www.priveberichten.nl Open in urlscan Pro
3.125.22.203 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://cleak.click/pirickili-onlyfans-leak
Effective URL:
https://www.priveberichten.nl/4921/?country=NL&region=North+Holland&city=Amsterdam&brands=priveberichten.nl&clickid=f4d15dc725...
Submission: On December 28 via manual (December 28th 2023, 7:29:51 pm UTC) from PH — Scanned from NL

Summary HTTP 23 Redirects Behaviour Indicators

Summary

This website contacted 6 IPs in 2 countries across 13 domains to perform 23 HTTP transactions. The main IP is 3.125.22.203, located in and belongs to . The main domain is www.priveberichten.nl.
TLS certificate: Issued by Amazon RSA 2048 M03 on September 20th 2023. Valid for: a year.

This is the only time www.priveberichten.nl was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 7	2a06:98c1:312... 2a06:98c1:3120::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 2	2606:4700:303... 2606:4700:3030::ac43:cc03	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	104.21.13.181 104.21.13.181	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	13.224.103.76 13.224.103.76	16509 (AMAZON-02) (AMAZON-02)
2	108.138.7.77 108.138.7.77	16509 (AMAZON-02) (AMAZON-02)
1 1	34.117.199.78 34.117.199.78	() ()
1	3.125.22.203 3.125.22.203	() ()
23	6

1 2a06:98c1:3121::3 (United States)

ASN13335 (CLOUDFLARENET, US)

cleak.click	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a06:98c1:3120::3 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

matomo.c1eak.click	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ohfy.c1eak.click	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
j8.tbond.shop	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:3030::ac43:cc03 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

hprsncflw.life	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.21.13.181 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

geldpress.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.224.103.76 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-224-103-76.zrh50.r.cloudfront.net

seekmymatch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 108.138.7.77 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-7-77.fra56.r.cloudfront.net

empirelayer.club	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.117.199.78 (None, ) 1 redirects

ASN- ()

www.b2ztrk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.125.22.203 (None, )

ASN- ()

www.priveberichten.nl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	c1eak.click 1 redirects matomo.c1eak.click ohfy.c1eak.click	24 KB
2	empirelayer.club empirelayer.club	2 KB
2	seekmymatch.com 1 redirects seekmymatch.com	2 KB
2	hprsncflw.life 2 redirects hprsncflw.life — Cisco Umbrella Rank: 490613	1 KB
1	priveberichten.nl www.priveberichten.nl	13 KB
1	b2ztrk.com 1 redirects www.b2ztrk.com	585 B
1	geldpress.de 1 redirects geldpress.de	837 B
1	tbond.shop 1 redirects j8.tbond.shop	454 B
1	cleak.click cleak.click	1 KB
0	googleapis.com Failed ajax.googleapis.com Failed
0	jquery.com Failed code.jquery.com Failed
0	onesignal.com Failed cdn.onesignal.com Failed
0	googletagmanager.com Failed www.googletagmanager.com Failed
23	13

	Domain	Requested by
5	matomo.c1eak.click	cleak.click matomo.c1eak.click
2	empirelayer.club	seekmymatch.com
2	seekmymatch.com	1 redirects empirelayer.club
2	hprsncflw.life	2 redirects
1	www.priveberichten.nl	seekmymatch.com www.priveberichten.nl
1	www.b2ztrk.com	1 redirects
1	geldpress.de	1 redirects
1	j8.tbond.shop	1 redirects
1	ohfy.c1eak.click	1 redirects
1	cleak.click
0	ajax.googleapis.com Failed	www.priveberichten.nl
0	code.jquery.com Failed	www.priveberichten.nl
0	cdn.onesignal.com Failed	www.priveberichten.nl
0	www.googletagmanager.com Failed	www.priveberichten.nl
23	14

This site contains no links.

