Report - ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi

Report Overview

Submitted URL
ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
IP
185.178.208.130
ASN
#57724 Ddos-guard Ltd
Submitted
2022-09-24 19:31:22
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
84

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
connect.facebook.net	139	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	771 B	91 kB	157.240.200.14
static.addtoany.com	4091	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.6 kB	29 kB	104.22.71.197
e1.o.lencr.org	6159	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.6 kB	3.6 kB	23.36.76.226
cdn.cloudimagesb.com	23099	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	389 B	17 kB	45.133.44.10
cdn.barscreative1.com	25648	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	431 B	386 B	45.133.44.4
wadmargincling.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	4.5 kB	8.1 kB	192.243.61.225
rallydisprove.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	382 B	14 kB	192.243.59.13
ocsp.sca1b.amazontrust.com	1015	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	338 B	944 B	54.230.245.118
cdn.pncloudfl.com	13313	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.2 kB	137 kB	104.22.59.221
region1.google-analytics.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	759 B	559 B	216.239.34.36
fonts.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.8 kB	166 kB	142.250.74.163
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.1 kB	43 kB	34.120.237.76
unseenreport.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	679 B	423 B	192.243.59.12
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.9 kB	11 kB	23.36.76.226
www.googletagmanager.com	75	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	369 B	43 kB	142.250.74.72
ocsp.usertrust.com	899	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	330 B	1.0 kB	172.64.155.188
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	758 B	2.7 kB	143.204.55.36
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.0 kB	6.3 kB	142.250.74.3
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594 B	127 B	52.89.20.60
www.facebook.com	99	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	981 B	3.7 kB	157.240.200.35
creepingbrings.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	345 B	954 B	172.64.199.30
ibradome.com	177680	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	32 kB	1.2 MB	185.178.208.130
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321 B	229 B	34.117.237.239
cdn.linearicons.com	39017	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	382 B	2.3 kB	54.230.111.71
vjs.zencdn.net	4968	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	722 B	175 kB	151.101.86.217
i.pixl.is	474371	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	768 B	7.8 kB	104.21.234.75
kw3y5otoeuniv7e9rsi.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	15 kB	70 kB	62.122.171.6
limurol.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.4 kB	1.7 kB	62.122.171.6
theporngrid.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	437 B	549 B	185.178.208.131
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	5.9 kB	34.160.144.191
go6shde9nj2itle.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	4.2 kB	15 kB	62.122.171.6
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.3 kB	4.4 kB	93.184.220.29
simplewebanalysis.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	373 B	405 B	3.66.118.16
cdn18685953.ahacdn.me	78348	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	354 B	10 kB	45.133.44.20
cdn.sb4you1.com	22321	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.2 kB	3.6 kB	172.64.200.2
cdnjs.cloudflare.com	235	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	382 B	7.0 kB	104.17.24.14

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-09-24	medium	wadmargincling.com/sbar.json?key=0a9aec252ec8cc83b9f56ec6b45fa3a9	Phishing
2022-09-24	medium	wadmargincling.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSzWskRRytTuJBvKjkIqgMeFlFJt3zPe4hGGOWYPbDXUXBg9RXT2pT3dVUdU9PxktwQfbgYfwPOm%2BSDWp20avgIp0FYXPKeMrBwP4NC3vwIDKzwegPit%2Breq%2Fg%2FT6%2B2c3OiI%2BMnq5eNUOlNV1qVv3Kpc%2BD4HJlQ8XZoDLotL5sNS5XbP%2B9bqvqv125IvmWWar5ge8HflBZU1aGZrA0JaGSw25Q7frVRq0aNBsY2P%2FfXebBUQ%2Bif0ZehRKThUfeIhQvEUc%2FrUq3lZrk3Q%2BjTNPUWPTFwafxVmzyGNEFDK2HMD44V8O4k7WHMPH%2BzC5M%2F18hUxPi%2Ff4QLD44NwnW35v5ZBoyBhMvIe%2BXkLqEoiW4uQMlTgjABa5dRxzdu2ZsTrefs3TKTsjCs6dQ%2BYQs%2FLmIOHqwotWgcsvoLFUmdhiEBdSghOqVSLIjpMM5qPwIPP0aShDEUQElilnNSpVQYQktR6DOQzY9ykMWesgSD5E4rfAgCNq%2B4NTvdDmvi7ZkLeEHtB0GNPBbHWR8amuENBmB6xG43UFid7ClRrDZb3CbBZzw4NIJ8T7eQV8UyCVB7ghySpArgjwlyPvFvtCu5op7QruMBee5dp7rxdikvV26b9KejMluckZemfbDm392ii15WvFpl0pea9Yk73DeqbNu2GxJ3mKNZkjrtAunCig3Nyt1qCZk7p23kEzzpToYPYLTR%2BDqZdDsDdB83K75oJvjRsfHMD5UzFJhIlnlJoIwBZL0BaTb3q4%2BI6%2FN5tKq%2FQXJj5cfP7nyYHH4BNwWSGyB2%2BoRQU%2FfHd80Odm7aXJHfr6epCpSQzqd2a2UpnL%2Bh4%2Fkdm6sWF91o%2B%2Ff51NiCg8%2FkS7doLFQcc%2BRH1eUENKuGcsl%2BXXdfSbZjcxtrmQ2zpKNGx%2BsrUeJlc4pE5eg6sR9C64m5EVqZsv4%2Bu1foGwJmxWIsmNyHlDmCDzZgUsu3DszD6svNCzxkGfF2NbYxaNWE1J7%2BhhaHi%2Ff%2F4pfvR%2F8DcoKOPmfjxd4191Fz74Jmt6Z7WHfFujrAlSP4LL5cZrY4%2BU%2F6rMA096YaevtMW31d8%2Fb69Rppe6LNpOhbDPZaDZCyQVrNpnPQ87qotPhSN2EL33h%2FQMAAP%2F%2FAQAA%2F%2F9y5kmSWwQAAA%3D%3D	Phishing
2022-09-24	medium	wadmargincling.com/pixel/sbs?c=1	Phishing
2022-09-24	medium	cdn.barscreative1.com/sb/au/b6/cf/48/b6cf48ca3e8ab4bdbcfaa2279b0fb2bc/1613726822.html	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-09-24	medium	kw3y5otoeuniv7e9rsi.com	Sinkholed
2022-09-24	medium	kw3y5otoeuniv7e9rsi.com	Sinkholed
2022-09-24	medium	go6shde9nj2itle.com	Sinkholed
2022-09-24	medium	go6shde9nj2itle.com	Sinkholed
2022-09-24	medium	go6shde9nj2itle.com	Sinkholed
2022-09-24	medium	go6shde9nj2itle.com	Sinkholed
2022-09-24	medium	kw3y5otoeuniv7e9rsi.com	Sinkholed
2022-09-24	medium	kw3y5otoeuniv7e9rsi.com	Sinkholed
2022-09-24	medium	kw3y5otoeuniv7e9rsi.com	Sinkholed
2022-09-24	medium	kw3y5otoeuniv7e9rsi.com	Sinkholed
2022-09-24	medium	kw3y5otoeuniv7e9rsi.com	Sinkholed
2022-09-24	medium	kw3y5otoeuniv7e9rsi.com	Sinkholed
2022-09-24	medium	limurol.com	Sinkholed
2022-09-24	medium	limurol.com	Sinkholed
2022-09-24	medium	kw3y5otoeuniv7e9rsi.com	Sinkholed
2022-09-24	medium	go6shde9nj2itle.com	Sinkholed
2022-09-24	medium	wadmargincling.com	Sinkholed
2022-09-24	medium	wadmargincling.com	Sinkholed
2022-09-24	medium	wadmargincling.com	Sinkholed
2022-09-24	medium	wadmargincling.com	Sinkholed
2022-09-24	medium	wadmargincling.com	Sinkholed
2022-09-24	medium	wadmargincling.com	Sinkholed
2022-09-24	medium	unseenreport.com	Sinkholed
2022-09-24	medium	kw3y5otoeuniv7e9rsi.com	Sinkholed
2022-09-24	medium	kw3y5otoeuniv7e9rsi.com	Sinkholed
2022-09-24	medium	kw3y5otoeuniv7e9rsi.com	Sinkholed
2022-09-24	medium	kw3y5otoeuniv7e9rsi.com	Sinkholed
2022-09-24	medium	kw3y5otoeuniv7e9rsi.com	Sinkholed
2022-09-24	medium	kw3y5otoeuniv7e9rsi.com	Sinkholed
2022-09-24	medium	kw3y5otoeuniv7e9rsi.com	Sinkholed
2022-09-24	medium	kw3y5otoeuniv7e9rsi.com	Sinkholed
2022-09-24	medium	go6shde9nj2itle.com	Sinkholed
2022-09-24	medium	go6shde9nj2itle.com	Sinkholed
2022-09-24	medium	kw3y5otoeuniv7e9rsi.com	Sinkholed
2022-09-24	medium	kw3y5otoeuniv7e9rsi.com	Sinkholed
2022-09-24	medium	kw3y5otoeuniv7e9rsi.com	Sinkholed
2022-09-24	medium	go6shde9nj2itle.com	Sinkholed
2022-09-24	medium	go6shde9nj2itle.com	Sinkholed

Files detected

URL
ibradome.com/Template/Reactions/lol.png
IP
185.178.208.130
ASN
#57724 Ddos-guard Ltd

File type
gzip compressed data, max compression\012- data
Size
5.7 kB (5682 bytes)
Hash
c6e5c14479e36fbb987825d5ac37aca3
b4382c0f1420af254d21fe0b4711c626be27f1ef
f6cff9fb60348d3a3abfbf4a445b72f37b85063e24d5798845853557b0cc8b86

Detections

Analyzer	Verdict	Alert
VirusTotal	0/0

JavaScript (38)

	URL	Size	First Seen	Last Seen
	kw3y5otoeuniv7e9rsi.com/lvesnk.html?zoneid=1846521	125 kB	2023-03-08	2023-03-08
Pretty URL kw3y5otoeuniv7e9rsi.com/lvesnk.html?zoneid=1846521 IP 62.122.171.6 ASN #50245 Serverel Inc. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:36:49 Last Seen2023-03-08 00:36:49 Times Seen1 Hash 5105e6d034976b9cd2278a3e8bb8216b 107675e867c39cf96501a805c6e4aa84cae71316 a089a64bfa6709228041ce117f8ca8b0a492e1bf4180569d33bfa15dda4bf850 Loading...

	kw3y5otoeuniv7e9rsi.com/lvesnk.html?zoneid=1882688	125 kB	2023-03-08	2023-03-08
Pretty URL kw3y5otoeuniv7e9rsi.com/lvesnk.html?zoneid=1882688 IP 62.122.171.6 ASN #50245 Serverel Inc. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:36:49 Last Seen2023-03-08 00:36:49 Times Seen1 Hash 66199a3820ea27a4d77f9cca27a42d45 1a226c3ef4281addd03f9ba50c764487849d66f9 19ae2678e8ea54621ccf13172588bf6e2c15ef4e459e601c2e209df9d8395350 Loading...

	kw3y5otoeuniv7e9rsi.com/lvesnk.html?zoneid=1882689	125 kB	2023-03-08	2023-03-08
Pretty URL kw3y5otoeuniv7e9rsi.com/lvesnk.html?zoneid=1882689 IP 62.122.171.6 ASN #50245 Serverel Inc. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:36:49 Last Seen2023-03-08 00:36:49 Times Seen1 Hash d8b731091f2a2bb799bc5de492e3fbf9 7dbbb3b4f375dedf63d160d631cbf468580e72c6 db0d292122dfebe81d95b2e702916f374c6daa8edf596e5941d7d3625779b4d0 Loading...

	static.addtoany.com/menu/sm.23.html#type=core&event=load	615 B	2023-03-07	2023-03-26
Pretty URL static.addtoany.com/menu/sm.23.html#type=core&event=load IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:19 Last Seen2023-03-26 01:07:12 Times Seen2 Hash b78383014e25cac539cb1e9b0abd98b9 0ebdaa7673003db9c63de5b46fcb02dd8943a3e0 3f18e7672858e9f6c7ce394f9d26d558efcb8f2dd505881599933d37a87ff692 Loading...

	kw3y5otoeuniv7e9rsi.com/aas/r45d/vki/1845010/30627ec4.js	68 kB	2023-03-08	2023-03-08
Pretty URL kw3y5otoeuniv7e9rsi.com/aas/r45d/vki/1845010/30627ec4.js IP 62.122.171.6 ASN #50245 Serverel Inc. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:36:49 Last Seen2023-03-08 00:36:49 Times Seen1 Hash f4fc5400a7d8ba078b9a4971e79f65a2 af187bfa0cd68b717050b0ee66cd1be6e6de5b8f 915549fb81404fae8f36ff7e3224e51f3f9cd771a7dd9bc42137cfc3f7bb3806 Loading...

	www.googletagmanager.com/gtag/js?id=UA-41025924-3	109 kB	2023-03-08	2023-03-08
Pretty URL www.googletagmanager.com/gtag/js?id=UA-41025924-3 IP 142.250.74.72 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:36:49 Last Seen2023-03-08 00:36:49 Times Seen1 Hash ed35458a13fa7baa3270c221f2e32cd1 8f8a19f2baa76b6aac8a50cbb40b489670995902 2e25a6b8b275d699e2fb768bd684229322f93834f2c014e07cdb5cf9d5c0ac69 Loading...

	ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi	153 B	2023-03-07	2023-09-24
Pretty URL ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi IP 185.178.208.130 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:18:12 Last Seen2023-09-24 22:21:48 Times Seen30 Hash 5044da261df924b094c02c8a0802029f 5cb8d84003792f0d842c4eccaa038878ec2617c2 acd1f38b4f3c31fbc58b2de114c21c59c5b673c3ed7b1d0d7ffa2af7d39e88a9 Loading...

	go6shde9nj2itle.com/get/1846181?zoneid=1846181&jp=_clxswkx9s3lx9tydfz9bln&nojs=0&ix=0&abvar=0&t=0&x=801&y=801&wcks=0&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=5738554575529481	37 B	2023-03-07	2024-04-24
Pretty URL go6shde9nj2itle.com/get/1846181?zoneid=1846181&jp=_clxswkx9s3lx9tydfz9bln&nojs=0&ix=0&abvar=0&t=0&x=801&y=801&wcks=0&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=5738554575529481 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:23 Last Seen2024-04-24 06:30:39 Times Seen2323 Hash 26c0446473cdbedd7eb18169ae75e0fd c2a8a31848b22f49c044d0e8f2b4a48e856e08b8 c94588c2c490281057748a6bc21191dae810fb22ce8cc638b5e3fc7d390eb165 Loading...

	ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi	309 B	2023-03-08	2023-03-08
Pretty URL ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi IP 185.178.208.130 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:36:49 Last Seen2023-03-08 00:36:49 Times Seen1 Hash 49351157052fc7342fc231c7a905b9ce 01d918bdb3463c7b22c473c189f7b3a3b425fdbb 40222d9bb0db217f5ff2c860d01b5849dba1fb6138bcf0ecdaf50c1989a6b766 Loading...

	kw3y5otoeuniv7e9rsi.com/get/1882688?zoneid=1882688&jp=_cl024b7ba41as41z4t28on&nojs=0&ix=0&abvar=0&t=0&x=801&y=801&wcks=0&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=2360854854985817	6.2 kB	2023-03-08	2023-03-08
Pretty URL kw3y5otoeuniv7e9rsi.com/get/1882688?zoneid=1882688&jp=_cl024b7ba41as41z4t28on&nojs=0&ix=0&abvar=0&t=0&x=801&y=801&wcks=0&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=2360854854985817 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:36:49 Last Seen2023-03-08 00:36:49 Times Seen1 Hash c429a178759e336bf38ce448ca93a333 f552ff8c574cdc1a7deeb8e79cd8f865cf637968 c26f8c13386b2f02e899b9e4dfe906624f3b9621f6de4efc69531f43d6599345 Loading...

	connect.facebook.net/en_US/sdk.js?hash=8a9d053cab155bced53139a776051d86	321 kB	2023-03-08	2023-03-08
Pretty URL connect.facebook.net/en_US/sdk.js?hash=8a9d053cab155bced53139a776051d86 IP 157.240.200.14 ASN #32934 FACEBOOK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:36:49 Last Seen2023-03-08 00:36:49 Times Seen1 Hash 874ace7593043634cabc79cb7877b6a1 5411f7e3834f0e0241d9f7ddfc18369728adb071 8640e033f25c06fa8bf01ad9c27b568ee4f6b441e2535af5585ae97e784f5d6c Loading...

	ibradome.com/Libs/Javascript/nanoscroller.js?3.1	10 kB	2023-03-07	2024-04-24
Pretty URL ibradome.com/Libs/Javascript/nanoscroller.js?3.1 IP 185.178.208.130 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:18:12 Last Seen2024-04-24 01:29:38 Times Seen112 Hash 2d2117346c334d4488306bf6b1a9d73c 0680ea15e8c44a56616789a81f68c3642efe5da1 1ea521f06c02f3b80fa38a899deeaff47e90a35cb1d68aab4b531cda3ebb4939 Loading...

	connect.facebook.net/en_EN/sdk.js#xfbml=1&version=v2.8	3.1 kB	2023-03-08	2023-03-08
Pretty URL connect.facebook.net/en_EN/sdk.js#xfbml=1&version=v2.8 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:36:49 Last Seen2023-03-08 00:36:49 Times Seen1 Hash ef8a452728766e8757c20d1f986bc09a fe904b0daeaec01cf9f8ca2a4b214646f2c9d316 dab39fc64d761593998d9139314bb306504d212a24de44c24fa9f62f1993bd7f Loading...

	cdnjs.cloudflare.com/ajax/libs/require.js/2.3.5/require.min.js	18 kB	2023-03-07	2024-04-24
Pretty URL cdnjs.cloudflare.com/ajax/libs/require.js/2.3.5/require.min.js IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:18:12 Last Seen2024-04-24 01:29:36 Times Seen138 Hash 55a5e16e724675436d65abd5b8bf7d60 a579f444206d61ca3852270c42b0a4d31c943e3a d121a5d4f24d0f2270715e53fb07a0db3a4432b87bc6f9703b8a1782f6427999 Loading...

	kw3y5otoeuniv7e9rsi.com/lvesnk.html?zoneid=1846269	125 kB	2023-03-08	2023-03-08
Pretty URL kw3y5otoeuniv7e9rsi.com/lvesnk.html?zoneid=1846269 IP 62.122.171.6 ASN #50245 Serverel Inc. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:36:49 Last Seen2023-03-08 00:36:49 Times Seen1 Hash 1faaf8c61e3182e48b7ad4d561e2da6e 09811817c86da588edbac4251c94175eca1bb23e f044965cde88aac68648f853bd9a909bd9e560d81b28daa12ef63efad5ea0a12 Loading...

	kw3y5otoeuniv7e9rsi.com/get/1846521?zoneid=1846521&jp=_clk93c161iqyclnqt2u7z2&nojs=0&ix=0&abvar=0&t=0&x=801&y=801&wcks=0&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=953479971379929	3.2 kB	2023-03-08	2023-03-08
Pretty URL kw3y5otoeuniv7e9rsi.com/get/1846521?zoneid=1846521&jp=_clk93c161iqyclnqt2u7z2&nojs=0&ix=0&abvar=0&t=0&x=801&y=801&wcks=0&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=953479971379929 IP 62.122.171.6 ASN #50245 Serverel Inc. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:36:49 Last Seen2023-03-08 00:36:49 Times Seen1 Hash 40556381ab6f775dade6bd4be4c9ea72 9d9b93aab800bbe6a1b839bd1e9b27676ff7f0ab 52b644c93a33f3b63a842d5d8780158654c7d87fbc0330eed2381ccc8b5c5908 Loading...

	kw3y5otoeuniv7e9rsi.com/get/1845010?zoneid=1845010&jp=_cl9yujvr6eyh49h3y82mxz&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=1234954948128377	3.5 kB	2023-03-08	2023-03-08
Pretty URL kw3y5otoeuniv7e9rsi.com/get/1845010?zoneid=1845010&jp=_cl9yujvr6eyh49h3y82mxz&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=1234954948128377 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:36:49 Last Seen2023-03-08 00:36:49 Times Seen1 Hash 9c64fd96f1b3039ee317f6d758f5acb7 bff4bc9bc5a4f99c02b0c9ded1a3d0813b1ac0ac a740eb2ba3ad5301e4239aa31baa2057e7e4e5be2f744ac3d61d3b71c8784d3f Loading...

	ibradome.com/Libs/Javascript/auth.js?3.1	4.3 kB	2023-03-07	2024-04-24
Pretty URL ibradome.com/Libs/Javascript/auth.js?3.1 IP 185.178.208.130 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:18:12 Last Seen2024-04-24 01:29:37 Times Seen103 Hash 567bfbf046427554247920898de844db a489a031b0a7be5015e0ddddc6a1540a12c416a0 7deb0d47f85fb46e8cdf4dc4cb64842dd4def60ade074780f0404dc3a533b79d Loading...

	ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi	58 B	2023-03-07	2024-04-24
Pretty URL ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi IP 185.178.208.130 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:18:12 Last Seen2024-04-24 01:29:35 Times Seen61 Hash 717e9fc87296464bbf322744f68f0818 da11ec1956224f83892ed28a13c4d56e8de6f15d 47f372f092549b0bad5ae9d2f0da3fa0c2c782d90ec23cdb45882dda013a4377 Loading...

	ibradome.com/Libs/Javascript/Pages/post.js?3.1	6.4 kB	2023-03-07	2024-04-24
Pretty URL ibradome.com/Libs/Javascript/Pages/post.js?3.1 IP 185.178.208.130 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:18:12 Last Seen2024-04-24 01:29:37 Times Seen68 Hash d03149c8bf265c8dedf194bb584c3ee1 24c9213a85664f7aabbeee1b79efb623df2a4733 c640eec2d6faf3a15698166f96ca586cd5fa26fcc2cc395099551ecd120c551c Loading...

	ibradome.com/Libs/Javascript/fbsdk.js?3.1	1.1 kB	2023-03-07	2024-04-24
Pretty URL ibradome.com/Libs/Javascript/fbsdk.js?3.1 IP 185.178.208.130 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:18:12 Last Seen2024-04-24 01:29:37 Times Seen66 Hash cb594d7001f807041ab102ee01c70297 590e67c331634799f69162c6e04c1461d3c62148 2f07f73bd4a69f28d3876d5ee52f77367e2584753d4b8ca84f9a296f1ea3111c Loading...

	static.addtoany.com/menu/modules/core.e18d3993.js	72 kB	2023-03-07	2023-11-05
Pretty URL static.addtoany.com/menu/modules/core.e18d3993.js IP 104.22.71.197 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:21:17 Last Seen2023-11-05 17:06:30 Times Seen3 Hash d513b1604b2e17f798f0abac4db59853 b76717a0bd0604b35b07b42f5b3a557174cfe6e5 36925e7859abeeb8681d694d702e00b1fbba6f37ac49b11e8f863ed24507ca6a Loading...

	ibradome.com/Libs/Javascript/media.js?3.1	45 kB	2023-03-07	2024-04-24
Pretty URL ibradome.com/Libs/Javascript/media.js?3.1 IP 185.178.208.130 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:18:12 Last Seen2024-04-24 01:29:37 Times Seen114 Hash 3fee4dfe34f6ec08dc5518c3d8ff0998 9d45bba9e6b46c7c7fcc22071734dc7dbedea096 0869bc0dd3a4c3152d91c014dc35820d0d656a6cd32bad21b7ff9529cdaf067c Loading...

	static.addtoany.com/menu/page.js	3.0 kB	2023-03-07	2023-11-05
Pretty URL static.addtoany.com/menu/page.js IP 104.22.71.197 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:21:17 Last Seen2023-11-05 17:06:29 Times Seen2 Hash c52e5b3613d424678987461044bd8239 1a5cb3ebeff92469751acb10411d033d9cd572dc b964f75cb8c613e484743bf4daaac6efc65c74156fca95cd76ca15d742555d1d Loading...

	unknown	0 B	2023-03-07	2024-04-25
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-25 10:13:18 Times Seen37060397 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	go6shde9nj2itle.com/aas/r45d/vki/1846181/e4f5b7dc.js	68 kB	2023-03-08	2023-03-08
Pretty URL go6shde9nj2itle.com/aas/r45d/vki/1846181/e4f5b7dc.js IP 62.122.171.6 ASN #50245 Serverel Inc. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:36:49 Last Seen2023-03-08 00:36:49 Times Seen1 Hash d9f22ad83c701067e5bde81ce1fab936 4d29bcd4816aa46d2039089cc56846ac63df1fe3 ce35775275a407445a9a1e07df02eb86883d408efaa2869d5254b11908300653 Loading...

	ibradome.com/Libs/Javascript/jquery.js?3.1	101 kB	2023-03-07	2023-03-11
Pretty URL ibradome.com/Libs/Javascript/jquery.js?3.1 IP 185.178.208.130 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:18:12 Last Seen2023-03-11 10:45:12 Times Seen1 Hash 8dd913268603f8662f13e489ee8a602c 6a51b667074348d0ce3ca17a8068048be16cf9cf 7f9d603d6d21bc3c70184c15c5679c58edffc3d2ede4740a3bbbed774d703345 Loading...

	cdnjs.cloudflare.com/ajax/libs/goodshare.js/5.1.2/goodshare.min.js?3.1	86 kB	2023-03-07	2024-04-24
Pretty URL cdnjs.cloudflare.com/ajax/libs/goodshare.js/5.1.2/goodshare.min.js?3.1 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:18:12 Last Seen2024-04-24 01:29:37 Times Seen121 Hash 1aa85a0f310f0fa7b8bd7033510ce348 1bce54e9d1a6bde0e36893f4fecfff96849540f3 03cd440f3234ebfd4e8081058d0ca6ab1eae483042c6b9e06ba09a40c5d1bfd1 Loading...

	ibradome.com/Libs/Javascript/waypoints.js?3.1	8.8 kB	2023-03-07	2024-04-24
Pretty URL ibradome.com/Libs/Javascript/waypoints.js?3.1 IP 185.178.208.130 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:18:12 Last Seen2024-04-24 01:29:34 Times Seen94 Hash 8efff71946671c9b03e637953e4a188a 0c9d2d3519dcd1726be5a2086781cebab838e048 1bf9cc665aeb8a504752737750a9eb878c35c6d0ad9405d461905c17fd78e0e0 Loading...

	static.addtoany.com/menu/svg/icons.30.svg.js	78 kB	2023-03-07	2023-12-31
Pretty URL static.addtoany.com/menu/svg/icons.30.svg.js IP 104.22.71.197 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:19 Last Seen2023-12-31 05:45:07 Times Seen16 Hash 38664eb3f2a96ee18310f6e323c96da2 f1d1496a947f1af4a531f5d5ff76bc4ff08904ef 7e6f3eacf6af919ace45f10e39eda3e72143e0f57aad29590a6d37d5ddd0292f Loading...

	http:blank	659 B	2023-03-07	2024-03-01
Pretty URL http:blank IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:18:12 Last Seen2024-03-01 07:42:50 Times Seen23 Hash 5534364d5ad5a2745cb348de459488cf c71d120afd8cfe303b264edcc89bf1d517e803cf 441e436a3c50511cc8a947bd4dd99c0d5ffcaa17dc44835a393ca140698ebfdd Loading...

	kw3y5otoeuniv7e9rsi.com/lvesnk.html?zoneid=1882687	125 kB	2023-03-08	2023-03-08
Pretty URL kw3y5otoeuniv7e9rsi.com/lvesnk.html?zoneid=1882687 IP 62.122.171.6 ASN #50245 Serverel Inc. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:36:49 Last Seen2023-03-08 00:36:49 Times Seen1 Hash 8fd8b014704bff811bd441d3877d0f29 afb988efa5dfecfae882755da1f105da7d67501a 3140ff80e4e6c91ed4a89d0f0a513ed652020f247d6fde5a4cb9d820bd438094 Loading...

