Report - ww38.area.wthelpdesk.com/

Report Overview

Submitted URL
ww38.area.wthelpdesk.com/
IP
81.171.22.5
ASN
#60781 LeaseWeb Netherlands B.V.
Submitted
2023-01-30 22:12:15
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
28

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-13T05:09:47Z	2.8 kB	5.7 kB	142.250.74.131
mycasualhookups.com	unknown	2016-03-19T23:05:44Z	2023-03-13T06:42:30Z	7.8 kB	1.9 MB	104.26.13.87
cdnjam.com	204001	2021-02-18T08:53:51Z	2023-03-13T05:21:39Z	387 B	2.7 kB	188.114.96.1
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	3.8 kB	74 kB	34.120.237.76
bl.trackham.com	unknown	2022-09-23T15:40:01Z	2023-03-12T16:55:28Z	545 B	1.6 kB	18.193.146.82
app.api-push.com	307671	2021-12-06T13:20:56Z	2023-03-12T17:27:29Z	1.5 kB	1.6 kB	172.64.163.28
cdn-dt.fcdn.info	230544	2019-03-21T03:06:06Z	2023-03-13T05:21:27Z	369 B	13 kB	104.21.234.86
fonts.gstatic.com	unknown	2014-09-09T02:40:21Z	2023-03-13T08:44:36Z	507 B	46 kB	142.250.74.35
fonts.googleapis.com	8877	2013-06-10T22:14:26Z	2023-03-13T08:14:31Z	406 B	630 B	142.250.74.106
ww38.area.wthelpdesk.com	unknown			1.5 kB	1.6 kB	81.171.22.5
ocsp.globalsign.com	2075	2012-07-20T19:46:16Z	2023-03-13T05:09:19Z	361 B	1.9 kB	104.18.20.226
subscribe.api-push.com	unknown	2022-06-02T03:41:52Z	2023-03-12T16:55:30Z	1.6 kB	1.6 kB	172.64.163.28
m.luvmenow.com	unknown	2022-06-21T02:24:53Z	2023-03-13T07:01:22Z	582 B	922 B	172.67.165.172
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	782 B	2.4 kB	35.241.9.150
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413 B	5.8 kB	34.160.144.191
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239
orest-vlv.com	unknown	2023-01-16T11:21:19Z	2023-03-13T02:10:56Z	1.6 kB	4.3 kB	54.237.193.255
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606 B	127 B	52.34.56.119
cartining-specute.com	unknown	2021-02-01T00:37:43Z	2023-03-13T06:57:55Z	901 B	647 B	18.197.36.77
ocsp2.globalsign.com	1544	2012-05-23T20:10:04Z	2023-03-13T05:14:17Z	357 B	1.9 kB	104.18.20.226
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	2.7 kB	7.1 kB	23.36.76.226
toomoffr.com	unknown	2022-01-07T16:13:24Z	2023-03-05T06:22:26Z	568 B	989 B	34.242.116.152
ajax.googleapis.com	12905	2013-08-16T11:51:31Z	2023-03-13T08:37:09Z	407 B	35 kB	216.58.211.10
winandlove.com	unknown	2023-01-10T17:30:41Z	2023-03-13T00:05:04Z	534 B	1.4 kB	104.21.76.186
meshho.com	unknown	2022-02-03T21:33:01Z	2023-03-13T03:50:10Z	521 B	572 B	52.51.210.211

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-01-30	medium	ww38.area.wthelpdesk.com/	Malware
2023-01-30	medium	mycasualhookups.com/sl/common/js/lib/jquery-3.3.1.min.js	Phishing
2023-01-30	medium	mycasualhookups.com/sl/common/js/lib/jquery.validate.min.js	Phishing
2023-01-30	medium	mycasualhookups.com/sl/html/032107/js/langs.js	Phishing
2023-01-30	medium	mycasualhookups.com/sl/html/032107/videos/video1.webm	Phishing
2023-01-30	medium	mycasualhookups.com/sl/common/js/common-langs.js	Phishing
2023-01-30	medium	mycasualhookups.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js	Phishing
2023-01-30	medium	mycasualhookups.com/sl/common/js/main.js?1675116729	Phishing
2023-01-30	medium	mycasualhookups.com/sl/html/032107/js/jquery.min.js	Phishing
2023-01-30	medium	mycasualhookups.com/sl/common/js/lib/additional-methods.min.js	Phishing
2023-01-30	medium	mycasualhookups.com/sl/html/032107/js/config.js	Phishing
2023-01-30	medium	mycasualhookups.com/sl/common/css/style.css?1675116729	Phishing
2023-01-30	medium	mycasualhookups.com/sl/html/032107/js/main.js	Phishing
2023-01-30	medium	mycasualhookups.com/sl/common/privacy-policy.html	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (17)

	URL	Size	First Seen	Last Seen
	ww38.area.wthelpdesk.com/	381 B	2023-03-13	2023-03-13
Pretty URL ww38.area.wthelpdesk.com/ IP 81.171.22.5 ASN #60781 LeaseWeb Netherlands B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 12:45:18 Last Seen2023-03-13 12:45:18 Times Seen1 Hash 4b1a39f81a2d5eb8aebbf034f6233d8f e47a08758dbe51c734735ec462b91a67e5cd792d cffb9cee4b6392fa550d47cc3449b144c1c08dd72d23ac73084bf56f32a4260f Loading...

	mycasualhookups.com/sl/common/js/lib/jquery.validate.min.js	23 kB	2023-03-07	2024-04-25
Pretty URL mycasualhookups.com/sl/common/js/lib/jquery.validate.min.js IP 104.26.13.87 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:01:52 Last Seen2024-04-25 10:11:23 Times Seen989 Hash 93c1dd8416ac2af1850652d5b620a142 6a76e4c7db479053350580469aa010febfdcacd0 17a879e50c3ab3078afaded288e257fb66e94806b76ff7e796b54226f9848f50 Loading...

	cdn-dt.fcdn.info/swpush.min.js	34 kB	2023-03-07	2023-08-07
Pretty URL cdn-dt.fcdn.info/swpush.min.js IP 104.21.234.86 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:01:52 Last Seen2023-08-07 07:25:23 Times Seen135 Hash af2540aefe6334edb036a720947abb72 f17f394267c73b004d0f2c6dfb8a790aa2d7bf7e 7af8787e4bc78270a5a72a75f86a45ae9d3bd803c3c57ec3efb84d2aabe102a2 Loading...

	mycasualhookups.com/sl/common/unsubscribe.html	1.9 kB	2023-03-07	2023-04-05
Pretty URL mycasualhookups.com/sl/common/unsubscribe.html IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:01:52 Last Seen2023-04-05 02:02:09 Times Seen17 Hash b65ff9705865169981f3ac388816cc72 c79a72e04d9b766e27ea4fe8d2a0cc5d9c484c41 67da9ca751409ddfd1a8b1b7a1fdfe5b66b37e6d9b1d0c4e083fb357debca5de Loading...

	mycasualhookups.com/sl/html/032107/js/config.js	395 B	2023-03-08	2023-08-07
Pretty URL mycasualhookups.com/sl/html/032107/js/config.js IP 104.26.13.87 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:28:57 Last Seen2023-08-07 07:25:23 Times Seen53 Hash 628061c41e011910d93e2eb32b7e8a24 edaa1d1ca254452b8c77111a7d2dd928276b5971 33015ae6fe9c43a1d94f0b77b94a17e903ca8be952608b85f70ce0df0193161b Loading...

	orest-vlv.com/zcredirect?visitid=2104e103-a0eb-11ed-aaee-1298042306bd&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false	308 B	2023-03-13	2023-03-13
Pretty URL orest-vlv.com/zcredirect?visitid=2104e103-a0eb-11ed-aaee-1298042306bd&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false IP 54.237.193.255 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 12:45:18 Last Seen2023-03-13 12:45:18 Times Seen1 Hash 7e31aabd1dd6174c146c8c7915458e98 5ed954209d5f89535bdbfe20e0f13bbf7507dfab b96a1c42b9489b3a9c6b52b9e5dff62d5b51986744ff24b7df857c3c88736929 Loading...

	mycasualhookups.com/sl/html/032107/js/langs.js	6.2 kB	2023-03-08	2023-05-27
Pretty URL mycasualhookups.com/sl/html/032107/js/langs.js IP 104.26.13.87 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:31:46 Last Seen2023-05-27 17:52:36 Times Seen6 Hash c895285afd534a475c5953dee6ad3495 4ca789d37a3648284e1eaf3d83da4818860089e8 e70037ef79e847cc316e58b94ebe5d4c33cb97be85a0a99125f500d38de043a5 Loading...

	mycasualhookups.com/sl/common/js/lib/additional-methods.min.js	18 kB	2023-03-07	2024-04-10
Pretty URL mycasualhookups.com/sl/common/js/lib/additional-methods.min.js IP 104.26.13.87 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:26:43 Last Seen2024-04-10 02:04:24 Times Seen257 Hash 3a53c5eac97b98ed3833970d43bf7fc9 b8805460b5754be8b16a223df737d9577da4c182 8b1554032d2cfbf0e858518df6460b2b4336be2cfb1f188dfd1108a3ae50b2e8 Loading...

	ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js?1508931949	97 kB	2023-03-07	2024-04-25
Pretty URL ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js?1508931949 IP 216.58.211.10 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:06 Last Seen2024-04-25 19:43:36 Times Seen118725 Hash 4f252523d4af0b478c810c2547a63e19 5a9dcfbef655a2668e78baebeaa8dc6f41d8dabb 668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404 Loading...

	mycasualhookups.com/sl/html/032107/n.php?cep=ko7qHSR88s-2fwzGsUiz2A0jkGi_gtbbqYsSpjp6B59zGCiCUqWA981mwjo7FK0SzNZdvLZoKdTQ5lGdR_7TWg_cu8LdDiMCRNjgeDaWGE_2upBff1zt6JV8drrXu27a8CkNstqiY43OzYxGRpi0Es7A0CPDYilRgRW2t2316cJS-vW3o7cXgmuCBcmLSMrAMPDqqMcjM-7hC00hrYw4sRD35heMUaIvKWDLpwEI1ajETCEjQuc1IkH0FvLK74POnE6prVO7elHKZR5fSyQ9UfLlPEfxqwcau09rsjWS9daUPfB2nXt2XblQ0t3Vnr6Ib1lZb9bvfIUpC9XBwSuv_qOZzIIzHciQOKaLlc3q0WeRuLeypxuYcE0HkFm49OTsCPLhLL4rUhpRNjFquhMU7m3WzGUocOQpEuBqAwc-Tms&lptoken=1692754f117085582895&external_id=36197-742938291&source=16295&sum=#p%23	90 B	2023-03-07	2023-04-05
Pretty URL mycasualhookups.com/sl/html/032107/n.php?cep=ko7qHSR88s-2fwzGsUiz2A0jkGi_gtbbqYsSpjp6B59zGCiCUqWA981mwjo7FK0SzNZdvLZoKdTQ5lGdR_7TWg_cu8LdDiMCRNjgeDaWGE_2upBff1zt6JV8drrXu27a8CkNstqiY43OzYxGRpi0Es7A0CPDYilRgRW2t2316cJS-vW3o7cXgmuCBcmLSMrAMPDqqMcjM-7hC00hrYw4sRD35heMUaIvKWDLpwEI1ajETCEjQuc1IkH0FvLK74POnE6prVO7elHKZR5fSyQ9UfLlPEfxqwcau09rsjWS9daUPfB2nXt2XblQ0t3Vnr6Ib1lZb9bvfIUpC9XBwSuv_qOZzIIzHciQOKaLlc3q0WeRuLeypxuYcE0HkFm49OTsCPLhLL4rUhpRNjFquhMU7m3WzGUocOQpEuBqAwc-Tms&lptoken=1692754f117085582895&external_id=36197-742938291&source=16295&sum=#p%23 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:01:52 Last Seen2023-04-05 02:02:09 Times Seen17 Hash 366614100df3a1aad7eaa097204bb879 462a34ed6013dced533568a3bafe7bb7da1b212d b52856d21909444a7b1f4afb75479ca00aa7a05fc60cdf860dcb3ce4f0b75f01 Loading...