Subject Issuer	Validity	Valid
cleak.click GTS CA 1P5	`2023-12-23` - `2024-03-22`	3 months	crt.sh
c1eak.click E1	`2023-12-23` - `2024-03-22`	3 months	crt.sh
empirelayer.club Amazon RSA 2048 M03	`2023-11-02` - `2024-11-30`	a year	crt.sh
seekmymatch.com Amazon RSA 2048 M02	`2023-11-02` - `2024-11-30`	a year	crt.sh
www.xxxflirting.com Amazon RSA 2048 M03	`2023-09-20` - `2024-10-19`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://www.priveberichten.nl/4921/?country=NL&region=North+Holland&city=Amsterdam&brands=priveberichten.nl&clickid=f4d15dc7259a415cba1b6e7908208f01&pi=292&campaignId=sml_f0df3f0c&var1=895&var2=&var3=01851b48b052dafefabaf6cc639adfefbfb5654a
Frame ID: 1F00D0D5538E25E02B28E68F0815C148
Requests: 23 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://cleak.click/pirickili-onlyfans-leak Page URL
https://ohfy.c1eak.click/leak-id-R2gwSkxaVFVXQ3hHUnNqMU9vanNaL3daK1BjZ1NNYmo1RmJ3M29CblBDSEZsb0N4YXRT... HTTP 302
https://j8.tbond.shop/bfrus HTTP 302
https://hprsncflw.life/?s=157&t1=895&t2= HTTP 302
https://hprsncflw.life/?s=157&t1=895&t2=&bc_r=1703791789 HTTP 302
https://geldpress.de/dating?extra_param_1=0cb0c0d3c6fa6e10118a1e60f5dc3f019583cae7&sub_id_1=895 HTTP 302
https://seekmymatch.com/tds/ae?tdsId=s3167bel_r&tds_campaign=s3167bel&utm_sub=opnfnl&s1=ps&utm_sourc... HTTP 302
https://empirelayer.club/tds/interlayer/eb/s/ac9655b06f4e82c899a9057f5c7d7f57?__t=1703791790438&__l=3600 Page URL
https://www.b2ztrk.com/G86855/745CNS8/?uid=34&tds_cid=01851b48b052dafefabaf6cc639adfefbfb5654a&sub5... HTTP 302
https://www.priveberichten.nl/4921/?country=NL&region=North+Holland&city=Amsterdam&brands=priveberichten.n... Page URL

Detected technologies

Matomo Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

piwik\.js|piwik\.php

Page Statistics

23
Requests

43 %
HTTPS

38 %
IPv6

13
Domains

14
Subdomains

6
IPs

2
Countries

41 kB
Transfer

112 kB
Size

13
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://cleak.click/pirickili-onlyfans-leak Page URL
https://ohfy.c1eak.click/leak-id-R2gwSkxaVFVXQ3hHUnNqMU9vanNaL3daK1BjZ1NNYmo1RmJ3M29CblBDSEZsb0N4YXRTanlaWUNMR1ptdFc3TzhPRWRpS2wzUmIreTN6WnVScDFaSmc9PQ== HTTP 302
https://j8.tbond.shop/bfrus HTTP 302
https://hprsncflw.life/?s=157&t1=895&t2= HTTP 302
https://hprsncflw.life/?s=157&t1=895&t2=&bc_r=1703791789 HTTP 302
https://geldpress.de/dating?extra_param_1=0cb0c0d3c6fa6e10118a1e60f5dc3f019583cae7&sub_id_1=895 HTTP 302
https://seekmymatch.com/tds/ae?tdsId=s3167bel_r&tds_campaign=s3167bel&utm_sub=opnfnl&s1=ps&utm_source=int&affid=f0df3f0c&clickid=37-708-202312282229431f986c33d&subid=895 HTTP 302
https://empirelayer.club/tds/interlayer/eb/s/ac9655b06f4e82c899a9057f5c7d7f57?__t=1703791790438&__l=3600 Page URL
https://www.b2ztrk.com/G86855/745CNS8/?uid=34&tds_cid=01851b48b052dafefabaf6cc639adfefbfb5654a&sub5=01851b48b052dafefabaf6cc639adfefbfb5654a&sub1=895&source_id=sml_f0df3f0c HTTP 302
https://www.priveberichten.nl/4921/?country=NL&region=North+Holland&city=Amsterdam&brands=priveberichten.nl&clickid=f4d15dc7259a415cba1b6e7908208f01&pi=292&campaignId=sml_f0df3f0c&var1=895&var2=&var3=01851b48b052dafefabaf6cc639adfefbfb5654a Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6

https://ohfy.c1eak.click/leak-id-R2gwSkxaVFVXQ3hHUnNqMU9vanNaL3daK1BjZ1NNYmo1RmJ3M29CblBDSEZsb0N4YXRTanlaWUNMR1ptdFc3TzhPRWRpS2wzUmIreTN6WnVScDFaSmc9PQ== HTTP 302
https://j8.tbond.shop/bfrus HTTP 302
https://hprsncflw.life/?s=157&t1=895&t2= HTTP 302
https://hprsncflw.life/?s=157&t1=895&t2=&bc_r=1703791789 HTTP 302
https://geldpress.de/dating?extra_param_1=0cb0c0d3c6fa6e10118a1e60f5dc3f019583cae7&sub_id_1=895 HTTP 302
https://seekmymatch.com/tds/ae?tdsId=s3167bel_r&tds_campaign=s3167bel&utm_sub=opnfnl&s1=ps&utm_source=int&affid=f0df3f0c&clickid=37-708-202312282229431f986c33d&subid=895 HTTP 302
https://empirelayer.club/tds/interlayer/eb/s/ac9655b06f4e82c899a9057f5c7d7f57?__t=1703791790438&__l=3600

23 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	pirickili-onlyfans-leak Show response cleak.click/	1 KB 1 KB	432ms 72ms	Document text/html	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cleak.click/pirickili-onlyfans-leak Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `5bfb3cc7e95148965e43947cf904085435cb5c9563c0019d9e3879880324c7f1` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 accept-language nl-NL,nl;q=0.9 Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 83cc36ca0a267016-CDG content-encoding br content-type text/html; charset=utf-8 date Thu, 28 Dec 2023 19:29:46 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uW1O2uBvmXHJ3oTK%2BcKEghK70aQYU2rqIPyfbX3x1M9ExTzWl8MkPwPdVqx8evK8X6j5oxOXLmGSTsBpaTw23TeMBccZCefbIjWHO7h8F4XA4HyH04vRzL1VUgkdnzDvJ0da3M8NF33C%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare
GET H2	200	piwik.js Show response matomo.c1eak.click/	64 KB 22 KB	253ms 42ms	Script application/javascript	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://matomo.c1eak.click/piwik.js Requested by Host: cleak.click URL: https://cleak.click/pirickili-onlyfans-leak Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `d7fc375178c93a2fc15fd888e30170eedf4ef3d04497e7f951ab7bfe0c921693` Request headers accept-language nl-NL,nl;q=0.9 Referer https://cleak.click/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers date Thu, 28 Dec 2023 19:29:46 GMT content-encoding br cf-cache-status HIT last-modified Sat, 08 Jul 2023 19:37:26 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 376981 etag W/"64a9baf6-10132" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oNnrgIRqrjV3bH%2F5Ji12aXlBmUW3GHsGHuvB%2BzxlxDW%2FayVqKsVVMebzD%2FD2JgttNeCI4QHpTEIdqpHT7OeTTzMSdFrZ%2ByGPNcT65UB%2FCuBCnUbD%2Bb3iyRfL2JVqVCp47N%2FJYLSix6a6%2B3F6IAlJO8c%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=315360000 cf-ray 83cc36cbed913cbd-CDG alt-svc h3=":443"; ma=86400 expires Thu, 31 Dec 2037 23:55:55 GMT
POST H2	204	piwik.php matomo.c1eak.click/	0 364 B	112ms 111ms	Ping text/html	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://matomo.c1eak.click/piwik.php?action_name=pirickili%20onlyfans%20leak&idsite=960&rec=1&r=514735&h=20&m=29&s=46&url=https%3A%2F%2Fgroups.google.com%2F&urlref=https%3A%2F%2Fgroups.google.com%2F&_id=8d0bf86685ae7ee4&_idn=1&send_image=0&_refts=1703791787&_ref=https%3A%2F%2Fgroups.google.com%2F&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1600x1200&pv_id=vYzn9D&pf_net=361&pf_srv=72&pf_tfr=1&pf_dm1=18&uadata=%7B%22fullVersionList%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%7D Requested by Host: matomo.c1eak.click URL: https://matomo.c1eak.click/piwik.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer https://cleak.click/ accept-language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Content-Type application/x-www-form-urlencoded; charset=utf-8 Response headers date Thu, 28 Dec 2023 19:29:47 GMT cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UAYwEU6lg6hxoiSlYQkiN5%2BQy2bfinwnZtWXshZ32kUSCxkM6KVNXu%2FV4MyQQi%2FYVK0XX4Ory%2Bo7tJiYwAmJzdWljol3TNoHeBRWm0RW%2BLliCy%2FxzXe7YccIQo6%2FskV7HKP7KBSp0%2B5q1WJNmKgURYk%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=UTF-8 access-control-allow-origin https://cleak.click access-control-allow-credentials true cf-ray 83cc36cc5e2c3cbd-CDG alt-svc h3=":443"; ma=86400
POST H2	204	piwik.php matomo.c1eak.click/	0 269 B	124ms 124ms	Ping text/html	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://matomo.c1eak.click/piwik.php?action_name=pirickili%20onlyfans%20leak&idsite=1&rec=1&r=898674&h=20&m=29&s=46&url=https%3A%2F%2Fgroups.google.com%2F&urlref=https%3A%2F%2Fgroups.google.com%2F&_id=5e347fdca9c874db&_idn=1&send_image=0&_refts=1703791787&_ref=https%3A%2F%2Fgroups.google.com%2F&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1600x1200&pv_id=YOVfeD&pf_net=361&pf_srv=72&pf_tfr=1&pf_dm1=18&uadata=%7B%22fullVersionList%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%7D Requested by Host: matomo.c1eak.click URL: https://matomo.c1eak.click/piwik.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer https://cleak.click/ accept-language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Content-Type application/x-www-form-urlencoded; charset=utf-8 Response headers date Thu, 28 Dec 2023 19:29:47 GMT cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FPe%2FvUCWYEIE9W1eDVBAsdY%2B3iuwFt11sefQwS7qbZQKo753dfmNrxG2AU%2BQQ0Uzwa9XD53LIHJgd7Z%2Bq788%2FByNuwlAb6rJkzPZJh5O0HbNP%2FnkbpTauAy90HRPGbhgLdmh9J8c7nvHwjrT78P0f20%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=UTF-8 access-control-allow-origin https://cleak.click access-control-allow-credentials true cf-ray 83cc36cc5e2e3cbd-CDG alt-svc h3=":443"; ma=86400
POST H3	204	piwik.php matomo.c1eak.click/	0 435 B	112ms 112ms	Ping text/html	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://matomo.c1eak.click/piwik.php?idgoal=1&idsite=960&rec=1&r=248376&h=20&m=29&s=46&url=https%3A%2F%2Fgroups.google.com%2F&urlref=https%3A%2F%2Fgroups.google.com%2F&_id=8d0bf86685ae7ee4&_idn=0&send_image=0&_refts=1703791787&_ref=https%3A%2F%2Fgroups.google.com%2F&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1600x1200&pv_id=vYzn9D&uadata=%7B%22fullVersionList%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%7D Requested by Host: matomo.c1eak.click URL: https://matomo.c1eak.click/piwik.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer https://cleak.click/ accept-language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Content-Type application/x-www-form-urlencoded; charset=utf-8 Response headers date Thu, 28 Dec 2023 19:29:47 GMT cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QyhamYXw6N68Bluj4nc1CRTYiLeOr%2Fz2E3lA4%2B1D0aK0UdP65KUmhVpJmPB3Nzqh0NRvaoWtdzcmz2x6bEPFxy1vHtRXyfShpkWBPK%2BfRnR2bsRXB6cc1DhNHXLFMjtG7YlLaJKDYVWbhXE%2FJN4GgzI%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=UTF-8 access-control-allow-origin https://cleak.click access-control-allow-credentials true cf-ray 83cc36d14ff869a3-FRA alt-svc h3=":443"; ma=86400
POST H3	400	piwik.php matomo.c1eak.click/	410 B 884 B	108ms 107ms	Ping text/html	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://matomo.c1eak.click/piwik.php?idgoal=1&idsite=1&rec=1&r=345759&h=20&m=29&s=46&url=https%3A%2F%2Fgroups.google.com%2F&urlref=https%3A%2F%2Fgroups.google.com%2F&_id=5e347fdca9c874db&_idn=0&send_image=0&_refts=1703791787&_ref=https%3A%2F%2Fgroups.google.com%2F&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1600x1200&pv_id=YOVfeD&uadata=%7B%22fullVersionList%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%7D Requested by Host: matomo.c1eak.click URL: https://matomo.c1eak.click/piwik.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `cc283801a7ccb1ab03daf7095d0c98b5fe7e186e29c7750d9de4c52e6cd84aa1` Request headers Referer https://cleak.click/ accept-language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Content-Type application/x-www-form-urlencoded; charset=utf-8 Response headers date Thu, 28 Dec 2023 19:29:47 GMT cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i%2BPv9eF2G17MeaYaMY104ucf8a1Q2sVO0LDt66%2BTxZQt2HajuHsvnAcqrjO8jrOwcfQ4h%2BZUAEHGjQbBneEe1BBQdvJ59b5uJtNqGZ3dcrr7my%2B7quWlfHFnf9btSJ426pJ3DkRGpicgb9gg%2B089uuY%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=UTF-8 access-control-allow-origin https://cleak.click access-control-allow-credentials true cf-ray 83cc36d14ff969a3-FRA alt-svc h3=":443"; ma=86400
GET H2	200	ac9655b06f4e82c899a9057f5c7d7f57 Show response empirelayer.club/tds/interlayer/eb/s/ Redirect Chain https://ohfy.c1eak.click/leak-id-R2gwSkxaVFVXQ3hHUnNqMU9vanNaL3daK1BjZ1NNYmo1RmJ3M29CblBDSEZsb0N4YXRTanlaWUNMR1ptdFc3TzhPRWRpS2wzUmIreTN6WnVScDFaSmc9PQ== https://j8.tbond.shop/bfrus https://hprsncflw.life/?s=157&t1=895&t2= https://hprsncflw.life/?s=157&t1=895&t2=&bc_r=1703791789 https://geldpress.de/dating?extra_param_1=0cb0c0d3c6fa6e10118a1e60f5dc3f019583cae7&sub_id_1=895 https://seekmymatch.com/tds/ae?tdsId=s3167bel_r&tds_campaign=s3167bel&utm_sub=opnfnl&s1=ps&utm_source=int&affid=f0df3f0c&clickid=37-708-202312282229431f986c33d&subid=895 https://empirelayer.club/tds/interlayer/eb/s/ac9655b06f4e82c899a9057f5c7d7f57?__t=1703791790438&__l=3600	1 KB 1 KB	119ms 36ms	Document text/html	108.138.7.77 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://empirelayer.club/tds/interlayer/eb/s/ac9655b06f4e82c899a9057f5c7d7f57?__t=1703791790438&__l=3600 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 108.138.7.77 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-108-138-7-77.fra56.r.cloudfront.net Software nginx / Resource Hash `405f4a7594bdadf0deab9652e01b5b9beb28a0d50016f28011ccbfb551ef6e97` Request headers Referer https://cleak.click/pirickili-onlyfans-leak Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 accept-language nl-NL,nl;q=0.9 Response headers accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform, Sec-CH-UA-Wow64, Sec-CH-UA access-control-allow-origin * alt-svc h3=":443"; ma=86400 content-encoding gzip content-type text/html date Thu, 28 Dec 2023 19:29:50 GMT p3p CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" server nginx timing-allow-origin * vary Accept-Encoding via 1.1 e1f996a9009532eeea33edfd32ef3240.cloudfront.net (CloudFront) x-amz-cf-id -V3UY2tF5Q63q-fgzxAQilkNfQJLnfBaumPQtS9-zwVxI63k1zWPjQ== x-amz-cf-pop FRA56-P6 x-cache Miss from cloudfront Redirect headers accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform, Sec-CH-UA-Wow64, Sec-CH-UA access-control-allow-origin * alt-svc h3=":443"; ma=86400 date Thu, 28 Dec 2023 19:29:50 GMT location https://empirelayer.club/tds/interlayer/eb/s/ac9655b06f4e82c899a9057f5c7d7f57?__t=1703791790438&__l=3600 p3p CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" server nginx timing-allow-origin * via 1.1 c76347c8ef1f3a2b6fb69cd7d1c6f748.cloudfront.net (CloudFront) x-amz-cf-id HeHAb8y24RB8_ySPoBtN9QOCng8k5QXvt9lEVIRycdY97sY2nEgdZw== x-amz-cf-pop ZRH50-C1 x-cache Miss from cloudfront
GET H2	200	index.js Show response seekmymatch.com/lp-external/	2 KB 1 KB	55ms 54ms	Script application/javascript	13.224.103.76 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://seekmymatch.com/lp-external/index.js Requested by Host: empirelayer.club URL: https://empirelayer.club/tds/interlayer/eb/s/ac9655b06f4e82c899a9057f5c7d7f57?__t=1703791790438&__l=3600 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.103.76 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-103-76.zrh50.r.cloudfront.net Software nginx / Resource Hash `73e2c7224792905f76c1de153d5b8f09657e8edcdfd7832470cbca45446360a4` Request headers accept-language nl-NL,nl;q=0.9 Referer https://empirelayer.club/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers date Thu, 28 Dec 2023 19:29:50 GMT content-encoding gzip via 1.1 c76347c8ef1f3a2b6fb69cd7d1c6f748.cloudfront.net (CloudFront) x-amz-cf-pop ZRH50-C1 x-cache Miss from cloudfront p3p CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" alt-svc h3=":443"; ma=86400 last-modified Wed, 29 Nov 2023 12:51:54 GMT server nginx etag W/"8b7-18c1b22ca10" vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=3600 accept-ranges bytes timing-allow-origin * x-robots-tag noindex x-amz-cf-id Iv-F5Hl58KoyOY1yBmP2HyXJvs5KA1B2LNuMvGhwT2yh-0suUBjFVg==
POST H2	200	interlayer empirelayer.club/tds/	0 499 B	36ms 36ms	Ping text/plain	108.138.7.77 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://empirelayer.club/tds/interlayer?handler=ExternalBackofferEvent&urlIn=https%3A%2F%2Fempirelayer.club%2Ftds%2Finterlayer%2Feb%2Fs%2Fac9655b06f4e82c899a9057f5c7d7f57%3F__t%3D1703791790438%26__l%3D3600&urlOut=https%3A%2F%2Fwww.b2ztrk.com%2FG86855%2F745CNS8%2F%3Fuid%3D34%26tds_cid%3D01851b48b052dafefabaf6cc639adfefbfb5654a%26sub5%3D01851b48b052dafefabaf6cc639adfefbfb5654a%26sub1%3D895%26source_id%3Dsml_f0df3f0c&altQs=utm_campaign%3Df0df3f0c%26utm_source%3Dint%26utm_content%3D895%26data2%3D37-708-202312282229431f986c33d%26s1%3Dps%26s3%3D%257Bsubid2%257D%26tds_campaign%3Db9685mar%26tds_id%3Db9685mar_lp_a_1575031364115_priveberichten%26tds_oid%3D229f7987%26tds_cid%3D01851b48b052dafefabaf6cc639adfefbfb5654a%26tds_ac_id%3Ds3167bel%26p_tds_cid%3Db7a8dec26039299fe425dc30131afdf231132205%26tds_host%3Dseekmymatch.com%26tds_path%3D%252Ftds%252Fae%26dci%3Daca8d46848a3814db192435dc1dc98b4cad2e673%26tds_ps%3Da&tdsCid=01851b48b052dafefabaf6cc639adfefbfb5654a&reason=beacon&visitsCount=1&ts=1703791790919 Requested by Host: seekmymatch.com URL: https://seekmymatch.com/lp-external/index.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 108.138.7.77 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-108-138-7-77.fra56.r.cloudfront.net Software nginx / Resource Hash Request headers accept-language nl-NL,nl;q=0.9 Referer https://empirelayer.club/tds/interlayer/eb/s/ac9655b06f4e82c899a9057f5c7d7f57?__t=1703791790438&__l=3600 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers date Thu, 28 Dec 2023 19:29:50 GMT via 1.1 e1f996a9009532eeea33edfd32ef3240.cloudfront.net (CloudFront) server nginx accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform, Sec-CH-UA-Wow64, Sec-CH-UA x-amz-cf-pop FRA56-P6 x-cache Miss from cloudfront p3p CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" access-control-allow-origin * timing-allow-origin * alt-svc h3=":443"; ma=86400 x-amz-cf-id BzF08V9wxxZGNDqMjK8fVhEMM7z1sCMTC2A4kuFlc1CbzfAIyYOExQ==
GET H2	200	Primary Request / Show response www.priveberichten.nl/4921/ Redirect Chain https://www.b2ztrk.com/G86855/745CNS8/?uid=34&tds_cid=01851b48b052dafefabaf6cc639adfefbfb5654a&sub5=01851b48b052dafefabaf6cc639adfefbfb5654a&sub1=895&source_id=sml_f0df3f0c https://www.priveberichten.nl/4921/?country=NL&region=North+Holland&city=Amsterdam&brands=priveberichten.nl&clickid=f4d15dc7259a415cba1b6e7908208f01&pi=292&campaignId=sml_f0df3f0c&var1=895&var2=&va...	43 KB 13 KB	280ms 189ms	Document text/html	3.125.22.203
General Check archive.org Show headers Download Go to Full URL https://www.priveberichten.nl/4921/?country=NL&region=North+Holland&city=Amsterdam&brands=priveberichten.nl&clickid=f4d15dc7259a415cba1b6e7908208f01&pi=292&campaignId=sml_f0df3f0c&var1=895&var2=&var3=01851b48b052dafefabaf6cc639adfefbfb5654a Requested by Host: seekmymatch.com URL: https://seekmymatch.com/lp-external/index.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 3.125.22.203 -, , ASN (), Reverse DNS Software Apache/2.4.38 (Debian) / PHP/7.1.33 Resource Hash `c619d59dc05d70a8088c08db4654b9408024862e05bb5a291b06120a8ce921b4` Request headers Referer https://empirelayer.club/tds/interlayer/eb/s/ac9655b06f4e82c899a9057f5c7d7f57?__t=1703791790438&__l=3600 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 accept-language nl-NL,nl;q=0.9 Response headers content-encoding gzip content-length 12845 content-type text/html; charset=UTF-8 date Thu, 28 Dec 2023 19:29:51 GMT server Apache/2.4.38 (Debian) vary Accept-Encoding x-powered-by PHP/7.1.33 Redirect headers accept-ch Sec-Ch-Ua-Platform-Version,Sec-Ch-Ua-Model alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 299 content-type text/html; charset=utf-8 date Thu, 28 Dec 2023 19:29:51 GMT location https://www.priveberichten.nl/4921/?country=NL&region=North+Holland&city=Amsterdam&brands=priveberichten.nl&clickid=f4d15dc7259a415cba1b6e7908208f01&pi=292&campaignId=sml_f0df3f0c&var1=895&var2=&var3=01851b48b052dafefabaf6cc639adfefbfb5654a server nginx vary Origin via 1.1 google x-eflow-request-id da4e3783-6ae6-48bb-b47d-7d8ac85d2d05
GET		styles.min.css www.priveberichten.nl/4921/static/css/	0 0

GET		jquery-ui.css www.priveberichten.nl/4921/css/	0 0

GET		js www.googletagmanager.com/gtag/	0 0

GET		OneSignalSDK.js cdn.onesignal.com/sdks/	0 0

GET		logo.svg www.priveberichten.nl/4921/static/images/	0 0

GET		icon-right.svg www.priveberichten.nl/4921/static/images/	0 0

GET		icon-male.svg www.priveberichten.nl/4921/static/images/	0 0

GET		icon-female.svg www.priveberichten.nl/4921/static/images/	0 0

GET		icon-couple.svg www.priveberichten.nl/4921/static/images/	0 0

GET		icon-angle-double-right.svg www.priveberichten.nl/4921/static/images/	0 0

GET		jquery-3.3.1.min.js code.jquery.com/	0 0

GET		jquery-ui.min.js ajax.googleapis.com/ajax/libs/jqueryui/1.13.2/	0 0

GET		script.min.js www.priveberichten.nl/4921/static/script/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.priveberichten.nl
URL: https://www.priveberichten.nl/4921/static/css/styles.min.css

Domain: www.priveberichten.nl
URL: https://www.priveberichten.nl/4921/css/jquery-ui.css

Domain: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-1SWENMVWGC

Domain: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js

Domain: www.priveberichten.nl
URL: https://www.priveberichten.nl/4921/static/images/logo.svg

Domain: www.priveberichten.nl
URL: https://www.priveberichten.nl/4921/static/images/icon-right.svg

Domain: www.priveberichten.nl
URL: https://www.priveberichten.nl/4921/static/images/icon-male.svg

Domain: www.priveberichten.nl
URL: https://www.priveberichten.nl/4921/static/images/icon-female.svg

Domain: www.priveberichten.nl
URL: https://www.priveberichten.nl/4921/static/images/icon-couple.svg

Domain: www.priveberichten.nl
URL: https://www.priveberichten.nl/4921/static/images/icon-angle-double-right.svg

Domain: code.jquery.com
URL: https://code.jquery.com/jquery-3.3.1.min.js

Domain: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jqueryui/1.13.2/jquery-ui.min.js

Domain: www.priveberichten.nl
URL: https://www.priveberichten.nl/4921/static/script/script.min.js

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture

13 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
cleak.click/	1970-01-20 21:39:19	Name: _pk_ref.960.2b69 Value: %5B%22%22%2C%22%22%2C1703791787%2C%22https%3A%2F%2Fgroups.google.com%2F%22%5D
cleak.click/	1970-01-21 02:42:26	Name: _pk_id.960.2b69 Value: 8d0bf86685ae7ee4.1703791787.
cleak.click/	1970-01-20 17:16:33	Name: _pk_ses.960.2b69 Value: 1
cleak.click/	1970-01-20 21:39:19	Name: _pk_ref.1.2b69 Value: %5B%22%22%2C%22%22%2C1703791787%2C%22https%3A%2F%2Fgroups.google.com%2F%22%5D
cleak.click/	1970-01-21 02:42:26	Name: _pk_id.1.2b69 Value: 5e347fdca9c874db.1703791787.
cleak.click/	1970-01-20 17:16:33	Name: _pk_ses.1.2b69 Value: 1
.hprsncflw.life/	1970-01-20 17:16:35	Name: b104eb10bbe177b4a03c4d8cb205143d Value: 1
.hprsncflw.life/	1970-01-20 17:17:58	Name: da76aa624ae18a29ca405e7c673ff047 Value: 1
.hprsncflw.life/	1970-01-20 17:17:58	Name: ae1f964c26c81c1c64f5560b164c0d12 Value: 0cb0c0d3c6fa6e10118a1e60f5dc3f019583cae7
.geldpress.de/	1970-01-20 18:01:10	Name: fed5c602 Value: 708
.geldpress.de/	1970-01-20 18:01:10	Name: f0ffe Value: %7B%22streams%22%3A%7B%22708%22%3A1703791783%7D%2C%22campaigns%22%3A%7B%2237%22%3A1703791783%7D%2C%22time%22%3A1703791783%7D
.seekmymatch.com/	1970-01-21 02:02:07	Name: dci Value: aca8d46848a3814db192435dc1dc98b4cad2e673
seekmymatch.com/	1970-01-20 17:23:43	Name: dm Value: fe450dd0d1dadc615429144d33241f42

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://matomo.c1eak.click/piwik.php?idgoal=1&idsite=1&rec=1&r=345759&h=20&m=29&s=46&url=https%3A%2F%2Fgroups.google.com%2F&urlref=https%3A%2F%2Fgroups.google.com%2F&_id=5e347fdca9c874db&_idn=0&send_image=0&_refts=1703791787&_ref=https%3A%2F%2Fgroups.google.com%2F&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1600x1200&pv_id=YOVfeD&uadata=%7B%22fullVersionList%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%7D Message: Failed to load resource: the server responded with a status of 400 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
cdn.onesignal.com
cleak.click
code.jquery.com
empirelayer.club
geldpress.de
hprsncflw.life
j8.tbond.shop
matomo.c1eak.click
ohfy.c1eak.click
seekmymatch.com
www.b2ztrk.com
www.googletagmanager.com
www.priveberichten.nl
ajax.googleapis.com
cdn.onesignal.com
code.jquery.com
www.googletagmanager.com
www.priveberichten.nl
104.21.13.181
108.138.7.77
13.224.103.76
2606:4700:3030::ac43:cc03
2a06:98c1:3120::3
2a06:98c1:3121::3
3.125.22.203
34.117.199.78
405f4a7594bdadf0deab9652e01b5b9beb28a0d50016f28011ccbfb551ef6e97
5bfb3cc7e95148965e43947cf904085435cb5c9563c0019d9e3879880324c7f1
73e2c7224792905f76c1de153d5b8f09657e8edcdfd7832470cbca45446360a4
c619d59dc05d70a8088c08db4654b9408024862e05bb5a291b06120a8ce921b4
cc283801a7ccb1ab03daf7095d0c98b5fe7e186e29c7750d9de4c52e6cd84aa1
d7fc375178c93a2fc15fd888e30170eedf4ef3d04497e7f951ab7bfe0c921693
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

www.priveberichten.nl Open in urlscan Pro 3.125.22.203 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

23 Requests

43 %HTTPS

38 %IPv6

13 Domains

14 Subdomains

6 IPs

2 Countries

41 kBTransfer

112 kBSize

13 Cookies

0 Outgoing links

Page URL History

Redirected requests

23 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Failed requests

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

13 Cookies

1 Console Messages

Indicators

www.priveberichten.nl Open in urlscan Pro
3.125.22.203 Public Scan

Screenshot
Live screenshot

Full Image

23
Requests

43 %
HTTPS

38 %
IPv6

13
Domains

14
Subdomains

6
IPs

2
Countries

41 kB
Transfer

112 kB
Size

13
Cookies

23 HTTP transactions
0 data transactions