	rallydisprove.com/0a/9a/ec/0a9aec252ec8cc83b9f56ec6b45fa3a9.js	37 kB	2023-03-08	2023-03-08
Pretty URL rallydisprove.com/0a/9a/ec/0a9aec252ec8cc83b9f56ec6b45fa3a9.js IP 192.243.59.13 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:36:49 Last Seen2023-03-08 00:36:49 Times Seen1 Hash af956165dc5a5fb531c1548d707715f0 a158342ee8d025715dec8f50e14a14dcd022fcb0 789c75dd4a127b06dffc9b5730e8aff7b2ca5448a849877790b598defb2f7e7d Loading...

	limurol.com/ssp/req/1845010/?pb=c388c215cb18a53264728231afc0eab11664055072&psp=H2mAUa03kCkAtdzoXqS7pWNypPRrPFJ1wO7bS__IyCRMXJiqCxN_pKcy-mBjBb5xjehRZaSsNPxgzWnCFd3_E9ljSEnj-khXkEYxTt9hAK_no5n54S0QNQMZ-cEJXDNpb98-6R-y2JPziGfNQenba_hk_Hbp0llYSiUGbsvZZaxlrIJScRX1BVLl9D61vTSvBRzHM_TBo_1V0TDHE_wIyRP3ZVe1RUicCm8iol0o4hiSBoLyHg9jynmPkJ1_kKmSDWhK0d30HkbFxyh978RXNB0X_cxwHekeT83gDejdFDrmgjmqUQ0Vj4uxks9hP24Ch-Oo5z5hqRxFYsMmVclPqyNAePbtakjmiAQVomDpDTka6thJjyXXmSJtYPiFBZGJymMcIY_djJOz_sP6FE480sonruQkMixlLBGjFWE_tK3UYe4Cff8_6Ca_rSQh7BDLUboLM4q97izBd-k9bTyoNyj97AZSdQeBgKNhMskflHLYOFXdYBJ_2YWlXa0LjNYoLG_EgWa30FFt_rvX_E_9T5ff7kdIcOmycZAyo7gr8bfTujD_A94_MlhQQQRo_p9PuHo2H0DoJNQgvuiCLzysr0QnzZ0=&cb=_cle4ya2ma2hl3zibql7oup&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24	7 B	2023-03-07	2024-04-17
Pretty URL limurol.com/ssp/req/1845010/?pb=c388c215cb18a53264728231afc0eab11664055072&psp=H2mAUa03kCkAtdzoXqS7pWNypPRrPFJ1wO7bS__IyCRMXJiqCxN_pKcy-mBjBb5xjehRZaSsNPxgzWnCFd3_E9ljSEnj-khXkEYxTt9hAK_no5n54S0QNQMZ-cEJXDNpb98-6R-y2JPziGfNQenba_hk_Hbp0llYSiUGbsvZZaxlrIJScRX1BVLl9D61vTSvBRzHM_TBo_1V0TDHE_wIyRP3ZVe1RUicCm8iol0o4hiSBoLyHg9jynmPkJ1_kKmSDWhK0d30HkbFxyh978RXNB0X_cxwHekeT83gDejdFDrmgjmqUQ0Vj4uxks9hP24Ch-Oo5z5hqRxFYsMmVclPqyNAePbtakjmiAQVomDpDTka6thJjyXXmSJtYPiFBZGJymMcIY_djJOz_sP6FE480sonruQkMixlLBGjFWE_tK3UYe4Cff8_6Ca_rSQh7BDLUboLM4q97izBd-k9bTyoNyj97AZSdQeBgKNhMskflHLYOFXdYBJ_2YWlXa0LjNYoLG_EgWa30FFt_rvX_E_9T5ff7kdIcOmycZAyo7gr8bfTujD_A94_MlhQQQRo_p9PuHo2H0DoJNQgvuiCLzysr0QnzZ0=&cb=_cle4ya2ma2hl3zibql7oup&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24 IP 62.122.171.6 ASN #50245 Serverel Inc. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:23 Last Seen2024-04-17 16:44:22 Times Seen16320 Hash a97eb6fbe6f13b601d5d48c0eba8baae 736efb938caf3d0edec406932ada889f1a4f2268 a04bf061f53e0011fd2f43bdf081526344f003c50146c88c42c2d95ef22c1821 Loading...

	ibradome.com/Libs/Javascript/rconfig.js?3.1	63 kB	2023-03-07	2024-04-24
Pretty URL ibradome.com/Libs/Javascript/rconfig.js?3.1 IP 185.178.208.130 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:18:12 Last Seen2024-04-24 01:29:37 Times Seen119 Hash 59c685b2f344fe9a2ae6e9e8b97c0c2b b5bf144ead970ad8aca2f65c5b32b4d7186201d9 a3f3ed12cb677ae6521218817df07cbe9d09bb6dd1bb75ab3f75f8c016267a98 Loading...

	ibradome.com/Libs/Javascript/players.js?3.1	5.7 kB	2023-03-07	2023-03-10
Pretty URL ibradome.com/Libs/Javascript/players.js?3.1 IP 185.178.208.130 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:18:12 Last Seen2023-03-10 11:38:56 Times Seen1 Hash c30d891cb2137c4271963673ae6d0903 036132eb738b592406bb1fad1e1045e4447bcf62 83d2d114c8d5d463cb7d74f037ae5ffc8da5f582e8c6ea6e76df5602be0e60c4 Loading...

	kw3y5otoeuniv7e9rsi.com/lvesnk.html?zoneid=1846179	127 kB	2023-03-08	2023-03-08
Pretty URL kw3y5otoeuniv7e9rsi.com/lvesnk.html?zoneid=1846179 IP 62.122.171.6 ASN #50245 Serverel Inc. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:36:49 Last Seen2023-03-08 00:36:49 Times Seen1 Hash 9f26ed02584a6c6a0c7482697a26ea41 b874b89600593cbad433e393e27b0340bd288a9f c5bd14c7cfe97a4a4d5dc9fcce8cb7d8317100cb174921e4726c0445d3f2bf26 Loading...

	kw3y5otoeuniv7e9rsi.com/get/1882687?zoneid=1882687&jp=_clbsb5d8n98ep4jdohyhpz&nojs=0&ix=0&abvar=0&t=0&x=801&y=801&wcks=0&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=953479971461861	3.2 kB	2023-03-08	2023-03-08
Pretty URL kw3y5otoeuniv7e9rsi.com/get/1882687?zoneid=1882687&jp=_clbsb5d8n98ep4jdohyhpz&nojs=0&ix=0&abvar=0&t=0&x=801&y=801&wcks=0&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=953479971461861 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:36:49 Last Seen2023-03-08 00:36:49 Times Seen1 Hash 2a7214d5c57fe24bb33f0e0f520d04c0 8be5eaa00b12598e3cc831724b96ef324f9d65a2 967a4b04d6f4801b4eb379763e5f84af5a0210d2268c5696c50a98961fef9999 Loading...

HTTP Transactions (173)

URL IP Response Size

ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi

185.178.208.130

301 Moved Permanently

568 B

URL HTTP/1.1
ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (564), with no line terminators
Size
568 B (568 bytes)
Hash
2761b98db33884ab29711096ab315edb
8cea6e53464aea178b72e06a906205d040f14ca5
9f7a07f69d9b9a5af186a79159ccea18935ab4103128ca967e3f3f8ae45fb3ee

HTTP Headers

GET /leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Server: ddos-guard
Date: Sat, 24 Sep 2022 19:31:10 GMT
Connection: keep-alive
Keep-Alive: timeout=60
Location: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Content-Type: text/html; charset=utf8
Content-Length: 568

firefox.settings.services.mozilla.com/v1/

143.204.55.36

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.36:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sat, 24 Sep 2022 19:14:34 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 277d0e3af1ffdcb1ee40b7dc9f040146.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Lh6eH2ebrNAdoBLUA1DSgddeELKi0SDJb1_UCuNWyBUgNKC_pVAGrQ==
Age: 997

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
09a973de929ab7452edc342c780d3668
3f14f6e0a36f76863c0aea6fb561c266404a7ea3
e82ca5f310e37267fbf792427747e65c2bb35e684d3f629c0aa302f688bc4f80

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E82CA5F310E37267FBF792427747E65C2BB35E684D3F629C0AA302F688BC4F80"
Last-Modified: Fri, 23 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19598
Expires: Sun, 25 Sep 2022 00:57:49 GMT
Date: Sat, 24 Sep 2022 19:31:11 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b3e81b5bd7bd8e12288a8159e44ceb3f
977945964ffcbf49ac78f840db9da822c50c82f0
4721814da286852318f7ebf9857bd4bf01f0beea2c9eb7ddb9f290e3fa472232

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4721814DA286852318F7EBF9857BD4BF01F0BEEA2C9EB7DDB9F290E3FA472232"
Last-Modified: Fri, 23 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17774
Expires: Sun, 25 Sep 2022 00:27:25 GMT
Date: Sat, 24 Sep 2022 19:31:11 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: 4zE7lQUyPrUr+kkFP9lXEFdtTG8IKQi2etvsmB2ha6N61NSoLjsyA4pVDeNX4mBKIHxdWReoS7TQ/V2I15TDgQ==
x-amz-request-id: 8WDZ984C59GFBHGB
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 24 Sep 2022 18:45:17 GMT
age: 2754
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
etag: "6113f8408c59aebe188d6af273b90743"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f72eab7d05a12dc23485d55291ab112a
5f275e06b2fe42aa7010822106106a9a3fe619fe
0c9d2e7d61be2f1bf3cea3d26e74b10957b8c510447f42d1b583571e4db9f4d0

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0C9D2E7D61BE2F1BF3CEA3D26E74B10957B8C510447F42D1B583571E4DB9F4D0"
Last-Modified: Sat, 24 Sep 2022 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12179
Expires: Sat, 24 Sep 2022 22:54:10 GMT
Date: Sat, 24 Sep 2022 19:31:11 GMT
Connection: keep-alive

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 19:31:11 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

cdn.linearicons.com/free/1.0.0/icon-font.min.css

54.230.111.71

200 OK

1.7 kB

URL HTTP/2
cdn.linearicons.com/free/1.0.0/icon-font.min.css
IP
54.230.111.71:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (7191)
Size
1.7 kB (1672 bytes)
Hash
0b704046d76bb4d3929be4f7f20472f5
564f70325044cf9834f70d9689463cbfb8a53b71
511ae4f5d6a1803848d68c82cd61d2ad1ed3a1c65037e2cbcf9a7edd2fa6fa5d

HTTP Headers

GET /free/1.0.0/icon-font.min.css HTTP/1.1
Host: cdn.linearicons.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css
content-length: 1672
date: Sat, 21 May 2022 07:14:44 GMT
access-control-allow-origin: *
access-control-allow-methods: GET
last-modified: Wed, 27 May 2015 16:04:10 GMT
etag: "0b704046d76bb4d3929be4f7f20472f5"
cache-control: max-age=31000000
content-encoding: gzip
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 e2f427863e6bdb72ad8bed72b596d81e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: nG36a2xR_xbG6fj32zNc27DLNasc1oq2X-I5ztEOQH5GGcZxnrUQZw==
age: 10930588
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/require.js/2.3.5/require.min.js

104.17.24.14

200 OK

5.9 kB

URL HTTP/2
cdnjs.cloudflare.com/ajax/libs/require.js/2.3.5/require.min.js
IP
104.17.24.14:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (17536), with no line terminators
Size
5.9 kB (5879 bytes)
Hash
6edb11616167a0f44d5877a0813866f4
92685c66877bdfa5dafb74574d087e6663a6ac71
285780a791cc1dd87a80c336807c33cdb4e1c0c595bdb345eacd82f58b440402

HTTP Headers

GET /ajax/libs/require.js/2.3.5/require.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 24 Sep 2022 19:31:11 GMT
content-type: application/javascript; charset=utf-8
content-length: 5879
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03fbf-4480"
last-modified: Mon, 04 May 2020 16:15:59 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 8134056
expires: Thu, 14 Sep 2023 19:31:11 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VR9hhbzf32RI0ftJgTVg0NtBX8fsud6ZlzsbO0U7JM5fEX6DongVUb4C95qA5wEZ3IBF8mOIiKwCvh2Oa0pSeDovOg1QUVcGnDYsX6LFgeK5fpYZuTJOPfknqcsWnTo4Q1kfqIh9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 74fdf05d4becb524-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
4fb51016b82f43bc6ee9f5ace001690c
5390a86aa0a7b82f5d09605b10812567b309d27a
73283fa4b416ee80d2ac87c30d2183afa1ae487a8650563b79adc1f001030f73

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 19:31:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ibradome.com/Uploads/Icons/cat-1.png

185.178.208.130

200 OK

5.3 kB

URL HTTP/2
ibradome.com/Uploads/Icons/cat-1.png
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
PNG image data, 70 x 70, 8-bit/color RGBA, interlaced\012- data
Size
5.3 kB (5291 bytes)
Hash
4ee329676a23b240d9e7777ed5c496ce
3c20ccfeda1efba2fe06b28af324f4158ffd16d8
4b84d2b09e3bd6bd48ee8b53f691be5801779772b5e4cd86fe6e9897c15165e8

HTTP Headers

GET /Uploads/Icons/cat-1.png HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:12 GMT
content-type: image/png
last-modified: Sun, 02 Sep 2018 16:25:07 GMT
accept-ranges: bytes
content-length: 5291
date: Sat, 24 Sep 2022 19:31:12 GMT
vary: User-Agent
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2

ibradome.com/Uploads/Icons/cat-8.png

185.178.208.130

200 OK

3.2 kB

URL HTTP/2
ibradome.com/Uploads/Icons/cat-8.png
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
PNG image data, 70 x 70, 8-bit/color RGBA, interlaced\012- data
Size
3.2 kB (3174 bytes)
Hash
83c9e6c3b6378303283d7bfa50260fff
a759bd92f8b128f434a0b92cebe6a09a99b83ff6
445ed7ea6a73e872347bd98aa64a6a9e1eee666d823369c23dc494a3c0039362

HTTP Headers

GET /Uploads/Icons/cat-8.png HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:12 GMT
content-type: image/png
last-modified: Sun, 02 Sep 2018 16:32:38 GMT
accept-ranges: bytes
content-length: 3174
date: Sat, 24 Sep 2022 19:31:12 GMT
vary: User-Agent
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
58b52380a6b5c598d1ad88e8da148137
a56206a0277aea6e8e2f7629793aba713d8edd0c
561a57c27dfa1f8651a89292428576b626e8700b9cd6b8173a0ce121aa8f9f4a

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 19:31:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

vjs.zencdn.net/7.20.3/video-js.css

151.101.86.217

200 OK

11 kB

URL HTTP/2
vjs.zencdn.net/7.20.3/video-js.css
IP
151.101.86.217:0
ASN
#54113 FASTLY

File type
Unicode text, UTF-8 text, with very long lines (5844)
Size
11 kB (10964 bytes)
Hash
fe56250286f5ded89eae50b54b7d1100
fa5e7d94f4604ab819f42f8b08257a70c86a6b54
76423f3d7320b1178fce25d069e2ff6c6cdc68f1ff8feb2181ea89bb348a80c4

HTTP Headers

GET /7.20.3/video-js.css HTTP/1.1
Host: vjs.zencdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
last-modified: Fri, 09 Sep 2022 18:11:04 GMT
etag: "92c4f5bba6e24134f07a508819300d2e"
content-type: text/css
content-encoding: gzip
date: Sat, 24 Sep 2022 19:31:11 GMT
x-served-by: cache-bma1662-BMA
x-cache: HIT
x-cache-hits: 1
vary: Accept-Encoding
access-control-allow-origin: *
timing-allow-origin: *
content-length: 10964
X-Firefox-Spdy: h2

ibradome.com/Uploads/Icons/cat-11.png

185.178.208.130

200 OK

7.6 kB

URL HTTP/2
ibradome.com/Uploads/Icons/cat-11.png
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
PNG image data, 70 x 70, 8-bit/color RGBA, interlaced\012- data
Size
7.6 kB (7619 bytes)
Hash
82475de8d7329bedf21a34dea891865c
46ba0d95f608cd4d37b6a9200709e5c9db3d1ded
276536fef1d707c1e158b0be467583a31227eb7d8598632e92949ae6503dd018

HTTP Headers

GET /Uploads/Icons/cat-11.png HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:12 GMT
content-type: image/png
last-modified: Sun, 02 Sep 2018 16:31:24 GMT
accept-ranges: bytes
content-length: 7619
date: Sat, 24 Sep 2022 19:31:12 GMT
vary: User-Agent
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2

ibradome.com/Uploads/Icons/cat-5.png

185.178.208.130

200 OK

9.2 kB

URL HTTP/2
ibradome.com/Uploads/Icons/cat-5.png
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
PNG image data, 70 x 70, 8-bit/color RGBA, interlaced\012- data
Size
9.2 kB (9232 bytes)
Hash
d344810ccc6c97e531273132c0363082
3c85f1f92b1a891bbfe82951f46e010e379f77a9
07f9045fd63e17fd9065a4af53fa9baa1004ddeaa68cdddebb8bfc8e727082b3

HTTP Headers

GET /Uploads/Icons/cat-5.png HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:12 GMT
content-type: image/png
last-modified: Sun, 02 Sep 2018 16:27:04 GMT
accept-ranges: bytes
content-length: 9232
date: Sat, 24 Sep 2022 19:31:12 GMT
vary: User-Agent
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2

ibradome.com/Uploads/Icons/cat-12.png

185.178.208.130

200 OK

5.6 kB

URL HTTP/2
ibradome.com/Uploads/Icons/cat-12.png
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
PNG image data, 70 x 70, 8-bit/color RGBA, interlaced\012- data
Size
5.6 kB (5600 bytes)
Hash
f6404456fb72e6af153a145b4ee513f8
ebef201c25cbd8250a74eef3a668bdfaaf03cd2a
14c9e517e3b543bbdfbe46751b3547a15794d9497ecf309aa6d94d85a1dcc9f0

HTTP Headers

GET /Uploads/Icons/cat-12.png HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:12 GMT
content-type: image/png
last-modified: Mon, 03 Sep 2018 12:44:27 GMT
accept-ranges: bytes
content-length: 5600
date: Sat, 24 Sep 2022 19:31:12 GMT
vary: User-Agent
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2

ibradome.com/Uploads/Icons/cat-4.png

185.178.208.130

200 OK

5.9 kB

URL HTTP/2
ibradome.com/Uploads/Icons/cat-4.png
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
PNG image data, 70 x 70, 8-bit/color RGBA, interlaced\012- data
Size
5.9 kB (5903 bytes)
Hash
58a844947bb2dddc69968bd5a1a92bdc
401f875d8363760ed26d9fa438de4af850808753
34f377a3ff342dd2d2c6bbe598a48871f3beb00f6f20db37805e279466c60d02

HTTP Headers

GET /Uploads/Icons/cat-4.png HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:12 GMT
content-type: image/png
last-modified: Sun, 02 Sep 2018 16:31:56 GMT
accept-ranges: bytes
content-length: 5903
date: Sat, 24 Sep 2022 19:31:12 GMT
vary: User-Agent
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2

ibradome.com/Uploads/Icons/cat-10.png

185.178.208.130

200 OK

4.7 kB

URL HTTP/2
ibradome.com/Uploads/Icons/cat-10.png
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
PNG image data, 70 x 70, 8-bit/color RGBA, interlaced\012- data
Size
4.7 kB (4680 bytes)
Hash
8e7d304b00fc5534bd2c30d8b39e1c78
3bc5fbac6eb210f540141964e32991c89902c938
334edf51111372a33c7261f6bf67aecd8af37f769e900e9d8b598bf07a30ec10

HTTP Headers

GET /Uploads/Icons/cat-10.png HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:12 GMT
content-type: image/png
last-modified: Sun, 02 Sep 2018 16:30:40 GMT
accept-ranges: bytes
content-length: 4680
date: Sat, 24 Sep 2022 19:31:12 GMT
vary: User-Agent
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2

ibradome.com/Uploads/Icons/cat-9.png

185.178.208.130

200 OK

14 kB

URL HTTP/2
ibradome.com/Uploads/Icons/cat-9.png
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
PNG image data, 70 x 70, 8-bit/color RGBA, interlaced\012- data
Size
14 kB (14212 bytes)
Hash
3b5ba603c866e607427b064b4f230167
78b697af19d148f6b51172985b575ab722cfb27f
4885368c7fa4d162da5b96d62f3e83396d33bfba05f9f0b0d59783947656ad28

HTTP Headers

GET /Uploads/Icons/cat-9.png HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:12 GMT
content-type: image/png
last-modified: Sun, 02 Sep 2018 16:27:46 GMT
accept-ranges: bytes
content-length: 14212
date: Sat, 24 Sep 2022 19:31:12 GMT
vary: User-Agent
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2

vjs.zencdn.net/7.20.3/video.min.js

151.101.86.217

200 OK

163 kB

URL HTTP/2
vjs.zencdn.net/7.20.3/video.min.js
IP
151.101.86.217:0
ASN
#54113 FASTLY

File type
Unicode text, UTF-8 text, with very long lines (48447)
Size
163 kB (163091 bytes)
Hash
8f05db01eec5f2735bf694d0fca4ac45
0c03336d9c9c1004650d7a879a3e39649cf47449
667dd653ec4d1d3add3a16045e91f1f9097cf639a3f96b1f3e461a0ddd7f67ac

HTTP Headers

GET /7.20.3/video.min.js HTTP/1.1
Host: vjs.zencdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
last-modified: Fri, 09 Sep 2022 18:11:04 GMT
etag: "e8501cee3dd39de15e41eeb3298c9576"
content-type: application/javascript
content-encoding: gzip
date: Sat, 24 Sep 2022 19:31:11 GMT
x-served-by: cache-bma1662-BMA
x-cache: HIT
x-cache-hits: 1
vary: Accept-Encoding
access-control-allow-origin: *
timing-allow-origin: *
content-length: 163091
X-Firefox-Spdy: h2

ibradome.com/Uploads/Icons/cat-2.png

185.178.208.130

200 OK

3.4 kB

URL HTTP/2
ibradome.com/Uploads/Icons/cat-2.png
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
PNG image data, 70 x 70, 8-bit/color RGBA, interlaced\012- data
Size
3.4 kB (3422 bytes)
Hash
05e63182f447f30c2125e06b119e2fe7
1252f51660f3568230cc12de6273639561f1f164
5febf31f517e18ec5a6f397675652c4470a35ce4d168b0e4ecb28d72895a3230

HTTP Headers

GET /Uploads/Icons/cat-2.png HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:12 GMT
content-type: image/png
last-modified: Sun, 02 Sep 2018 16:30:11 GMT
accept-ranges: bytes
content-length: 3422
date: Sat, 24 Sep 2022 19:31:12 GMT
vary: User-Agent
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2

ibradome.com/Template/Css/bundle.min.css?3.1

185.178.208.130

200 OK

32 kB

URL HTTP/2
ibradome.com/Template/Css/bundle.min.css?3.1
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
Unicode text, UTF-8 text, with very long lines (65534), with no line terminators
Size
32 kB (31742 bytes)
Hash
b6dddf678083e2b1ecaca2a2e9061b79
745c333330f5167a222294615058f0e9859d9f1d
c8495e987940177433fd199aad35ab847054ca7655f217607c07684995b9f068

HTTP Headers

GET /Template/Css/bundle.min.css?3.1 HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=31536000
expires: Sun, 24 Sep 2023 19:31:12 GMT
content-type: text/css; charset=utf-8
last-modified: Sat, 24 Sep 2022 07:39:03 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 31742
date: Sat, 24 Sep 2022 19:31:12 GMT
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2

ibradome.com/Uploads/Icons/cat-19.png

185.178.208.130

200 OK

4.1 kB

URL HTTP/2
ibradome.com/Uploads/Icons/cat-19.png
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced\012- data
Size
4.1 kB (4074 bytes)
Hash
5cc26606876953fad6e069ee47d791ac
10dc49b8f41d76929c5aaf5cc2b75333d21bf1bf
b6909b92aadbd2b3104fcbf8ac54fc0e5a959a1cecaaa8df7e2b1c49dab982a1

HTTP Headers

GET /Uploads/Icons/cat-19.png HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:12 GMT
content-type: image/png
last-modified: Sun, 11 Sep 2022 16:51:52 GMT
accept-ranges: bytes
content-length: 4074
date: Sat, 24 Sep 2022 19:31:12 GMT
vary: User-Agent
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2

ibradome.com/Uploads/Icons/cat-16.png

185.178.208.130

200 OK

4.1 kB

URL HTTP/2
ibradome.com/Uploads/Icons/cat-16.png
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced\012- data
Size
4.1 kB (4064 bytes)
Hash
ae0b71b14287f0302783511d12650787
2bb411a88faa6a5da7e69b83fb8c8ee172d6e7ac
706453ec1af1cbe36e35b048020952d0ffaddde196a6c88696ece922e62feb7d

HTTP Headers

GET /Uploads/Icons/cat-16.png HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:12 GMT
content-type: image/png
last-modified: Thu, 25 Jun 2020 13:34:27 GMT
accept-ranges: bytes
content-length: 4064
date: Sat, 24 Sep 2022 19:31:12 GMT
vary: User-Agent
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=UA-41025924-3

142.250.74.72

200 OK

42 kB

URL HTTP/2
www.googletagmanager.com/gtag/js?id=UA-41025924-3
IP
142.250.74.72:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1720)
Size
42 kB (42225 bytes)
Hash
bbd4840ba0cd66a4c895dff32cd58a1d
70dfe8cbdef6e75164f893ea7047bef54f087585
137d599e9500a33f4a6f3017205f699f490917a7a2b531ec1097e5de190a2398

HTTP Headers

GET /gtag/js?id=UA-41025924-3 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 24 Sep 2022 19:31:11 GMT
expires: Sat, 24 Sep 2022 19:31:11 GMT
cache-control: private, max-age=900
last-modified: Sat, 24 Sep 2022 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 42225
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

i.pixl.is/logoefd8b8470be94b63.png

104.21.234.75

200 OK

3.3 kB

URL HTTP/2
i.pixl.is/logoefd8b8470be94b63.png
IP
104.21.234.75:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 75 x 58, 8-bit/color RGBA, non-interlaced\012- data
Size
3.3 kB (3255 bytes)
Hash
f91f89b04931d9faf4ca6cac6b5e4aeb
d6b19ebec4ac9942052e2bbe97c411d33ea98893
cbdf85fece6f17a1457d7ea606e0300746c507557d644402fc178edd3e5703a5

HTTP Headers

GET /logoefd8b8470be94b63.png HTTP/1.1
Host: i.pixl.is
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 24 Sep 2022 19:31:11 GMT
content-type: image/png
content-length: 3255
last-modified: Fri, 16 Sep 2022 20:59:45 GMT
etag: "6324e3c1-cb7"
x-powered-by: dot-SEC
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT
cf-cache-status: HIT
age: 685849
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VN2A0BYIZSWbAmwUeclFjSvGxggCo57pfkHnW2sfZU2Gri0h9hwsHsOtC8wrQx4fGvSwZhj0vIdlODI60CCMrolI7JKQmiDQc9H1EISd%2FtJlHNxgJ9jbl6bX1qk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 74fdf05db83171f2-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

i.pixl.is/tpd-b-24px.png

104.21.234.75

200 OK

2.4 kB

URL HTTP/2
i.pixl.is/tpd-b-24px.png
IP
104.21.234.75:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Size
2.4 kB (2363 bytes)
Hash
abbfc76d055cdcc328045f3aa74e8a6e
6fc57c476e8b524aa244a57cfdea32b45401b43a
da12d3951fbbeaae494541313ccf71787d64d36656f39b80d7d85573494f565c