	mycasualhookups.com/sl/common/js/main.js?1675116729	7.4 kB	2023-03-07	2023-08-07
Pretty URL mycasualhookups.com/sl/common/js/main.js?1675116729 IP 104.26.13.87 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:01:51 Last Seen2023-08-07 07:25:23 Times Seen115 Hash b87e1c868deb5fadb6c9661630d4f0db e893295cfb31b37a247c509c53b1eae346c528fc 44523924092ddcf715dae1c6c23059400dfb24781643ddb760b0f6b82724a0a8 Loading...

	mycasualhookups.com/sl/html/032107/n.php?cep=ko7qHSR88s-2fwzGsUiz2A0jkGi_gtbbqYsSpjp6B59zGCiCUqWA981mwjo7FK0SzNZdvLZoKdTQ5lGdR_7TWg_cu8LdDiMCRNjgeDaWGE_2upBff1zt6JV8drrXu27a8CkNstqiY43OzYxGRpi0Es7A0CPDYilRgRW2t2316cJS-vW3o7cXgmuCBcmLSMrAMPDqqMcjM-7hC00hrYw4sRD35heMUaIvKWDLpwEI1ajETCEjQuc1IkH0FvLK74POnE6prVO7elHKZR5fSyQ9UfLlPEfxqwcau09rsjWS9daUPfB2nXt2XblQ0t3Vnr6Ib1lZb9bvfIUpC9XBwSuv_qOZzIIzHciQOKaLlc3q0WeRuLeypxuYcE0HkFm49OTsCPLhLL4rUhpRNjFquhMU7m3WzGUocOQpEuBqAwc-Tms&lptoken=1692754f117085582895&external_id=36197-742938291&source=16295&sum=#p%23	487 B	2023-03-08	2023-05-21
Pretty URL mycasualhookups.com/sl/html/032107/n.php?cep=ko7qHSR88s-2fwzGsUiz2A0jkGi_gtbbqYsSpjp6B59zGCiCUqWA981mwjo7FK0SzNZdvLZoKdTQ5lGdR_7TWg_cu8LdDiMCRNjgeDaWGE_2upBff1zt6JV8drrXu27a8CkNstqiY43OzYxGRpi0Es7A0CPDYilRgRW2t2316cJS-vW3o7cXgmuCBcmLSMrAMPDqqMcjM-7hC00hrYw4sRD35heMUaIvKWDLpwEI1ajETCEjQuc1IkH0FvLK74POnE6prVO7elHKZR5fSyQ9UfLlPEfxqwcau09rsjWS9daUPfB2nXt2XblQ0t3Vnr6Ib1lZb9bvfIUpC9XBwSuv_qOZzIIzHciQOKaLlc3q0WeRuLeypxuYcE0HkFm49OTsCPLhLL4rUhpRNjFquhMU7m3WzGUocOQpEuBqAwc-Tms&lptoken=1692754f117085582895&external_id=36197-742938291&source=16295&sum=#p%23 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:28:57 Last Seen2023-05-21 15:59:11 Times Seen18 Hash eb3361ce29dba68e5f6374b4129a7240 e9226d27e25cff9e8fd1026b4107d90919d59c14 8eb0cb2db6b9f3b562f0b58f4c9b1f6c48c31cce516872a20efbd90a5c6d33ff Loading...

	mycasualhookups.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js	1.2 kB	2023-03-07	2024-04-25
Pretty URL mycasualhookups.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js IP 104.26.13.87 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-04-25 20:31:31 Times Seen54971 Hash 9e8f56e8e1806253ba01a95cfc3d392c a8af90d7482e1e99d03de6bf88fed2315c5dd728 2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8 Loading...

	orest-vlv.com/zcvisitor/2104e103-a0eb-11ed-aaee-1298042306bd/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=105f24d0-089a-11ed-bde8-128084d1ce51	849 B	2023-03-13	2023-03-13
Pretty URL orest-vlv.com/zcvisitor/2104e103-a0eb-11ed-aaee-1298042306bd/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=105f24d0-089a-11ed-bde8-128084d1ce51 IP 54.237.193.255 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 12:45:18 Last Seen2023-03-13 12:45:18 Times Seen1 Hash fc7b6cc421b207c09a2b80f5f45a3fc5 d1eae7eea65004c86a227aed82f110b249325476 3012a328efaf8c4cd19dfbe3b010e717d91aa192f075959ed3e352f185263bf1 Loading...

	mycasualhookups.com/sl/html/032107/js/jquery.min.js	127 kB	2023-03-08	2023-05-27
Pretty URL mycasualhookups.com/sl/html/032107/js/jquery.min.js IP 104.26.13.87 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:31:46 Last Seen2023-05-27 17:52:36 Times Seen16 Hash 60deb99052f1a9728c143c8e618dc9b3 f4bfc781f9cc075a20f8e9fb51c11ef4edb2d3c6 85ea6624a9f99bbf4f890125e45b2cbc2a9ac73aba9c9ad67dab935b8b4108f6 Loading...

	mycasualhookups.com/sl/common/js/lib/jquery-3.3.1.min.js	87 kB	2023-03-07	2024-04-25
Pretty URL mycasualhookups.com/sl/common/js/lib/jquery-3.3.1.min.js IP 104.26.13.87 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-04-25 20:13:12 Times Seen106153 Hash a09e13ee94d51c524b7e2a728c7d4039 0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef Loading...

	mycasualhookups.com/sl/common/js/common-langs.js	15 kB	2023-03-07	2023-07-02
Pretty URL mycasualhookups.com/sl/common/js/common-langs.js IP 104.26.13.87 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:01:51 Last Seen2023-07-02 18:22:18 Times Seen47 Hash 9dd6dd34babf310236383a7eb7d569e3 f396ed09424e282aa4e7b96d463541fc42556f46 7ae9fc07390e221821ced9edb8e092859afbc5653d7878c3d3074ed24be2c050 Loading...

HTTP Transactions (68)

URL IP Response Size

ww38.area.wthelpdesk.com/

81.171.22.5

200 OK

485 B

URL HTTP/1.1
ww38.area.wthelpdesk.com/
IP
81.171.22.5:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (485), with no line terminators
Size
485 B (485 bytes)
Hash
3dba660caf9f24171aeb007fdf394d25
0e34ee84932bb4241db64705cd474fcf337ff0f1
2b47d6261d2b3a31ea4ca9f7fa5a91bf1b0fe9c738a466d20d982fd909cf1ce1

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET / HTTP/1.1
Host: ww38.area.wthelpdesk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 485
content-type: text/html; charset=utf-8
date: Mon, 30 Jan 2023 22:12:04 GMT
server: nginx
set-cookie: sid=20b19a36-a0eb-11ed-82f8-1f1c984cea0c; path=/; domain=.wthelpdesk.com; expires=Sun, 18 Feb 2091 01:26:11 GMT; max-age=2147483647; HttpOnly

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
5eb7c9bc996a0ff420e58af45526f053
8c2614832b8efe1c9da0bbd465d6f3f172d95a9e
c085cf277dd0429fe15e4a4bce5595636e9f2204d5a8e77220f8bf88adf4068f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C085CF277DD0429FE15E4A4BCE5595636E9F2204D5A8E77220F8BF88ADF4068F"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5018
Expires: Mon, 30 Jan 2023 23:35:42 GMT
Date: Mon, 30 Jan 2023 22:12:04 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
0c35c3ec659d3a26ea97e68d787bb043
d97e3672244efec5b7814f2d8a734cd1a9387854
4c946a026114ff05316d92277750facf3d5f5d162839149da0b7fb1a4cff6b5e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4C946A026114FF05316D92277750FACF3D5F5D162839149DA0B7FB1A4CFF6B5E"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5615
Expires: Mon, 30 Jan 2023 23:45:39 GMT
Date: Mon, 30 Jan 2023 22:12:04 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Retry-After, Content-Type, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 30 Jan 2023 21:35:46 GMT
content-type: application/json
age: 2178
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
302c7548412192add063ad6c8b99cf3b
e5d178931a27db036ce8daae302594d3ff7050b8
fc2bd9091006189e67e8074093805ee5492ce16e1dbfba32e083abeeae34969d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FC2BD9091006189E67E8074093805EE5492CE16E1DBFBA32E083ABEEAE34969D"
Last-Modified: Sat, 28 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6914
Expires: Tue, 31 Jan 2023 00:07:18 GMT
Date: Mon, 30 Jan 2023 22:12:04 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: i5L4vlFNDPS9EdEtW9luaqeYplcdsQlfW+bx2xlxKs7JlXdQEUwou0OIyqmOLYOBo7IliCuENiM=
x-amz-request-id: 5QW4KH5GMHANSPER
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 30 Jan 2023 21:50:54 GMT
age: 1270
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 22:12:04 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ww38.area.wthelpdesk.com/favicon.ico

81.171.22.5

404 Not Found

9 B

URL HTTP/1.1
ww38.area.wthelpdesk.com/favicon.ico
IP
81.171.22.5:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
ASCII text, with no line terminators
Size
9 B (9 bytes)
Hash
d8f4a1993546cc4b850cde3599e27aec
094b763b4cfcc0b05e5d040581cd513c3ca08067
907ba78b4545338d3539683e63ecb51cf51c10adc9dabd86e92bd52339f298b9

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: ww38.area.wthelpdesk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww38.area.wthelpdesk.com/
Cookie: sid=20b19a36-a0eb-11ed-82f8-1f1c984cea0c

HTTP/1.1 404 Not Found
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 9
date: Mon, 30 Jan 2023 22:12:04 GMT
server: nginx

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Last-Modified, ETag, Content-Length, Expires, Cache-Control, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 30 Jan 2023 21:41:41 GMT
age: 1824
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
22b9916fc1fafc9bdc9bb37f9eac8a9a
86f640e134a741a0f906a8e3a0f5c6659dd0e394
a29ee843c8a39551a1507cc6ad949ad509e33aaae8b72c58ac4884bad8b0b38e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A29EE843C8A39551A1507CC6AD949AD509E33AAAE8B72C58AC4884BAD8B0B38E"
Last-Modified: Sun, 29 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3370
Expires: Mon, 30 Jan 2023 23:08:15 GMT
Date: Mon, 30 Jan 2023 22:12:05 GMT
Connection: keep-alive

ww38.area.wthelpdesk.com/?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY3NTEyMzkyNCwiaWF0IjoxNjc1MTE2NzI0LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIyc3ZqYmk5N2UxbHZiM29kMmcwb2NsNjciLCJuYmYiOjE2NzUxMTY3MjQsInRzIjoxNjc1MTE2NzI0NDcxNDEzfQ.ITPZTuT_DprwkeSEYJyNsxSQ8LxjfaW4HcPxFYRJG1c&sid=20b19a36-a0eb-11ed-82f8-1f1c984cea0c

81.171.22.5

302 Found

11 B

URL HTTP/1.1
ww38.area.wthelpdesk.com/?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY3NTEyMzkyNCwiaWF0IjoxNjc1MTE2NzI0LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIyc3ZqYmk5N2UxbHZiM29kMmcwb2NsNjciLCJuYmYiOjE2NzUxMTY3MjQsInRzIjoxNjc1MTE2NzI0NDcxNDEzfQ.ITPZTuT_DprwkeSEYJyNsxSQ8LxjfaW4HcPxFYRJG1c&sid=20b19a36-a0eb-11ed-82f8-1f1c984cea0c
IP
81.171.22.5:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
ASCII text, with no line terminators
Size
11 B (11 bytes)
Hash
32682312d17c7cbf18e73594f5570319
60e22121bdd0bc71cdb2bae2a3aa577006b2eae9
e55fb1a1d731153e943b68844af12dcce8bfac917c98ffdea64c80da0607dd47

HTTP Headers

GET /?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY3NTEyMzkyNCwiaWF0IjoxNjc1MTE2NzI0LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIyc3ZqYmk5N2UxbHZiM29kMmcwb2NsNjciLCJuYmYiOjE2NzUxMTY3MjQsInRzIjoxNjc1MTE2NzI0NDcxNDEzfQ.ITPZTuT_DprwkeSEYJyNsxSQ8LxjfaW4HcPxFYRJG1c&sid=20b19a36-a0eb-11ed-82f8-1f1c984cea0c HTTP/1.1
Host: ww38.area.wthelpdesk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww38.area.wthelpdesk.com/
Cookie: sid=20b19a36-a0eb-11ed-82f8-1f1c984cea0c
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 Found
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 11
date: Mon, 30 Jan 2023 22:12:05 GMT
location: http://orest-vlv.com/zcvisitor/2104e103-a0eb-11ed-aaee-1298042306bd/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=105f24d0-089a-11ed-bde8-128084d1ce51
server: nginx
set-cookie: sid=20b19a36-a0eb-11ed-82f8-1f1c984cea0c; path=/; domain=.wthelpdesk.com; expires=Sun, 18 Feb 2091 01:26:12 GMT; max-age=2147483647; HttpOnly

orest-vlv.com/zcvisitor/2104e103-a0eb-11ed-aaee-1298042306bd/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=105f24d0-089a-11ed-bde8-128084d1ce51

54.237.193.255

200

1.1 kB

URL HTTP/1.1
orest-vlv.com/zcvisitor/2104e103-a0eb-11ed-aaee-1298042306bd/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=105f24d0-089a-11ed-bde8-128084d1ce51
IP
54.237.193.255:0
ASN
#14618 AMAZON-AES

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
1.1 kB (1098 bytes)
Hash
a82ee462067b53f96001fbe952bfdd42
c9361769fb362c7781017427dcb428e0432ae853
004e7c5da77962b9d565a29f0d9896f816223d648845c3eff102f5e19b4b6a19

HTTP Headers

GET /zcvisitor/2104e103-a0eb-11ed-aaee-1298042306bd/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=105f24d0-089a-11ed-bde8-128084d1ce51 HTTP/1.1
Host: orest-vlv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww38.area.wthelpdesk.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 
Date: Mon, 30 Jan 2023 22:12:05 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Server: UVNqRCGf

push.services.mozilla.com/

52.34.56.119

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.34.56.119:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: vPu2Jh//JYeN5j0LiO7TjA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: O9xMDqFYoN+Ko8xMhteMUUjUkEA=

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
43bc5afe1d7330aa521e0efc78185a92
f53e9daa0a32e0acf7a10d9494fb383c1d039305
429d5a3a918137cae61e9dee0f05b0d5b4c799517aa6ae30e041a2a3e7f05cac

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "429D5A3A918137CAE61E9DEE0F05B0D5B4C799517AA6AE30E041A2A3E7F05CAC"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3858
Expires: Mon, 30 Jan 2023 23:16:24 GMT
Date: Mon, 30 Jan 2023 22:12:06 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
43bc5afe1d7330aa521e0efc78185a92
f53e9daa0a32e0acf7a10d9494fb383c1d039305
429d5a3a918137cae61e9dee0f05b0d5b4c799517aa6ae30e041a2a3e7f05cac

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "429D5A3A918137CAE61E9DEE0F05B0D5B4C799517AA6AE30E041A2A3E7F05CAC"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3858
Expires: Mon, 30 Jan 2023 23:16:24 GMT
Date: Mon, 30 Jan 2023 22:12:06 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
43bc5afe1d7330aa521e0efc78185a92
f53e9daa0a32e0acf7a10d9494fb383c1d039305
429d5a3a918137cae61e9dee0f05b0d5b4c799517aa6ae30e041a2a3e7f05cac

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "429D5A3A918137CAE61E9DEE0F05B0D5B4C799517AA6AE30E041A2A3E7F05CAC"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3858
Expires: Mon, 30 Jan 2023 23:16:24 GMT
Date: Mon, 30 Jan 2023 22:12:06 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
43bc5afe1d7330aa521e0efc78185a92
f53e9daa0a32e0acf7a10d9494fb383c1d039305
429d5a3a918137cae61e9dee0f05b0d5b4c799517aa6ae30e041a2a3e7f05cac

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "429D5A3A918137CAE61E9DEE0F05B0D5B4C799517AA6AE30E041A2A3E7F05CAC"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3858
Expires: Mon, 30 Jan 2023 23:16:24 GMT
Date: Mon, 30 Jan 2023 22:12:06 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fefbec1f8-74c9-424a-88f1-a90a7ff35701.jpeg

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fefbec1f8-74c9-424a-88f1-a90a7ff35701.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (12154 bytes)
Hash
ac9e49e19b226b271d1a6f29d7159e64
df578148d224d67fb6e098da3eeb1d86c233cb73
1e065f356fe4ae535ec6fa40ddbad8a2ddad1fa1a053bedceb25c90fa3620ad4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fefbec1f8-74c9-424a-88f1-a90a7ff35701.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12154
x-amzn-requestid: 0ba17a3e-c78c-4634-8706-eedd20d8e3c2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fk303H-mIAMFelA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d839b8-1d7f813471bcbd3341f06e86;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 21:42:16 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: xPsBUAX9p6j3zfTl4956VqN0aME12n_E5Q2eoHoBaPE1_ElvMrSx5g==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 30 Jan 2023 21:49:14 GMT
etag: "df578148d224d67fb6e098da3eeb1d86c233cb73"
content-type: image/jpeg
age: 1372
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b71db36-11cb-45f6-a296-34813aea1c35.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (10898 bytes)
Hash
4a2d26da68a313cc65958fc2692351c2
798c3538f3147ca77d317676ddd1bf040bd0f93b
76ce30224803d680c0115e987a712ce5552b2760beadf796a96b17439fb20797

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b71db36-11cb-45f6-a296-34813aea1c35.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10898
x-amzn-requestid: e29f8dfc-07d4-4136-afaf-e1e067eea2ab
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fk3zxGshIAMFw5Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d839b1-5e87d2a44722af9e4e86c3d4;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 21:42:09 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: XYo_QvM8GWDyulOtUb5nVjS9PxOinaRJ3lYvCreeqd_9tHI5yv5xcQ==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Mon, 30 Jan 2023 21:48:21 GMT
age: 1425
etag: "798c3538f3147ca77d317676ddd1bf040bd0f93b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc0def934-b27d-4612-bab8-84bfb73a9960.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.6 kB (7589 bytes)
Hash
5beaead015b2b4fb6d36009926ba0378
67e7c49ea7648fc6d1dffc22588862c993b785b7
6ae0cec9ade23fd53e9c1407b0324a8060892a65a6b675ccffa4a4c82b66f1ff

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc0def934-b27d-4612-bab8-84bfb73a9960.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7589
x-amzn-requestid: 0ce16b38-ae58-4cfc-9a7e-0cfd68c3114b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fk3zxH0pIAMFpMg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d839b1-4c58f0a54d3eb51357dc4bfc;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 21:42:09 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: mdKr3fucht7bqc2dp3mNaXusuYORLOf-YsF54I71mHk09D4AYnVvvQ==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Mon, 30 Jan 2023 21:49:14 GMT
etag: "67e7c49ea7648fc6d1dffc22588862c993b785b7"
content-type: image/jpeg
age: 1372
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

14 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1295ec36-f5b2-4db1-83c7-667fa373f592.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
14 kB (13853 bytes)
Hash
d957012d3e2b8c3bc0eefe11d66e8554
1959fdd94846fa3791c4890578dd15336b909dcc
a97e81ec5eb2eda6a603bf4bfd4fa4ef4fab762747479489e99e6c713258a736

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1295ec36-f5b2-4db1-83c7-667fa373f592.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 13853
x-amzn-requestid: ca6ea6e7-3e13-4194-87f5-20a07b813e21
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fk3zzF4hIAMFwWg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d839b1-772487cb1b7495c52c552d36;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 21:42:09 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: lUGjUSIkoacdmaO1jnMwIuNMONhjyVfAIcTQ3B5d5da_g9eEnCtW7g==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Mon, 30 Jan 2023 21:48:17 GMT
age: 1429
etag: "1959fdd94846fa3791c4890578dd15336b909dcc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc569de21-1642-45cb-a849-06e0eb6ce398.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.7 kB (6660 bytes)
Hash
932f9938c0cf6a0073ade7aa5fbe63ee
10b2c53728e16614bc96fbce22e98a135e8fdc16
25c6402614ad4f04d35ea2512b613a5c239609ce03886a22b1a89d62ddf344f1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc569de21-1642-45cb-a849-06e0eb6ce398.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6660
x-amzn-requestid: d1b88b8f-d5c5-4da3-b93a-ade94338e746
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fRa8DFMaIAMF2Sw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d071e6-1fa8a996195c9b3406399769;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 00:03:50 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: HkhlfofiCFusEluIswICaWL-lR_nnmhszPSRTqZL_tRixYUUqlUZ_g==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Mon, 30 Jan 2023 21:49:14 GMT
age: 1372
etag: "10b2c53728e16614bc96fbce22e98a135e8fdc16"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F591a38fc-2daf-42e7-a48b-a02e54cb63e0.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.0 kB (7049 bytes)
Hash
3c83dcdb618756ebbfeb69a8bff6d38c
5f909182ab6847690e7ebd100e3f0d2798e36192
2e29d0747fb973908228501178465ac09f6553ef8e50dd70ee617f3379eb733c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F591a38fc-2daf-42e7-a48b-a02e54cb63e0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7049
x-amzn-requestid: bc6522f2-eb6b-4e59-9912-0c03d145f021
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fk31LGE2IAMF8rw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d839ba-67477ed1260c27f67e28043d;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 21:42:18 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: nD0Ji3SG6yi5fxcdQP9ylWjpT1OnVkgKH_vOgMVBQ4ksHlhjDamIAw==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Mon, 30 Jan 2023 21:49:06 GMT
age: 1380
etag: "5f909182ab6847690e7ebd100e3f0d2798e36192"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

orest-vlv.com/zcredirect?visitid=2104e103-a0eb-11ed-aaee-1298042306bd&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false

54.237.193.255

200

746 B

URL HTTP/1.1
orest-vlv.com/zcredirect?visitid=2104e103-a0eb-11ed-aaee-1298042306bd&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false
IP
54.237.193.255:0
ASN
#14618 AMAZON-AES

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (330)
Size
746 B (746 bytes)
Hash
0790e5ab82c2f034851b47ea5149d891
bcd1e8d6c1684f0c5323816758763c50f274b9b5
207b8e35dc364887664e0584247149a7bfe6dc88a9fab40dd736e4a7f7970de0

HTTP Headers

GET /zcredirect?visitid=2104e103-a0eb-11ed-aaee-1298042306bd&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false HTTP/1.1
Host: orest-vlv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://orest-vlv.com/zcvisitor/2104e103-a0eb-11ed-aaee-1298042306bd/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=105f24d0-089a-11ed-bde8-128084d1ce51
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 
Date: Mon, 30 Jan 2023 22:12:06 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
redirected: JS
Server: UVNqRCGf

orest-vlv.com/favicon.ico

54.237.193.255

404

653 B

URL HTTP/1.1
orest-vlv.com/favicon.ico
IP
54.237.193.255:0
ASN
#14618 AMAZON-AES

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (649), with no line terminators
Size
653 B (653 bytes)
Hash
ba2732b1b2fa2626ffaa15f62f9e7d66
203d4e7fbb1d80449d6e4e1f3ae7a9bf8625debe
879861cb72fe9fbb476dab246021c4c83b4066327de2529e05ec54d3afb0a1c8

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: orest-vlv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://orest-vlv.com/zcredirect?visitid=2104e103-a0eb-11ed-aaee-1298042306bd&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false

HTTP/1.1 404 
Date: Mon, 30 Jan 2023 22:12:06 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 653
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Content-Language: en
Server: sdOdrRAb

cartining-specute.com/zp-redirect?target=https%3A%2F%2Fwinandlove.com%2FMtnb3wf8%3Faid%3Dbgzzbzgkdk%26kid%3Ddghhfxfxgbx%26clickid%3Dw4lvqf1g43mhke9m258f4u08&caid=f72d8c37-b1a8-4074-8f00-3243bfd2c432&zpid=2104e103-a0eb-11ed-aaee-1298042306bd&cid=w4lvqf1g43mhke9m258f4u08&rt=R

18.197.36.77

302 Found

0 B

URL HTTP/2
cartining-specute.com/zp-redirect?target=https%3A%2F%2Fwinandlove.com%2FMtnb3wf8%3Faid%3Dbgzzbzgkdk%26kid%3Ddghhfxfxgbx%26clickid%3Dw4lvqf1g43mhke9m258f4u08&caid=f72d8c37-b1a8-4074-8f00-3243bfd2c432&zpid=2104e103-a0eb-11ed-aaee-1298042306bd&cid=w4lvqf1g43mhke9m258f4u08&rt=R
IP
18.197.36.77:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /zp-redirect?target=https%3A%2F%2Fwinandlove.com%2FMtnb3wf8%3Faid%3Dbgzzbzgkdk%26kid%3Ddghhfxfxgbx%26clickid%3Dw4lvqf1g43mhke9m258f4u08&caid=f72d8c37-b1a8-4074-8f00-3243bfd2c432&zpid=2104e103-a0eb-11ed-aaee-1298042306bd&cid=w4lvqf1g43mhke9m258f4u08&rt=R HTTP/1.1
Host: cartining-specute.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://orest-vlv.com/
Cookie: cc-v4=XDqDjjuCyhflNRZTbbvEROw99HzPuUGH43c%2Bk6Pei0C6f%2Fx7ZChbb56D9hJdAWOyacyeIqt%2FHMt41Psm6bTQTrVk6b6XVKHYTlUV5a%2B347yHNaqXyu1SXkBm4pN84OuxRmRuIvqUNGP1VOTzhWreyQ%3D%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
server: nginx
date: Mon, 30 Jan 2023 22:12:06 GMT
content-length: 0
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://winandlove.com/Mtnb3wf8?aid=bgzzbzgkdk&kid=dghhfxfxgbx&clickid=w4lvqf1g43mhke9m258f4u08
pragma: no-cache
set-cookie: cc-v4=6BUdHVgXuPPk3z0WolMeiE1I%2FPu9O7PpwNswRqVR4ZZHOZb5s%2BrRZjilN6Os8xFS6evXuYvKRwmf55O8jkvG7SuibnDqsbAJbNmhcUked%2FFjf5i8%2FBwlNHo3IYTQEaRtf6yoeaLsOxig8cvC4edgXg%3D%3D; Max-Age=31536000; Expires=Tue, 30-Jan-2024 22:12:06 GMT; Domain=cartining-specute.com; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2

ocsp.pki.goog/s/gts1p5/1qjPNXlPzIY

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1p5/1qjPNXlPzIY
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
1160083536d3ecf49beee09e70bb43eb
8d91a653d5e4b4a6c2408c83254a557477c350bd
c32cc50ba7ef2c607a681f956daac889c3d43bac5affc0c39ecfa33d55dc1e52

HTTP Headers

POST /s/gts1p5/1qjPNXlPzIY HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 22:12:06 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/s/gts1p5/1qjPNXlPzIY

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1p5/1qjPNXlPzIY
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
1160083536d3ecf49beee09e70bb43eb
8d91a653d5e4b4a6c2408c83254a557477c350bd
c32cc50ba7ef2c607a681f956daac889c3d43bac5affc0c39ecfa33d55dc1e52

HTTP Headers

POST /s/gts1p5/1qjPNXlPzIY HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 22:12:07 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

m.luvmenow.com/click?pid=34496&offer_id=5246&sub1=s8hnpa7n25v&sub2=34496&sub3=21&sub4=s8hnpa7n25o&sub5=38577&sub6=156696&sub7=frd&sub8=

172.67.165.172

302 Found

0 B

URL HTTP/2
m.luvmenow.com/click?pid=34496&offer_id=5246&sub1=s8hnpa7n25v&sub2=34496&sub3=21&sub4=s8hnpa7n25o&sub5=38577&sub6=156696&sub7=frd&sub8=
IP
172.67.165.172:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /click?pid=34496&offer_id=5246&sub1=s8hnpa7n25v&sub2=34496&sub3=21&sub4=s8hnpa7n25o&sub5=38577&sub6=156696&sub7=frd&sub8= HTTP/1.1
Host: m.luvmenow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://orest-vlv.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
date: Mon, 30 Jan 2023 22:12:07 GMT
content-length: 0
location: https://meshho.com/?a=16295&c=43694&p=r&s1=&s2=a_63d840b7c100d4000110a961&s4=34496
x-adjust-use-original-forwarded-for: 1
set-cookie: afclick=63d840b7c100d4000110a961; expires=Tue, 30 Jan 2024 22:12:07 GMT; secure; SameSite=None
afoffers={"5246":1675116727}; expires=Tue, 30 Jan 2024 22:12:07 GMT; secure; SameSite=None
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i6jwYZbyem%2FzE6wxZ7kEmqxbfPHb7hU%2FZAR8hEDOUR%2FM3XudzbR5SXQu8zsqAC9lnUEX%2FyQuYMCdG2b3m7iDZgkY%2BIyXHR0GmJaS5KPZlDWxJzOC%2FCMJTgI6Am6i69m3EA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 791d8c1879740b49-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp2.globalsign.com/gsalphasha2g2

104.18.20.226

200 OK

1.4 kB

URL HTTP/1.1
ocsp2.globalsign.com/gsalphasha2g2
IP
104.18.20.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.4 kB (1423 bytes)
Hash
cda2e2f146a03436d203e19c901189da
f60c4e37342b742c3f96dcc65e95524a0c057376
acfbe15845135eadd0b787316e9d4d1ec67d573eda94f36dd53170d5bf26db03

HTTP Headers

POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 30 Jan 2023 22:12:07 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Fri, 03 Feb 2023 19:26:04 GMT
ETag: "f60c4e37342b742c3f96dcc65e95524a0c057376"
Last-Modified: Mon, 30 Jan 2023 19:26:05 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: EXPIRED
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 791d8c19fc55b50c-OSL

meshho.com/?a=16295&c=43694&p=r&s1=&s2=a_63d840b7c100d4000110a961&s4=34496

52.51.210.211

302 Found

270 B

URL HTTP/1.1
meshho.com/?a=16295&c=43694&p=r&s1=&s2=a_63d840b7c100d4000110a961&s4=34496
IP
52.51.210.211:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
270 B (270 bytes)
Hash
f80e163e217c20559c43c6115c238b98
e5b546e70840eaeb8b709022e055b92c844ef72a
f495a88bb958151ee32d8c67cefdc54923f035824b7653c966407b6a303e9397

HTTP Headers

GET /?a=16295&c=43694&p=r&s1=&s2=a_63d840b7c100d4000110a961&s4=34496 HTTP/1.1
Host: meshho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://orest-vlv.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/1.1 302 Found
Cache-Control: private
Content-Length: 270
Content-Type: text/html; charset=utf-8
Date: Mon, 30 Jan 2023 22:12:07 GMT
Location: https://toomoffr.com/?a=16295&c=43694&p=r&s1=&s2=a_63d840b7c100d4000110a961&s4=34496&ckmguid=8d9391f1-2a87-4168-a9ea-328847084239
Connection: close

ocsp.globalsign.com/alphasslcasha256g4

104.18.20.226

200 OK

1.4 kB

URL HTTP/1.1
ocsp.globalsign.com/alphasslcasha256g4
IP
104.18.20.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.4 kB (1437 bytes)
Hash
1e2640a09f85495dc7ce6c0495d0e706
8f073c80061383d44f1a848392e2fd7ebecfb1b1
5e444f258606512d51ba573a2aa9c56349679ece6c924ddaef2ead142cb4eb9d

HTTP Headers

POST /alphasslcasha256g4 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 30 Jan 2023 22:12:08 GMT
Content-Type: application/ocsp-response
Content-Length: 1437
Connection: keep-alive
Expires: Fri, 03 Feb 2023 20:07:45 GMT
ETag: "8f073c80061383d44f1a848392e2fd7ebecfb1b1"
Last-Modified: Mon, 30 Jan 2023 20:07:46 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: EXPIRED
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 791d8c1deb62b529-OSL

toomoffr.com/?a=16295&c=43694&p=r&s1=&s2=a_63d840b7c100d4000110a961&s4=34496&ckmguid=8d9391f1-2a87-4168-a9ea-328847084239

34.242.116.152

302 Found

234 B

URL HTTP/1.1
toomoffr.com/?a=16295&c=43694&p=r&s1=&s2=a_63d840b7c100d4000110a961&s4=34496&ckmguid=8d9391f1-2a87-4168-a9ea-328847084239
IP
34.242.116.152:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
234 B (234 bytes)
Hash
401a9239f69660f4601393204ab0b296
cf1fa32b02988255af00546e69fa634629ba2e2e
f064fbe27dfcb135a11b9af2145320f6e92763b05bc6c7f3a631c3c702f61780

HTTP Headers

GET /?a=16295&c=43694&p=r&s1=&s2=a_63d840b7c100d4000110a961&s4=34496&ckmguid=8d9391f1-2a87-4168-a9ea-328847084239 HTTP/1.1
Host: toomoffr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://orest-vlv.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/1.1 302 Found
Cache-Control: private
Content-Length: 234
Content-Type: text/html; charset=utf-8
Date: Mon, 30 Jan 2023 22:12:08 GMT
Location: https://bl.trackham.com/f9908105-7257-45be-97c0-9990466cb2a4?external_id=36197-742938291&source=16295&sum=#p#
P3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: sid=nhfAajmfS1FLAGqEhA87dYIAXPuJ15G/80NgFLy6Zup2RgEtbrcszg==; domain=.toomoffr.com; path=/; HttpOnly
trk=Tz0MC2Xwn8MTyrKNsMQJsYIAXPuJ15G/80NgFLy6Zup2RgEtbrcszg==; domain=.toomoffr.com; expires=Thu, 30-Jan-2025 22:12:08 GMT; path=/; HttpOnly
c36197=nhfAajmfS1H5bHZoXMhPUI4TTk+Jf0yLCNzoJyyM549eCUghiDE1Zg==; domain=.toomoffr.com; expires=Wed, 01-Mar-2023 22:12:08 GMT; path=/; HttpOnly
Connection: close

bl.trackham.com/f9908105-7257-45be-97c0-9990466cb2a4?external_id=36197-742938291&source=16295&sum=

18.193.146.82

302 Found

0 B

URL HTTP/2
bl.trackham.com/f9908105-7257-45be-97c0-9990466cb2a4?external_id=36197-742938291&source=16295&sum=
IP
18.193.146.82:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /f9908105-7257-45be-97c0-9990466cb2a4?external_id=36197-742938291&source=16295&sum= HTTP/1.1
Host: bl.trackham.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://orest-vlv.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
server: nginx
date: Mon, 30 Jan 2023 22:12:08 GMT
content-length: 0
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://mycasualhookups.com/sl/html/032107/n.php?cep=ko7qHSR88s-2fwzGsUiz2A0jkGi_gtbbqYsSpjp6B59zGCiCUqWA981mwjo7FK0SzNZdvLZoKdTQ5lGdR_7TWg_cu8LdDiMCRNjgeDaWGE_2upBff1zt6JV8drrXu27a8CkNstqiY43OzYxGRpi0Es7A0CPDYilRgRW2t2316cJS-vW3o7cXgmuCBcmLSMrAMPDqqMcjM-7hC00hrYw4sRD35heMUaIvKWDLpwEI1ajETCEjQuc1IkH0FvLK74POnE6prVO7elHKZR5fSyQ9UfLlPEfxqwcau09rsjWS9daUPfB2nXt2XblQ0t3Vnr6Ib1lZb9bvfIUpC9XBwSuv_qOZzIIzHciQOKaLlc3q0WeRuLeypxuYcE0HkFm49OTsCPLhLL4rUhpRNjFquhMU7m3WzGUocOQpEuBqAwc-Tms&lptoken=1692754f117085582895&external_id=36197-742938291&source=16295&sum=
pragma: no-cache
set-cookie: f9908105-7257-45be-97c0-9990466cb2a4-v4=PnwKfx8yxXZTCi7Q1ATfJ1hO92IDR81OQ3RaynhCtRI; Max-Age=86400; Expires=Tue, 31-Jan-2023 22:12:08 GMT; Domain=bl.trackham.com; Path=/; Secure; HttpOnly;SameSite=None
cep-v4=AzL-G_JFpINAEaR5DVdCyoocLvMSpQDiQk-3BiL92sZukf8Np-0ifq-_vc5lh1aVYRaoIhrzstgHLReOIZ8fu5Q5kwK1Qj68eFfo3DWtRLe_RskOLqEUo32Y3zIQDztmKC238PU0CJGq3frUmm89ROBZHb5_AQbWEKWf1aTtO4VIpBT3HOrCVi-CZIPfEMZDd2EPzU-KNVH5WbN2-R9M7_SEg6h-aM8v1LfGSXYa03pAVPMqzJYAdl3d9TTnTFbvmXNcEOjkH-UoL6k5RGRx7SQFpom3wfNSJLecQ1ao0jbFw2Chpunh5DOCbBnlC5laSiRXaE7UPTsI95rVQuFJAeOTdQOl2Q5xvuwWIZEMTj09hLNxozFnu3kErL-KPNYae_MPeyTqTTffncnXBheMT9rSh3_pL5RxrBemqoJikXo; Max-Age=86400; Expires=Tue, 31-Jan-2023 22:12:08 GMT; Domain=bl.trackham.com; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2

ocsp.pki.goog/s/gts1p5/QsXoNUJjkNc

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1p5/QsXoNUJjkNc
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
adfc2cc6add1d4c15131e343ee899077
42969e20cf9343e0072ce16fa6895e9c810d3fb6
257006927925883a0f188f332146ff65a05cc917330d648f3ca58a52fc684fac

HTTP Headers

POST /s/gts1p5/QsXoNUJjkNc HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 22:12:08 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

mycasualhookups.com/sl/html/032107/css/css.css

104.26.13.87

200 OK

2.3 kB

URL HTTP/2
mycasualhookups.com/sl/html/032107/css/css.css
IP
104.26.13.87:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (6865), with no line terminators
Size
2.3 kB (2325 bytes)
Hash
5f750d625b99b1c5421f58467c89bb1f
8e163d1a9abc68b46ec173fa396cfe1e5703e249
e5f76ff7ee91111cd01e19d2ec4f67594a6b7d790bf8103fbe5fcb5cdac8d3ce

HTTP Headers

GET /sl/html/032107/css/css.css HTTP/1.1
Host: mycasualhookups.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mycasualhookups.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 30 Jan 2023 22:12:09 GMT
content-type: text/css
cache-control: max-age=86400
cf-bgj: minify
cf-polished: origSize=9103
expires: Tue, 31 Jan 2023 19:16:05 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
last-modified: Mon, 26 Sep 2022 15:53:08 GMT
vary: Accept-Encoding
x-endurance-cache-level: 2
cf-cache-status: HIT
age: 10564
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MJLpWdccS8Hhtym637pAnAW6HYTFFn9e2S0gOzMUBm0I7pRK60Iq%2FCyTvMOKe1dkdtMsbSezkvYs2V7p8wugmTYPEp59ap%2BFQ%2BAIB2RQsq%2F%2FotWbxRcvujkzaTkpttpRWAQotqg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 791d8c27590d0b61-OSL
content-encoding: br
X-Firefox-Spdy: h2

ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js?1508931949

216.58.211.10

200 OK

34 kB

URL HTTP/2
ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js?1508931949
IP
216.58.211.10:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (32077)
Size
34 kB (33951 bytes)
Hash
fd2b58574f9637ba7ef639267349d848
6eda5ea93f549ceb5693f6f1c038893fa56a510d
75627d4b97e5e6294a8f88f5eeaf9b616696dc8600db9701c47ef05f067880ec

HTTP Headers

GET /ajax/libs/jquery/1.12.4/jquery.min.js?1508931949 HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mycasualhookups.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33951
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 27 Jan 2023 19:19:18 GMT
expires: Sat, 27 Jan 2024 19:19:18 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
age: 269571
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
40bac282ee9730b7a7fde839fcf58736
be00063ec5c760560f34663d0a6a9cad87cfebe4
45b83537d8621d3c4a7c046a9b78f6745977c359db2868d720f19dbb0eb80d3d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 22:12:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/s/gts1p5/K0TBC4DjskA

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1p5/K0TBC4DjskA
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
4d09eb3776fb550b558272850714ab84
41ca431bf2db4c21d4ef0f76da3c4cab9c8c96c7
46ba8174d50b0b30336f3a221a99ab7b125d167389ac3a9d78e93cf1c564ee9a

HTTP Headers

POST /s/gts1p5/K0TBC4DjskA HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 22:12:09 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

mycasualhookups.com/sl/common/js/lib/jquery-3.3.1.min.js

104.26.13.87

200 OK

32 kB

URL HTTP/2
mycasualhookups.com/sl/common/js/lib/jquery-3.3.1.min.js
IP
104.26.13.87:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65451)
Size
32 kB (31752 bytes)
Hash
e1a332c0f0b0c42386e008d228a2ed0f
a9c81750f7102a7e9976be61bab3cd9f2a67da03
f5248bc265b7a33c57f5166c749aee3da2935594880a80ce4626ae2a1bf530ec

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /sl/common/js/lib/jquery-3.3.1.min.js HTTP/1.1
Host: mycasualhookups.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mycasualhookups.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 30 Jan 2023 22:12:09 GMT
content-type: application/javascript
last-modified: Mon, 26 Sep 2022 15:53:06 GMT
cache-control: max-age=86400
expires: Tue, 31 Jan 2023 08:22:31 GMT
vary: Accept-Encoding
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 2
cf-cache-status: HIT
age: 49778
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ds%2B5OYF49s8YNLzhR5ecOAnq7p6ClSentbj75gxzIsdTwmmDbPFcYIpnM5wZq%2BEWoRZiayNSQcxCRE23Ms5ucHGPW6YyEtWwXESqE0Yu2XuTzpHZu0iKSvEJWWPdeqPUv5QIxKU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 791d8c2769150b61-OSL
content-encoding: br
X-Firefox-Spdy: h2

app.api-push.com/get-keys

172.64.163.28

204 No Content

0 B

URL HTTP/2
app.api-push.com/get-keys
IP
172.64.163.28:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /get-keys HTTP/1.1
Host: app.api-push.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-referer
Referer: https://mycasualhookups.com/
Origin: https://mycasualhookups.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
date: Mon, 30 Jan 2023 22:12:10 GMT
vary: Origin
access-control-allow-origin: *
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE,PATCH
access-control-allow-headers: content-type,x-referer
strict-transport-security: max-age=15724800; includeSubDomains
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MCcUPjuC0GHTJaM1nEOHSYrrVS1D2vmx%2F%2Bhma8z2X5k1ruTuhits18cn%2FKplGJpSBg63F%2BHJ%2BtCYVDm7sMUInjrkzDpzG5wuhdNY%2F1SqHOox1bcKohmfNTD%2FtE4ntnCJduhA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 791d8c2ac8d2886e-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

mycasualhookups.com/sl/common/js/lib/jquery.validate.min.js

104.26.13.87

200 OK

58 kB

URL HTTP/2
mycasualhookups.com/sl/common/js/lib/jquery.validate.min.js
IP
104.26.13.87:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (23122)
Size
58 kB (57724 bytes)
Hash
ce65ec221537476bb712c35cf32e900d
48cbaa3f36aaf2bef22271b441e828baaecd1d6e
df76cb1e7fd36ac7fd2b5bcb6f0423765e2b2f1358f66964677ad1ee5abf8cdc

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /sl/common/js/lib/jquery.validate.min.js HTTP/1.1
Host: mycasualhookups.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mycasualhookups.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 30 Jan 2023 22:12:09 GMT
content-type: application/javascript
last-modified: Mon, 26 Sep 2022 15:53:06 GMT
cache-control: max-age=86400
expires: Tue, 31 Jan 2023 08:22:31 GMT
vary: Accept-Encoding
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 2
cf-cache-status: HIT
age: 49778
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f4RR0bpOEqcqOH7hgHYmvTGd2NvVJ8wB8LZDU2PEw86Dz89BCeWtyYQY6%2BNcR640XP9JnwYLBRdgSN74FpLuvFPa7K8EIuuMK9JFhlx7KMlBxy9ldF%2BOXYNG%2FzEyjK1e5zxCgLc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 791d8c2769190b61-OSL
content-encoding: br
X-Firefox-Spdy: h2

cdn-dt.fcdn.info/swpush.min.js

104.21.234.86

200 OK

12 kB

URL HTTP/2
cdn-dt.fcdn.info/swpush.min.js
IP
104.21.234.86:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (34449)
Size
12 kB (12485 bytes)
Hash
7bee65fb52cc6c1236b83bdd117541ce
341f5aa8224c368fc7894647219d7b53e78d8ada
4fe30fad8454bf19cadf9fc8d4f23e20e0ccfb5a64df951fe2a2d8461745b441

HTTP Headers

GET /swpush.min.js HTTP/1.1
Host: cdn-dt.fcdn.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mycasualhookups.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 30 Jan 2023 22:12:09 GMT
content-type: application/javascript
last-modified: Sat, 07 May 2022 08:23:17 GMT
etag: W/"62762c75-8692"
cache-control: max-age=31536000
cf-cache-status: HIT
age: 1077094
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0Dno2zIIx8JGuYSTzJmF9E1%2FYaMOFeerlZW%2FUXiCtgQg9yHYb5j2ZPfNLj0zES%2FgJSeoF0eFMtKD8i0UwrfbSbtW9crh45jsJ6mY73vPlR7uMBRNopCHaoVPR8KqX241tjFK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 791d8c28eb4d3859-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

mycasualhookups.com/sl/html/032107/js/langs.js

104.26.13.87

200 OK

6.2 kB

URL HTTP/2
mycasualhookups.com/sl/html/032107/js/langs.js
IP
104.26.13.87:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (5153), with no line terminators
Size
6.2 kB (6190 bytes)
Hash
c872a7549dee637d108cf40c99038921
3a6179ba935b9bc69bf2ab523ce22303640cbe32
eb53e32f704f0a6e6b5ee5279cb596502749132c878091ad6fecde4eca20b7b5

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /sl/html/032107/js/langs.js HTTP/1.1
Host: mycasualhookups.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mycasualhookups.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 30 Jan 2023 22:12:09 GMT
content-type: application/javascript
cache-control: max-age=86400
cf-bgj: minify
cf-polished: origSize=7419
expires: Tue, 31 Jan 2023 19:16:06 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
last-modified: Mon, 26 Sep 2022 15:53:08 GMT
vary: Accept-Encoding
x-endurance-cache-level: 2
cf-cache-status: HIT
age: 10563
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mABHilDXtaOd70YdiF29UrscDBYyghFTjrfyPJ0yAjxhj%2B2VgHEX7LP%2FkKQXZ1euXvBUSbMeQEjuN9pCgBTSIYJgwdrFObtTRXK5PdGZxz5A1TEJ5wSMhEtGpEu22RzQ4uDR6Rs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 791d8c2769210b61-OSL
content-encoding: br
X-Firefox-Spdy: h2

mycasualhookups.com/sl/html/032107/videos/video1.webm

104.26.13.87

206 Partial Content

1.8 MB

URL HTTP/2
mycasualhookups.com/sl/html/032107/videos/video1.webm
IP
104.26.13.87:0
ASN
#13335 CLOUDFLARENET

File type
WebM\012- EBML file, creator webmB\20\012- data
Size
1.8 MB (1787154 bytes)
Hash
275783ec04582836653aefff2ea6644c
c33c6cc9494ea3789cdfc22b925916164aee4253
cd69ec1ee91bec9876983cd47b3381838aaee8be56ef467400d55bf1f5f758fd

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /sl/html/032107/videos/video1.webm HTTP/1.1
Host: mycasualhookups.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Referer: https://mycasualhookups.com/
Range: bytes=0-
Connection: keep-alive
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 206 Partial Content
date: Mon, 30 Jan 2023 22:12:10 GMT
content-type: video/webm
content-length: 1787154
last-modified: Mon, 26 Sep 2022 15:53:08 GMT
cache-control: max-age=86400
expires: Tue, 31 Jan 2023 19:16:13 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 2
cf-cache-status: HIT
age: 10557
content-range: bytes 0-1787153/1787154
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oSSLQIa3CVI0RFGzVyaC7ssEwaK3tdyM7%2Bomo%2B141VwDswwqj5e4TUBnc05pnSl0MCs7xg%2FQjmATyMXNIkBWl0%2FIUXdAspE5zIywrui%2BA0vJqhU7ozz%2B3QXX%2FAwP%2FrUSbY55QNQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 791d8c2b7cba0b61-OSL
X-Firefox-Spdy: h2

mycasualhookups.com/sl/common/js/common-langs.js

104.26.13.87

200 OK

6.5 kB

URL HTTP/2
mycasualhookups.com/sl/common/js/common-langs.js
IP
104.26.13.87:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (12768)
Size
6.5 kB (6548 bytes)
Hash
8cc4d4730653b4edea15df7fbbc2f543
59bb77e2e1173aeaf8bd83ba53e7c52a3b9238db
e0700facf51eca595dbb3c2069287d1cb5c455ec49c9e3a844913e6628ce4583

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /sl/common/js/common-langs.js HTTP/1.1
Host: mycasualhookups.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mycasualhookups.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 30 Jan 2023 22:12:09 GMT
content-type: application/javascript
cache-control: max-age=86400
cf-bgj: minify
cf-polished: origSize=19528
expires: Tue, 31 Jan 2023 08:22:31 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
last-modified: Mon, 26 Sep 2022 15:53:06 GMT
vary: Accept-Encoding
x-endurance-cache-level: 2
cf-cache-status: HIT
age: 49778
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RplLqnSGbI611QEGJ9fi5LRSWondbfKeCStRM8g6viiBxhE0j0kvyg%2FmqOfi9IFtzLCKsewicuCBijLoqWI4QFDndpeEPTQFP9aZ1Y5VvqL%2FmdRxDE%2FxnMFhEkLypGbAI0TmNWw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 791d8c2769250b61-OSL
content-encoding: br
X-Firefox-Spdy: h2

mycasualhookups.com/sl/html/032107/css/style.css

104.26.13.87

200 OK

1.4 kB

URL HTTP/2
mycasualhookups.com/sl/html/032107/css/style.css
IP
104.26.13.87:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (2785), with no line terminators
Size
1.4 kB (1364 bytes)
Hash
361c6a1698ae475ddde5d554ccec0c7d
b5fcc845af0e407e48fcb5f63f926abd7694bdf9
02f57a6cb89e6c69a38eb2f1f8ba9a6dbe5c965e54eb46ea16426eacd1c1e64e

HTTP Headers

GET /sl/html/032107/css/style.css HTTP/1.1
Host: mycasualhookups.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mycasualhookups.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 30 Jan 2023 22:12:09 GMT
content-type: text/css
cache-control: max-age=86400
cf-bgj: minify
cf-polished: origSize=4300
expires: Tue, 31 Jan 2023 19:16:05 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
last-modified: Mon, 26 Sep 2022 15:53:08 GMT
vary: Accept-Encoding
x-endurance-cache-level: 2
cf-cache-status: HIT
age: 10564
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BM79ZGMlBvKpzV%2B12ASBAw6p0%2FgYnRm9iJnqkQAa9F9KyYTtz%2BB3mTyZ3DxIdXBdn0ex2g63opdKKD3zoLjE5yDDni0l8jFG89JocLZk7cu%2FqsIk5F3CJPAdS3IUq%2FcUm2YS1h8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 791d8c2759070b61-OSL
content-encoding: br
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

142.250.74.35

200 OK

45 kB

URL HTTP/2
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Size
45 kB (44856 bytes)
Hash
565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db

HTTP Headers

GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://mycasualhookups.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 30 Jan 2023 18:52:41 GMT
expires: Tue, 30 Jan 2024 18:52:41 GMT
cache-control: public, max-age=31536000
age: 11969
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
f075625a67cefc01c034a3c732ec8023
c3ef563fbf1cf30f75fc931f82426a0f859ccb6d
75ce941806680157fcca91d6074496cbbc7cdcf6da28fa35384273bf9a76d588

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 22:12:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
f075625a67cefc01c034a3c732ec8023
c3ef563fbf1cf30f75fc931f82426a0f859ccb6d
75ce941806680157fcca91d6074496cbbc7cdcf6da28fa35384273bf9a76d588

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 22:12:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/s/gts1p5/K0TBC4DjskA

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1p5/K0TBC4DjskA
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
4d09eb3776fb550b558272850714ab84
41ca431bf2db4c21d4ef0f76da3c4cab9c8c96c7
46ba8174d50b0b30336f3a221a99ab7b125d167389ac3a9d78e93cf1c564ee9a

HTTP Headers

POST /s/gts1p5/K0TBC4DjskA HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 22:12:10 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

subscribe.api-push.com/subscriber/null/4e027e5d-4862-46c4-9cb6-ae024d88181b

172.64.163.28

204 No Content

0 B

URL HTTP/2
subscribe.api-push.com/subscriber/null/4e027e5d-4862-46c4-9cb6-ae024d88181b
IP
172.64.163.28:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /subscriber/null/4e027e5d-4862-46c4-9cb6-ae024d88181b HTTP/1.1
Host: subscribe.api-push.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type,x-referer
Referer: https://mycasualhookups.com/
Origin: https://mycasualhookups.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
date: Mon, 30 Jan 2023 22:12:10 GMT
vary: Origin
access-control-allow-origin: *
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE,PATCH
access-control-allow-headers: content-type,x-referer
strict-transport-security: max-age=15724800; includeSubDomains
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WCWFpJrVDRG6CRNLXvYxQH2CE1I%2FO1xVWww4InLFPWnA4FZBgIe6QRisowTrYW2Mw%2FdZBstqMnal6O2adO7SElEkTDpumU48j0oChqOCuVlyJsosVcmV%2FuaZdRGFdSQq3H45KNPVvOsy"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 791d8c2cfce6886e-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

subscribe.api-push.com/subscriber/null/4e027e5d-4862-46c4-9cb6-ae024d88181b

172.64.163.28

200 OK

5 B

URL HTTP/2
subscribe.api-push.com/subscriber/null/4e027e5d-4862-46c4-9cb6-ae024d88181b
IP
172.64.163.28:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with no line terminators
Size
5 B (5 bytes)
Hash
68934a3e9455fa72420237eb05902327
7cb6efb98ba5972a9b5090dc2e517fe14d12cb04
fcbcf165908dd18a9e49f7ff27810176db8e9f63b4352213741664245224f8aa

HTTP Headers

GET /subscriber/null/4e027e5d-4862-46c4-9cb6-ae024d88181b HTTP/1.1
Host: subscribe.api-push.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mycasualhookups.com/
Content-Type: application/json
x-referer: https://mycasualhookups.com/sl/html/032107/n.php?cep=ko7qHSR88s-2fwzGsUiz2A0jkGi_gtbbqYsSpjp6B59zGCiCUqWA981mwjo7FK0SzNZdvLZoKdTQ5lGdR_7TWg_cu8LdDiMCRNjgeDaWGE_2upBff1zt6JV8drrXu27a8CkNstqiY43OzYxGRpi0Es7A0CPDYilRgRW2t2316cJS-vW3o7cXgmuCBcmLSMrAMPDqqMcjM-7hC00hrYw4sRD35heMUaIvKWDLpwEI1ajETCEjQuc1IkH0FvLK74POnE6prVO7elHKZR5fSyQ9UfLlPEfxqwcau09rsjWS9daUPfB2nXt2XblQ0t3Vnr6Ib1lZb9bvfIUpC9XBwSuv_qOZzIIzHciQOKaLlc3q0WeRuLeypxuYcE0HkFm49OTsCPLhLL4rUhpRNjFquhMU7m3WzGUocOQpEuBqAwc-Tms&lptoken=1692754f117085582895&external_id=36197-742938291&source=16295&sum=#p#
Origin: https://mycasualhookups.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Mon, 30 Jan 2023 22:12:10 GMT
content-type: application/json; charset=utf-8
content-length: 5
vary: Origin
access-control-allow-origin: *
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE,PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=15724800; includeSubDomains
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f6V0TfBPP7FV7VU1%2FgV0qpZml5cN286RtM9gSSlo3lM%2Frnlkt%2BJruXIqiUKuFPap%2FuPy9RrHx2dzFiNISIViOX5yGmxoXVuOAVUinLTyqj35kM%2BGca4aUStn1hod1Pq2EBIIuKcB%2FoKR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 791d8c2dbe64886e-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

mycasualhookups.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

104.26.13.87

200 OK

1.1 kB

URL HTTP/2
mycasualhookups.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
IP
104.26.13.87:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.1 kB (1127 bytes)
Hash
0b533966ceef0638808e87d0a565c6f2
11403c7fffea62664623df5007e4c8b6e4737a65
298c2650cae31743620301aeaa0edcd7bf7080729159341d6b5826cdae7b5878

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1
Host: mycasualhookups.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mycasualhookups.com/sl/common/privacy-policy.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 30 Jan 2023 22:12:10 GMT
content-type: application/javascript
last-modified: Mon, 23 Jan 2023 11:05:52 GMT
etag: W/"63ce6a10-4d7"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UXHvqo78zPGIlzT%2BeL5FZYjSBbThdZfkq9mwN7RlQYdq175RkJddXDw8IdUzCh0pXfeJQ%2Bn9zyqY3keC2RGxFnBzmPLJQ%2Bt1lWKcRVV39ZobGr67sQb4x1eXTCWDJB3%2BqjE3lUA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 791d8c2c7db10b61-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Wed, 01 Feb 2023 22:12:10 GMT
cache-control: max-age=172800, public
content-encoding: gzip
X-Firefox-Spdy: h2

cdnjam.com/cdn/sdialog.min.css?_=4

188.114.96.1

200 OK

1.8 kB

URL HTTP/2
cdnjam.com/cdn/sdialog.min.css?_=4
IP
188.114.96.1:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (6775)
Size
1.8 kB (1769 bytes)
Hash
50d1983a5c4ab75937f9612866520a71
dbb1c37657cb3fcb94fcb03dd30f4bedaf131ee3
56fb9b018470d3d7c68832e2ff6ccaab50c63fa4470498126f4183fe87835d76

HTTP Headers

GET /cdn/sdialog.min.css?_=4 HTTP/1.1
Host: cdnjam.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mycasualhookups.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 30 Jan 2023 22:12:12 GMT
content-type: text/css
content-security-policy: block-all-mixed-content
etag: W/"1d16caacad4ad6c40a99319a5d183947"
last-modified: Mon, 22 Nov 2021 08:00:52 GMT
strict-transport-security: max-age=15724800; includeSubDomains
vary: Origin, Accept-Encoding
x-amz-request-id: 16F5E342988C7B8C
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C4X0k9en%2F8Zyl8f8819trpN97WmkrAJ8kng3gNOIuDWjvno920tqJ2Od%2BVjHVRJ4dup13W%2FCzbH0YjBsRnWFa%2BlPu%2BtdU6TzfEibXilRtlExhVuWZ7yfxLNSOHeN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 791d8c35fac9b4f4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0dd37b27-1930-4380-aa34-e533abb33eaa.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.8 kB (8755 bytes)
Hash
146cb1c622ae62d62090dcaf81709056
c9e939eea5ca410e2ac3e2c93fb9cdf51fd3a03e
d1a2caf59c5bfb3fd66c804217c60705de91e5beebd006cffab1d712a5aef85b

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0dd37b27-1930-4380-aa34-e533abb33eaa.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-length: 8755
x-amzn-requestid: 18054ad3-92df-4a07-b7d1-643293ba4a5f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fR1hDGZfoAMFsFw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d09c6c-7aae5ef32459231c25465b1b;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 03:05:17 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 5GkQA5AcFOFc2Wn5rdaX7nH5F4wfy52vtlpbI8Qlai-jQE77inKzqA==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 30 Jan 2023 10:06:07 GMT
age: 43565
etag: "c9e939eea5ca410e2ac3e2c93fb9cdf51fd3a03e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

mycasualhookups.com/sl/common/js/main.js?1675116729

104.26.13.87

200 OK

0 B

URL HTTP/2
mycasualhookups.com/sl/common/js/main.js?1675116729
IP
104.26.13.87:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /sl/common/js/main.js?1675116729 HTTP/1.1
Host: mycasualhookups.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mycasualhookups.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 30 Jan 2023 22:12:10 GMT
content-type: application/javascript
last-modified: Mon, 26 Sep 2022 15:53:06 GMT
cache-control: max-age=86400
expires: Tue, 31 Jan 2023 22:12:09 GMT
vary: Accept-Encoding
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 2
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4nRQl%2FeSct2nkYvhJPy4wuf%2BgH13mYuJrc0ic96OiqxVY%2BEXGETLuyQKAsVhh7961sMSjJvjds1GrZZcS9dIk9b%2B0Y4Tm7aemT0cPYsU1%2B4uC7mxGLYHasjTMSy4bq7BWbR5Kv8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 791d8c2769260b61-OSL
content-encoding: br
X-Firefox-Spdy: h2

mycasualhookups.com/sl/common/favicon.ico

104.26.13.87

200 OK

0 B

URL HTTP/2
mycasualhookups.com/sl/common/favicon.ico
IP
104.26.13.87:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sl/common/favicon.ico HTTP/1.1
Host: mycasualhookups.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mycasualhookups.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 30 Jan 2023 22:12:10 GMT
content-type: image/x-icon
last-modified: Mon, 26 Sep 2022 15:53:06 GMT
cache-control: max-age=31536000
expires: Thu, 28 Sep 2023 08:42:02 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 2
cf-cache-status: HIT
age: 10762208
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XaEv4eCOr1tz3j5XVgBJqBrGA0NWayUcOsw6Ksehf19LrCra8P8V9qeNW0Ye1YIlso0%2FAQ4SRB%2FMwlR%2B9ck1NyxQosr9lAMn5GZKLkXwasTPuMSQLOMsMwqn2saH98UsGN8dpY4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 791d8c2d2e450b61-OSL
content-encoding: br
X-Firefox-Spdy: h2

mycasualhookups.com/sl/html/032107/js/jquery.min.js

104.26.13.87

200 OK

0 B

URL HTTP/2
mycasualhookups.com/sl/html/032107/js/jquery.min.js
IP
104.26.13.87:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /sl/html/032107/js/jquery.min.js HTTP/1.1
Host: mycasualhookups.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mycasualhookups.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 30 Jan 2023 22:12:09 GMT
content-type: application/javascript
last-modified: Mon, 26 Sep 2022 15:53:08 GMT
cache-control: max-age=86400
expires: Tue, 31 Jan 2023 19:16:05 GMT
vary: Accept-Encoding
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 2
cf-cache-status: HIT
age: 10564
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wlAfZK%2F0NcBMiOS0H9WmJaOXlmbtu%2FQiv8fT8m2ieLlyqjPrWJBoWnka6j5vl2V7I03fYWgPk%2BXzc76FjR75tWAa%2F3E%2B2UOrHJLeJoE5k8r7S1DIh%2FfNNmF1dcftzaUuQvT9xd8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 791d8c27590f0b61-OSL
content-encoding: br
X-Firefox-Spdy: h2

mycasualhookups.com/sl/common/js/lib/additional-methods.min.js

104.26.13.87

200 OK

0 B

URL HTTP/2
mycasualhookups.com/sl/common/js/lib/additional-methods.min.js
IP
104.26.13.87:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /sl/common/js/lib/additional-methods.min.js HTTP/1.1
Host: mycasualhookups.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mycasualhookups.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 30 Jan 2023 22:12:09 GMT
content-type: application/javascript
last-modified: Mon, 26 Sep 2022 15:53:06 GMT
cache-control: max-age=86400
expires: Tue, 31 Jan 2023 08:22:31 GMT
vary: Accept-Encoding
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 2
cf-cache-status: HIT
age: 49778
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=itammrbql%2BKSx5%2BnFOBuvxAeQJ3T1HhMtJhOcJISY4ZSdX9%2BRTh0XBOrXW3kseyec884xZFlHYL%2FrUPj2iExmiagZxETpcOXw5Be6D%2F8KU5owhZN73U4MpyK82XxjNxM1r8AeA8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 791d8c27691f0b61-OSL
content-encoding: br
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Open+Sans:400,600,800

142.250.74.106

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css?family=Open+Sans:400,600,800
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css?family=Open+Sans:400,600,800 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mycasualhookups.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 30 Jan 2023 22:12:09 GMT
date: Mon, 30 Jan 2023 22:12:09 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

mycasualhookups.com/sl/html/032107/js/config.js

104.26.13.87

200 OK

0 B

URL HTTP/2
mycasualhookups.com/sl/html/032107/js/config.js
IP
104.26.13.87:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /sl/html/032107/js/config.js HTTP/1.1
Host: mycasualhookups.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mycasualhookups.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 30 Jan 2023 22:12:09 GMT
content-type: application/javascript
cache-control: max-age=86400
cf-bgj: minify
cf-polished: origSize=701
expires: Tue, 31 Jan 2023 19:16:06 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
last-modified: Tue, 27 Sep 2022 14:19:29 GMT
vary: Accept-Encoding
x-endurance-cache-level: 2
cf-cache-status: HIT
age: 10563
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VXqEHttQNaUWozGX6LMt8Qwo%2B097So2jfx1Mc8w16os%2FOQ2PSWfLT8KYP4k%2Bb6fgBoa2hH2dTgAsypwQgKu3H88NhKUGYz%2FYGFPTCXv7e03c3ANEPT%2BYu98WQ04vSovtqqY29UI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 791d8c2769220b61-OSL
content-encoding: br
X-Firefox-Spdy: h2

app.api-push.com/get-keys

172.64.163.28

200 OK

0 B

URL HTTP/2
app.api-push.com/get-keys
IP
172.64.163.28:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

POST /get-keys HTTP/1.1
Host: app.api-push.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
x-referer: https://mycasualhookups.com/sl/html/032107/n.php?cep=ko7qHSR88s-2fwzGsUiz2A0jkGi_gtbbqYsSpjp6B59zGCiCUqWA981mwjo7FK0SzNZdvLZoKdTQ5lGdR_7TWg_cu8LdDiMCRNjgeDaWGE_2upBff1zt6JV8drrXu27a8CkNstqiY43OzYxGRpi0Es7A0CPDYilRgRW2t2316cJS-vW3o7cXgmuCBcmLSMrAMPDqqMcjM-7hC00hrYw4sRD35heMUaIvKWDLpwEI1ajETCEjQuc1IkH0FvLK74POnE6prVO7elHKZR5fSyQ9UfLlPEfxqwcau09rsjWS9daUPfB2nXt2XblQ0t3Vnr6Ib1lZb9bvfIUpC9XBwSuv_qOZzIIzHciQOKaLlc3q0WeRuLeypxuYcE0HkFm49OTsCPLhLL4rUhpRNjFquhMU7m3WzGUocOQpEuBqAwc-Tms&lptoken=1692754f117085582895&external_id=36197-742938291&source=16295&sum=#p#
Content-Length: 89
Origin: https://mycasualhookups.com
Connection: keep-alive
Referer: https://mycasualhookups.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Mon, 30 Jan 2023 22:12:10 GMT
content-type: application/json; charset=utf-8
vary: Origin
access-control-allow-origin: *
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE,PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=15724800; includeSubDomains
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BrCmJqok8%2Fsf5AHedPHLmW9CX89fmc52wY6OSauJcYjDOQGuKmO%2FeE4nGvpGkdjo21ZPSecNihacui9Ws33d40dtjcPqhCSQfBb8u8%2BshKHWw3cqeUuvsOoF4Y5yGbD30rTj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 791d8c2b59f1886e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

mycasualhookups.com/sl/common/css/style.css?1675116729

104.26.13.87

200 OK

0 B

URL HTTP/2
mycasualhookups.com/sl/common/css/style.css?1675116729
IP
104.26.13.87:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /sl/common/css/style.css?1675116729 HTTP/1.1
Host: mycasualhookups.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mycasualhookups.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 30 Jan 2023 22:12:10 GMT
content-type: text/css
last-modified: Mon, 26 Sep 2022 15:53:06 GMT
cache-control: max-age=86400
expires: Tue, 31 Jan 2023 22:12:09 GMT
vary: Accept-Encoding
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 2
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WR%2Fp3%2F0P9uyyKYbq996q5KtOFLLWWuxVynq3JZoKjJ6l9iubHZddgy%2FLKwsyMXvfm1Q8vFoajd0YgrbRXMq9dqtUtGr%2B3OVLRValVdPjBfoRbB4n65RDiPfOWzuFOpo5aA8fgTI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 791d8c2769140b61-OSL
content-encoding: br
X-Firefox-Spdy: h2

winandlove.com/Mtnb3wf8?aid=bgzzbzgkdk&kid=dghhfxfxgbx&clickid=w4lvqf1g43mhke9m258f4u08

104.21.76.186

302 Found

0 B

URL HTTP/2
winandlove.com/Mtnb3wf8?aid=bgzzbzgkdk&kid=dghhfxfxgbx&clickid=w4lvqf1g43mhke9m258f4u08
IP
104.21.76.186:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /Mtnb3wf8?aid=bgzzbzgkdk&kid=dghhfxfxgbx&clickid=w4lvqf1g43mhke9m258f4u08 HTTP/1.1
Host: winandlove.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://orest-vlv.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
date: Mon, 30 Jan 2023 22:12:06 GMT
content-type: text/html; charset=UTF-8
location: https://hotloveland.com/btB7xg2S?aid=bbzkkpgabx&kid=ggb&clickid=s8hnpa7n25o&sub1=38577&sub2=156696&sub3=frd
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
set-cookie: _subid=s8hnpa7n25o;Expires=Thursday, 02-Mar-2023 22:12:06 GMT;Max-Age=2678400;Path=/
b0608=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjQwODI5NFwiOjE2NzUxMTY3MjYsXCIzMFwiOjE2NzUxMTY3MjZ9LFwiY2FtcGFpZ25zXCI6e1wiMTU2Njk2XCI6MTY3NTExNjcyNixcIjFcIjoxNjc1MTE2NzI2fSxcInRpbWVcIjoxNjc1MTE2NzI2fSJ9.aWyeBUM1g3QaBYrvrgo8S46cFYEijFFMMGDiVd2vMJU;Expires=Sunday, 01-Mar-2076 20:24:12 GMT;Max-Age=1675203126;Path=/
_token=uuid_s8hnpa7n25o_s8hnpa7n25o63d840b67c7f47.89677424;Expires=Thursday, 02-Mar-2023 22:12:06 GMT;Max-Age=2678400;Path=/
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MZ3%2BiZU9YPTemDHdY%2Bjo%2F1KJPWdG1vOfUT0xk%2Bo%2FMsxVfEQob7WyshdxSSQqiVvPYZ85DHfNLJYJqdzJDtFOQtST5xAmVyD9j1tnvrCWe0h%2F8TYkh6BG2RwQu8%2Fzt9wayw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 791d8c140d1f0afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

mycasualhookups.com/sl/html/032107/n.php?cep=ko7qHSR88s-2fwzGsUiz2A0jkGi_gtbbqYsSpjp6B59zGCiCUqWA981mwjo7FK0SzNZdvLZoKdTQ5lGdR_7TWg_cu8LdDiMCRNjgeDaWGE_2upBff1zt6JV8drrXu27a8CkNstqiY43OzYxGRpi0Es7A0CPDYilRgRW2t2316cJS-vW3o7cXgmuCBcmLSMrAMPDqqMcjM-7hC00hrYw4sRD35heMUaIvKWDLpwEI1ajETCEjQuc1IkH0FvLK74POnE6prVO7elHKZR5fSyQ9UfLlPEfxqwcau09rsjWS9daUPfB2nXt2XblQ0t3Vnr6Ib1lZb9bvfIUpC9XBwSuv_qOZzIIzHciQOKaLlc3q0WeRuLeypxuYcE0HkFm49OTsCPLhLL4rUhpRNjFquhMU7m3WzGUocOQpEuBqAwc-Tms&lptoken=1692754f117085582895&external_id=36197-742938291&source=16295&sum=

104.26.13.87

200 OK

0 B

URL HTTP/2
mycasualhookups.com/sl/html/032107/n.php?cep=ko7qHSR88s-2fwzGsUiz2A0jkGi_gtbbqYsSpjp6B59zGCiCUqWA981mwjo7FK0SzNZdvLZoKdTQ5lGdR_7TWg_cu8LdDiMCRNjgeDaWGE_2upBff1zt6JV8drrXu27a8CkNstqiY43OzYxGRpi0Es7A0CPDYilRgRW2t2316cJS-vW3o7cXgmuCBcmLSMrAMPDqqMcjM-7hC00hrYw4sRD35heMUaIvKWDLpwEI1ajETCEjQuc1IkH0FvLK74POnE6prVO7elHKZR5fSyQ9UfLlPEfxqwcau09rsjWS9daUPfB2nXt2XblQ0t3Vnr6Ib1lZb9bvfIUpC9XBwSuv_qOZzIIzHciQOKaLlc3q0WeRuLeypxuYcE0HkFm49OTsCPLhLL4rUhpRNjFquhMU7m3WzGUocOQpEuBqAwc-Tms&lptoken=1692754f117085582895&external_id=36197-742938291&source=16295&sum=
IP
104.26.13.87:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sl/html/032107/n.php?cep=ko7qHSR88s-2fwzGsUiz2A0jkGi_gtbbqYsSpjp6B59zGCiCUqWA981mwjo7FK0SzNZdvLZoKdTQ5lGdR_7TWg_cu8LdDiMCRNjgeDaWGE_2upBff1zt6JV8drrXu27a8CkNstqiY43OzYxGRpi0Es7A0CPDYilRgRW2t2316cJS-vW3o7cXgmuCBcmLSMrAMPDqqMcjM-7hC00hrYw4sRD35heMUaIvKWDLpwEI1ajETCEjQuc1IkH0FvLK74POnE6prVO7elHKZR5fSyQ9UfLlPEfxqwcau09rsjWS9daUPfB2nXt2XblQ0t3Vnr6Ib1lZb9bvfIUpC9XBwSuv_qOZzIIzHciQOKaLlc3q0WeRuLeypxuYcE0HkFm49OTsCPLhLL4rUhpRNjFquhMU7m3WzGUocOQpEuBqAwc-Tms&lptoken=1692754f117085582895&external_id=36197-742938291&source=16295&sum= HTTP/1.1
Host: mycasualhookups.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://orest-vlv.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 30 Jan 2023 22:12:09 GMT
content-type: text/html; charset=UTF-8
cache-control: max-age=300
expires: Mon, 30 Jan 2023 22:17:09 GMT
vary: Accept-Encoding
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 2
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kkBVC6wx4xE5CXS7kvJvpNTf9YGBpXP3PQa4bkQvMjyXq%2FfkooOGek%2BZsvk3eZ%2F1QeFKFvvFo%2FyA2zTy44vZp3fwEUlM0zB9m%2BNAXuFQS11diMYu5O9h6QuvlYUmY7%2B%2Fnw%2FXZc4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 791d8c23bd5c0b61-OSL
content-encoding: br
X-Firefox-Spdy: h2

mycasualhookups.com/sl/html/032107/js/main.js

104.26.13.87

404 Not Found

0 B

URL HTTP/2
mycasualhookups.com/sl/html/032107/js/main.js
IP
104.26.13.87:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /sl/html/032107/js/main.js HTTP/1.1
Host: mycasualhookups.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mycasualhookups.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
date: Mon, 30 Jan 2023 22:12:10 GMT
content-type: text/html; charset=iso-8859-1
cache-control: max-age=7200
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cIlzzaY5vrYjMj0hbn7STjBM4rekaxoP4%2BrdKEl5jxsWz1E4P2bM6X0ZQKGkLkbwggI6IgUuGR0%2BoWb4ZrRMTDCboQHuDlZXQnFexqh6rv8KmXYbvRKz4hnW9163wxJXIsg1KeY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 791d8c2759100b61-OSL
content-encoding: br
X-Firefox-Spdy: h2

mycasualhookups.com/sl/common/privacy-policy.html

104.26.13.87

200 OK

0 B

URL HTTP/2
mycasualhookups.com/sl/common/privacy-policy.html
IP
104.26.13.87:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /sl/common/privacy-policy.html HTTP/1.1
Host: mycasualhookups.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mycasualhookups.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 30 Jan 2023 22:12:10 GMT
content-type: text/html
last-modified: Mon, 26 Sep 2022 15:53:06 GMT
cache-control: max-age=300
expires: Mon, 30 Jan 2023 22:17:10 GMT
vary: Accept-Encoding
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 2
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XW%2BFUrnuDgaFi1O9%2BzONNkqEB%2BYyyjFut72fhBqfcruABU5N%2FsPG%2BFC7%2BbURnKhMR4CymT48mcjKr7ldiVRUcLtGi%2BAnYg3eJ5wKzlpWoMJgzxLIiPSQCnFSLap8L17GPJaxPxM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 791d8c2b2c750b61-OSL
content-encoding: br
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (17)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML