvesnk.html?zoneid=1846269
62.122.171.6200 OK 0 B URL HTTP/2 kw3y5otoeuniv7e9rsi.com/lvesnk.html?zoneid=1846269
IP 62.122.171.6:0
Analyzer Verdict Alert quad9 Sinkholed
GET /lvesnk.html?zoneid=1846269 HTTP/1.1
Host: kw3y5otoeuniv7e9rsi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 19:31:11 GMT
content-type: text/html
last-modified: Tue, 23 Aug 2022 09:43:36 GMT
vary: Accept-Encoding
etag: W/"6304a148-e1"
x-js-ab1: current
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2
kw3y5otoeuniv7e9rsi.com/lvesnk.html?zoneid=1846269
62.122.171.6200 OK 0 B URL HTTP/2 kw3y5otoeuniv7e9rsi.com/lvesnk.html?zoneid=1846269
IP 62.122.171.6:0
Analyzer Verdict Alert quad9 Sinkholed
GET /lvesnk.html?zoneid=1846269 HTTP/1.1
Host: kw3y5otoeuniv7e9rsi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 19:31:11 GMT
content-type: text/html
last-modified: Tue, 23 Aug 2022 09:43:36 GMT
vary: Accept-Encoding
etag: W/"6304a148-e1"
x-js-ab1: current
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2
creepingbrings.com/sfp.js
172.64.199.30200 OK 0 B URL HTTP/2 creepingbrings.com/sfp.js
IP 172.64.199.30:0
GET /sfp.js HTTP/1.1
Host: creepingbrings.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 24 Sep 2022 19:31:12 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 4596a8c11a09ce3a631c94d951ae99b5
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sat, 24 Sep 2022 19:31:12 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MFjf3AUvtB5T8ywzmgBeY93fo2GHCi5sDCbXC6GUXau6LCVFYpaONF6e12Xky%2FSH3U63FVnplgvrVPWqUuuuWQu4cgmcKipq6ILXUtFLuwTAtfzjoiFNUbVZC5DewBJiaMz9O64%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74fdf063bbd97713-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
go6shde9nj2itle.com/aas/r45d/vki/1846181/d3af1cb3.js
62.122.171.6200 OK 0 B URL HTTP/2 go6shde9nj2itle.com/aas/r45d/vki/1846181/d3af1cb3.js
IP 62.122.171.6:0
Analyzer Verdict Alert quad9 Sinkholed
GET /aas/r45d/vki/1846181/d3af1cb3.js HTTP/1.1
Host: go6shde9nj2itle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 19:31:12 GMT
content-type: application/javascript
last-modified: Wed, 07 Sep 2022 13:38:24 GMT
vary: Accept-Encoding
etag: W/"63189ed0-1091a"
x-js-ab1: current
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2
go6shde9nj2itle.com/get/1846181?zoneid=1846181&jp=_clx1h602saq8vglw30b6tl&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=6864454482382467
62.122.171.6200 OK 0 B URL HTTP/2 go6shde9nj2itle.com/get/1846181?zoneid=1846181&jp=_clx1h602saq8vglw30b6tl&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=6864454482382467
IP 62.122.171.6:0
Analyzer Verdict Alert quad9 Sinkholed
GET /get/1846181?zoneid=1846181&jp=_clx1h602saq8vglw30b6tl&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=6864454482382467 HTTP/1.1
Host: go6shde9nj2itle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 19:31:12 GMT
content-type: text/javascript
vary: Accept-Encoding
x-route-id: config
set-cookie: UID=22092414319fa9bf8007b241268585f91442; Path=/; Expires=Sun, 24 Sep 2023 19:31:12 GMT; HttpOnly; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
cdn.barscreative1.com/sb/au/b6/cf/48/b6cf48ca3e8ab4bdbcfaa2279b0fb2bc/1613726822.html
45.133.44.4200 OK 0 B URL HTTP/2 cdn.barscreative1.com/sb/au/b6/cf/48/b6cf48ca3e8ab4bdbcfaa2279b0fb2bc/1613726822.html
IP 45.133.44.4:0
ASN #39572 DataWeb Global Group B.V.
Analyzer Verdict Alert fortinet Phishing
GET /sb/au/b6/cf/48/b6cf48ca3e8ab4bdbcfaa2279b0fb2bc/1613726822.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ibradome.com
Connection: keep-alive
Referer: https://ibradome.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 24 Sep 2022 19:31:14 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Fri, 19 Feb 2021 09:27:09 GMT
etag: W/"602f846d-4fa"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Sat, 24 Sep 2022 20:31:14 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2