HTTP Headers

GET /tpd-b-24px.png HTTP/1.1
Host: i.pixl.is
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 24 Sep 2022 19:31:11 GMT
content-type: image/png
content-length: 2363
last-modified: Fri, 16 Sep 2022 21:01:01 GMT
etag: "6324e40d-93b"
x-powered-by: dot-SEC
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT
cf-cache-status: HIT
age: 685765
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l88SFpVBTIyJohU67ijefTg17FjLD0SSGTMfOskdBtRZr0xThvrlBkvjc4VRV1%2FuMho5Xa49jOWJk2hN8vt%2B8HX2gR3xhW0uOUZgcsBmo4kbkIomgFDJwJXAI%2FM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 74fdf05db83c71f2-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ibradome.com/Uploads/Avatars/admin.jpg

185.178.208.130

200 OK

48 kB

URL HTTP/2
ibradome.com/Uploads/Avatars/admin.jpg
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 95", progressive, precision 8, 300x355, components 3\012- data
Size
48 kB (48492 bytes)
Hash
1a3ef41f1aa6dd76a510e252d1e56456
2d51b6025f51fd6985826aa800306a7ea77ba41e
13bd6e0f3d3842e71e1d3e5c78ba262626f817fa984765d06042e0bb928bd5b4

HTTP Headers

GET /Uploads/Avatars/admin.jpg HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:12 GMT
content-type: image/jpeg
last-modified: Thu, 19 May 2022 20:29:50 GMT
accept-ranges: bytes
content-length: 48492
date: Sat, 24 Sep 2022 19:31:12 GMT
vary: User-Agent
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
4fb51016b82f43bc6ee9f5ace001690c
5390a86aa0a7b82f5d09605b10812567b309d27a
73283fa4b416ee80d2ac87c30d2183afa1ae487a8650563b79adc1f001030f73

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 19:31:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
f81d321c15c87e7147d792d08ebb7513
47f30d4ca38e6753a393965219321b0394ebb597
390ae5f5435d3f8c8b7f1fa8d7e2a3ebf55ea5dbe98aa3528dd562df4c295753

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 19:31:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ibradome.com/Uploads/Icons/cat-17.png

185.178.208.130

200 OK

3.5 kB

URL HTTP/2
ibradome.com/Uploads/Icons/cat-17.png
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced\012- data
Size
3.5 kB (3465 bytes)
Hash
06847777c3b030cec93413eda7f40f52
c40fe72fd9ee8a6ddd201d35d508b50b0e1937e1
9c80f39303e284e8a9170c7bf73346f35db50de3b6be136f6ffff567e50c34e7

HTTP Headers

GET /Uploads/Icons/cat-17.png HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:12 GMT
content-type: image/png
last-modified: Wed, 24 Nov 2021 14:27:53 GMT
accept-ranges: bytes
content-length: 3465
date: Sat, 24 Sep 2022 19:31:12 GMT
vary: User-Agent
alt-svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2

ibradome.com/Libs/Javascript/LoginModal/loginmodal.css?3.1

185.178.208.130

200 OK

1.7 kB

URL HTTP/2
ibradome.com/Libs/Javascript/LoginModal/loginmodal.css?3.1
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text, with very long lines (7311), with no line terminators
Size
1.7 kB (1709 bytes)
Hash
5dae93229accbf85e1d1801dcb48f100
556bbbb5323d62afc5b33da1a1fc6d2dc7248ab4
88e9d3f1b7ba90294ee9e64c1176962725695a713dc6d4c892354a15378ac5fe

HTTP Headers

GET /Libs/Javascript/LoginModal/loginmodal.css?3.1 HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=31536000
expires: Sun, 24 Sep 2023 19:31:12 GMT
content-type: text/css; charset=utf-8
last-modified: Sun, 01 Mar 2020 14:52:34 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 1709
date: Sat, 24 Sep 2022 19:31:12 GMT
alt-svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2

ibradome.com/Uploads/Icons/cat-15.png

185.178.208.130

200 OK

3.7 kB

URL HTTP/2
ibradome.com/Uploads/Icons/cat-15.png
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced\012- data
Size
3.7 kB (3740 bytes)
Hash
90ffdb8b3f54f8530c2c3cde619d9794
31af49fe82eaa73b22cc07331d1f0d15aa610942
292ec9b16dd1807f09e03af5f17d2910bc8fc8c0b867e73a12dd27ce4341697a

HTTP Headers

GET /Uploads/Icons/cat-15.png HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:12 GMT
content-type: image/png
last-modified: Sat, 16 May 2020 01:00:22 GMT
accept-ranges: bytes
content-length: 3740
date: Sat, 24 Sep 2022 19:31:12 GMT
vary: User-Agent
alt-svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2

ibradome.com/Uploads/Icons/cat-18.png

185.178.208.130

200 OK

6.0 kB

URL HTTP/2
ibradome.com/Uploads/Icons/cat-18.png
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced\012- data
Size
6.0 kB (5968 bytes)
Hash
d86cd55a573567c5135aa8a33a860cb8
55cc99bbce908f837db595e46463414c05f876ca
80f48172de54052f9bfa27ce00c72e5e33716abac6aab4e82a34c0558aa0b7b4

HTTP Headers

GET /Uploads/Icons/cat-18.png HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:12 GMT
content-type: image/png
last-modified: Fri, 27 May 2022 23:59:16 GMT
accept-ranges: bytes
content-length: 5968
date: Sat, 24 Sep 2022 19:31:12 GMT
vary: User-Agent
alt-svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2

ibradome.com/Uploads/Media/May22/Mon16/12926/c2e3dd88.jpg

185.178.208.130

200 OK

148 kB

URL HTTP/2
ibradome.com/Uploads/Media/May22/Mon16/12926/c2e3dd88.jpg
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 100", progressive, precision 8, 478x848, components 3\012- data
Size
148 kB (147952 bytes)
Hash
6d972ecfdea905692983e33bdbc5187b
ac39e6627f806386e1757bc847ec96605c2cacf1
35a0bae78c4a7e642ec667d71a82fff0d8bdbbd1aa5ef09deec397135dc0e088

HTTP Headers

GET /Uploads/Media/May22/Mon16/12926/c2e3dd88.jpg HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:12 GMT
content-type: image/jpeg
last-modified: Mon, 16 May 2022 09:27:01 GMT
accept-ranges: bytes
content-length: 147952
date: Sat, 24 Sep 2022 19:31:12 GMT
vary: User-Agent
alt-svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

143.204.55.36

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
143.204.55.36:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Sat, 24 Sep 2022 19:04:17 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Sat, 24 Sep 2022 19:53:07 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 61C6GY0KmOZ8ZuDgJw0eRWus4cL7G468ZEi0-fTxyygekkRqIYyI4g==
Age: 1614

ibradome.com/Template/Reactions/like.png

185.178.208.130

200 OK

5.9 kB

URL HTTP/2
ibradome.com/Template/Reactions/like.png
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced\012- data
Size
5.9 kB (5892 bytes)
Hash
a8642343ef065822ffa6e0a5c9d0d1e6
54d9f05cb2bc5972b63ffc680278fa313f2a8e09
2f2c0960bdf2cf973ed70b3d8583a88c5016601e55d6d8717559b56cf49b8d56

HTTP Headers

GET /Template/Reactions/like.png HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/Template/Css/bundle.min.css?3.1
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:12 GMT
content-type: image/png
last-modified: Wed, 06 Nov 2019 16:30:36 GMT
accept-ranges: bytes
content-length: 5892
date: Sat, 24 Sep 2022 19:31:12 GMT
vary: User-Agent
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2

ibradome.com/Uploads/Icons/cat-14.png

185.178.208.130

200 OK

22 kB

URL HTTP/2
ibradome.com/Uploads/Icons/cat-14.png
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
Web Open Font Format (Version 2), TrueType, length 21780, version 1.0\012- data
Size
22 kB (21780 bytes)
Hash
03e91f122aa5fd425abbe23c85546eb0
c87a3db06c5db4e75e639382f174eafa439aeb27
296945e5922e764eef17b1b4a3ee3e60dc202b3c7f074150b62158915bf74e33

HTTP Headers

GET /Uploads/Icons/cat-14.png HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:12 GMT
content-type: image/png
last-modified: Tue, 15 Oct 2019 14:59:43 GMT
accept-ranges: bytes
content-length: 11546
date: Sat, 24 Sep 2022 19:31:12 GMT
vary: User-Agent
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2

ibradome.com/Template/Reactions/love.png

185.178.208.130

200 OK

1.8 kB

URL HTTP/2
ibradome.com/Template/Reactions/love.png
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced\012- data
Size
1.8 kB (1790 bytes)
Hash
75e5767fb1ed6f94398f6376d7cd027b
1022a1756c775c775f788d630d3b8bf843e58730
340b0a43f06a9a983df308017d26401c0cdac56df9b388f30738c4232fc133a4

HTTP Headers

GET /Template/Reactions/love.png HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/Template/Css/bundle.min.css?3.1
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:13 GMT
content-type: image/png
last-modified: Wed, 06 Nov 2019 16:30:37 GMT
accept-ranges: bytes
content-length: 1790
date: Sat, 24 Sep 2022 19:31:13 GMT
vary: User-Agent
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2

ibradome.com/Template/Reactions/what.png

185.178.208.130

200 OK

2.4 kB

URL HTTP/2
ibradome.com/Template/Reactions/what.png
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced\012- data
Size
2.4 kB (2416 bytes)
Hash
5ad8755d33228cf692cbd3f744c2cdaf
c5a2e2ce2870a48c55f10e6c2e62ff9c671ff9d4
36bf9b5073e37717a8d5f950bcb138d44a4214826d6e7d3cfa26fc26ebe67e38

HTTP Headers

GET /Template/Reactions/what.png HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/Template/Css/bundle.min.css?3.1
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:13 GMT
content-type: image/png
last-modified: Wed, 06 Nov 2019 16:30:38 GMT
accept-ranges: bytes
content-length: 2416
date: Sat, 24 Sep 2022 19:31:13 GMT
vary: User-Agent
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2

ibradome.com/Template/Reactions/lol.png

185.178.208.130

200 OK

5.7 kB

URL HTTP/2
ibradome.com/Template/Reactions/lol.png
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
gzip compressed data, max compression\012- data
Size
5.7 kB (5682 bytes)
Hash
c6e5c14479e36fbb987825d5ac37aca3
b4382c0f1420af254d21fe0b4711c626be27f1ef
f6cff9fb60348d3a3abfbf4a445b72f37b85063e24d5798845853557b0cc8b86

HTTP Headers

GET /Template/Reactions/lol.png HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/Template/Css/bundle.min.css?3.1
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:13 GMT
content-type: image/png
last-modified: Wed, 06 Nov 2019 16:30:36 GMT
accept-ranges: bytes
content-length: 4289
date: Sat, 24 Sep 2022 19:31:13 GMT
vary: User-Agent
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2

ibradome.com/Template/Reactions/sad.png

185.178.208.130

200 OK

2.8 kB

URL HTTP/2
ibradome.com/Template/Reactions/sad.png
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced\012- data
Size
2.8 kB (2843 bytes)
Hash
2cd863281adb695fb3b1d6c9eb71d3fe
4dc3595f82628f8cb29e00bc488c3447b7117486
b41d8ce86fd25313e50b26b06473693e28f1b56459dba2c909bdb06403c7af09

HTTP Headers

GET /Template/Reactions/sad.png HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/Template/Css/bundle.min.css?3.1
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:13 GMT
content-type: image/png
last-modified: Wed, 06 Nov 2019 16:30:38 GMT
accept-ranges: bytes
content-length: 2843
date: Sat, 24 Sep 2022 19:31:13 GMT
vary: User-Agent
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2

ibradome.com/Template/Reactions/angry.png

185.178.208.130

200 OK

2.3 kB

URL HTTP/2
ibradome.com/Template/Reactions/angry.png
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced\012- data
Size
2.3 kB (2294 bytes)
Hash
227b117f97d994ad8624cf100dd1453e
4e02832d766dca6802c5cbdaf180fcc56153d198
98d04fda35987ceb7cb1e25eaa8da7db4fac873fb09e879b07b3b8945f9da862

HTTP Headers

GET /Template/Reactions/angry.png HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/Template/Css/bundle.min.css?3.1
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:12 GMT
content-type: image/png
last-modified: Wed, 06 Nov 2019 16:30:35 GMT
accept-ranges: bytes
content-length: 2294
date: Sat, 24 Sep 2022 19:31:12 GMT
vary: User-Agent
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
fa5a7fd1c3d5eed2a8816ac62ad73e51
6536f3880457c6ced9534d5cf10615b6daf42aea
3c3a74be5d72d9e2b5ecdaeafbbf3d0029cd5848d2483cfa10da14859deff436

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 19:31:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
fa5a7fd1c3d5eed2a8816ac62ad73e51
6536f3880457c6ced9534d5cf10615b6daf42aea
3c3a74be5d72d9e2b5ecdaeafbbf3d0029cd5848d2483cfa10da14859deff436

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 19:31:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ibradome.com/Template/Images/homepage_intro_bg.jpg

185.178.208.130

200 OK

69 kB

URL HTTP/2
ibradome.com/Template/Images/homepage_intro_bg.jpg
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], baseline, precision 8, 1436x660, components 3\012- data
Size
69 kB (68611 bytes)
Hash
97f892af0cd4e9fdb4822e42e9074be5
1a62984eb2e7d4b48da199ea13aaa99398e4ea8e
a2eb1fba78a4b39fd12a02ff85f978a3e9529c50f878cefe077b64dbe05bb2ff

HTTP Headers

GET /Template/Images/homepage_intro_bg.jpg HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:12 GMT
content-type: image/jpeg
last-modified: Wed, 08 Apr 2020 23:30:10 GMT
accept-ranges: bytes
content-length: 68611
date: Sat, 24 Sep 2022 19:31:12 GMT
vary: User-Agent
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2

kw3y5otoeuniv7e9rsi.com/aas/r45d/vki/1845010/30627ec4.js

62.122.171.6

200 OK

42 kB

URL HTTP/2
kw3y5otoeuniv7e9rsi.com/aas/r45d/vki/1845010/30627ec4.js
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type
data
Size
42 kB (41785 bytes)
Hash
6a005fb2fdd4133b09d5afb1d96ebd66
5e9f7c575a97dca2ef3d64bb8a6f4bf8702f5b26
b6e3c4293cb06649d50a0699816ddbcb794eabc0fd4f7938118b01caa7bf927d

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /aas/r45d/vki/1845010/30627ec4.js HTTP/1.1
Host: kw3y5otoeuniv7e9rsi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 19:31:11 GMT
content-type: application/javascript
last-modified: Wed, 07 Sep 2022 13:38:24 GMT
vary: Accept-Encoding
etag: W/"63189ed0-1091a"
x-js-ab1: current
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
fa5a7fd1c3d5eed2a8816ac62ad73e51
6536f3880457c6ced9534d5cf10615b6daf42aea
3c3a74be5d72d9e2b5ecdaeafbbf3d0029cd5848d2483cfa10da14859deff436

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 19:31:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ibradome.com/Template/Fonts/icomoon.ttf?hk79cy

185.178.208.130

200 OK

24 kB

URL HTTP/2
ibradome.com/Template/Fonts/icomoon.ttf?hk79cy
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
TrueType Font data, 11 tables, 1st "OS/2", 14 names, Macintosh, type 1 string, icomoon \012- data
Size
24 kB (23979 bytes)
Hash
9c882c87c4a2b92865c5b251b7313e1f
f73b8c97b3f0d3b9ef05d9ab04a57b63e9b75015
daddfd58f5077fb62171f3bacc4753b6187bd6f32fa61ccce39614d1a3e009d4

HTTP Headers

GET /Template/Fonts/icomoon.ttf?hk79cy HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/Template/Css/bundle.min.css?3.1
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:13 GMT
content-type: application/x-font-ttf
last-modified: Wed, 06 Nov 2019 16:30:17 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 23979
date: Sat, 24 Sep 2022 19:31:13 GMT
access-control-allow-origin: *
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
fa5a7fd1c3d5eed2a8816ac62ad73e51
6536f3880457c6ced9534d5cf10615b6daf42aea
3c3a74be5d72d9e2b5ecdaeafbbf3d0029cd5848d2483cfa10da14859deff436

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 19:31:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

142.250.74.163

200 OK

31 kB

URL HTTP/2
fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 30928, version 1.0\012- data
Size
31 kB (30928 bytes)
Hash
ac0d2859ea5f8fd6bcb3c305c08ec184
7f6c17e3e592cd8bd346b9cc261d8dd961b8aef7
ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780

HTTP Headers

GET /s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ibradome.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 30928
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 22 Sep 2022 16:40:18 GMT
expires: Fri, 22 Sep 2023 16:40:18 GMT
cache-control: public, max-age=31536000
age: 183053
last-modified: Mon, 11 Jul 2022 18:57:39 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/oswald/v49/TK3_WkUHHAIjg75cFRf3bXL8LICs1_FvsUZiZQ.woff2

142.250.74.163

200 OK

9.8 kB

URL HTTP/2
fonts.gstatic.com/s/oswald/v49/TK3_WkUHHAIjg75cFRf3bXL8LICs1_FvsUZiZQ.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 9840, version 1.0\012- data
Size
9.8 kB (9840 bytes)
Hash
afda6e429fd299054de28e1f157c683d
c1847d6f3df5fe11d5e96fd5e6a59b73ff7ed96b
81cd29d1413ecf75834fb3ce1da572fe5c39e53b22c61f5dafec5b14ed4ee12e

HTTP Headers

GET /s/oswald/v49/TK3_WkUHHAIjg75cFRf3bXL8LICs1_FvsUZiZQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ibradome.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 9840
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 19 Sep 2022 21:09:41 GMT
expires: Tue, 19 Sep 2023 21:09:41 GMT
cache-control: public, max-age=31536000
age: 426090
last-modified: Mon, 18 Jul 2022 19:24:04 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/rajdhani/v15/LDIxapCSOBg7S-QT7p4HM-Y.woff2

142.250.74.163

200 OK

15 kB

URL HTTP/2
fonts.gstatic.com/s/rajdhani/v15/LDIxapCSOBg7S-QT7p4HM-Y.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 14976, version 1.0\012- data
Size
15 kB (14976 bytes)
Hash
cac31f26b77ee8053a76a54ce2f8ce48
c92bcfc9121164049c1b30655db9481d0e454464
759a9000e47b028799d7a4ca602634a7ac7adf415775df070a335d18d9b66f38

HTTP Headers

GET /s/rajdhani/v15/LDIxapCSOBg7S-QT7p4HM-Y.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ibradome.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 14976
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 21 Sep 2022 20:55:20 GMT
expires: Thu, 21 Sep 2023 20:55:20 GMT
cache-control: public, max-age=31536000
age: 254151
last-modified: Wed, 27 Apr 2022 15:42:00 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/raleway/v28/1Ptxg8zYS_SKggPN4iEgvnHyvveLxVvaorCIPrE.woff2

142.250.74.163

200 OK

21 kB

URL HTTP/2
fonts.gstatic.com/s/raleway/v28/1Ptxg8zYS_SKggPN4iEgvnHyvveLxVvaorCIPrE.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 21280, version 1.0\012- data
Size
21 kB (21280 bytes)
Hash
16911581ab7ea10687a5aee74cbc5612
b0b24248345739209d753a4ac77ccfc1f627b219
c78a1da5fd0868a547cf285748c7fb73006571190385eb71c0d601b6b240ffaf

HTTP Headers

GET /s/raleway/v28/1Ptxg8zYS_SKggPN4iEgvnHyvveLxVvaorCIPrE.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ibradome.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 21280
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 19 Sep 2022 21:07:37 GMT
expires: Tue, 19 Sep 2023 21:07:37 GMT
cache-control: public, max-age=31536000
age: 426215
last-modified: Mon, 18 Jul 2022 19:57:59 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2

142.250.74.163

200 OK

13 kB

URL HTTP/2
fonts.gstatic.com/s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 13036, version 1.0\012- data
Size
13 kB (13036 bytes)
Hash
0ad032b3d07aaf33b160ac4799dda40f
06b931e0d0bf37f5037d9e66d6feedfddd21c0ba
c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0

HTTP Headers

GET /s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ibradome.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 13036
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 21 Sep 2022 19:26:57 GMT
expires: Thu, 21 Sep 2023 19:26:57 GMT
cache-control: public, max-age=31536000
age: 259455
last-modified: Wed, 27 Apr 2022 16:04:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
4ff0de9a953b1a45b09e14cead693110
64211bc797cdd8043b2d7b910ac68c2b82daa7d9
ec2e4e21cd628c313988a5ee3ffc3ddab3d8a0a165cc84cc82ce65c25bcce27d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EC2E4E21CD628C313988A5EE3FFC3DDAB3D8A0A165CC84CC82CE65C25BCCE27D"
Last-Modified: Fri, 23 Sep 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10210
Expires: Sat, 24 Sep 2022 22:21:22 GMT
Date: Sat, 24 Sep 2022 19:31:12 GMT
Connection: keep-alive

fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2

142.250.74.163

200 OK

7.9 kB

URL HTTP/2
fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 7884, version 1.0\012- data
Size
7.9 kB (7884 bytes)
Hash
9212f6f9860f9fc6c69b02fedf6db8c3
ac6d71b4d5fdd2b3dabc9a06ff6c001e4251da0b
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f

HTTP Headers

GET /s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ibradome.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7884
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 21 Sep 2022 19:32:09 GMT
expires: Thu, 21 Sep 2023 19:32:09 GMT
cache-control: public, max-age=31536000
age: 259143
last-modified: Wed, 27 Apr 2022 17:03:52 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

142.250.74.163

200 OK

45 kB

URL HTTP/2
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Size
45 kB (44856 bytes)
Hash
565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db

HTTP Headers

GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ibradome.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 24 Sep 2022 18:01:25 GMT
expires: Sun, 24 Sep 2023 18:01:25 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
age: 5387
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
a7809de115ea73f8b61f3d20a9978493
01fc65a2b694d7aadd5204d21801e87b2b55b73e
72692486033feeb149424c59576c6c75b17228dfc89b4c369d2e17cc4bff3d52

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2464
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 19:31:12 GMT
Last-Modified: Sat, 24 Sep 2022 18:50:08 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
da681c2f112645651e5b32be2cfcd052
2e57e4163b8ed8ceebe8c6dde5ff1aa5efc7b946
302a7e1f8156051b7c793c61fbe3e81096374431e22bd9821b4aa38e1a5772f7

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 19:31:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ibradome.com/Uploads/Media/Apr20/Mon27/2021/m_f330919b.jpg

185.178.208.130

200 OK

9.7 kB

URL HTTP/2
ibradome.com/Uploads/Media/Apr20/Mon27/2021/m_f330919b.jpg
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 80", progressive, precision 8, 400x225, components 3\012- data
Size
9.7 kB (9728 bytes)
Hash
303b7c15c8c1a8ff85a8a0d8ef72f892
e2d47bcc60e4492c87583a24ca43de359063b3ae
6ab11b270a3906891f82c3542a40f9dee1827c15ad2b800e9e4ea6defc9b88a5

HTTP Headers

GET /Uploads/Media/Apr20/Mon27/2021/m_f330919b.jpg HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:13 GMT
content-type: image/jpeg
last-modified: Mon, 27 Apr 2020 03:34:07 GMT
accept-ranges: bytes
content-length: 9728
date: Sat, 24 Sep 2022 19:31:13 GMT
vary: User-Agent
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
542f48d043489354b329279417c1c73b
c659807cae086df7e23c6f8791cd699a8172d383
fde78da84b1ab6ede882559ff1fd2b8f44f6f0412d07bb6c2a0881fb4e5cc318

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FDE78DA84B1AB6EDE882559FF1FD2B8F44F6F0412D07BB6C2A0881FB4E5CC318"
Last-Modified: Fri, 23 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5059
Expires: Sat, 24 Sep 2022 20:55:31 GMT
Date: Sat, 24 Sep 2022 19:31:12 GMT
Connection: keep-alive

kw3y5otoeuniv7e9rsi.com/solid.gif?z=1845010&abvar=0

62.122.171.6

200 OK

43 B

URL HTTP/2
kw3y5otoeuniv7e9rsi.com/solid.gif?z=1845010&abvar=0
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

POST /solid.gif?z=1845010&abvar=0 HTTP/1.1
Host: kw3y5otoeuniv7e9rsi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ibradome.com
Connection: keep-alive
Referer: https://ibradome.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 19:31:12 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.tag.loaded
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

ibradome.com/Uploads/Media/Sep22/Sat24/15296/m_68c7fc3a.jpg

185.178.208.130

200 OK

16 kB

URL HTTP/2
ibradome.com/Uploads/Media/Sep22/Sat24/15296/m_68c7fc3a.jpg
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 60", progressive, precision 8, 300x437, components 3\012- data
Size
16 kB (15871 bytes)
Hash
bfebd01cd04ec9f1ff00c2e1f36c9e17
1b2e2b8223e39ac29db970dacf55e83ded55d75a
c4396b71f9eead561d9cd0145dea0b7b7d9cb7373fcea2d65156f632620cc5e7

HTTP Headers

GET /Uploads/Media/Sep22/Sat24/15296/m_68c7fc3a.jpg HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:13 GMT
content-type: image/jpeg
last-modified: Sat, 24 Sep 2022 05:37:34 GMT
accept-ranges: bytes
content-length: 15871
date: Sat, 24 Sep 2022 19:31:13 GMT
vary: User-Agent
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2

ibradome.com/Uploads/Media/Sep22/Sat24/15295/m_c8f04d28.jpg

185.178.208.130

200 OK

19 kB

URL HTTP/2
ibradome.com/Uploads/Media/Sep22/Sat24/15295/m_c8f04d28.jpg
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 60", progressive, precision 8, 300x533, components 3\012- data
Size
19 kB (18827 bytes)
Hash
27e17467c48afd2460fc89d61f63f801
18978295b3274702494caebc820bdbcd14697ce3
d647608c7d3729baa77f1828a180c977606da7fa7f238b7ed9bb543511019385

HTTP Headers

GET /Uploads/Media/Sep22/Sat24/15295/m_c8f04d28.jpg HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:13 GMT
content-type: image/jpeg
last-modified: Sat, 24 Sep 2022 05:37:22 GMT
accept-ranges: bytes
content-length: 18827
date: Sat, 24 Sep 2022 19:31:13 GMT
vary: User-Agent
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2

ibradome.com/Uploads/Media/Sep22/Sat24/15294/m_15b7a3ae.jpg

185.178.208.130

200 OK

15 kB

URL HTTP/2
ibradome.com/Uploads/Media/Sep22/Sat24/15294/m_15b7a3ae.jpg
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 60", progressive, precision 8, 300x533, components 3\012- data
Size
15 kB (14942 bytes)
Hash
e048d97fbfa8ea2bc6bf427edea4243c
5d19110fb640c39986ca45e69da0fd33d4e01021
9712fcfb089adf79b811142cf38c4b0b42bcf28282e5bb7545a723a7a761f034

HTTP Headers

GET /Uploads/Media/Sep22/Sat24/15294/m_15b7a3ae.jpg HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:13 GMT
content-type: image/jpeg
last-modified: Sat, 24 Sep 2022 05:37:03 GMT
accept-ranges: bytes
content-length: 14942
date: Sat, 24 Sep 2022 19:31:13 GMT
vary: User-Agent
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2

ibradome.com/Uploads/Media/Sep22/Sat24/15292/m_2ce477f5.jpg

185.178.208.130

200 OK

14 kB

URL HTTP/2
ibradome.com/Uploads/Media/Sep22/Sat24/15292/m_2ce477f5.jpg
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 60", progressive, precision 8, 300x534, components 3\012- data
Size
14 kB (14184 bytes)
Hash
f77af14b3a70c4aaf782913aeb816708
417778a5671fc1999fe7eb284da5b829b39421b4
5624a2303519d5115d26421a240c3bf3aa498f50dc84ecf33ca978b9cf39d398

HTTP Headers

GET /Uploads/Media/Sep22/Sat24/15292/m_2ce477f5.jpg HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:13 GMT
content-type: image/jpeg
last-modified: Sat, 24 Sep 2022 05:36:35 GMT
accept-ranges: bytes
content-length: 14184
date: Sat, 24 Sep 2022 19:31:13 GMT
vary: User-Agent
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2

ibradome.com/Uploads/Media/Sep22/Sat24/15293/m_9820493e.jpg

185.178.208.130

200 OK

17 kB

URL HTTP/2
ibradome.com/Uploads/Media/Sep22/Sat24/15293/m_9820493e.jpg
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 60", progressive, precision 8, 300x534, components 3\012- data
Size
17 kB (16587 bytes)
Hash
64413ffc3f4af7442f00552f06740f5b
7018ab7ce669c5dbf8871adb3e3c7256e53b20f5
eb172ea43be62cd9a4df163c0048fc39645e8f0bd778e55e4714b704cb5cb61f

HTTP Headers

GET /Uploads/Media/Sep22/Sat24/15293/m_9820493e.jpg HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:13 GMT
content-type: image/jpeg
last-modified: Sat, 24 Sep 2022 05:36:50 GMT
accept-ranges: bytes
content-length: 16587
date: Sat, 24 Sep 2022 19:31:13 GMT
vary: User-Agent
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2

ibradome.com/Uploads/Media/Sep22/Sat24/15287/m_da6d2adc.jpg

185.178.208.130

200 OK

16 kB

URL HTTP/2
ibradome.com/Uploads/Media/Sep22/Sat24/15287/m_da6d2adc.jpg
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 60", progressive, precision 8, 300x400, components 3\012- data
Size
16 kB (15634 bytes)
Hash
c5774647a8981a5222dfe955ae856563
9c514a51258bca2b8fa5ee72408beede59b31e5f
ac48b3937bfb23c6a642033e79a48aacfbb9d73cd929efb9b454120ff6859072

HTTP Headers

GET /Uploads/Media/Sep22/Sat24/15287/m_da6d2adc.jpg HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:13 GMT
content-type: image/jpeg
last-modified: Sat, 24 Sep 2022 05:24:33 GMT
accept-ranges: bytes
content-length: 15634
date: Sat, 24 Sep 2022 19:31:13 GMT
vary: User-Agent
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2

ibradome.com/Uploads/Media/Jul20/Sat11/3596/m_28c8cdac.jpg

185.178.208.130

200 OK

18 kB

URL HTTP/2
ibradome.com/Uploads/Media/Jul20/Sat11/3596/m_28c8cdac.jpg
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 80", progressive, precision 8, 500x385, components 3\012- data
Size
18 kB (17989 bytes)
Hash
94d09ce74f95d1542782b1f22b7eaeb0
959bc3f539f2f1c54b3061f9b8f0213a24f4f42b
e6046e6875cc564bbe16ef8893264c35befc9255b9e8b2a10567e076c35187e1

HTTP Headers

GET /Uploads/Media/Jul20/Sat11/3596/m_28c8cdac.jpg HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:13 GMT
content-type: image/jpeg
last-modified: Sat, 11 Jul 2020 18:36:05 GMT
accept-ranges: bytes
content-length: 17989
date: Sat, 24 Sep 2022 19:31:13 GMT
vary: User-Agent
alt-svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2

rallydisprove.com/0a/9a/ec/0a9aec252ec8cc83b9f56ec6b45fa3a9.js

192.243.59.13

200 OK

13 kB

URL HTTP/1.1
rallydisprove.com/0a/9a/ec/0a9aec252ec8cc83b9f56ec6b45fa3a9.js
IP
192.243.59.13:0
ASN
#39572 DataWeb Global Group B.V.

File type
ASCII text, with very long lines (37149), with no line terminators
Size
13 kB (13423 bytes)
Hash
f0b1979dc3f4830fea3b298e130eeab4
b8122c0563f0fbc79b424ef876e77ac3f073ed09
9fb24ad7c0ab496c372ae1c0674ee4b72d0497c2fefe6bbd39bd9334ae93b714

HTTP Headers

GET /0a/9a/ec/0a9aec252ec8cc83b9f56ec6b45fa3a9.js HTTP/1.1
Host: rallydisprove.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sat, 24 Sep 2022 19:31:12 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 17115dae10ddc2f4802363e318e469be
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

push.services.mozilla.com/

52.89.20.60

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.89.20.60:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Y/+XAkivY/UnlnsOiW6qng==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: NN0+zsElswaw2YCKJWrgxM4AD+I=

ibradome.com/Uploads/Media/Oct21/Mon25/9122/m_e76411a2.jpg

185.178.208.130

200 OK

214 kB

URL HTTP/2
ibradome.com/Uploads/Media/Oct21/Mon25/9122/m_e76411a2.jpg
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 100", progressive, precision 8, 500x666, components 3\012- data
Size
214 kB (213819 bytes)
Hash
31c42a810554f09405cf6d3991a9b8ce
b6fc09dda6a55eced3f1ab581ac0eec8d4128c94
ffe14781ca4d92e3973e9a7f907e70ea0c892d473a53932318f1d96a56081bb4

HTTP Headers

GET /Uploads/Media/Oct21/Mon25/9122/m_e76411a2.jpg HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:13 GMT
content-type: image/jpeg
last-modified: Mon, 25 Oct 2021 17:41:43 GMT
accept-ranges: bytes
content-length: 213819
date: Sat, 24 Sep 2022 19:31:13 GMT
vary: User-Agent
alt-svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
915f02e7338e993f5d10f4f54c95b629
474f359544eb5fe40a941487eb2d8f8e711f9934
848147b73f373d6d09b177205cc3294a93b5f57b863c454217ee7cdaf07a422f

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1051
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 19:31:12 GMT
Last-Modified: Sat, 24 Sep 2022 19:13:41 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 280

go6shde9nj2itle.com/solid.gif?z=1846181&abvar=0

62.122.171.6

200 OK

43 B

URL HTTP/2
go6shde9nj2itle.com/solid.gif?z=1846181&abvar=0
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

POST /solid.gif?z=1846181&abvar=0 HTTP/1.1
Host: go6shde9nj2itle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://kw3y5otoeuniv7e9rsi.com
Connection: keep-alive
Referer: https://kw3y5otoeuniv7e9rsi.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 19:31:12 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.tag.loaded
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

ocsp.sca1b.amazontrust.com/

54.230.245.118

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
54.230.245.118:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
0748503adde2cb95a8d0b7a1611c5f80
eee215487ae9ac3cae37a92a4c761fc6d01f3320
67f8645c49b34ea64abd33c9f9429c2b032517d904fd0cddaa5e3d1c44458fa3

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sat, 24 Sep 2022 19:31:12 GMT
Last-Modified: Sat, 24 Sep 2022 18:47:22 GMT
Server: ECS (bsa/EB1D)
X-Cache: Miss from cloudfront
Via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: gcFLtnwx-Gk-wUviqj1AHuGxCu3jORglHdqzsoq5ffS7Mj61sRfLpA==
Age: 2630

cdn.pncloudfl.com/pn/087/982/9a0/0879829a09c40b64dbdc0f242a35b72ffac08aa6.png

104.22.59.221

200 OK

48 kB

URL HTTP/2
cdn.pncloudfl.com/pn/087/982/9a0/0879829a09c40b64dbdc0f242a35b72ffac08aa6.png
IP
104.22.59.221:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image\012- data
Size
48 kB (47686 bytes)
Hash
42bb8b4570405a983f11eff4dcd64805
56c53e3cd3ce629d4abc85fdc51eb0f24707490b
0acafaf87c21729534ca344a86bf598dc835166b211241b8f221d28fa90f0851

HTTP Headers

GET /pn/087/982/9a0/0879829a09c40b64dbdc0f242a35b72ffac08aa6.png HTTP/1.1
Host: cdn.pncloudfl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 24 Sep 2022 19:31:12 GMT
content-type: image/webp
content-length: 47686
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
cache-control: max-age=172800
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=78045
content-disposition: inline; filename="0879829a09c40b64dbdc0f242a35b72ffac08aa6.webp"
etag: 0713b5bb31c6e4567cfad608b49c7b62
expires: Sat, 24 Sep 2022 22:06:48 GMT
last-modified: Sat, 25 Jun 2022 11:34:30 GMT
vary: Accept
x-openstack-request-id: tx91ee5175127347938240f-0062b6fb07
x-proxy-cache: HIT
x-timestamp: 1656156869.15703
x-trans-id: tx91ee5175127347938240f-0062b6fb07
cf-cache-status: HIT
age: 163464
accept-ranges: bytes
access-control-allow-origin: *
server: cloudflare
cf-ray: 74fdf0645a2cfab4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

go6shde9nj2itle.com/solid.gif?z=1846181&abvar=0

62.122.171.6

200 OK

43 B

URL HTTP/2
go6shde9nj2itle.com/solid.gif?z=1846181&abvar=0
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

POST /solid.gif?z=1846181&abvar=0 HTTP/1.1
Host: go6shde9nj2itle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://kw3y5otoeuniv7e9rsi.com
Connection: keep-alive
Referer: https://kw3y5otoeuniv7e9rsi.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 19:31:12 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.tag.loaded
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

cdn.pncloudfl.com/pn/ce1/4c0/15d/ce14c015dc32237df6ee0b4319a9952840ed89ec.jpg

104.22.59.221

200 OK

42 kB

URL HTTP/2
cdn.pncloudfl.com/pn/ce1/4c0/15d/ce14c015dc32237df6ee0b4319a9952840ed89ec.jpg
IP
104.22.59.221:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image\012- data
Size
42 kB (42516 bytes)
Hash
d0d7cdcb7856ba645516b837997b1a2e
59fa3994087ba24980ec328ecacbc97ca6b9ba3f
0d48126bc699e3dab7f668341590cad7dcff3533552a814385f8455059fa1f25

HTTP Headers

GET /pn/ce1/4c0/15d/ce14c015dc32237df6ee0b4319a9952840ed89ec.jpg HTTP/1.1
Host: cdn.pncloudfl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 24 Sep 2022 19:31:12 GMT
content-type: image/webp
content-length: 42516
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
cache-control: max-age=172800
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=76368
content-disposition: inline; filename="ce14c015dc32237df6ee0b4319a9952840ed89ec.webp"
etag: 475c434979fcb4908d05a8aad91d8894
expires: Sat, 24 Sep 2022 22:41:33 GMT
last-modified: Thu, 22 Sep 2022 15:43:35 GMT
vary: Accept
x-openstack-request-id: txc0b2142227144ae999d77-00632c82b5
x-proxy-cache: HIT
x-timestamp: 1663861414.47190
x-trans-id: txc0b2142227144ae999d77-00632c82b5
cf-cache-status: HIT
age: 161379
accept-ranges: bytes
access-control-allow-origin: *
server: cloudflare
cf-ray: 74fdf0645a2dfab4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

go6shde9nj2itle.com/solid.gif?z=1846181&abvar=0

62.122.171.6

200 OK

43 B

URL HTTP/2
go6shde9nj2itle.com/solid.gif?z=1846181&abvar=0
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

POST /solid.gif?z=1846181&abvar=0 HTTP/1.1
Host: go6shde9nj2itle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://kw3y5otoeuniv7e9rsi.com
Connection: keep-alive
Referer: https://kw3y5otoeuniv7e9rsi.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 19:31:12 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.tag.loaded
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

simplewebanalysis.com/stats

3.66.118.16

200 OK

40 B

URL HTTP/2
simplewebanalysis.com/stats
IP
3.66.118.16:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
178d79503e3c09c95cedb42de38ad3c0
28cfe0ff9e537d58343ba5528e8046664c3784a8
a5f9e8250a5e24b83bf3b60edb436792dd1cc54d659ddd9ab843ed6306f01957

HTTP Headers

GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ibradome.com
Connection: keep-alive
Referer: https://ibradome.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 24 Sep 2022 19:31:12 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://ibradome.com
access-control-allow-credentials: true
set-cookie: uid_id2=f27d47e7-d9f5-407d-9675-74ea0a68e259:3:1; expires=Tue, 21 Sep 2032 19:31:12 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

cdn.pncloudfl.com/pn/b3c/a46/243/b3ca46243dd1beb6a1169d26cfa361bac2d7b97e.jpg

104.22.59.221

200 OK

44 kB

URL HTTP/2
cdn.pncloudfl.com/pn/b3c/a46/243/b3ca46243dd1beb6a1169d26cfa361bac2d7b97e.jpg
IP
104.22.59.221:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image\012- data
Size
44 kB (43534 bytes)
Hash
5b5185d2fccd2dca3c94db1ba3359efc
5be904c10086b3af052ea9a79f6b60e1150ecf4b
a4834b0c05e82cc70c7778348a3c205f25f3a22e9775e137c3d8187b3f6a3fb5

HTTP Headers

GET /pn/b3c/a46/243/b3ca46243dd1beb6a1169d26cfa361bac2d7b97e.jpg HTTP/1.1
Host: cdn.pncloudfl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 24 Sep 2022 19:31:12 GMT
content-type: image/webp
content-length: 43534
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
cache-control: max-age=172800
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=77637
content-disposition: inline; filename="b3ca46243dd1beb6a1169d26cfa361bac2d7b97e.webp"
etag: 1b8a2ca51633977e4d71e0297479bdcf
expires: Sat, 24 Sep 2022 21:22:18 GMT
last-modified: Thu, 22 Sep 2022 10:27:55 GMT
vary: Accept
x-openstack-request-id: txe70ca3ba19e54f508ede7-00632c38e6
x-proxy-cache: HIT
x-timestamp: 1663842474.88163
x-trans-id: txe70ca3ba19e54f508ede7-00632c38e6
cf-cache-status: HIT
age: 166134
accept-ranges: bytes
access-control-allow-origin: *
server: cloudflare
cf-ray: 74fdf0647a44fab4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
915f02e7338e993f5d10f4f54c95b629
474f359544eb5fe40a941487eb2d8f8e711f9934
848147b73f373d6d09b177205cc3294a93b5f57b863c454217ee7cdaf07a422f

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1051
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 19:31:12 GMT
Last-Modified: Sat, 24 Sep 2022 19:13:41 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 280

go6shde9nj2itle.com/solid.gif?z=1846181&abvar=0

62.122.171.6

200 OK

43 B

URL HTTP/2
go6shde9nj2itle.com/solid.gif?z=1846181&abvar=0
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

POST /solid.gif?z=1846181&abvar=0 HTTP/1.1
Host: go6shde9nj2itle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ibradome.com
Connection: keep-alive
Referer: https://ibradome.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 19:31:12 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.tag.loaded
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

ocsp.usertrust.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.usertrust.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
1ae59b7e309b88531e3bb1678d637bef
14e3f78a5a4fd062c102a6092bc4e047eecebfa9
c7f6bacb3be3cd02747bfe33e4576f56ffc62e8caf1f7527ad5aedde302b2dca

HTTP Headers

POST / HTTP/1.1
Host: ocsp.usertrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 19:31:12 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 23 Sep 2022 02:07:02 GMT
Expires: Fri, 30 Sep 2022 02:07:01 GMT
Etag: "14e3f78a5a4fd062c102a6092bc4e047eecebfa9"
Cache-Control: max-age=601260,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 1167
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74fdf06539ad0afe-OSL

kw3y5otoeuniv7e9rsi.com/chicken.gif?z=1882687&pb=c388c215cb18a53264728231afc0eab11664055072&psp=XvvVV2yMgti1ey6h2QEA5nHjwNsW98S5DF8x6oZHYkFbt4KVYvpbaljWAGMardPzLTdsNXVysCgJyGm0ufByYb2c-JvobZGgEOXQ5DQK_c3SM3aSPQxkFBsfgwMUeCJ-JRv_NRCBAuMyKu0PhFDtW9gV38blkZv6SwvIehfmDZ_7HA037clARlPW6a9wbvBjNccGBzSwBxLAPMrUX7_af9svrc-1WjkGOE4ChWwKIk3xISmnPDq-yobDp-nIYmr5S-O52CMSXcCdHz9omWzReiYMnuDyH-oam18Nd0Q-M0EhERTz8xXdLLz1a_gl-FSxpvTH5ienwCSnUq8ByIhcibts0TEAsOgttIKJ6xdMJSv-15meL57TBUGsMYEkjnqVYeij3SZL3mjRaFsCnCN3rnUC5tXkFcwE_KPSMwnAehwUuUHIrHP42Za0FEg35IcDjYaGM5N3FHICr_3VjxhHv6roRyrTbS-_MJkk_uOkWTd53kGEamiHGTjAshW4bTMotj5ZQGFs-RLCGP23faABep5L7KpTSYPYeyDQ1msy1Ol3CVpQ7Nrxilt8H8eegDn8_Snre6aMcpklXo93GBgYW5_Ao7Mq-QuCwoz171CXKRqqXfPygoj0cTFTwcWbcg8nS7TrEYzDyDmCRmZSALCTIFh2s9w2xCDHfzrNBbwruzZLn9fIJ8Hqh6qTcWGY148yxLuL4u-RI9OYj5bqbKodSRJr7ZM=&abvar=0&os=0

62.122.171.6

200 OK

43 B

URL HTTP/2
kw3y5otoeuniv7e9rsi.com/chicken.gif?z=1882687&pb=c388c215cb18a53264728231afc0eab11664055072&psp=XvvVV2yMgti1ey6h2QEA5nHjwNsW98S5DF8x6oZHYkFbt4KVYvpbaljWAGMardPzLTdsNXVysCgJyGm0ufByYb2c-JvobZGgEOXQ5DQK_c3SM3aSPQxkFBsfgwMUeCJ-JRv_NRCBAuMyKu0PhFDtW9gV38blkZv6SwvIehfmDZ_7HA037clARlPW6a9wbvBjNccGBzSwBxLAPMrUX7_af9svrc-1WjkGOE4ChWwKIk3xISmnPDq-yobDp-nIYmr5S-O52CMSXcCdHz9omWzReiYMnuDyH-oam18Nd0Q-M0EhERTz8xXdLLz1a_gl-FSxpvTH5ienwCSnUq8ByIhcibts0TEAsOgttIKJ6xdMJSv-15meL57TBUGsMYEkjnqVYeij3SZL3mjRaFsCnCN3rnUC5tXkFcwE_KPSMwnAehwUuUHIrHP42Za0FEg35IcDjYaGM5N3FHICr_3VjxhHv6roRyrTbS-_MJkk_uOkWTd53kGEamiHGTjAshW4bTMotj5ZQGFs-RLCGP23faABep5L7KpTSYPYeyDQ1msy1Ol3CVpQ7Nrxilt8H8eegDn8_Snre6aMcpklXo93GBgYW5_Ao7Mq-QuCwoz171CXKRqqXfPygoj0cTFTwcWbcg8nS7TrEYzDyDmCRmZSALCTIFh2s9w2xCDHfzrNBbwruzZLn9fIJ8Hqh6qTcWGY148yxLuL4u-RI9OYj5bqbKodSRJr7ZM=&abvar=0&os=0
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /chicken.gif?z=1882687&pb=c388c215cb18a53264728231afc0eab11664055072&psp=XvvVV2yMgti1ey6h2QEA5nHjwNsW98S5DF8x6oZHYkFbt4KVYvpbaljWAGMardPzLTdsNXVysCgJyGm0ufByYb2c-JvobZGgEOXQ5DQK_c3SM3aSPQxkFBsfgwMUeCJ-JRv_NRCBAuMyKu0PhFDtW9gV38blkZv6SwvIehfmDZ_7HA037clARlPW6a9wbvBjNccGBzSwBxLAPMrUX7_af9svrc-1WjkGOE4ChWwKIk3xISmnPDq-yobDp-nIYmr5S-O52CMSXcCdHz9omWzReiYMnuDyH-oam18Nd0Q-M0EhERTz8xXdLLz1a_gl-FSxpvTH5ienwCSnUq8ByIhcibts0TEAsOgttIKJ6xdMJSv-15meL57TBUGsMYEkjnqVYeij3SZL3mjRaFsCnCN3rnUC5tXkFcwE_KPSMwnAehwUuUHIrHP42Za0FEg35IcDjYaGM5N3FHICr_3VjxhHv6roRyrTbS-_MJkk_uOkWTd53kGEamiHGTjAshW4bTMotj5ZQGFs-RLCGP23faABep5L7KpTSYPYeyDQ1msy1Ol3CVpQ7Nrxilt8H8eegDn8_Snre6aMcpklXo93GBgYW5_Ao7Mq-QuCwoz171CXKRqqXfPygoj0cTFTwcWbcg8nS7TrEYzDyDmCRmZSALCTIFh2s9w2xCDHfzrNBbwruzZLn9fIJ8Hqh6qTcWGY148yxLuL4u-RI9OYj5bqbKodSRJr7ZM=&abvar=0&os=0 HTTP/1.1
Host: kw3y5otoeuniv7e9rsi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: UID=22092414316ca5fb431f3b4a61ab85fcb89a
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 19:31:12 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.impression
set-cookie: OACICAP=ACH1gAAAAAAAAAAB; Path=/; Expires=Mon, 24 Oct 2022 19:31:12 GMT; Secure; SameSite=None
OACIBLOCK=ACH1gAAAAABjLo7Q; Path=/; Expires=Mon, 24 Oct 2022 19:31:12 GMT; Secure; SameSite=None
ppucnt=0; Path=/; Expires=Sun, 25 Sep 2022 19:31:12 GMT; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

kw3y5otoeuniv7e9rsi.com/chicken.gif?z=1846521&pb=c388c215cb18a53264728231afc0eab11664055072&psp=D8ZY7Y9qqnB_TJAnzsxt6cUkbWhxJWRe_6B4qmPlZOzjHIAa9lAhdYQCTTalWQSq8NdB5FZBdUmMXeXcMw8EFhrypy2p5_mTnwP9kJL6aNVyjQLrhM5-Ggm6_igxMyUzEkAA4GhG-2OBl32B6a2zccuiS1kOMUrSzG7Emwy0EI1aRkgokAYWJsN5hbLWd1UZc0SoAxeKphv9YM-HptXvasV4EyMIxxOVuKp1dcZEX3VA3ua7wTwEA754__kyVG5SRNu3cqW5yECHm5zI22UKd5UKmUXkTLZEWJtoFH94E4UpIITyXQMNvHBCtZodBiRQz57gq8DbeRsN3oOWKnlN4hyNTgwtTNKHj3U1_O9dWr0ZA3A8qTK29UOfcF8y9z9peunM8Ga10ZNChJIA2kIuJTNTjUlrpVrPtukj4h1YhoXZZRXZlomYJp-CAZcjFpPEmWx88oFPipJhiTBtgYNIA1oyTVzN-xbE0zK9bOmjAT5q3iInssdUR6G_Jv7ppToalBBLhcin0ktAhiAeFhjFMS-0Pk2bfcE1quhr86kb2tihh0HtI1YTBCoBSmvhffPGrl6Qnk-OIDkrCrN4_UkgKWCG59yZB9a3o3u95YJFBCldbeMmrgJRun4Opgk09Dli16SS7_JmYtvLE9k_WN0WNYWkEinZyR8GP7rH9l-aH9gYsV4njkAynaWw_BY1e01mV9abau8WNSVvcn45WaU_-c59vtc=&abvar=0&os=0

62.122.171.6

200 OK

43 B

URL HTTP/2
kw3y5otoeuniv7e9rsi.com/chicken.gif?z=1846521&pb=c388c215cb18a53264728231afc0eab11664055072&psp=D8ZY7Y9qqnB_TJAnzsxt6cUkbWhxJWRe_6B4qmPlZOzjHIAa9lAhdYQCTTalWQSq8NdB5FZBdUmMXeXcMw8EFhrypy2p5_mTnwP9kJL6aNVyjQLrhM5-Ggm6_igxMyUzEkAA4GhG-2OBl32B6a2zccuiS1kOMUrSzG7Emwy0EI1aRkgokAYWJsN5hbLWd1UZc0SoAxeKphv9YM-HptXvasV4EyMIxxOVuKp1dcZEX3VA3ua7wTwEA754__kyVG5SRNu3cqW5yECHm5zI22UKd5UKmUXkTLZEWJtoFH94E4UpIITyXQMNvHBCtZodBiRQz57gq8DbeRsN3oOWKnlN4hyNTgwtTNKHj3U1_O9dWr0ZA3A8qTK29UOfcF8y9z9peunM8Ga10ZNChJIA2kIuJTNTjUlrpVrPtukj4h1YhoXZZRXZlomYJp-CAZcjFpPEmWx88oFPipJhiTBtgYNIA1oyTVzN-xbE0zK9bOmjAT5q3iInssdUR6G_Jv7ppToalBBLhcin0ktAhiAeFhjFMS-0Pk2bfcE1quhr86kb2tihh0HtI1YTBCoBSmvhffPGrl6Qnk-OIDkrCrN4_UkgKWCG59yZB9a3o3u95YJFBCldbeMmrgJRun4Opgk09Dli16SS7_JmYtvLE9k_WN0WNYWkEinZyR8GP7rH9l-aH9gYsV4njkAynaWw_BY1e01mV9abau8WNSVvcn45WaU_-c59vtc=&abvar=0&os=0
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /chicken.gif?z=1846521&pb=c388c215cb18a53264728231afc0eab11664055072&psp=D8ZY7Y9qqnB_TJAnzsxt6cUkbWhxJWRe_6B4qmPlZOzjHIAa9lAhdYQCTTalWQSq8NdB5FZBdUmMXeXcMw8EFhrypy2p5_mTnwP9kJL6aNVyjQLrhM5-Ggm6_igxMyUzEkAA4GhG-2OBl32B6a2zccuiS1kOMUrSzG7Emwy0EI1aRkgokAYWJsN5hbLWd1UZc0SoAxeKphv9YM-HptXvasV4EyMIxxOVuKp1dcZEX3VA3ua7wTwEA754__kyVG5SRNu3cqW5yECHm5zI22UKd5UKmUXkTLZEWJtoFH94E4UpIITyXQMNvHBCtZodBiRQz57gq8DbeRsN3oOWKnlN4hyNTgwtTNKHj3U1_O9dWr0ZA3A8qTK29UOfcF8y9z9peunM8Ga10ZNChJIA2kIuJTNTjUlrpVrPtukj4h1YhoXZZRXZlomYJp-CAZcjFpPEmWx88oFPipJhiTBtgYNIA1oyTVzN-xbE0zK9bOmjAT5q3iInssdUR6G_Jv7ppToalBBLhcin0ktAhiAeFhjFMS-0Pk2bfcE1quhr86kb2tihh0HtI1YTBCoBSmvhffPGrl6Qnk-OIDkrCrN4_UkgKWCG59yZB9a3o3u95YJFBCldbeMmrgJRun4Opgk09Dli16SS7_JmYtvLE9k_WN0WNYWkEinZyR8GP7rH9l-aH9gYsV4njkAynaWw_BY1e01mV9abau8WNSVvcn45WaU_-c59vtc=&abvar=0&os=0 HTTP/1.1
Host: kw3y5otoeuniv7e9rsi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: UID=22092414316ca5fb431f3b4a61ab85fcb89a
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 19:31:12 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.impression
set-cookie: OACICAP=ACH1gAAAAAAAAAAB; Path=/; Expires=Mon, 24 Oct 2022 19:31:12 GMT; Secure; SameSite=None
OACIBLOCK=ACH1gAAAAABjLo7Q; Path=/; Expires=Mon, 24 Oct 2022 19:31:12 GMT; Secure; SameSite=None
ppucnt=0; Path=/; Expires=Sun, 25 Sep 2022 19:31:12 GMT; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

kw3y5otoeuniv7e9rsi.com/chicken.gif?z=1882688&pb=c388c215cb18a53264728231afc0eab11664055072&psp=8S22anKQJCuihyI7G-bvGwF-fw7nSRY83oTX9rPs4UHdly2qfbK1acTvl-5IiynaM7AvMdWQ-x2lbunJT2m_PPEK-xsGyshj87e7NMe_6CGk79wPeahXonkvgRlH7-mYRH6c-kDnr1ZgoXsYq51ylM4ASXmJrLdzYbut-M2-6uT6iNuigEqwPeWaMwWnW2c58FH80pO9XamYf3y3q04px6P-XpTyojWmofXms_8ZIezyZgBisM2nC0Oe0hNRCBCjMI4mPX7zT6BO-nQf71zgwe9cqXe1lCM8E5LdCOM2HdEPuKeZBg7a_E3BBHTXoM4R_xKngzfhQ3bLPTXIGL3x02danc-GVFYM0ovbOIMVA-xBpLdT-680FBSqtHOG_pg4PofL6kx8dNQlw3QQgJEmkmc4gtOejikExBAjPKnHDLKI8r5J5ZyhfQVbtcLkQL7lsby4NFk-TEDACRCE9Gh5a26XbTrX-K4DUa8bMJs8-ekNGlWVVLjeUyYP8VC6sS0ZKkrEilDncrKo5zskGSHFg2sskS_VSYjcsf--oC3MyU0UhECbWefBD38vYKSqpJtTbRIADd7mkKOhCkMjiIf_K5c0S897hxWjq7bLwOWCNzFXK0H3ly7b1yxk_melJ6b-AdW4DnKPSNhFRLGcUJuAPzhfw7nXcx5EqsdrUIK4nk933BNIem7BfUGTJ4SUB0UrgPJw8JgDJdqwHbKKfGhrVwCRRBBT0DZe8Mi5VeSc3O0T&abvar=0&os=0

62.122.171.6

200 OK

43 B

URL HTTP/2
kw3y5otoeuniv7e9rsi.com/chicken.gif?z=1882688&pb=c388c215cb18a53264728231afc0eab11664055072&psp=8S22anKQJCuihyI7G-bvGwF-fw7nSRY83oTX9rPs4UHdly2qfbK1acTvl-5IiynaM7AvMdWQ-x2lbunJT2m_PPEK-xsGyshj87e7NMe_6CGk79wPeahXonkvgRlH7-mYRH6c-kDnr1ZgoXsYq51ylM4ASXmJrLdzYbut-M2-6uT6iNuigEqwPeWaMwWnW2c58FH80pO9XamYf3y3q04px6P-XpTyojWmofXms_8ZIezyZgBisM2nC0Oe0hNRCBCjMI4mPX7zT6BO-nQf71zgwe9cqXe1lCM8E5LdCOM2HdEPuKeZBg7a_E3BBHTXoM4R_xKngzfhQ3bLPTXIGL3x02danc-GVFYM0ovbOIMVA-xBpLdT-680FBSqtHOG_pg4PofL6kx8dNQlw3QQgJEmkmc4gtOejikExBAjPKnHDLKI8r5J5ZyhfQVbtcLkQL7lsby4NFk-TEDACRCE9Gh5a26XbTrX-K4DUa8bMJs8-ekNGlWVVLjeUyYP8VC6sS0ZKkrEilDncrKo5zskGSHFg2sskS_VSYjcsf--oC3MyU0UhECbWefBD38vYKSqpJtTbRIADd7mkKOhCkMjiIf_K5c0S897hxWjq7bLwOWCNzFXK0H3ly7b1yxk_melJ6b-AdW4DnKPSNhFRLGcUJuAPzhfw7nXcx5EqsdrUIK4nk933BNIem7BfUGTJ4SUB0UrgPJw8JgDJdqwHbKKfGhrVwCRRBBT0DZe8Mi5VeSc3O0T&abvar=0&os=0
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /chicken.gif?z=1882688&pb=c388c215cb18a53264728231afc0eab11664055072&psp=8S22anKQJCuihyI7G-bvGwF-fw7nSRY83oTX9rPs4UHdly2qfbK1acTvl-5IiynaM7AvMdWQ-x2lbunJT2m_PPEK-xsGyshj87e7NMe_6CGk79wPeahXonkvgRlH7-mYRH6c-kDnr1ZgoXsYq51ylM4ASXmJrLdzYbut-M2-6uT6iNuigEqwPeWaMwWnW2c58FH80pO9XamYf3y3q04px6P-XpTyojWmofXms_8ZIezyZgBisM2nC0Oe0hNRCBCjMI4mPX7zT6BO-nQf71zgwe9cqXe1lCM8E5LdCOM2HdEPuKeZBg7a_E3BBHTXoM4R_xKngzfhQ3bLPTXIGL3x02danc-GVFYM0ovbOIMVA-xBpLdT-680FBSqtHOG_pg4PofL6kx8dNQlw3QQgJEmkmc4gtOejikExBAjPKnHDLKI8r5J5ZyhfQVbtcLkQL7lsby4NFk-TEDACRCE9Gh5a26XbTrX-K4DUa8bMJs8-ekNGlWVVLjeUyYP8VC6sS0ZKkrEilDncrKo5zskGSHFg2sskS_VSYjcsf--oC3MyU0UhECbWefBD38vYKSqpJtTbRIADd7mkKOhCkMjiIf_K5c0S897hxWjq7bLwOWCNzFXK0H3ly7b1yxk_melJ6b-AdW4DnKPSNhFRLGcUJuAPzhfw7nXcx5EqsdrUIK4nk933BNIem7BfUGTJ4SUB0UrgPJw8JgDJdqwHbKKfGhrVwCRRBBT0DZe8Mi5VeSc3O0T&abvar=0&os=0 HTTP/1.1
Host: kw3y5otoeuniv7e9rsi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: UID=22092414316ca5fb431f3b4a61ab85fcb89a
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 19:31:12 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.impression
set-cookie: OACICAP=ACH1gAAAAAAAAAAB; Path=/; Expires=Mon, 24 Oct 2022 19:31:12 GMT; Secure; SameSite=None
OACIBLOCK=ACH1gAAAAABjLo7Q; Path=/; Expires=Mon, 24 Oct 2022 19:31:12 GMT; Secure; SameSite=None
ppucnt=0; Path=/; Expires=Sun, 25 Sep 2022 19:31:12 GMT; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

kw3y5otoeuniv7e9rsi.com/chicken.gif?z=1882688&pb=c388c215cb18a53264728231afc0eab11664055072&psp=CExlOw30EzAkPEF7mTzi8LqIz_SeGjBiew9uACaUEEx8rCWPeJ8iuWRkpaFCtqgsRELmDUPt9U5nI5gpYJdbsQEy_Yl7PIEtMGPPoc7KLSQshfqbSeR5tCKNN7q4YnaLDvgY5uO6CshznwfdGAb3y0izUslAzKRMdsjioq-Vpri3fhxDbHSXmEsyn8YBxiw_NBAmi_hkioOfn6zJ3Ounv552102kD-Mkv6ZZhziwbQp0EuQzm8I1iygvYUpLua3eVuayzMAxpBd1_T3AUy0F68XRLhhDPW6_9BykO8iUAlyPVqzb8RXUDL2x_eO6Hdk2u3Ezoax89UNwyFbT0IS7c-K5ZTz0QOhRmo0JgHdvMvXwuxI_w0JA0wNuemORY7_YWLBzZjJsbpO2ALmXEhuO9v4HWqynKOiaqeiLRFqAjnZvwiSgusGZOUy3LMhbEDqAH7j5VGArIoA3I2S3-qOTIXWiNjDYdccjxhcmecxczjDpL_EfpYXAyckjyknr_Ct-0bK1gX__kcvrTm7oUOO8mZ0oAfeiEfJL1ZOCIGvQm7teBDmsFbg1T6Ap246o4veL3jZSLk8luORTcPb3UpXdnJOuqZBVLfhcDt-cyJ7KSoIzrmBrHpr5H2UdfGoIYmmoz1FRAGvD3HpoBgBXAGTf1keJAxXfxTpkukNnShbOpvRAmHIfQ-WedzM3YaNiSfmwAlqA3p9c8mQxQflKTYkR5yoWlrVYVNnj8wgv6Skuucc=&abvar=0&os=0

62.122.171.6

200 OK

43 B

URL HTTP/2
kw3y5otoeuniv7e9rsi.com/chicken.gif?z=1882688&pb=c388c215cb18a53264728231afc0eab11664055072&psp=CExlOw30EzAkPEF7mTzi8LqIz_SeGjBiew9uACaUEEx8rCWPeJ8iuWRkpaFCtqgsRELmDUPt9U5nI5gpYJdbsQEy_Yl7PIEtMGPPoc7KLSQshfqbSeR5tCKNN7q4YnaLDvgY5uO6CshznwfdGAb3y0izUslAzKRMdsjioq-Vpri3fhxDbHSXmEsyn8YBxiw_NBAmi_hkioOfn6zJ3Ounv552102kD-Mkv6ZZhziwbQp0EuQzm8I1iygvYUpLua3eVuayzMAxpBd1_T3AUy0F68XRLhhDPW6_9BykO8iUAlyPVqzb8RXUDL2x_eO6Hdk2u3Ezoax89UNwyFbT0IS7c-K5ZTz0QOhRmo0JgHdvMvXwuxI_w0JA0wNuemORY7_YWLBzZjJsbpO2ALmXEhuO9v4HWqynKOiaqeiLRFqAjnZvwiSgusGZOUy3LMhbEDqAH7j5VGArIoA3I2S3-qOTIXWiNjDYdccjxhcmecxczjDpL_EfpYXAyckjyknr_Ct-0bK1gX__kcvrTm7oUOO8mZ0oAfeiEfJL1ZOCIGvQm7teBDmsFbg1T6Ap246o4veL3jZSLk8luORTcPb3UpXdnJOuqZBVLfhcDt-cyJ7KSoIzrmBrHpr5H2UdfGoIYmmoz1FRAGvD3HpoBgBXAGTf1keJAxXfxTpkukNnShbOpvRAmHIfQ-WedzM3YaNiSfmwAlqA3p9c8mQxQflKTYkR5yoWlrVYVNnj8wgv6Skuucc=&abvar=0&os=0
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /chicken.gif?z=1882688&pb=c388c215cb18a53264728231afc0eab11664055072&psp=CExlOw30EzAkPEF7mTzi8LqIz_SeGjBiew9uACaUEEx8rCWPeJ8iuWRkpaFCtqgsRELmDUPt9U5nI5gpYJdbsQEy_Yl7PIEtMGPPoc7KLSQshfqbSeR5tCKNN7q4YnaLDvgY5uO6CshznwfdGAb3y0izUslAzKRMdsjioq-Vpri3fhxDbHSXmEsyn8YBxiw_NBAmi_hkioOfn6zJ3Ounv552102kD-Mkv6ZZhziwbQp0EuQzm8I1iygvYUpLua3eVuayzMAxpBd1_T3AUy0F68XRLhhDPW6_9BykO8iUAlyPVqzb8RXUDL2x_eO6Hdk2u3Ezoax89UNwyFbT0IS7c-K5ZTz0QOhRmo0JgHdvMvXwuxI_w0JA0wNuemORY7_YWLBzZjJsbpO2ALmXEhuO9v4HWqynKOiaqeiLRFqAjnZvwiSgusGZOUy3LMhbEDqAH7j5VGArIoA3I2S3-qOTIXWiNjDYdccjxhcmecxczjDpL_EfpYXAyckjyknr_Ct-0bK1gX__kcvrTm7oUOO8mZ0oAfeiEfJL1ZOCIGvQm7teBDmsFbg1T6Ap246o4veL3jZSLk8luORTcPb3UpXdnJOuqZBVLfhcDt-cyJ7KSoIzrmBrHpr5H2UdfGoIYmmoz1FRAGvD3HpoBgBXAGTf1keJAxXfxTpkukNnShbOpvRAmHIfQ-WedzM3YaNiSfmwAlqA3p9c8mQxQflKTYkR5yoWlrVYVNnj8wgv6Skuucc=&abvar=0&os=0 HTTP/1.1
Host: kw3y5otoeuniv7e9rsi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: UID=22092414316ca5fb431f3b4a61ab85fcb89a
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 19:31:12 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.impression
set-cookie: OACICAP=ACIPDQAAAAAAAAAB; Path=/; Expires=Mon, 24 Oct 2022 19:31:12 GMT; Secure; SameSite=None
OACIBLOCK=ACIPDQAAAABjLo7Q; Path=/; Expires=Mon, 24 Oct 2022 19:31:12 GMT; Secure; SameSite=None
ppucnt=0; Path=/; Expires=Sun, 25 Sep 2022 19:31:12 GMT; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

cdn18685953.ahacdn.me/skins/bannerdating4.png

45.133.44.20

200 OK

9.6 kB

URL HTTP/2
cdn18685953.ahacdn.me/skins/bannerdating4.png
IP
45.133.44.20:0
ASN
#39572 DataWeb Global Group B.V.

File type
PNG image data, 147 x 153, 8-bit/color RGBA, non-interlaced\012- data
Size
9.6 kB (9644 bytes)
Hash
56f07e0d933a1f7211667b4cc4a7db80
daf466fe3e15cc69bcf6b1d2592ba2d33357250f
5cc8d7fef92d8de943e1979813099b5f825d12443a29cf008928de90197b7118

HTTP Headers

GET /skins/bannerdating4.png HTTP/1.1
Host: cdn18685953.ahacdn.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 24 Sep 2022 19:31:12 GMT
content-type: image/png
content-length: 9644
server: nginx/1.16.1
last-modified: Wed, 28 Jul 2021 08:50:24 GMT
etag: 56f07e0d933a1f7211667b4cc4a7db80
x-timestamp: 1627462223.18881
x-trans-id: tx9ec40df6ae564c1abf95a-0061c43775
x-openstack-request-id: tx9ec40df6ae564c1abf95a-0061c43775
cache-control: max-age=172800
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
expires: Mon, 26 Sep 2022 19:31:12 GMT
vary: Accept-Encoding
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

kw3y5otoeuniv7e9rsi.com/chicken.gif?z=1846179&pb=c388c215cb18a53264728231afc0eab11664055072&psp=_QzCiesGsF2uuFRx00XFHEPwhz88lzeJiE0xrYqyynrwpZH9J8GVK3fjXlrpTPtwvCL-DgHdfMb8WBJwyTVKCPDI5zK_IskzLcR7jQU39bcdNgb0O7ZrERb7oQkg_ULCZLU5voumG29rZ_vpx4zZnMc-8v5ymdE6EzpKVrWOrotcYOvHejPBLTKJ2gh4LzpRjO_IMMN8IAoG-nHPr3HrnZEcPpEoTSMR6X53B45X7twP1F6MQ5V-WXgNwGT4o5XkNw0yGVoKsdcKlli24GrQfvPPTMOw2bqXRb_7Fs7ngQVHRbv6kkv195yVAVyCfuvXmpAg6JQ824cgxQHf8iEQA_99c03SeyRHAjv1OMipgiUegn00fJHc0hUZgbPoAY1bk33VF1x5wCycBw9ocMwPFrOFNMgEOMI6_Bh2xqunXrp_cpJuxrvTt0B0kdi6bAGXzOPDSADAGdO9MxwrQTSJWJpZGvoqkA0c8Ey9j4s7WEJIr6ImqhH_U3--CiXThjIr6kC1W4vETx0HMhqC8NTtMm1fAXBcjeHcMt5WBSXQtdRf6rqEYveWo1OaupdK1TyQ56s-0lqiveupRMLTY1goUiPnH0QJFvPkIaA7nF8BVl5rIkN1TJUJn_Y7XwlVDMgoYgZr6FtUu_qWWCHFEvkkrJrCzjJr4uTkCEhtZ0WTbx2XyAhs0EbilNf4mQ6d8gbAq-3KgGEczrnuO2BUWwPYPKNDHx3taL3jPMcBBrQJDv1_dWv5aqrVPTfTQ0pM4nl-6C7W_ZtbEbNt6ePdMQGTbA==&abvar=29&os=0

62.122.171.6

200 OK

43 B

URL HTTP/2
kw3y5otoeuniv7e9rsi.com/chicken.gif?z=1846179&pb=c388c215cb18a53264728231afc0eab11664055072&psp=_QzCiesGsF2uuFRx00XFHEPwhz88lzeJiE0xrYqyynrwpZH9J8GVK3fjXlrpTPtwvCL-DgHdfMb8WBJwyTVKCPDI5zK_IskzLcR7jQU39bcdNgb0O7ZrERb7oQkg_ULCZLU5voumG29rZ_vpx4zZnMc-8v5ymdE6EzpKVrWOrotcYOvHejPBLTKJ2gh4LzpRjO_IMMN8IAoG-nHPr3HrnZEcPpEoTSMR6X53B45X7twP1F6MQ5V-WXgNwGT4o5XkNw0yGVoKsdcKlli24GrQfvPPTMOw2bqXRb_7Fs7ngQVHRbv6kkv195yVAVyCfuvXmpAg6JQ824cgxQHf8iEQA_99c03SeyRHAjv1OMipgiUegn00fJHc0hUZgbPoAY1bk33VF1x5wCycBw9ocMwPFrOFNMgEOMI6_Bh2xqunXrp_cpJuxrvTt0B0kdi6bAGXzOPDSADAGdO9MxwrQTSJWJpZGvoqkA0c8Ey9j4s7WEJIr6ImqhH_U3--CiXThjIr6kC1W4vETx0HMhqC8NTtMm1fAXBcjeHcMt5WBSXQtdRf6rqEYveWo1OaupdK1TyQ56s-0lqiveupRMLTY1goUiPnH0QJFvPkIaA7nF8BVl5rIkN1TJUJn_Y7XwlVDMgoYgZr6FtUu_qWWCHFEvkkrJrCzjJr4uTkCEhtZ0WTbx2XyAhs0EbilNf4mQ6d8gbAq-3KgGEczrnuO2BUWwPYPKNDHx3taL3jPMcBBrQJDv1_dWv5aqrVPTfTQ0pM4nl-6C7W_ZtbEbNt6ePdMQGTbA==&abvar=29&os=0
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /chicken.gif?z=1846179&pb=c388c215cb18a53264728231afc0eab11664055072&psp=_QzCiesGsF2uuFRx00XFHEPwhz88lzeJiE0xrYqyynrwpZH9J8GVK3fjXlrpTPtwvCL-DgHdfMb8WBJwyTVKCPDI5zK_IskzLcR7jQU39bcdNgb0O7ZrERb7oQkg_ULCZLU5voumG29rZ_vpx4zZnMc-8v5ymdE6EzpKVrWOrotcYOvHejPBLTKJ2gh4LzpRjO_IMMN8IAoG-nHPr3HrnZEcPpEoTSMR6X53B45X7twP1F6MQ5V-WXgNwGT4o5XkNw0yGVoKsdcKlli24GrQfvPPTMOw2bqXRb_7Fs7ngQVHRbv6kkv195yVAVyCfuvXmpAg6JQ824cgxQHf8iEQA_99c03SeyRHAjv1OMipgiUegn00fJHc0hUZgbPoAY1bk33VF1x5wCycBw9ocMwPFrOFNMgEOMI6_Bh2xqunXrp_cpJuxrvTt0B0kdi6bAGXzOPDSADAGdO9MxwrQTSJWJpZGvoqkA0c8Ey9j4s7WEJIr6ImqhH_U3--CiXThjIr6kC1W4vETx0HMhqC8NTtMm1fAXBcjeHcMt5WBSXQtdRf6rqEYveWo1OaupdK1TyQ56s-0lqiveupRMLTY1goUiPnH0QJFvPkIaA7nF8BVl5rIkN1TJUJn_Y7XwlVDMgoYgZr6FtUu_qWWCHFEvkkrJrCzjJr4uTkCEhtZ0WTbx2XyAhs0EbilNf4mQ6d8gbAq-3KgGEczrnuO2BUWwPYPKNDHx3taL3jPMcBBrQJDv1_dWv5aqrVPTfTQ0pM4nl-6C7W_ZtbEbNt6ePdMQGTbA==&abvar=29&os=0 HTTP/1.1
Host: kw3y5otoeuniv7e9rsi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: UID=22092414316ca5fb431f3b4a61ab85fcb89a; OACICAP=ACIPDQAAAAAAAAAB; OACIBLOCK=ACIPDQAAAABjLo7Q; ppucnt=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 19:31:12 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.impression
set-cookie: OACICAP=ACIPDQAAAAAAAAABACIntwAAAAAAAAAB; Path=/; Expires=Mon, 24 Oct 2022 19:31:12 GMT; Secure; SameSite=None
OACIBLOCK=ACIPDQAAAABjLo7QACIntwAAAABjLo7Q; Path=/; Expires=Mon, 24 Oct 2022 19:31:12 GMT; Secure; SameSite=None
ppucnt=0; Path=/; Expires=Sun, 25 Sep 2022 19:31:12 GMT; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

kw3y5otoeuniv7e9rsi.com/chicken.gif?z=1846269&pb=c388c215cb18a53264728231afc0eab11664055072&psp=_JTWNbcfF-Y_vf7EKZcIvSsCavXcLRLt1F6I1i-KVjLFw3ApRd2IuTGboxUNvgMqCMiGYf03wBmlAxqBZQGzJ3Z7o513yQ2QWZ-DlSzTw-7crzBNqb6eybZ_wDAtGhVDRc-3rg-dPyk3xFlhKA_FxT-uohWEoTK-_R6s5U3e-FkMBGu38_lcEjpsRoB0kquNdURbPmt1jHkbu46tCA3GN1iZYoe5CLGdOl5j32hyUEntdoRNRcKJDxmvZxtav3qTVZoyCTEw_CWVkdBB2Olnj3p5HlK5YO8FaJXKhEv5z4IJBR5z7Exg3Yt2IpXTLrfkd4ynB6uIZB8dJdSnYEpcRcStQ4fYbxPQu7D-iFDAsxwg6Clvt0_N3EBFXN7QULxbwOr8KtGcaB_AW4IRsbqkTOrW4WR9hcXuOxq24gG45A-jSTaiUtgoXVPN69IAyz6NdmPPQfT2kZe_1_W1Au-BtGkYUWuFVIrpCKBjZRSx-p22Ce2asd5zW-rU_eYVxwP7Nt_nc9TWzm45okPEXrxH9soEF5kQ6-f3bSkF7nMz570BCD1D358sgieRzpAY9ugjvyrpjpglOW3h_-wahH4h0RX4CY968FkCmgb_8geVC0NKlUGg8TbkwoRcmQKnuxtPHorgflYuR63EmSQrMq8t62MDty69RnE4G0s5Rri95byrtH3hNrCF9may71jyB2GPiiFCoiXiZQXso9WRObj9IrPAqWKvJSVHh_lalfSCsoi4TL2-0zZGiR-WbXOMWojcDjQp3JJUd9GoSn4c34h8cA==&abvar=0&os=0

62.122.171.6

200 OK

43 B

URL HTTP/2
kw3y5otoeuniv7e9rsi.com/chicken.gif?z=1846269&pb=c388c215cb18a53264728231afc0eab11664055072&psp=_JTWNbcfF-Y_vf7EKZcIvSsCavXcLRLt1F6I1i-KVjLFw3ApRd2IuTGboxUNvgMqCMiGYf03wBmlAxqBZQGzJ3Z7o513yQ2QWZ-DlSzTw-7crzBNqb6eybZ_wDAtGhVDRc-3rg-dPyk3xFlhKA_FxT-uohWEoTK-_R6s5U3e-FkMBGu38_lcEjpsRoB0kquNdURbPmt1jHkbu46tCA3GN1iZYoe5CLGdOl5j32hyUEntdoRNRcKJDxmvZxtav3qTVZoyCTEw_CWVkdBB2Olnj3p5HlK5YO8FaJXKhEv5z4IJBR5z7Exg3Yt2IpXTLrfkd4ynB6uIZB8dJdSnYEpcRcStQ4fYbxPQu7D-iFDAsxwg6Clvt0_N3EBFXN7QULxbwOr8KtGcaB_AW4IRsbqkTOrW4WR9hcXuOxq24gG45A-jSTaiUtgoXVPN69IAyz6NdmPPQfT2kZe_1_W1Au-BtGkYUWuFVIrpCKBjZRSx-p22Ce2asd5zW-rU_eYVxwP7Nt_nc9TWzm45okPEXrxH9soEF5kQ6-f3bSkF7nMz570BCD1D358sgieRzpAY9ugjvyrpjpglOW3h_-wahH4h0RX4CY968FkCmgb_8geVC0NKlUGg8TbkwoRcmQKnuxtPHorgflYuR63EmSQrMq8t62MDty69RnE4G0s5Rri95byrtH3hNrCF9may71jyB2GPiiFCoiXiZQXso9WRObj9IrPAqWKvJSVHh_lalfSCsoi4TL2-0zZGiR-WbXOMWojcDjQp3JJUd9GoSn4c34h8cA==&abvar=0&os=0
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /chicken.gif?z=1846269&pb=c388c215cb18a53264728231afc0eab11664055072&psp=_JTWNbcfF-Y_vf7EKZcIvSsCavXcLRLt1F6I1i-KVjLFw3ApRd2IuTGboxUNvgMqCMiGYf03wBmlAxqBZQGzJ3Z7o513yQ2QWZ-DlSzTw-7crzBNqb6eybZ_wDAtGhVDRc-3rg-dPyk3xFlhKA_FxT-uohWEoTK-_R6s5U3e-FkMBGu38_lcEjpsRoB0kquNdURbPmt1jHkbu46tCA3GN1iZYoe5CLGdOl5j32hyUEntdoRNRcKJDxmvZxtav3qTVZoyCTEw_CWVkdBB2Olnj3p5HlK5YO8FaJXKhEv5z4IJBR5z7Exg3Yt2IpXTLrfkd4ynB6uIZB8dJdSnYEpcRcStQ4fYbxPQu7D-iFDAsxwg6Clvt0_N3EBFXN7QULxbwOr8KtGcaB_AW4IRsbqkTOrW4WR9hcXuOxq24gG45A-jSTaiUtgoXVPN69IAyz6NdmPPQfT2kZe_1_W1Au-BtGkYUWuFVIrpCKBjZRSx-p22Ce2asd5zW-rU_eYVxwP7Nt_nc9TWzm45okPEXrxH9soEF5kQ6-f3bSkF7nMz570BCD1D358sgieRzpAY9ugjvyrpjpglOW3h_-wahH4h0RX4CY968FkCmgb_8geVC0NKlUGg8TbkwoRcmQKnuxtPHorgflYuR63EmSQrMq8t62MDty69RnE4G0s5Rri95byrtH3hNrCF9may71jyB2GPiiFCoiXiZQXso9WRObj9IrPAqWKvJSVHh_lalfSCsoi4TL2-0zZGiR-WbXOMWojcDjQp3JJUd9GoSn4c34h8cA==&abvar=0&os=0 HTTP/1.1
Host: kw3y5otoeuniv7e9rsi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: UID=22092414316ca5fb431f3b4a61ab85fcb89a; OACICAP=ACIPDQAAAAAAAAAB; OACIBLOCK=ACIPDQAAAABjLo7Q; ppucnt=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 19:31:12 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.impression
set-cookie: OACICAP=ACIPDQAAAAAAAAABACImvAAAAAAAAAAB; Path=/; Expires=Mon, 24 Oct 2022 19:31:12 GMT; Secure; SameSite=None
OACIBLOCK=ACIPDQAAAABjLo7QACImvAAAAABjLo7Q; Path=/; Expires=Mon, 24 Oct 2022 19:31:12 GMT; Secure; SameSite=None
ppucnt=0; Path=/; Expires=Sun, 25 Sep 2022 19:31:12 GMT; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

ibradome.com/Libs/Javascript/rconfig.js?3.1

185.178.208.130

200 OK

21 kB

URL HTTP/2
ibradome.com/Libs/Javascript/rconfig.js?3.1
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text, with very long lines (62972), with no line terminators
Size
21 kB (20841 bytes)
Hash
b3bd643eb106c6ad55cd04809341f5f7
1c101c699bb086aaa59b7c45a6d9c9366c6a8f8f
aab3363e4a712da7e89ff066f2f60dd9d6852e1996a6363ef930be6e9e6fb93c

HTTP Headers

GET /Libs/Javascript/rconfig.js?3.1 HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=31536000
expires: Sun, 24 Sep 2023 19:31:14 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 23 Sep 2022 07:06:25 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 20841
date: Sat, 24 Sep 2022 19:31:14 GMT
age: 1
ddg-cache-status: MISS
X-Firefox-Spdy: h2

ibradome.com/Libs/Javascript/jquery.js?3.1

185.178.208.130

200 OK

33 kB

URL HTTP/2
ibradome.com/Libs/Javascript/jquery.js?3.1
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text, with very long lines (65451)
Size
33 kB (32834 bytes)
Hash
c56a2769aa52764e01fd66fc7a86c5f4
f7cde6562360dcfcaf4f9687170d4811c3f33856
65768e7c30b2bfe63f5bb443134708f0fca239a3519af566277b2dbeb947abbe

HTTP Headers

GET /Libs/Javascript/jquery.js?3.1 HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4; _ga_QVV6LWHMJT=GS1.1.1664047871.1.0.1664047871.0.0.0; _ga=GA1.1.618316747.1664047872; sb_page_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_onpage_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_main_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_count_0a9aec252ec8cc83b9f56ec6b45fa3a9=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=31536000
expires: Sun, 24 Sep 2023 19:31:14 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sun, 01 Mar 2020 14:52:21 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 32834
date: Sat, 24 Sep 2022 19:31:14 GMT
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2

limurol.com/ssp/req/1845010/?pb=c388c215cb18a53264728231afc0eab11664055072&psp=H2mAUa03kCkAtdzoXqS7pWNypPRrPFJ1wO7bS__IyCRMXJiqCxN_pKcy-mBjBb5xjehRZaSsNPxgzWnCFd3_E9ljSEnj-khXkEYxTt9hAK_no5n54S0QNQMZ-cEJXDNpb98-6R-y2JPziGfNQenba_hk_Hbp0llYSiUGbsvZZaxlrIJScRX1BVLl9D61vTSvBRzHM_TBo_1V0TDHE_wIyRP3ZVe1RUicCm8iol0o4hiSBoLyHg9jynmPkJ1_kKmSDWhK0d30HkbFxyh978RXNB0X_cxwHekeT83gDejdFDrmgjmqUQ0Vj4uxks9hP24Ch-Oo5z5hqRxFYsMmVclPqyNAePbtakjmiAQVomDpDTka6thJjyXXmSJtYPiFBZGJymMcIY_djJOz_sP6FE480sonruQkMixlLBGjFWE_tK3UYe4Cff8_6Ca_rSQh7BDLUboLM4q97izBd-k9bTyoNyj97AZSdQeBgKNhMskflHLYOFXdYBJ_2YWlXa0LjNYoLG_EgWa30FFt_rvX_E_9T5ff7kdIcOmycZAyo7gr8bfTujD_A94_MlhQQQRo_p9PuHo2H0DoJNQgvuiCLzysr0QnzZ0=&cb=_cle4ya2ma2hl3zibql7oup&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24

62.122.171.6

200 OK

7 B

URL HTTP/2
limurol.com/ssp/req/1845010/?pb=c388c215cb18a53264728231afc0eab11664055072&psp=H2mAUa03kCkAtdzoXqS7pWNypPRrPFJ1wO7bS__IyCRMXJiqCxN_pKcy-mBjBb5xjehRZaSsNPxgzWnCFd3_E9ljSEnj-khXkEYxTt9hAK_no5n54S0QNQMZ-cEJXDNpb98-6R-y2JPziGfNQenba_hk_Hbp0llYSiUGbsvZZaxlrIJScRX1BVLl9D61vTSvBRzHM_TBo_1V0TDHE_wIyRP3ZVe1RUicCm8iol0o4hiSBoLyHg9jynmPkJ1_kKmSDWhK0d30HkbFxyh978RXNB0X_cxwHekeT83gDejdFDrmgjmqUQ0Vj4uxks9hP24Ch-Oo5z5hqRxFYsMmVclPqyNAePbtakjmiAQVomDpDTka6thJjyXXmSJtYPiFBZGJymMcIY_djJOz_sP6FE480sonruQkMixlLBGjFWE_tK3UYe4Cff8_6Ca_rSQh7BDLUboLM4q97izBd-k9bTyoNyj97AZSdQeBgKNhMskflHLYOFXdYBJ_2YWlXa0LjNYoLG_EgWa30FFt_rvX_E_9T5ff7kdIcOmycZAyo7gr8bfTujD_A94_MlhQQQRo_p9PuHo2H0DoJNQgvuiCLzysr0QnzZ0=&cb=_cle4ya2ma2hl3zibql7oup&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
a97eb6fbe6f13b601d5d48c0eba8baae
736efb938caf3d0edec406932ada889f1a4f2268
a04bf061f53e0011fd2f43bdf081526344f003c50146c88c42c2d95ef22c1821

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /ssp/req/1845010/?pb=c388c215cb18a53264728231afc0eab11664055072&psp=H2mAUa03kCkAtdzoXqS7pWNypPRrPFJ1wO7bS__IyCRMXJiqCxN_pKcy-mBjBb5xjehRZaSsNPxgzWnCFd3_E9ljSEnj-khXkEYxTt9hAK_no5n54S0QNQMZ-cEJXDNpb98-6R-y2JPziGfNQenba_hk_Hbp0llYSiUGbsvZZaxlrIJScRX1BVLl9D61vTSvBRzHM_TBo_1V0TDHE_wIyRP3ZVe1RUicCm8iol0o4hiSBoLyHg9jynmPkJ1_kKmSDWhK0d30HkbFxyh978RXNB0X_cxwHekeT83gDejdFDrmgjmqUQ0Vj4uxks9hP24Ch-Oo5z5hqRxFYsMmVclPqyNAePbtakjmiAQVomDpDTka6thJjyXXmSJtYPiFBZGJymMcIY_djJOz_sP6FE480sonruQkMixlLBGjFWE_tK3UYe4Cff8_6Ca_rSQh7BDLUboLM4q97izBd-k9bTyoNyj97AZSdQeBgKNhMskflHLYOFXdYBJ_2YWlXa0LjNYoLG_EgWa30FFt_rvX_E_9T5ff7kdIcOmycZAyo7gr8bfTujD_A94_MlhQQQRo_p9PuHo2H0DoJNQgvuiCLzysr0QnzZ0=&cb=_cle4ya2ma2hl3zibql7oup&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24 HTTP/1.1
Host: limurol.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/
Cookie: UID=220924143158a9ff5673944401860e82dafa
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 19:31:13 GMT
content-type: text/javascript
content-length: 7
x-route-id: ssp.bet
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

ibradome.com/Libs/Functions/conf.php

185.178.208.130

200 OK

13 kB

URL HTTP/2
ibradome.com/Libs/Functions/conf.php
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
JSON data\012- , ASCII text, with very long lines (44081), with no line terminators
Size
13 kB (13389 bytes)
Hash
b762e4b8b7beae27c2b2f9929c9287c7
87866a4ade61a17c98b38fede8591f751f18a250
9cb09c9a9d9fb426c88d029a5573ab0b2d75c616480db2d97f35e3d0a948c3ce

HTTP Headers

GET /Libs/Functions/conf.php HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4; _ga_QVV6LWHMJT=GS1.1.1664047871.1.0.1664047871.0.0.0; _ga=GA1.1.618316747.1664047872; sb_page_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_onpage_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_main_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_count_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; dom3ic8zudi28v8lr6fgphwffqoz0j6c=f27d47e7-d9f5-407d-9675-74ea0a68e259%3A3%3A1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-type: text/html; charset=UTF-8
etag: "22674395-1664047765;br"
x-litespeed-cache: hit
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 13389
date: Sat, 24 Sep 2022 19:31:14 GMT
x-ua-compatible: IE=edge
X-Firefox-Spdy: h2

62.122.171.6

200 OK

7 B

URL HTTP/2
limurol.com/ssp/req/1845010/?pb=c388c215cb18a53264728231afc0eab11664055072&psp=H2mAUa03kCkAtdzoXqS7pWNypPRrPFJ1wO7bS__IyCRMXJiqCxN_pKcy-mBjBb5xjehRZaSsNPxgzWnCFd3_E9ljSEnj-khXkEYxTt9hAK_no5n54S0QNQMZ-cEJXDNpb98-6R-y2JPziGfNQenba_hk_Hbp0llYSiUGbsvZZaxlrIJScRX1BVLl9D61vTSvBRzHM_TBo_1V0TDHE_wIyRP3ZVe1RUicCm8iol0o4hiSBoLyHg9jynmPkJ1_kKmSDWhK0d30HkbFxyh978RXNB0X_cxwHekeT83gDejdFDrmgjmqUQ0Vj4uxks9hP24Ch-Oo5z5hqRxFYsMmVclPqyNAePbtakjmiAQVomDpDTka6thJjyXXmSJtYPiFBZGJymMcIY_djJOz_sP6FE480sonruQkMixlLBGjFWE_tK3UYe4Cff8_6Ca_rSQh7BDLUboLM4q97izBd-k9bTyoNyj97AZSdQeBgKNhMskflHLYOFXdYBJ_2YWlXa0LjNYoLG_EgWa30FFt_rvX_E_9T5ff7kdIcOmycZAyo7gr8bfTujD_A94_MlhQQQRo_p9PuHo2H0DoJNQgvuiCLzysr0QnzZ0=&cb=_cle4ya2ma2hl3zibql7oup&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
a97eb6fbe6f13b601d5d48c0eba8baae
736efb938caf3d0edec406932ada889f1a4f2268
a04bf061f53e0011fd2f43bdf081526344f003c50146c88c42c2d95ef22c1821

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /ssp/req/1845010/?pb=c388c215cb18a53264728231afc0eab11664055072&psp=H2mAUa03kCkAtdzoXqS7pWNypPRrPFJ1wO7bS__IyCRMXJiqCxN_pKcy-mBjBb5xjehRZaSsNPxgzWnCFd3_E9ljSEnj-khXkEYxTt9hAK_no5n54S0QNQMZ-cEJXDNpb98-6R-y2JPziGfNQenba_hk_Hbp0llYSiUGbsvZZaxlrIJScRX1BVLl9D61vTSvBRzHM_TBo_1V0TDHE_wIyRP3ZVe1RUicCm8iol0o4hiSBoLyHg9jynmPkJ1_kKmSDWhK0d30HkbFxyh978RXNB0X_cxwHekeT83gDejdFDrmgjmqUQ0Vj4uxks9hP24Ch-Oo5z5hqRxFYsMmVclPqyNAePbtakjmiAQVomDpDTka6thJjyXXmSJtYPiFBZGJymMcIY_djJOz_sP6FE480sonruQkMixlLBGjFWE_tK3UYe4Cff8_6Ca_rSQh7BDLUboLM4q97izBd-k9bTyoNyj97AZSdQeBgKNhMskflHLYOFXdYBJ_2YWlXa0LjNYoLG_EgWa30FFt_rvX_E_9T5ff7kdIcOmycZAyo7gr8bfTujD_A94_MlhQQQRo_p9PuHo2H0DoJNQgvuiCLzysr0QnzZ0=&cb=_cle4ya2ma2hl3zibql7oup&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24 HTTP/1.1
Host: limurol.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/
Cookie: UID=220924143158a9ff5673944401860e82dafa
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 19:31:13 GMT
content-type: text/javascript
content-length: 7
x-route-id: ssp.bet
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

ibradome.com/Libs/Javascript/auth.js?3.1

185.178.208.130

200 OK

1.4 kB

URL HTTP/2
ibradome.com/Libs/Javascript/auth.js?3.1
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text, with very long lines (4320), with no line terminators
Size
1.4 kB (1389 bytes)
Hash
beaf15b0ce5d70e195b58024da989265
74aa795648b32f4bd2f266f7d4550a83041921e6
4e318af3690e16ea77e013a74128ae912d745f25a3a71d5dde33da2a3a8f0177

HTTP Headers

GET /Libs/Javascript/auth.js?3.1 HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4; _ga_QVV6LWHMJT=GS1.1.1664047871.1.0.1664047871.0.0.0; _ga=GA1.1.618316747.1664047872; sb_page_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_onpage_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_main_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_count_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; dom3ic8zudi28v8lr6fgphwffqoz0j6c=f27d47e7-d9f5-407d-9675-74ea0a68e259%3A3%3A1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=31536000
expires: Sun, 24 Sep 2023 19:31:14 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sun, 01 Mar 2020 14:52:31 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 1389
date: Sat, 24 Sep 2022 19:31:14 GMT
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2

ibradome.com/Libs/Javascript/nanoscroller.js?3.1

185.178.208.130

200 OK

3.2 kB

URL HTTP/2
ibradome.com/Libs/Javascript/nanoscroller.js?3.1
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text, with very long lines (10006), with no line terminators
Size
3.2 kB (3154 bytes)
Hash
6fa0b60ab58fc1ac887777a5287ec9c7
1aea37b77ab13fec28cbb8fdbcb594be2ccb8a3a
0384d7c7667533f7ee2a6b02c6e0e799e500a08f3c43708d0dcc95594fd2ac43

HTTP Headers

GET /Libs/Javascript/nanoscroller.js?3.1 HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4; _ga_QVV6LWHMJT=GS1.1.1664047871.1.0.1664047871.0.0.0; _ga=GA1.1.618316747.1664047872; sb_page_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_onpage_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_main_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_count_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; dom3ic8zudi28v8lr6fgphwffqoz0j6c=f27d47e7-d9f5-407d-9675-74ea0a68e259%3A3%3A1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=31536000
expires: Sun, 24 Sep 2023 19:31:14 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sun, 01 Mar 2020 14:52:22 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 3154
date: Sat, 24 Sep 2022 19:31:14 GMT
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2

ibradome.com/Libs/Javascript/Pages/post.js?3.1

185.178.208.130

200 OK

2.3 kB

URL HTTP/2
ibradome.com/Libs/Javascript/Pages/post.js?3.1
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text, with very long lines (6423), with no line terminators
Size
2.3 kB (2276 bytes)
Hash
6fd5fc9e3e8301c4660aea30991b0764
48f5b2e5748ab9ce86b6cafe57c5da24566d48fc
bcc609872264d53079dc81e0b5d7c11846e7276414eabe5e5d451699dfbeec87

HTTP Headers

GET /Libs/Javascript/Pages/post.js?3.1 HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4; _ga_QVV6LWHMJT=GS1.1.1664047871.1.0.1664047871.0.0.0; _ga=GA1.1.618316747.1664047872; sb_page_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_onpage_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_main_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_count_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; dom3ic8zudi28v8lr6fgphwffqoz0j6c=f27d47e7-d9f5-407d-9675-74ea0a68e259%3A3%3A1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=31536000
expires: Sun, 24 Sep 2023 19:31:14 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 17 Mar 2021 02:00:01 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 2276
date: Sat, 24 Sep 2022 19:31:14 GMT
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7c7ea800ead2098437c53ff8af72fc54
6f92ca434ac508c6ade9e6dd4b5b7128b9cf09d3
c0b6c2602c3851630a6037f345a0ea0097ebc3249d1d40eed57d1493be69bd1d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C0B6C2602C3851630A6037F345A0EA0097EBC3249D1D40EED57D1493BE69BD1D"
Last-Modified: Sat, 24 Sep 2022 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17819
Expires: Sun, 25 Sep 2022 00:28:12 GMT
Date: Sat, 24 Sep 2022 19:31:13 GMT
Connection: keep-alive

ibradome.com/Libs/Javascript/players.js?3.1

185.178.208.130

200 OK

1.9 kB

URL HTTP/2
ibradome.com/Libs/Javascript/players.js?3.1
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text, with very long lines (5722), with no line terminators
Size
1.9 kB (1928 bytes)
Hash
a4193460f7e7a063eaabd8f7c0f7f216
28274ad30ce33ba7d7d5363454c287ff92b6ea75
16bc0088ea1dfd0866d3d8342ab671bb26bece10d80a48da0d8f7e8eabf85761

HTTP Headers

GET /Libs/Javascript/players.js?3.1 HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4; _ga_QVV6LWHMJT=GS1.1.1664047871.1.0.1664047871.0.0.0; _ga=GA1.1.618316747.1664047872; sb_page_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_onpage_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_main_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_count_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; dom3ic8zudi28v8lr6fgphwffqoz0j6c=f27d47e7-d9f5-407d-9675-74ea0a68e259%3A3%3A1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=31536000
expires: Sun, 24 Sep 2023 19:31:14 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 22 Dec 2021 03:16:31 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 1928
date: Sat, 24 Sep 2022 19:31:14 GMT
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2

region1.google-analytics.com/g/collect?v=2&tid=G-QVV6LWHMJT&gtm=2oe9l0&_p=673350161&cid=618316747.1664047872&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1664047871&sct=1&seg=0&dl=https%3A%2F%2Fibradome.com%2Fleaked%2Fvideo%2F12926%2Fjulieta-allegretti-girlofnox-leaks-video-vi&dt=Julieta%20Allegretti%20GirlofNox%20Leaks%20Video%20VI%20-%20Leaked%20Nudes&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1

216.239.34.36

204 No Content

0 B

URL HTTP/2
region1.google-analytics.com/g/collect?v=2&tid=G-QVV6LWHMJT&gtm=2oe9l0&_p=673350161&cid=618316747.1664047872&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1664047871&sct=1&seg=0&dl=https%3A%2F%2Fibradome.com%2Fleaked%2Fvideo%2F12926%2Fjulieta-allegretti-girlofnox-leaks-video-vi&dt=Julieta%20Allegretti%20GirlofNox%20Leaks%20Video%20VI%20-%20Leaked%20Nudes&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
IP
216.239.34.36:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-QVV6LWHMJT&gtm=2oe9l0&_p=673350161&cid=618316747.1664047872&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1664047871&sct=1&seg=0&dl=https%3A%2F%2Fibradome.com%2Fleaked%2Fvideo%2F12926%2Fjulieta-allegretti-girlofnox-leaks-video-vi&dt=Julieta%20Allegretti%20GirlofNox%20Leaks%20Video%20VI%20-%20Leaked%20Nudes&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ibradome.com
Connection: keep-alive
Referer: https://ibradome.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://ibradome.com
date: Sat, 24 Sep 2022 19:31:13 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3858
Expires: Sat, 24 Sep 2022 20:35:31 GMT
Date: Sat, 24 Sep 2022 19:31:13 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3858
Expires: Sat, 24 Sep 2022 20:35:31 GMT
Date: Sat, 24 Sep 2022 19:31:13 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3858
Expires: Sat, 24 Sep 2022 20:35:31 GMT
Date: Sat, 24 Sep 2022 19:31:13 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3858
Expires: Sat, 24 Sep 2022 20:35:31 GMT
Date: Sat, 24 Sep 2022 19:31:13 GMT
Connection: keep-alive

kw3y5otoeuniv7e9rsi.com/lvesnk.html?zoneid=1846269

62.122.171.6

200 OK

8.0 kB

URL HTTP/2
kw3y5otoeuniv7e9rsi.com/lvesnk.html?zoneid=1846269
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type
data
Size
8.0 kB (8029 bytes)
Hash
02a682b4703bb9d6381c762726c05531
1d7f7b4cfdd7425213a21afdd1d5a5d8d11d0e54
fb672de67420a239fe5d7e2588f640150ed29883fe2a46ded160385e3265004c

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /lvesnk.html?zoneid=1846269 HTTP/1.1
Host: kw3y5otoeuniv7e9rsi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 19:31:11 GMT
content-type: text/html
last-modified: Tue, 23 Aug 2022 09:43:36 GMT
vary: Accept-Encoding
etag: W/"6304a148-e1"
x-js-ab1: current
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2

go6shde9nj2itle.com/get/1846181?zoneid=1846181&jp=_clel2rty8vznxumz6s0mkb&nojs=0&ix=0&abvar=0&t=0&x=801&y=801&wcks=0&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=953479971430025

62.122.171.6

200 OK

6.4 kB

URL HTTP/2
go6shde9nj2itle.com/get/1846181?zoneid=1846181&jp=_clel2rty8vznxumz6s0mkb&nojs=0&ix=0&abvar=0&t=0&x=801&y=801&wcks=0&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=953479971430025
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type
data
Size
6.4 kB (6443 bytes)
Hash
cdcb834a48d78fb5488c298f516a11db
102db8a01a2d52a98cfa38d18898bd23900922ea
0a08a2af11e19d97f5efcaf3a680ea1d35080f4011515f44ddf2121043444975

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /get/1846181?zoneid=1846181&jp=_clel2rty8vznxumz6s0mkb&nojs=0&ix=0&abvar=0&t=0&x=801&y=801&wcks=0&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=953479971430025 HTTP/1.1
Host: go6shde9nj2itle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kw3y5otoeuniv7e9rsi.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 19:31:12 GMT
content-type: text/javascript
vary: Accept-Encoding
x-route-id: config
set-cookie: UID=220924143114e20b6fe87b4a3ba04c444e45; Path=/; Expires=Sun, 24 Sep 2023 19:31:12 GMT; HttpOnly; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5039669-74cb-4d54-9208-94257c765b35.jpeg

34.120.237.76

200 OK

9.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5039669-74cb-4d54-9208-94257c765b35.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.9 kB (9935 bytes)
Hash
55d224ac83a417772c98bc5080fb6689
a30f9044330824e70dde0dcc785890d981e6fdf5
b2ea4dea200109019a65834b98e31e8fac718a199513810a2819858be2b4470a

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5039669-74cb-4d54-9208-94257c765b35.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9935
x-amzn-requestid: 9eb8463d-172a-40a2-8eed-3c97b1260afe
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y7sQ5FARoAMFXQQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632e2738-3709a2f22ecc033532223b26;Sampled=0
x-amzn-remapped-date: Fri, 23 Sep 2022 21:38:00 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: e5eETCL5yFnoG4HPx0Qv8hjGnlXx5vOL4syMx9uato8nuIHkSvMezg==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Sep 2022 21:53:50 GMT
age: 77843
etag: "a30f9044330824e70dde0dcc785890d981e6fdf5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F85d1d130-04e1-43f4-81d7-b15e9286f813.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.4 kB (8354 bytes)
Hash
e1087dcce202bbbc8c84196bd2050662
670d89082f8da643e1196b11fb64bf71707f0e8d
f6a7b6e07177431d7845e2f2b7b1b3b76088671db32aeef580a72e9bd3ddae00

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F85d1d130-04e1-43f4-81d7-b15e9286f813.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8354
x-amzn-requestid: 3ec3470c-2268-4102-af88-27dcfed76bfc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y7sPCGOcoAMF2xQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632e272c-481aa98b413690636fc3a2f0;Sampled=0
x-amzn-remapped-date: Fri, 23 Sep 2022 21:37:48 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: dXqPCGTGK8gW86McTltPuNYKXQgUuSqcL_XbyRQitinH5LsUscmU2w==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 1481cc55c02c3a782ad420b6bac2cb32.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Sep 2022 21:47:49 GMT
age: 78204
etag: "670d89082f8da643e1196b11fb64bf71707f0e8d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd719f7db-20e1-4834-9525-3117f1824f36.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10032 bytes)
Hash
aa150280eb113504d61a25935c0f0127
ed04f74fbb4c77b21e2babc51a82857f5e23d169
07df17fffb391aa82efb09e30d97e88fa4dbe6df00e37bb90304f69179f4848e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd719f7db-20e1-4834-9525-3117f1824f36.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10032
x-amzn-requestid: 521c4012-9834-4100-a7ed-30093502f1a9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y7sPBHGYoAMFh-Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632e272c-77b03c321240d76a572d603a;Sampled=0
x-amzn-remapped-date: Fri, 23 Sep 2022 21:37:48 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: lAQOV9_fZ2RFvhRKMtDOeRTWJc-Jo1u-DrtJshcQuCSOUXVbNMjhaw==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 ee8246c5442dace7525c74f6a799bb46.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Sep 2022 21:56:56 GMT
age: 77657
etag: "ed04f74fbb4c77b21e2babc51a82857f5e23d169"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb77ad616-c829-40b4-8b70-2be46252d64c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10279 bytes)
Hash
8ea5f06ad31f0cedd2cb5c6df82f35f4
60a83a1618ffae06e49ca3002bac1db9980dcfe8
5f6a4cb92c016ef0f229b11d727e9680a15b10782b5bfe9e66ad9d100b458d8d

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb77ad616-c829-40b4-8b70-2be46252d64c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10279
x-amzn-requestid: 0f361c26-1f12-421a-9752-7d4fcdf839ac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4V65GTXIAMF9-Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632cd045-25677a637307879044de8242;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:14:45 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: NcnEyVD-vG10pOpPCBMjKGqVw-rstkPIt-oqkIc5urAGE934fxL0VQ==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Sep 2022 04:12:38 GMT
age: 55115
etag: "60a83a1618ffae06e49ca3002bac1db9980dcfe8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

ibradome.com/Libs/Javascript/waypoints.js?3.1

185.178.208.130

200 OK

2.4 kB

URL HTTP/2
ibradome.com/Libs/Javascript/waypoints.js?3.1
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text, with very long lines (8835), with no line terminators
Size
2.4 kB (2441 bytes)
Hash
6056309ae353de4841b897fe6db8011c
b882aedea5d8d9ba17c8ca52ecfc4b273baf7102
5e2429536605edcc0d1d1e6a51c672309ce82fb6b175e8d78c3d9e775d20ba94

HTTP Headers

GET /Libs/Javascript/waypoints.js?3.1 HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4; _ga_QVV6LWHMJT=GS1.1.1664047871.1.0.1664047871.0.0.0; _ga=GA1.1.618316747.1664047872; sb_page_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_onpage_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_main_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_count_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; dom3ic8zudi28v8lr6fgphwffqoz0j6c=f27d47e7-d9f5-407d-9675-74ea0a68e259%3A3%3A1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=31536000
expires: Sun, 24 Sep 2023 19:31:14 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sun, 01 Mar 2020 14:52:31 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 2441
date: Sat, 24 Sep 2022 19:31:14 GMT
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2

ibradome.com/Libs/Javascript/media.js?3.1

185.178.208.130

200 OK

12 kB

URL HTTP/2
ibradome.com/Libs/Javascript/media.js?3.1
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text, with very long lines (45027), with no line terminators
Size
12 kB (11976 bytes)
Hash
e71c47019c0e825b31621aa6c8a69326
f310401f2ca4d5e985caf712a25044ec5e605cce
b593356791bd4b5c6b801db898ae3544d059d238f9dc721e00eaa501fe557632

HTTP Headers

GET /Libs/Javascript/media.js?3.1 HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4; _ga_QVV6LWHMJT=GS1.1.1664047871.1.0.1664047871.0.0.0; _ga=GA1.1.618316747.1664047872; sb_page_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_onpage_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_main_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_count_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; dom3ic8zudi28v8lr6fgphwffqoz0j6c=f27d47e7-d9f5-407d-9675-74ea0a68e259%3A3%3A1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=31536000
expires: Sun, 24 Sep 2023 19:31:14 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sat, 30 Apr 2022 04:25:19 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 11976
date: Sat, 24 Sep 2022 19:31:14 GMT
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2

ibradome.com/Libs/Javascript/fbsdk.js?3.1

185.178.208.130

200 OK

558 B

URL HTTP/2
ibradome.com/Libs/Javascript/fbsdk.js?3.1
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text, with very long lines (1146), with no line terminators
Size
558 B (558 bytes)
Hash
16257de536576926d5a820a8f596de02
c20ddfc57d774a45c6898f540037617a4b860c9f
303945e576b83c683781722d374d445f86536fb3e6d21b2aaf133413d8e7f5f1

HTTP Headers

GET /Libs/Javascript/fbsdk.js?3.1 HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4; _ga_QVV6LWHMJT=GS1.1.1664047871.1.0.1664047871.0.0.0; _ga=GA1.1.618316747.1664047872; sb_page_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_onpage_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_main_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_count_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; dom3ic8zudi28v8lr6fgphwffqoz0j6c=f27d47e7-d9f5-407d-9675-74ea0a68e259%3A3%3A1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=31536000
expires: Sun, 24 Sep 2023 19:31:15 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sun, 01 Mar 2020 14:52:17 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 558
date: Sat, 24 Sep 2022 19:31:15 GMT
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2

ibradome.com/love.gif

185.178.208.130

200 OK

32 kB

URL HTTP/2
ibradome.com/love.gif
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
GIF image data, version 89a, 64 x 64\012- data
Size
32 kB (32033 bytes)
Hash
4fa57f916a2b44a3ff27425249bcc938
9383b3d39d29be770876843b2d9a56019711b639
6b9638958497274e16a9b6f4ef5b5ed4377a5881c4ac2e4613685caa88cf1915

HTTP Headers

GET /love.gif HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4; _ga_QVV6LWHMJT=GS1.1.1664047871.1.0.1664047871.0.0.0; _ga=GA1.1.618316747.1664047872; sb_page_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_onpage_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_main_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_count_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; dom3ic8zudi28v8lr6fgphwffqoz0j6c=f27d47e7-d9f5-407d-9675-74ea0a68e259%3A3%3A1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:14 GMT
content-type: image/gif
last-modified: Fri, 08 Apr 2022 06:21:07 GMT
accept-ranges: bytes
content-length: 32033
date: Sat, 24 Sep 2022 19:31:14 GMT
vary: User-Agent
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2

ibradome.com/like.gif

185.178.208.130

200 OK

28 kB

URL HTTP/2
ibradome.com/like.gif
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
GIF image data, version 89a, 64 x 64\012- data
Size
28 kB (27944 bytes)
Hash
b8a1352e88c5f175477da0b274d4ebb4
bfeac8115b51e9c44278b97ba4b335d075938e19
f4c145ba8f7830fec576f681e499c0a22942f2d95820d2ec79409ad5668ddf7d

HTTP Headers

GET /like.gif HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4; _ga_QVV6LWHMJT=GS1.1.1664047871.1.0.1664047871.0.0.0; _ga=GA1.1.618316747.1664047872; sb_page_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_onpage_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_main_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_count_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; dom3ic8zudi28v8lr6fgphwffqoz0j6c=f27d47e7-d9f5-407d-9675-74ea0a68e259%3A3%3A1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:14 GMT
content-type: image/gif
last-modified: Fri, 08 Apr 2022 06:21:20 GMT
accept-ranges: bytes
content-length: 27944
date: Sat, 24 Sep 2022 19:31:14 GMT
vary: User-Agent
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
b63ad57f4ed114ed59cd97a96f14cc62
ded02ddf1ff1985651d264c00f65fba4b0c94dcb
4379a370cec60c404f43ced5cd5b32bde1de5158bdef04cacc7541638331de11

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6565
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 19:31:13 GMT
Last-Modified: Sat, 24 Sep 2022 17:41:48 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 279

ibradome.com/angry.gif

185.178.208.130

200 OK

68 kB

URL HTTP/2
ibradome.com/angry.gif
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
GIF image data, version 89a, 64 x 64\012- data
Size
68 kB (67846 bytes)
Hash
3ff8f13714102ea71c0c9340b7d78bb6
796fcdec979daa1c8b9c4270f0acc92e2858ea04
c41782f1f100d012fb640afe06fedaae222ce96c602c3c84c138ee3b7398c70c

HTTP Headers

GET /angry.gif HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4; _ga_QVV6LWHMJT=GS1.1.1664047871.1.0.1664047871.0.0.0; _ga=GA1.1.618316747.1664047872; sb_page_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_onpage_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_main_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_count_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; dom3ic8zudi28v8lr6fgphwffqoz0j6c=f27d47e7-d9f5-407d-9675-74ea0a68e259%3A3%3A1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:14 GMT
content-type: image/gif
last-modified: Fri, 08 Apr 2022 06:20:48 GMT
accept-ranges: bytes
content-length: 67846
date: Sat, 24 Sep 2022 19:31:14 GMT
vary: User-Agent
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2

ibradome.com/lol.gif

185.178.208.130

200 OK

52 kB

URL HTTP/2
ibradome.com/lol.gif
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
GIF image data, version 89a, 64 x 64\012- data
Size
52 kB (51452 bytes)
Hash
16d494f1076a6bd937b8c059704c27c1
2ab548a9590922c356870a27b701463f440566da
dc59dcd7db6f7245c78b5c7af69c8c98fc574bc63fa3cd6ce3644f8ee6f6b90e

HTTP Headers

GET /lol.gif HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4; _ga_QVV6LWHMJT=GS1.1.1664047871.1.0.1664047871.0.0.0; _ga=GA1.1.618316747.1664047872; sb_page_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_onpage_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_main_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_count_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; dom3ic8zudi28v8lr6fgphwffqoz0j6c=f27d47e7-d9f5-407d-9675-74ea0a68e259%3A3%3A1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:14 GMT
content-type: image/gif
last-modified: Fri, 08 Apr 2022 06:21:14 GMT
accept-ranges: bytes
content-length: 51452
date: Sat, 24 Sep 2022 19:31:14 GMT
vary: User-Agent
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2

ibradome.com/sad.gif

185.178.208.130

200 OK

72 kB

URL HTTP/2
ibradome.com/sad.gif
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
GIF image data, version 89a, 64 x 64\012- data
Size
72 kB (71661 bytes)
Hash
911500da121727b7f61c6d22dab3c998
2ab1a8683238bf9264ce7dc17fa5deaa0b64312e
88e2a8efef662991a23d5672fd45266a6e19f002bec49edc65b29e3243e6687d

HTTP Headers

GET /sad.gif HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4; _ga_QVV6LWHMJT=GS1.1.1664047871.1.0.1664047871.0.0.0; _ga=GA1.1.618316747.1664047872; sb_page_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_onpage_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_main_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_count_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; dom3ic8zudi28v8lr6fgphwffqoz0j6c=f27d47e7-d9f5-407d-9675-74ea0a68e259%3A3%3A1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:14 GMT
content-type: image/gif
last-modified: Fri, 08 Apr 2022 06:21:00 GMT
accept-ranges: bytes
content-length: 71661
date: Sat, 24 Sep 2022 19:31:14 GMT
vary: User-Agent
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2

ibradome.com/what.gif

185.178.208.130

200 OK

86 kB

URL HTTP/2
ibradome.com/what.gif
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
GIF image data, version 89a, 64 x 64\012- data
Size
86 kB (85606 bytes)
Hash
da7f597dd42e2d4face718db07381179
3b0c0ddd42ea0f250ebba30dba725d02a044f44f
06db4240728fe4c12213e97b4493995905d9929311cb6cd8f060897c763017b2

HTTP Headers

GET /what.gif HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4; _ga_QVV6LWHMJT=GS1.1.1664047871.1.0.1664047871.0.0.0; _ga=GA1.1.618316747.1664047872; sb_page_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_onpage_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_main_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; sb_count_0a9aec252ec8cc83b9f56ec6b45fa3a9=1; dom3ic8zudi28v8lr6fgphwffqoz0j6c=f27d47e7-d9f5-407d-9675-74ea0a68e259%3A3%3A1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:15 GMT
content-type: image/gif
last-modified: Fri, 08 Apr 2022 06:20:54 GMT
accept-ranges: bytes
content-length: 85606
date: Sat, 24 Sep 2022 19:31:15 GMT
vary: User-Agent
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2

wadmargincling.com/sbar.json?key=0a9aec252ec8cc83b9f56ec6b45fa3a9

192.243.61.225

200 OK

4.1 kB

URL HTTP/1.1
wadmargincling.com/sbar.json?key=0a9aec252ec8cc83b9f56ec6b45fa3a9
IP
192.243.61.225:0
ASN
#39572 DataWeb Global Group B.V.

File type
JSON data\012- , Unicode text, UTF-8 text, with very long lines (5930), with no line terminators
Size
4.1 kB (4099 bytes)
Hash
a042cfb3ec9a7c6eda9ae96fe98342bb
6d4c8d683a4a9c07bfe2b989d46089c57d0af007
6d510c3508761efeeb9bb519b627f51971c99500c425e88b07e4ccff99fabbd4

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /sbar.json?key=0a9aec252ec8cc83b9f56ec6b45fa3a9 HTTP/1.1
Host: wadmargincling.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ibradome.com
Connection: keep-alive
Referer: https://ibradome.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sat, 24 Sep 2022 19:31:13 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://ibradome.com
Access-Control-Allow-Origin: https://ibradome.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17037017; expires=Sun, 25 Sep 2022 19:31:13 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 25 Sep 2022 19:31:13 GMT; secure; SameSite=None
uncs=1; expires=Sun, 25 Sep 2022 19:31:13 GMT; secure; SameSite=None
pdhtkv29=true; expires=Sun, 25 Sep 2022 19:31:13 GMT; secure; SameSite=None
uncs29=1; expires=Sun, 25 Sep 2022 19:31:13 GMT; secure; SameSite=None
slec0a9aec252ec8cc83b9f56ec6b45fa3a9=[3551994]; expires=Sat, 24 Sep 2022 19:31:18 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1f9042803219751c1cf5e495d17b36e9
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
b63ad57f4ed114ed59cd97a96f14cc62
ded02ddf1ff1985651d264c00f65fba4b0c94dcb
4379a370cec60c404f43ced5cd5b32bde1de5158bdef04cacc7541638331de11

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6565
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 19:31:13 GMT
Last-Modified: Sat, 24 Sep 2022 17:41:48 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 279

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
419de8bd44f32435f5730ab5925e843b
6b352afe88897d6f3c3c2944de370eb96c670644
0c74e6e47c5fb7501624f8e88e5e53ad25e0d059a07ff5df2882bcb86b94a62a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6310
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 19:31:14 GMT
Last-Modified: Sat, 24 Sep 2022 17:46:04 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471

connect.facebook.net/en_EN/sdk.js

157.240.200.14

200 OK

1.7 kB

URL HTTP/2
connect.facebook.net/en_EN/sdk.js
IP
157.240.200.14:0
ASN
#32934 FACEBOOK

File type
ASCII text, with very long lines (1961)
Size
1.7 kB (1687 bytes)
Hash
fa147f69438c529a612f2fa6c1772bd7
bbbac48429e15936d732cd178cc07978c2d8b2df
f140d20e2a6d84aa8bb38d32db33c13a31e261fef1bc947ecc7ecb9cac028182

HTTP Headers

GET /en_EN/sdk.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: ef8a452728766e8757c20d1f986bc09a
etag: "4c4425f8e0fcc6d50251b9495ff260da"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Sat, 24 Sep 2022 19:33:46 GMT
cache-control: public,max-age=1200,stale-while-revalidate=3600
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: +hR/aUOMUpphLy+mwXcr1w==
x-fb-debug: gS3tlChqkSkqMixfCZS+TCLxbZDeShRaPg83g+ova5iczgkWUT/WvHXYSUS2+mcpnaVS7W+EY6B7IL1Rz9ym8g==
content-length: 1687
x-fb-trip-id: 1679558926
date: Sat, 24 Sep 2022 19:31:14 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
18f73dcabd57eb79e247a6f74eaef381
0cc2a2a586323c4aed2b530f0bb3a3ea39ec6b80
2cce5a62bdfc3e16ea9faeebf636e5ae092ca45c2d7efedfd42ab5abde1518b1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2CCE5A62BDFC3E16EA9FAEEBF636E5AE092CA45C2D7EFEDFD42AB5ABDE1518B1"
Last-Modified: Thu, 22 Sep 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3195
Expires: Sat, 24 Sep 2022 20:24:29 GMT
Date: Sat, 24 Sep 2022 19:31:14 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
419de8bd44f32435f5730ab5925e843b
6b352afe88897d6f3c3c2944de370eb96c670644
0c74e6e47c5fb7501624f8e88e5e53ad25e0d059a07ff5df2882bcb86b94a62a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6310
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 19:31:14 GMT
Last-Modified: Sat, 24 Sep 2022 17:46:04 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471

static.addtoany.com/menu/page.js

104.22.71.197

200 OK

1.4 kB

URL HTTP/2
static.addtoany.com/menu/page.js
IP
104.22.71.197:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (2983), with no line terminators
Size
1.4 kB (1436 bytes)
Hash
dda777b3fb809e44fe83a28e92db4c19
963329d580e16f69eea8aff79c89860c10bb9fbd
99ebc91c1fdfbae92ffa1bffded744fe6ba12cf60403e3a97b91cd477d8342bb

HTTP Headers

GET /menu/page.js HTTP/1.1
Host: static.addtoany.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 24 Sep 2022 19:31:13 GMT
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=172800
cf-bgj: minify
access-control-allow-origin: *
age: 159823
etag: W/"ba7-5e7bb5238fa5f"
last-modified: Sat, 03 Sep 2022 00:56:47 GMT
vary: Accept-Encoding
via: e4s
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 74fdf06c1b4715e8-ARN
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

connect.facebook.net/en_US/sdk.js?hash=8a9d053cab155bced53139a776051d86

157.240.200.14

200 OK

87 kB

URL HTTP/2
connect.facebook.net/en_US/sdk.js?hash=8a9d053cab155bced53139a776051d86
IP
157.240.200.14:0
ASN
#32934 FACEBOOK

File type
ASCII text, with very long lines (13260)
Size
87 kB (87332 bytes)
Hash
056037d968422b97062fbe0fcb88f272
208ee5050ff0028af76365cf40c05f5d8c89a7f2
43b3a0a03c7e5307b932f53ba4b4488397a044af018abd18030249c339fe98c9

HTTP Headers

GET /en_US/sdk.js?hash=8a9d053cab155bced53139a776051d86 HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ibradome.com
Connection: keep-alive
Referer: https://ibradome.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: 874ace7593043634cabc79cb7877b6a1
etag: "6941d8b3596168c65be3ab564ec9569b"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Sun, 24 Sep 2023 17:21:11 GMT
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: BWA32WhCK5cGL74Py4jycg==
x-fb-debug: d6us3Hoqbjzm38xXX8hhHkblU+7GE0z42WiieaMrNYAWTzIbGDz13YMegbVBW6OnpWyuH+hWW0qQ+CuZWVBN7w==
priority: u=3,i
content-length: 87332
x-fb-trip-id: 1679558926
date: Sat, 24 Sep 2022 19:31:14 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

static.addtoany.com/menu/modules/core.e18d3993.js

104.22.71.197

200 OK

26 kB

URL HTTP/2
static.addtoany.com/menu/modules/core.e18d3993.js
IP
104.22.71.197:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65536), with no line terminators
Size
26 kB (25585 bytes)
Hash
de4f7edb69961e9bb11c2d5bc134d567
8ecff4fc515c9e765388c6370b27420bd5ae19e7
8661b19b9be07023fd81effa9fdd6f0f335b5099a513aa4e4e607fbf51b32f4e

HTTP Headers

GET /menu/modules/core.e18d3993.js HTTP/1.1
Host: static.addtoany.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ibradome.com
Connection: keep-alive
Referer: https://ibradome.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 24 Sep 2022 19:31:14 GMT
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000, immutable
cf-bgj: minify
access-control-allow-origin: *
age: 850990
etag: W/"11891-5e7bb52267bff"
last-modified: Sat, 03 Sep 2022 00:56:46 GMT
vary: Accept-Encoding
via: e3s
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 74fdf06c789b1685-ARN
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

e1.o.lencr.org/

23.36.76.226

200 OK

344 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
344 B (344 bytes)
Hash
a0f884d959b986684bb199e29ea6c2af
91d2654bea2dd92ae95b844b32cc345d16c398b7
3d98dc7fc457cb7b3ed70e41609f5f4d5e1c14da530dc876d2a695db704238ed

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "3D98DC7FC457CB7B3ED70E41609F5F4D5E1C14DA530DC876D2A695DB704238ED"
Last-Modified: Sat, 24 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10199
Expires: Sat, 24 Sep 2022 22:21:13 GMT
Date: Sat, 24 Sep 2022 19:31:14 GMT
Connection: keep-alive

e1.o.lencr.org/

23.36.76.226

200 OK

344 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
344 B (344 bytes)
Hash
a0f884d959b986684bb199e29ea6c2af
91d2654bea2dd92ae95b844b32cc345d16c398b7
3d98dc7fc457cb7b3ed70e41609f5f4d5e1c14da530dc876d2a695db704238ed

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "3D98DC7FC457CB7B3ED70E41609F5F4D5E1C14DA530DC876D2A695DB704238ED"
Last-Modified: Sat, 24 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10199
Expires: Sat, 24 Sep 2022 22:21:13 GMT
Date: Sat, 24 Sep 2022 19:31:14 GMT
Connection: keep-alive

e1.o.lencr.org/

23.36.76.226

200 OK

344 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
344 B (344 bytes)
Hash
a0f884d959b986684bb199e29ea6c2af
91d2654bea2dd92ae95b844b32cc345d16c398b7
3d98dc7fc457cb7b3ed70e41609f5f4d5e1c14da530dc876d2a695db704238ed

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "3D98DC7FC457CB7B3ED70E41609F5F4D5E1C14DA530DC876D2A695DB704238ED"
Last-Modified: Sat, 24 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10199
Expires: Sat, 24 Sep 2022 22:21:13 GMT
Date: Sat, 24 Sep 2022 19:31:14 GMT
Connection: keep-alive

e1.o.lencr.org/

23.36.76.226

200 OK

344 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
344 B (344 bytes)
Hash
a0f884d959b986684bb199e29ea6c2af
91d2654bea2dd92ae95b844b32cc345d16c398b7
3d98dc7fc457cb7b3ed70e41609f5f4d5e1c14da530dc876d2a695db704238ed

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "3D98DC7FC457CB7B3ED70E41609F5F4D5E1C14DA530DC876D2A695DB704238ED"
Last-Modified: Sat, 24 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10199
Expires: Sat, 24 Sep 2022 22:21:13 GMT
Date: Sat, 24 Sep 2022 19:31:14 GMT
Connection: keep-alive

e1.o.lencr.org/

23.36.76.226

200 OK

344 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
344 B (344 bytes)
Hash
a0f884d959b986684bb199e29ea6c2af
91d2654bea2dd92ae95b844b32cc345d16c398b7
3d98dc7fc457cb7b3ed70e41609f5f4d5e1c14da530dc876d2a695db704238ed

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "3D98DC7FC457CB7B3ED70E41609F5F4D5E1C14DA530DC876D2A695DB704238ED"
Last-Modified: Sat, 24 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10199
Expires: Sat, 24 Sep 2022 22:21:13 GMT
Date: Sat, 24 Sep 2022 19:31:14 GMT
Connection: keep-alive

wadmargincling.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Ffacebook%2Fjs%2Fscript.js&l=444&fd=273

192.243.61.225

200 OK

0 B

URL HTTP/1.1
wadmargincling.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Ffacebook%2Fjs%2Fscript.js&l=444&fd=273
IP
192.243.61.225:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Ffacebook%2Fjs%2Fscript.js&l=444&fd=273 HTTP/1.1
Host: wadmargincling.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/
Cookie: u_pl=17037017; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec0a9aec252ec8cc83b9f56ec6b45fa3a9=[3551994]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sat, 24 Sep 2022 19:31:14 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d6ee5ae00f81eebec5b2df19615bf961
a5dad2f2ab11f399da5016e8d944fd3422a03974
2b0151b6a2c52676ab8de2403c9d6854439051654eacea98975c1ae070659439

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2B0151B6A2C52676AB8DE2403C9D6854439051654EACEA98975C1AE070659439"
Last-Modified: Sat, 24 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16138
Expires: Sun, 25 Sep 2022 00:00:12 GMT
Date: Sat, 24 Sep 2022 19:31:14 GMT
Connection: keep-alive

www.facebook.com/v2.8/plugins/comments.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2b4a8ec200312a%26domain%3Dibradome.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fibradome.com%252Ff67f8a1bc4c456%26relation%3Dparent.parent&container_width=0&height=100&href=https%3A%2F%2Fibradome.com%2Fleaked%2Fvideo%2F12926%2Fjulieta-allegretti-girlofnox-leaks-video-vi%3Fid%3D12926%26tytul%3Djulieta-allegretti-girlofnox-leaks-video-vi&locale=en_US&numposts=5&sdk=joey&version=v2.8&width=

157.240.200.35

200 OK

0 B

URL HTTP/2
www.facebook.com/v2.8/plugins/comments.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2b4a8ec200312a%26domain%3Dibradome.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fibradome.com%252Ff67f8a1bc4c456%26relation%3Dparent.parent&container_width=0&height=100&href=https%3A%2F%2Fibradome.com%2Fleaked%2Fvideo%2F12926%2Fjulieta-allegretti-girlofnox-leaks-video-vi%3Fid%3D12926%26tytul%3Djulieta-allegretti-girlofnox-leaks-video-vi&locale=en_US&numposts=5&sdk=joey&version=v2.8&width=
IP
157.240.200.35:0
ASN
#32934 FACEBOOK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /v2.8/plugins/comments.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2b4a8ec200312a%26domain%3Dibradome.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fibradome.com%252Ff67f8a1bc4c456%26relation%3Dparent.parent&container_width=0&height=100&href=https%3A%2F%2Fibradome.com%2Fleaked%2Fvideo%2F12926%2Fjulieta-allegretti-girlofnox-leaks-video-vi%3Fid%3D12926%26tytul%3Djulieta-allegretti-girlofnox-leaks-video-vi&locale=en_US&numposts=5&sdk=joey&version=v2.8&width= HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/html;charset=utf-8
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
x-fb-debug: J4456qpaZV3hLGF6LlCgELFSDW3wRxDjTefM6pNRrbdtz+lvHE3Zq9CDtC/55hVoxrLfytDHUc2g6GujdPY9dg==
content-length: 0
date: Sat, 24 Sep 2022 19:31:14 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

142.250.74.163

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ibradome.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 21 Sep 2022 19:34:08 GMT
expires: Thu, 21 Sep 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 259026
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

cdn.cloudimagesb.com/si/a5/38/82/a538823dc3936f2d56da6943c137a79d/1658144826.jpg

45.133.44.10

200 OK

17 kB

URL HTTP/2
cdn.cloudimagesb.com/si/a5/38/82/a538823dc3936f2d56da6943c137a79d/1658144826.jpg
IP
45.133.44.10:0
ASN
#39572 DataWeb Global Group B.V.

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3\012- data
Size
17 kB (16913 bytes)
Hash
11e8fa77a29b9c78b6a9b759abff4667
b67f409f364c567805e7fcd0d9f14fe882cf0592
27e7345cc77747f44f5acbc02bf5afbebb0d831a4e4f06a171d7876382ffd049

HTTP Headers

GET /si/a5/38/82/a538823dc3936f2d56da6943c137a79d/1658144826.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 24 Sep 2022 19:31:14 GMT
content-type: image/jpeg
content-length: 16913
server: nginx/1.17.6
last-modified: Mon, 18 Jul 2022 11:47:14 GMT
etag: "62d54842-4211"
expires: Mon, 26 Sep 2022 19:31:14 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

wadmargincling.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Ffacebook%2Fcss%2Fanimate.css&l=79245&fd=278

192.243.61.225

200 OK

0 B

URL HTTP/1.1
wadmargincling.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Ffacebook%2Fcss%2Fanimate.css&l=79245&fd=278
IP
192.243.61.225:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Ffacebook%2Fcss%2Fanimate.css&l=79245&fd=278 HTTP/1.1
Host: wadmargincling.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/
Cookie: u_pl=17037017; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec0a9aec252ec8cc83b9f56ec6b45fa3a9=[3551994]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sat, 24 Sep 2022 19:31:14 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

cdn.sb4you1.com/sb/ssp/utility/social-media/facebook/img/close.svg

172.64.200.2

200 OK

1.1 kB

URL HTTP/2
cdn.sb4you1.com/sb/ssp/utility/social-media/facebook/img/close.svg
IP
172.64.200.2:0
ASN
#13335 CLOUDFLARENET

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size
1.1 kB (1088 bytes)
Hash
ed6d7fbf91f25a61e46c6f8db4640bc4
2639032594e452b42246306c541338d3bada03b7
5a0443b84126cc154925c4d5a3cecdc647050a561366f1de2be997e9ff68d018

HTTP Headers

GET /sb/ssp/utility/social-media/facebook/img/close.svg HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 24 Sep 2022 19:31:14 GMT
content-type: image/svg+xml
last-modified: Thu, 11 Feb 2021 15:13:59 GMT
etag: W/"602549b7-52a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 4526816
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wmgMAOxAVw0hDWQPtenWE2KA6p7ZNcjM%2BDpQwD6TSTNSdFrRrGZkqmpg66qXbf%2BcGTVqtovv5IWWPES3aOgwOZ25RlpHiC98W4x2Dj2eYqJioRM43XqtSVFNQn9oW4jns04%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74fdf06f5c0071f3-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

wadmargincling.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSzWskRRytTuJBvKjkIqgMeFlFJt3zPe4hGGOWYPbDXUXBg9RXT2pT3dVUdU9PxktwQfbgYfwPOm%2BSDWp20avgIp0FYXPKeMrBwP4NC3vwIDKzwegPit%2Breq%2Fg%2FT6%2B2c3OiI%2BMnq5eNUOlNV1qVv3Kpc%2BD4HJlQ8XZoDLotL5sNS5XbP%2B9bqvqv125IvmWWar5ge8HflBZU1aGZrA0JaGSw25Q7frVRq0aNBsY2P%2FfXebBUQ%2Bif0ZehRKThUfeIhQvEUc%2FrUq3lZrk3Q%2BjTNPUWPTFwafxVmzyGNEFDK2HMD44V8O4k7WHMPH%2BzC5M%2F18hUxPi%2Ff4QLD44NwnW35v5ZBoyBhMvIe%2BXkLqEoiW4uQMlTgjABa5dRxzdu2ZsTrefs3TKTsjCs6dQ%2BYQs%2FLmIOHqwotWgcsvoLFUmdhiEBdSghOqVSLIjpMM5qPwIPP0aShDEUQElilnNSpVQYQktR6DOQzY9ykMWesgSD5E4rfAgCNq%2B4NTvdDmvi7ZkLeEHtB0GNPBbHWR8amuENBmB6xG43UFid7ClRrDZb3CbBZzw4NIJ8T7eQV8UyCVB7ghySpArgjwlyPvFvtCu5op7QruMBee5dp7rxdikvV26b9KejMluckZemfbDm392ii15WvFpl0pea9Yk73DeqbNu2GxJ3mKNZkjrtAunCig3Nyt1qCZk7p23kEzzpToYPYLTR%2BDqZdDsDdB83K75oJvjRsfHMD5UzFJhIlnlJoIwBZL0BaTb3q4%2BI6%2FN5tKq%2FQXJj5cfP7nyYHH4BNwWSGyB2%2BoRQU%2FfHd80Odm7aXJHfr6epCpSQzqd2a2UpnL%2Bh4%2Fkdm6sWF91o%2B%2Ff51NiCg8%2FkS7doLFQcc%2BRH1eUENKuGcsl%2BXXdfSbZjcxtrmQ2zpKNGx%2BsrUeJlc4pE5eg6sR9C64m5EVqZsv4%2Bu1foGwJmxWIsmNyHlDmCDzZgUsu3DszD6svNCzxkGfF2NbYxaNWE1J7%2BhhaHi%2Ff%2F4pfvR%2F8DcoKOPmfjxd4191Fz74Jmt6Z7WHfFujrAlSP4LL5cZrY4%2BU%2F6rMA096YaevtMW31d8%2Fb69Rppe6LNpOhbDPZaDZCyQVrNpnPQ87qotPhSN2EL33h%2FQMAAP%2F%2FAQAA%2F%2F9y5kmSWwQAAA%3D%3D

192.243.61.225

200 OK

7 B

URL HTTP/1.1
wadmargincling.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSzWskRRytTuJBvKjkIqgMeFlFJt3zPe4hGGOWYPbDXUXBg9RXT2pT3dVUdU9PxktwQfbgYfwPOm%2BSDWp20avgIp0FYXPKeMrBwP4NC3vwIDKzwegPit%2Breq%2Fg%2FT6%2B2c3OiI%2BMnq5eNUOlNV1qVv3Kpc%2BD4HJlQ8XZoDLotL5sNS5XbP%2B9bqvqv125IvmWWar5ge8HflBZU1aGZrA0JaGSw25Q7frVRq0aNBsY2P%2FfXebBUQ%2Bif0ZehRKThUfeIhQvEUc%2FrUq3lZrk3Q%2BjTNPUWPTFwafxVmzyGNEFDK2HMD44V8O4k7WHMPH%2BzC5M%2F18hUxPi%2Ff4QLD44NwnW35v5ZBoyBhMvIe%2BXkLqEoiW4uQMlTgjABa5dRxzdu2ZsTrefs3TKTsjCs6dQ%2BYQs%2FLmIOHqwotWgcsvoLFUmdhiEBdSghOqVSLIjpMM5qPwIPP0aShDEUQElilnNSpVQYQktR6DOQzY9ykMWesgSD5E4rfAgCNq%2B4NTvdDmvi7ZkLeEHtB0GNPBbHWR8amuENBmB6xG43UFid7ClRrDZb3CbBZzw4NIJ8T7eQV8UyCVB7ghySpArgjwlyPvFvtCu5op7QruMBee5dp7rxdikvV26b9KejMluckZemfbDm392ii15WvFpl0pea9Yk73DeqbNu2GxJ3mKNZkjrtAunCig3Nyt1qCZk7p23kEzzpToYPYLTR%2BDqZdDsDdB83K75oJvjRsfHMD5UzFJhIlnlJoIwBZL0BaTb3q4%2BI6%2FN5tKq%2FQXJj5cfP7nyYHH4BNwWSGyB2%2BoRQU%2FfHd80Odm7aXJHfr6epCpSQzqd2a2UpnL%2Bh4%2Fkdm6sWF91o%2B%2Ff51NiCg8%2FkS7doLFQcc%2BRH1eUENKuGcsl%2BXXdfSbZjcxtrmQ2zpKNGx%2BsrUeJlc4pE5eg6sR9C64m5EVqZsv4%2Bu1foGwJmxWIsmNyHlDmCDzZgUsu3DszD6svNCzxkGfF2NbYxaNWE1J7%2BhhaHi%2Ff%2F4pfvR%2F8DcoKOPmfjxd4191Fz74Jmt6Z7WHfFujrAlSP4LL5cZrY4%2BU%2F6rMA096YaevtMW31d8%2Fb69Rppe6LNpOhbDPZaDZCyQVrNpnPQ87qotPhSN2EL33h%2FQMAAP%2F%2FAQAA%2F%2F9y5kmSWwQAAA%3D%3D
IP
192.243.61.225:0
ASN
#39572 DataWeb Global Group B.V.

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSzWskRRytTuJBvKjkIqgMeFlFJt3zPe4hGGOWYPbDXUXBg9RXT2pT3dVUdU9PxktwQfbgYfwPOm%2BSDWp20avgIp0FYXPKeMrBwP4NC3vwIDKzwegPit%2Breq%2Fg%2FT6%2B2c3OiI%2BMnq5eNUOlNV1qVv3Kpc%2BD4HJlQ8XZoDLotL5sNS5XbP%2B9bqvqv125IvmWWar5ge8HflBZU1aGZrA0JaGSw25Q7frVRq0aNBsY2P%2FfXebBUQ%2Bif0ZehRKThUfeIhQvEUc%2FrUq3lZrk3Q%2BjTNPUWPTFwafxVmzyGNEFDK2HMD44V8O4k7WHMPH%2BzC5M%2F18hUxPi%2Ff4QLD44NwnW35v5ZBoyBhMvIe%2BXkLqEoiW4uQMlTgjABa5dRxzdu2ZsTrefs3TKTsjCs6dQ%2BYQs%2FLmIOHqwotWgcsvoLFUmdhiEBdSghOqVSLIjpMM5qPwIPP0aShDEUQElilnNSpVQYQktR6DOQzY9ykMWesgSD5E4rfAgCNq%2B4NTvdDmvi7ZkLeEHtB0GNPBbHWR8amuENBmB6xG43UFid7ClRrDZb3CbBZzw4NIJ8T7eQV8UyCVB7ghySpArgjwlyPvFvtCu5op7QruMBee5dp7rxdikvV26b9KejMluckZemfbDm392ii15WvFpl0pea9Yk73DeqbNu2GxJ3mKNZkjrtAunCig3Nyt1qCZk7p23kEzzpToYPYLTR%2BDqZdDsDdB83K75oJvjRsfHMD5UzFJhIlnlJoIwBZL0BaTb3q4%2BI6%2FN5tKq%2FQXJj5cfP7nyYHH4BNwWSGyB2%2BoRQU%2FfHd80Odm7aXJHfr6epCpSQzqd2a2UpnL%2Bh4%2Fkdm6sWF91o%2B%2Ff51NiCg8%2FkS7doLFQcc%2BRH1eUENKuGcsl%2BXXdfSbZjcxtrmQ2zpKNGx%2BsrUeJlc4pE5eg6sR9C64m5EVqZsv4%2Bu1foGwJmxWIsmNyHlDmCDzZgUsu3DszD6svNCzxkGfF2NbYxaNWE1J7%2BhhaHi%2Ff%2F4pfvR%2F8DcoKOPmfjxd4191Fz74Jmt6Z7WHfFujrAlSP4LL5cZrY4%2BU%2F6rMA096YaevtMW31d8%2Fb69Rppe6LNpOhbDPZaDZCyQVrNpnPQ87qotPhSN2EL33h%2FQMAAP%2F%2FAQAA%2F%2F9y5kmSWwQAAA%3D%3D HTTP/1.1
Host: wadmargincling.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/
Cookie: u_pl=17037017; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec0a9aec252ec8cc83b9f56ec6b45fa3a9=[3551994]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sat, 24 Sep 2022 19:31:14 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7cc0e54c514d3c7231fb4a9b14e24273
Strict-Transport-Security: max-age=0; includeSubdomains

wadmargincling.com/pixel/sbs?c=1

192.243.61.225

200 OK

0 B

URL HTTP/1.1
wadmargincling.com/pixel/sbs?c=1
IP
192.243.61.225:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /pixel/sbs?c=1 HTTP/1.1
Host: wadmargincling.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/
Cookie: u_pl=17037017; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec0a9aec252ec8cc83b9f56ec6b45fa3a9=[3551994]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sat, 24 Sep 2022 19:31:14 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

wadmargincling.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Ffacebook%2Fcss%2Fstyle.css&l=6334&fd=278

192.243.61.225

200 OK

0 B

URL HTTP/1.1
wadmargincling.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Ffacebook%2Fcss%2Fstyle.css&l=6334&fd=278
IP
192.243.61.225:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Ffacebook%2Fcss%2Fstyle.css&l=6334&fd=278 HTTP/1.1
Host: wadmargincling.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/
Cookie: u_pl=17037017; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec0a9aec252ec8cc83b9f56ec6b45fa3a9=[3551994]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sat, 24 Sep 2022 19:31:14 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

unseenreport.com/pxf.gif?uuid=f27d47e7-d9f5-407d-9675-74ea0a68e259&eb=da08d6844107154a138edda4653a0f4b&te=f6ce28b9ffd697cd2ee52a12f20448bb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.31&b_frame=0&pk=0a9aec252ec8cc83b9f56ec6b45fa3a9&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=19

192.243.59.12

200 OK

1 B

URL HTTP/1.1
unseenreport.com/pxf.gif?uuid=f27d47e7-d9f5-407d-9675-74ea0a68e259&eb=da08d6844107154a138edda4653a0f4b&te=f6ce28b9ffd697cd2ee52a12f20448bb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.31&b_frame=0&pk=0a9aec252ec8cc83b9f56ec6b45fa3a9&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=19
IP
192.243.59.12:0
ASN
#39572 DataWeb Global Group B.V.

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=f27d47e7-d9f5-407d-9675-74ea0a68e259&eb=da08d6844107154a138edda4653a0f4b&te=f6ce28b9ffd697cd2ee52a12f20448bb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.31&b_frame=0&pk=0a9aec252ec8cc83b9f56ec6b45fa3a9&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=19 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sat, 24 Sep 2022 19:31:15 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ad9e842d63ab0c1e90d57b15c42fc29b
Strict-Transport-Security: max-age=0; includeSubdomains

kw3y5otoeuniv7e9rsi.com/get/1846521?zoneid=1846521&jp=_clk93c161iqyclnqt2u7z2&nojs=0&ix=0&abvar=0&t=0&x=801&y=801&wcks=0&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=953479971379929

62.122.171.6

200 OK

0 B

URL HTTP/2
kw3y5otoeuniv7e9rsi.com/get/1846521?zoneid=1846521&jp=_clk93c161iqyclnqt2u7z2&nojs=0&ix=0&abvar=0&t=0&x=801&y=801&wcks=0&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=953479971379929
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /get/1846521?zoneid=1846521&jp=_clk93c161iqyclnqt2u7z2&nojs=0&ix=0&abvar=0&t=0&x=801&y=801&wcks=0&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=953479971379929 HTTP/1.1
Host: kw3y5otoeuniv7e9rsi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kw3y5otoeuniv7e9rsi.com/lvesnk.html?zoneid=1846521
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 19:31:12 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-route-id: config
set-cookie: UID=22092414316ca5fb431f3b4a61ab85fcb89a; Path=/; Expires=Sun, 24 Sep 2023 19:31:12 GMT; HttpOnly; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

kw3y5otoeuniv7e9rsi.com/lvesnk.html?zoneid=1882689

62.122.171.6

200 OK

0 B

URL HTTP/2
kw3y5otoeuniv7e9rsi.com/lvesnk.html?zoneid=1882689
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /lvesnk.html?zoneid=1882689 HTTP/1.1
Host: kw3y5otoeuniv7e9rsi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 19:31:11 GMT
content-type: text/html
last-modified: Tue, 23 Aug 2022 09:43:36 GMT
vary: Accept-Encoding
etag: W/"6304a148-e1"
x-js-ab1: current
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2

kw3y5otoeuniv7e9rsi.com/lvesnk.html?zoneid=1882689

62.122.171.6

200 OK

0 B

URL HTTP/2
kw3y5otoeuniv7e9rsi.com/lvesnk.html?zoneid=1882689
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /lvesnk.html?zoneid=1882689 HTTP/1.1
Host: kw3y5otoeuniv7e9rsi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 19:31:11 GMT
content-type: text/html
last-modified: Tue, 23 Aug 2022 09:43:36 GMT
vary: Accept-Encoding
etag: W/"6304a148-e1"
x-js-ab1: current
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2

ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi

185.178.208.130

200 OK

0 B

URL HTTP/2
ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
set-cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4; Domain=.ibradome.com; HttpOnly; Path=/; Expires=Sun, 24-Sep-2023 19:31:11 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-type: text/html; charset=UTF-8
etag: "22675397-1664047865;br"
x-litespeed-cache: hit
content-encoding: br
vary: Accept-Encoding,User-Agent
date: Sat, 24 Sep 2022 19:31:12 GMT
x-ua-compatible: IE=edge
X-Firefox-Spdy: h2

kw3y5otoeuniv7e9rsi.com/lvesnk.html?zoneid=1846179

62.122.171.6

200 OK

0 B

URL HTTP/2
kw3y5otoeuniv7e9rsi.com/lvesnk.html?zoneid=1846179
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /lvesnk.html?zoneid=1846179 HTTP/1.1
Host: kw3y5otoeuniv7e9rsi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 19:31:11 GMT
content-type: text/html
last-modified: Tue, 23 Aug 2022 09:43:36 GMT
vary: Accept-Encoding
etag: W/"6304a148-e1"
x-js-ab1: var29
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2

kw3y5otoeuniv7e9rsi.com/get/1882689?zoneid=1882689&jp=_clmszzvpgq38wl3pqpe4ez&nojs=0&ix=0&abvar=0&t=0&x=801&y=801&wcks=0&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=8553304342657739

62.122.171.6

200 OK

0 B

URL HTTP/2
kw3y5otoeuniv7e9rsi.com/get/1882689?zoneid=1882689&jp=_clmszzvpgq38wl3pqpe4ez&nojs=0&ix=0&abvar=0&t=0&x=801&y=801&wcks=0&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=8553304342657739
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /get/1882689?zoneid=1882689&jp=_clmszzvpgq38wl3pqpe4ez&nojs=0&ix=0&abvar=0&t=0&x=801&y=801&wcks=0&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=8553304342657739 HTTP/1.1
Host: kw3y5otoeuniv7e9rsi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kw3y5otoeuniv7e9rsi.com/lvesnk.html?zoneid=1882689
Cookie: UID=22092414316ca5fb431f3b4a61ab85fcb89a
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 19:31:12 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-route-id: config
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

kw3y5otoeuniv7e9rsi.com/lvesnk.html?zoneid=1882687

62.122.171.6

200 OK

0 B

URL HTTP/2
kw3y5otoeuniv7e9rsi.com/lvesnk.html?zoneid=1882687
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /lvesnk.html?zoneid=1882687 HTTP/1.1
Host: kw3y5otoeuniv7e9rsi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 19:31:11 GMT
content-type: text/html
last-modified: Tue, 23 Aug 2022 09:43:36 GMT
vary: Accept-Encoding
etag: W/"6304a148-e1"
x-js-ab1: current
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2

kw3y5otoeuniv7e9rsi.com/get/1846179?zoneid=1846179&jp=_clqtt9rvy7qi3ev16pul5i&nojs=0&ix=0&abvar=29&t=0&x=801&y=801&wcks=0&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=8553304342586463

62.122.171.6

200 OK

0 B

URL HTTP/2
kw3y5otoeuniv7e9rsi.com/get/1846179?zoneid=1846179&jp=_clqtt9rvy7qi3ev16pul5i&nojs=0&ix=0&abvar=29&t=0&x=801&y=801&wcks=0&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=8553304342586463
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /get/1846179?zoneid=1846179&jp=_clqtt9rvy7qi3ev16pul5i&nojs=0&ix=0&abvar=29&t=0&x=801&y=801&wcks=0&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=8553304342586463 HTTP/1.1
Host: kw3y5otoeuniv7e9rsi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kw3y5otoeuniv7e9rsi.com/lvesnk.html?zoneid=1846179
Cookie: UID=22092414316ca5fb431f3b4a61ab85fcb89a
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 19:31:12 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-route-id: config
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

static.addtoany.com/menu/svg/icons.30.svg.js

104.22.71.197

200 OK

0 B

URL HTTP/2
static.addtoany.com/menu/svg/icons.30.svg.js
IP
104.22.71.197:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /menu/svg/icons.30.svg.js HTTP/1.1
Host: static.addtoany.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 24 Sep 2022 19:31:13 GMT
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000, immutable
cf-bgj: minify
access-control-allow-origin: *
age: 851027
etag: W/"132a9-5d0656e4a26b3"
last-modified: Wed, 10 Nov 2021 01:49:04 GMT
vary: Accept-Encoding
via: e3s
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 74fdf06c5bc215e8-ARN
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.sb4you1.com/sb/ssp/utility/social-media/facebook/js/script.js

172.64.200.2

200 OK

0 B

URL HTTP/2
cdn.sb4you1.com/sb/ssp/utility/social-media/facebook/js/script.js
IP
172.64.200.2:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sb/ssp/utility/social-media/facebook/js/script.js HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ibradome.com
Connection: keep-alive
Referer: https://ibradome.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 24 Sep 2022 19:31:14 GMT
content-type: application/javascript
last-modified: Sat, 20 Feb 2021 08:47:14 GMT
etag: W/"6030cc92-1bc"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 31005
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r9PH5Rq2wDwLkjO16Cw4qIkOaSpNEa69xE0Dm%2Fb96Ji5uScZABPRC7FF6avUyk%2FpPQ4CNFGiTNHw7X80fITpV0xUkeYoLdDcOZPgb715WAIWfaujhnLqo3nrlj6S9fZmA%2Bg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74fdf06f5c295476-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

kw3y5otoeuniv7e9rsi.com/lvesnk.html?zoneid=1846521

62.122.171.6

200 OK

0 B

URL HTTP/2
kw3y5otoeuniv7e9rsi.com/lvesnk.html?zoneid=1846521
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /lvesnk.html?zoneid=1846521 HTTP/1.1
Host: kw3y5otoeuniv7e9rsi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 19:31:11 GMT
content-type: text/html
last-modified: Tue, 23 Aug 2022 09:43:36 GMT
vary: Accept-Encoding
etag: W/"6304a148-e1"
x-js-ab1: current
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2

ibradome.com/Uploads/Icons/cat-13.png

185.178.208.130

200 OK

0 B

URL HTTP/2
ibradome.com/Uploads/Icons/cat-13.png
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /Uploads/Icons/cat-13.png HTTP/1.1
Host: ibradome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/leaked/video/12926/julieta-allegretti-girlofnox-leaks-video-vi
Cookie: __ddg1_=ouOUR9ZYhlms93JsxkY4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
cache-control: public, max-age=2592000
expires: Mon, 24 Oct 2022 19:31:12 GMT
content-type: image/png
last-modified: Mon, 03 Sep 2018 16:41:26 GMT
accept-ranges: bytes
content-length: 12424
date: Sat, 24 Sep 2022 19:31:12 GMT
vary: User-Agent
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2

go6shde9nj2itle.com/get/1846181?zoneid=1846181&jp=_cl8ldpn4q59lrgz34a25yt&nojs=0&ix=0&abvar=0&t=0&x=801&y=801&wcks=0&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=7427404435798260

62.122.171.6

200 OK

0 B

URL HTTP/2
go6shde9nj2itle.com/get/1846181?zoneid=1846181&jp=_cl8ldpn4q59lrgz34a25yt&nojs=0&ix=0&abvar=0&t=0&x=801&y=801&wcks=0&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=7427404435798260
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /get/1846181?zoneid=1846181&jp=_cl8ldpn4q59lrgz34a25yt&nojs=0&ix=0&abvar=0&t=0&x=801&y=801&wcks=0&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=7427404435798260 HTTP/1.1
Host: go6shde9nj2itle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kw3y5otoeuniv7e9rsi.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 19:31:12 GMT
content-type: text/javascript
vary: Accept-Encoding
x-route-id: config
set-cookie: UID=22092414313dba3a79cf4044e3b2e32b82f7; Path=/; Expires=Sun, 24 Sep 2023 19:31:12 GMT; HttpOnly; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

static.addtoany.com/menu/sm.23.html

104.22.71.197

200 OK

0 B

URL HTTP/2
static.addtoany.com/menu/sm.23.html
IP
104.22.71.197:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /menu/sm.23.html HTTP/1.1
Host: static.addtoany.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 24 Sep 2022 19:31:13 GMT
content-type: text/html; charset=utf-8
last-modified: Wed, 22 Sep 2021 23:42:51 GMT
etag: W/"2e5-5cc9e128a4c38"
cache-control: max-age=315360000, immutable
age: 851027
vary: Accept-Encoding
via: e1s
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 74fdf06c5bc315e8-ARN
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

theporngrid.com/Uploads/Media/May22/Mon16/12926/c2e3dd88.mp4

185.178.208.131

206 Partial Content

0 B

URL HTTP/2
theporngrid.com/Uploads/Media/May22/Mon16/12926/c2e3dd88.mp4
IP
185.178.208.131:0
ASN
#57724 Ddos-guard Ltd

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /Uploads/Media/May22/Mon16/12926/c2e3dd88.mp4 HTTP/1.1
Host: theporngrid.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://ibradome.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 206 Partial Content
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
set-cookie: __ddg1_=uHjD1e8EPilHkqlHnyfX; Domain=.theporngrid.com; HttpOnly; Path=/; Expires=Sun, 24-Sep-2023 19:31:12 GMT
date: Sat, 24 Sep 2022 19:31:12 GMT
content-type: video/mp4
content-length: 1901320
last-modified: Mon, 16 May 2022 18:22:49 GMT
etag: "62829679-1d0308"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-range: bytes 0-1901319/1901320
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2

go6shde9nj2itle.com/aas/r45d/vki/1846181/e4f5b7dc.js

62.122.171.6

200 OK

0 B

URL HTTP/2
go6shde9nj2itle.com/aas/r45d/vki/1846181/e4f5b7dc.js
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /aas/r45d/vki/1846181/e4f5b7dc.js HTTP/1.1
Host: go6shde9nj2itle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kw3y5otoeuniv7e9rsi.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 19:31:12 GMT
content-type: application/javascript
last-modified: Wed, 07 Sep 2022 13:38:24 GMT
vary: Accept-Encoding
etag: W/"63189ed0-1091a"
x-js-ab1: current
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2

cdn.sb4you1.com/sb/ssp/utility/social-media/facebook/css/animate.css

172.64.200.2

200 OK

0 B

URL HTTP/2
cdn.sb4you1.com/sb/ssp/utility/social-media/facebook/css/animate.css
IP
172.64.200.2:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sb/ssp/utility/social-media/facebook/css/animate.css HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ibradome.com
Connection: keep-alive
Referer: https://ibradome.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 24 Sep 2022 19:31:14 GMT
content-type: text/css
last-modified: Sat, 20 Feb 2021 08:44:40 GMT
etag: W/"6030cbf8-1358d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 76793
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HRlGiznICtTR9r5hbE0yo6ssZs4mO%2B5jcPXPxQO4l0OTCNvQrCQ%2B4VS%2FBiCELWcHM2iVTPht2EdMLZGFmjuTMOuXzJ6e4q83tKQs9xrs597STqw0HRkrr1HelF%2FFXqwdZOU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74fdf06f5c2f5476-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

kw3y5otoeuniv7e9rsi.com/lvesnk.html?zoneid=1882688

62.122.171.6

200 OK

0 B

URL HTTP/2
kw3y5otoeuniv7e9rsi.com/lvesnk.html?zoneid=1882688
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /lvesnk.html?zoneid=1882688 HTTP/1.1
Host: kw3y5otoeuniv7e9rsi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 19:31:11 GMT
content-type: text/html
last-modified: Tue, 23 Aug 2022 09:43:36 GMT
vary: Accept-Encoding
etag: W/"6304a148-e1"
x-js-ab1: current
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2

kw3y5otoeuniv7e9rsi.com/lvesnk.html?zoneid=1846269

62.122.171.6

200 OK

0 B

URL HTTP/2
kw3y5otoeuniv7e9rsi.com/lvesnk.html?zoneid=1846269
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /lvesnk.html?zoneid=1846269 HTTP/1.1
Host: kw3y5otoeuniv7e9rsi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 19:31:11 GMT
content-type: text/html
last-modified: Tue, 23 Aug 2022 09:43:36 GMT
vary: Accept-Encoding
etag: W/"6304a148-e1"
x-js-ab1: current
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2

kw3y5otoeuniv7e9rsi.com/lvesnk.html?zoneid=1846269

62.122.171.6

200 OK

0 B

URL HTTP/2
kw3y5otoeuniv7e9rsi.com/lvesnk.html?zoneid=1846269
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /lvesnk.html?zoneid=1846269 HTTP/1.1
Host: kw3y5otoeuniv7e9rsi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 19:31:11 GMT
content-type: text/html
last-modified: Tue, 23 Aug 2022 09:43:36 GMT
vary: Accept-Encoding
etag: W/"6304a148-e1"
x-js-ab1: current
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2

creepingbrings.com/sfp.js

172.64.199.30

200 OK

0 B

URL HTTP/2
creepingbrings.com/sfp.js
IP
172.64.199.30:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sfp.js HTTP/1.1
Host: creepingbrings.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 24 Sep 2022 19:31:12 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 4596a8c11a09ce3a631c94d951ae99b5
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sat, 24 Sep 2022 19:31:12 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MFjf3AUvtB5T8ywzmgBeY93fo2GHCi5sDCbXC6GUXau6LCVFYpaONF6e12Xky%2FSH3U63FVnplgvrVPWqUuuuWQu4cgmcKipq6ILXUtFLuwTAtfzjoiFNUbVZC5DewBJiaMz9O64%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74fdf063bbd97713-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

go6shde9nj2itle.com/aas/r45d/vki/1846181/d3af1cb3.js

62.122.171.6

200 OK

0 B

URL HTTP/2
go6shde9nj2itle.com/aas/r45d/vki/1846181/d3af1cb3.js
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /aas/r45d/vki/1846181/d3af1cb3.js HTTP/1.1
Host: go6shde9nj2itle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 19:31:12 GMT
content-type: application/javascript
last-modified: Wed, 07 Sep 2022 13:38:24 GMT
vary: Accept-Encoding
etag: W/"63189ed0-1091a"
x-js-ab1: current
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2

go6shde9nj2itle.com/get/1846181?zoneid=1846181&jp=_clx1h602saq8vglw30b6tl&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=6864454482382467

62.122.171.6

200 OK

0 B

URL HTTP/2
go6shde9nj2itle.com/get/1846181?zoneid=1846181&jp=_clx1h602saq8vglw30b6tl&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=6864454482382467
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /get/1846181?zoneid=1846181&jp=_clx1h602saq8vglw30b6tl&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=6864454482382467 HTTP/1.1
Host: go6shde9nj2itle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ibradome.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 19:31:12 GMT
content-type: text/javascript
vary: Accept-Encoding
x-route-id: config
set-cookie: UID=22092414319fa9bf8007b241268585f91442; Path=/; Expires=Sun, 24 Sep 2023 19:31:12 GMT; HttpOnly; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

cdn.barscreative1.com/sb/au/b6/cf/48/b6cf48ca3e8ab4bdbcfaa2279b0fb2bc/1613726822.html

45.133.44.4

200 OK

0 B

URL HTTP/2
cdn.barscreative1.com/sb/au/b6/cf/48/b6cf48ca3e8ab4bdbcfaa2279b0fb2bc/1613726822.html
IP
45.133.44.4:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /sb/au/b6/cf/48/b6cf48ca3e8ab4bdbcfaa2279b0fb2bc/1613726822.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ibradome.com
Connection: keep-alive
Referer: https://ibradome.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 24 Sep 2022 19:31:14 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Fri, 19 Feb 2021 09:27:09 GMT
etag: W/"602f846d-4fa"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Sat, 24 Sep 2022 20:31:14 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

Files detected

URL

IP

ASN

File type

Size

Hash

Detections

JavaScript (38)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML