Report - zebra.wthelpdesk.com/4ydOw54o-/Q.htm

Report Overview

Submitted URL
zebra.wthelpdesk.com/4ydOw54o-/Q.htm
IP
37.48.65.151
ASN
#60781 LeaseWeb Netherlands B.V.
Submitted
2023-03-13 08:06:28
Access
public
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
2
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-25T05:09:25Z	333 B	391 B	34.117.237.239
cynes-gwf.com	unknown	2023-02-24T08:43:03Z	2023-03-23T05:19:49Z	1.6 kB	4.4 kB	54.237.193.255
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-24T16:33:49Z	3.2 kB	51 kB	34.120.237.76
ocsp2.globalsign.com	1544	2012-05-23T20:10:04Z	2023-03-25T05:10:23Z	357 B	1.9 kB	104.18.20.226
www.40-dating.no	unknown	2022-05-24T09:09:28Z	2023-03-25T12:58:44Z	11 kB	405 kB	104.17.166.216
app.40sdating.com	unknown	2022-04-11T12:31:04Z	2023-03-25T12:58:45Z	678 B	837 B	104.17.166.216
zebra.wthelpdesk.com	unknown	2016-11-25T10:28:11Z	2023-03-15T03:58:48Z	1.5 kB	1.6 kB	37.48.65.151
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-25T05:09:02Z	2.7 kB	7.1 kB	23.36.76.226
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-24T18:14:23Z	782 B	2.4 kB	35.241.9.150
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-24T18:20:20Z	413 B	5.9 kB	34.160.144.191
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-24T18:17:07Z	606 B	127 B	44.238.223.58
cartining-specute.com	unknown	2021-02-01T00:37:43Z	2023-03-25T07:04:24Z	759 B	681 B	18.197.36.77
inspxtrc.com	371542	2013-10-11T17:25:46Z	2023-03-25T05:42:09Z	568 B	1.3 kB	34.240.89.109

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-03-13 08:06:16	high	Client IP	Internal IP	ETPRO MALWARE APT10 Redleaves/PlugX/ChChes DNS Lookup (zebra.wthelpdesk .com)
2023-03-13 08:06:16	high	Client IP	Internal IP	ETPRO MALWARE APT10 Redleaves/PlugX/ChChes DNS Lookup (zebra.wthelpdesk .com)

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-03-13	medium	zebra.wthelpdesk.com/4ydOw54o-/Q.htm	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (8)

	URL	Size	First Seen	Last Seen
	zebra.wthelpdesk.com/4ydOw54o-/Q.htm	392 B	2023-03-26	2023-03-26
Pretty URL zebra.wthelpdesk.com/4ydOw54o-/Q.htm IP 37.48.65.151 ASN #60781 LeaseWeb Netherlands B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 04:56:21 Last Seen2023-03-26 04:56:21 Times Seen1 Hash fea0ded94cb273290894347845e4c8c3 b949952ac84746f03efebdc903d649a464afd399 18a4301b224a8679d2dbc678e139a40f7f998d63062b16e87ad913d63a750a4e Loading...

	cynes-gwf.com/zcvisitor/ee5f22a3-c175-11ed-af10-12b5ddd17dc9/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=0ae13540-5f05-11ed-9380-0a918cbcbb97	849 B	2023-03-26	2023-03-26
Pretty URL cynes-gwf.com/zcvisitor/ee5f22a3-c175-11ed-af10-12b5ddd17dc9/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=0ae13540-5f05-11ed-9380-0a918cbcbb97 IP 54.237.193.255 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 04:56:21 Last Seen2023-03-26 04:56:21 Times Seen1 Hash f2e6296bb0d342951dfcd831d90a0a80 d8da1c8db39892a8d204c09f39b77edbb2248faa d7a75cd38878aa8cf49e53039f8ff32f302fd1e9572abc455926ee034f3b76b1 Loading...

	cynes-gwf.com/zcredirect?visitid=ee5f22a3-c175-11ed-af10-12b5ddd17dc9&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false	346 B	2023-03-26	2023-03-26
Pretty URL cynes-gwf.com/zcredirect?visitid=ee5f22a3-c175-11ed-af10-12b5ddd17dc9&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false IP 54.237.193.255 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 04:56:22 Last Seen2023-03-26 04:56:22 Times Seen1 Hash 0b98ca8ec8acabf3c9529f6f44c551c0 15a4b3a293bcf048d83289ca6e2fdf9d862c6f6d 884dd6a725c94ad0033c3a1173ccb955e685ea02dbb11bd5a6e6274f9d75284a Loading...

	www.40-dating.no/dlpm/aff-40d-no-0722-pinboard-couples-1.html?CID=08NOb_284_227189_1&linkid=12209__wi3084kf3eci0g8niadv19ag&accid=12209&subid1=&subid2=wi3084kf3eci0g8niadv19ag&visid=1768852707	1.8 kB	2023-03-26	2023-03-26
Pretty URL www.40-dating.no/dlpm/aff-40d-no-0722-pinboard-couples-1.html?CID=08NOb_284_227189_1&linkid=12209__wi3084kf3eci0g8niadv19ag&accid=12209&subid1=&subid2=wi3084kf3eci0g8niadv19ag&visid=1768852707 IP 104.17.166.216 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 04:56:22 Last Seen2023-03-26 04:56:22 Times Seen1 Hash cc5c2932c21c0c129148b4707f014664 88788d2b2215bc04118ed84a3f05e5116fc5badb cfc454960604f1cf88af35a06902f3563bce5938731b4646578f0962c63080b3 Loading...

	www.40-dating.no/oms/storage/nodes/ZDQwX19uYl9fMjIxOTMx/2044923bc02fd2633ddd1df32503709f.js	23 kB	2023-03-26	2023-03-26
Pretty URL www.40-dating.no/oms/storage/nodes/ZDQwX19uYl9fMjIxOTMx/2044923bc02fd2633ddd1df32503709f.js IP 104.17.166.216 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 04:56:22 Last Seen2023-03-26 04:56:22 Times Seen1 Hash 1c2d97173cd1645728c6e7d9a49f0686 7ad4ac96a8e3dd99eb83cd7dd4a759b0a8aec9b0 a8b3734693b8495fcec5e7691bfee705c8595f47aaa5caaf907e7425e344b7b4 Loading...

	www.40-dating.no/oms/storage/nodes/ZDQwX19uYl9fMjIxOTMx/449d4e125d05433c17a2e33d7bd82143.js	182 kB	2023-03-25	2023-03-26
Pretty URL www.40-dating.no/oms/storage/nodes/ZDQwX19uYl9fMjIxOTMx/449d4e125d05433c17a2e33d7bd82143.js IP 104.17.166.216 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-25 23:31:41 Last Seen2023-03-26 12:50:06 Times Seen5 Hash 4236d305be706cf6e36d59590094d17c c331887bcbdaf570460b4a958ae90eddb1f3c4eb 2202f1d00a585ad3da4ac7c955627f1a12467eed3f34204a71c59d01dbc8e5ee Loading...

	http:blank	876 B	2023-03-26	2023-03-26
Pretty URL http:blank IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 04:56:22 Last Seen2023-03-26 04:56:22 Times Seen1 Hash 7719b4df4f690979b02d736fb8783792 5615b0d332b47e8641eb180bd0307bee4d708cd3 773aae65a077c7aba6b21b9b6d127a107d5f51011dcd5a325afbae78f1203e55 Loading...

	www.40-dating.no/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1678694400	26 kB	2023-03-26	2023-03-26
Pretty URL www.40-dating.no/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1678694400 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 04:56:22 Last Seen2023-03-26 04:56:22 Times Seen1 Hash 70b9d510558f6ecdb1e916eeb49da601 179768a81558f632a32b94f931a451c368f613c7 73174add23b48919f462ec9c9cb967c185aa51d95dedd104959fb95c458eb94c Loading...

HTTP Transactions (43)

URL IP Response Size

zebra.wthelpdesk.com/4ydOw54o-/Q.htm

37.48.65.151

200 OK

496 B

URL HTTP/1.1
zebra.wthelpdesk.com/4ydOw54o-/Q.htm
IP
37.48.65.151:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (496), with no line terminators
Size
496 B (496 bytes)
Hash
03b3cedccdbf57c788f9ef01a9b1c727
64a74e7672005a9194e28f0d49e044c61f2e23c6
dee4679c6ba6ba8dfef1cddafc25163060e29bb376814818e2ba3ec0d89c1d5b

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /4ydOw54o-/Q.htm HTTP/1.1
Host: zebra.wthelpdesk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 496
content-type: text/html; charset=utf-8
date: Mon, 13 Mar 2023 08:06:16 GMT
server: nginx
set-cookie: sid=ee2558ea-c175-11ed-bf70-eb96527ec56c; path=/; domain=.wthelpdesk.com; expires=Sat, 31 Mar 2091 11:20:23 GMT; max-age=2147483647; HttpOnly

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
234b80a5a27f3d377e322e680413479d
3da8ba535ec19898f5b83ece48cd4038ac2bf557
370104df5dd8f739601a4be42ae41bb92f365dcf585823a3c14733f7c394e926

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "370104DF5DD8F739601A4BE42AE41BB92F365DCF585823A3C14733F7C394E926"
Last-Modified: Sun, 12 Mar 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7642
Expires: Mon, 13 Mar 2023 10:13:39 GMT
Date: Mon, 13 Mar 2023 08:06:17 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
405abd45d42535567c1ecb518f4bdb04
0505c27fe2921bfa89657173fb77ca7280f04772
bdef4e5edfe0bf3fefb4dc5625e41f3faeb23a0afd24c4e6255f40f757568c35

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BDEF4E5EDFE0BF3FEFB4DC5625E41F3FAEB23A0AFD24C4E6255F40F757568C35"
Last-Modified: Sun, 12 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13052
Expires: Mon, 13 Mar 2023 11:43:49 GMT
Date: Mon, 13 Mar 2023 08:06:17 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
7f03faaba3392caae6dae54467bfdf6d
57ea1f14e8bfbcca8190c706d708c9fda12442c1
02ac551ba61fcbc6b04f244df065948b181a8a258db5c2e197aae66fdfcea8ee

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Backoff, Retry-After, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 13 Mar 2023 07:09:19 GMT
content-type: application/json
age: 3418
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ae4d7bec26e013433e638f87260aa632
62384e39bc90d0b2ab92895220f0383e678669f4
b704031d560770485c9552dcf56b911b7b5ad45d8a3f73acd17dbbbeeff294f4

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B704031D560770485C9552DCF56B911B7B5AD45D8A3F73ACD17DBBBEEFF294F4"
Last-Modified: Sun, 12 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9277
Expires: Mon, 13 Mar 2023 10:40:54 GMT
Date: Mon, 13 Mar 2023 08:06:17 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
b5ba6334e73496995e3e3a9ecd0eb323
ad80d3b7718c28364e8c2004fb38a13a1747e462
aa5abb52515c6383c014aadb63a86c9f798ad64de53c0218616c1fc6d424d2e2

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: 0qF3Kny11SqmIkBkQwYJvZOL4ejAukW9kWy+vtKcuou/rJd6WIKLDMawpPsAs1DrVLEO61+D5kFR7t7nWRCIfQ==
x-amz-request-id: WG0VR09JD4ZP5HW7
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 13 Mar 2023 07:46:17 GMT
age: 1200
last-modified: Sat, 18 Feb 2023 20:28:27 GMT
etag: "b5ba6334e73496995e3e3a9ecd0eb323"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 13 Mar 2023 08:06:17 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

zebra.wthelpdesk.com/favicon.ico

37.48.65.151

404 Not Found

9 B

URL HTTP/1.1
zebra.wthelpdesk.com/favicon.ico
IP
37.48.65.151:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
ASCII text, with no line terminators
Size
9 B (9 bytes)
Hash
d8f4a1993546cc4b850cde3599e27aec
094b763b4cfcc0b05e5d040581cd513c3ca08067
907ba78b4545338d3539683e63ecb51cf51c10adc9dabd86e92bd52339f298b9

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: zebra.wthelpdesk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://zebra.wthelpdesk.com/4ydOw54o-/Q.htm
Cookie: sid=ee2558ea-c175-11ed-bf70-eb96527ec56c

HTTP/1.1 404 Not Found
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 9
date: Mon, 13 Mar 2023 08:06:16 GMT
server: nginx

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, ETag, Backoff, Expires, Alert, Pragma, Cache-Control, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 13 Mar 2023 07:06:47 GMT
age: 3570
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
db27ecc2f481e8871b2e99584e751660
e671ecb839d53e296f4ec303208ddb713c72aecc
5c910268b5c4f0244540c5570056673f8cbe4a0979f301363cb56dc359c147df

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5C910268B5C4F0244540C5570056673F8CBE4A0979F301363CB56DC359C147DF"
Last-Modified: Sun, 12 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10433
Expires: Mon, 13 Mar 2023 11:00:10 GMT
Date: Mon, 13 Mar 2023 08:06:17 GMT
Connection: keep-alive

push.services.mozilla.com/

44.238.223.58

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
44.238.223.58:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: a9GTF0nunFXXEkfcL7ScXA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 8RVPRlMefn/cce/gpeH+QTQ6zpk=

zebra.wthelpdesk.com/4ydOw54o-/Q.htm?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY3ODcwMTk3NiwiaWF0IjoxNjc4Njk0Nzc2LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydDV1bzBiOGZkNGU5bTJwbmsxa2hoY2IiLCJuYmYiOjE2Nzg2OTQ3NzYsInRzIjoxNjc4Njk0Nzc2OTE3NTc4fQ.h5xaTP9vLIJ8SN63uTrLdmxBifQzFjHzjHQrX3lCWKk&sid=ee2558ea-c175-11ed-bf70-eb96527ec56c

37.48.65.151

302 Found

11 B

URL HTTP/1.1
zebra.wthelpdesk.com/4ydOw54o-/Q.htm?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY3ODcwMTk3NiwiaWF0IjoxNjc4Njk0Nzc2LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydDV1bzBiOGZkNGU5bTJwbmsxa2hoY2IiLCJuYmYiOjE2Nzg2OTQ3NzYsInRzIjoxNjc4Njk0Nzc2OTE3NTc4fQ.h5xaTP9vLIJ8SN63uTrLdmxBifQzFjHzjHQrX3lCWKk&sid=ee2558ea-c175-11ed-bf70-eb96527ec56c
IP
37.48.65.151:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
ASCII text, with no line terminators
Size
11 B (11 bytes)
Hash
32682312d17c7cbf18e73594f5570319
60e22121bdd0bc71cdb2bae2a3aa577006b2eae9
e55fb1a1d731153e943b68844af12dcce8bfac917c98ffdea64c80da0607dd47

HTTP Headers

GET /4ydOw54o-/Q.htm?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY3ODcwMTk3NiwiaWF0IjoxNjc4Njk0Nzc2LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydDV1bzBiOGZkNGU5bTJwbmsxa2hoY2IiLCJuYmYiOjE2Nzg2OTQ3NzYsInRzIjoxNjc4Njk0Nzc2OTE3NTc4fQ.h5xaTP9vLIJ8SN63uTrLdmxBifQzFjHzjHQrX3lCWKk&sid=ee2558ea-c175-11ed-bf70-eb96527ec56c HTTP/1.1
Host: zebra.wthelpdesk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://zebra.wthelpdesk.com/4ydOw54o-/Q.htm
Cookie: sid=ee2558ea-c175-11ed-bf70-eb96527ec56c
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 Found
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 11
date: Mon, 13 Mar 2023 08:06:17 GMT
location: http://cynes-gwf.com/zcvisitor/ee5f22a3-c175-11ed-af10-12b5ddd17dc9/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=0ae13540-5f05-11ed-9380-0a918cbcbb97
server: nginx
set-cookie: sid=ee2558ea-c175-11ed-bf70-eb96527ec56c; path=/; domain=.wthelpdesk.com; expires=Sat, 31 Mar 2091 11:20:25 GMT; max-age=2147483647; HttpOnly

cynes-gwf.com/zcvisitor/ee5f22a3-c175-11ed-af10-12b5ddd17dc9/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=0ae13540-5f05-11ed-9380-0a918cbcbb97

54.237.193.255

200

1.1 kB

URL HTTP/1.1
cynes-gwf.com/zcvisitor/ee5f22a3-c175-11ed-af10-12b5ddd17dc9/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=0ae13540-5f05-11ed-9380-0a918cbcbb97
IP
54.237.193.255:0
ASN
#14618 AMAZON-AES

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
1.1 kB (1098 bytes)
Hash
b54cd9e7f464075c523ad383f1c6000d
f68827a0a2409cf05dd5a67463ce0d9c6bfd1c9b
178b2e4d1ce9dc9a7e08e80b8ddeea9641511f69b1fad05e0ed374bc046d8b92

HTTP Headers

GET /zcvisitor/ee5f22a3-c175-11ed-af10-12b5ddd17dc9/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=0ae13540-5f05-11ed-9380-0a918cbcbb97 HTTP/1.1
Host: cynes-gwf.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://zebra.wthelpdesk.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 
Date: Mon, 13 Mar 2023 08:06:18 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Server: guExrQoO

cynes-gwf.com/zcredirect?visitid=ee5f22a3-c175-11ed-af10-12b5ddd17dc9&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false

54.237.193.255

200

822 B

URL HTTP/1.1
cynes-gwf.com/zcredirect?visitid=ee5f22a3-c175-11ed-af10-12b5ddd17dc9&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false
IP
54.237.193.255:0
ASN
#14618 AMAZON-AES

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (368)
Size
822 B (822 bytes)
Hash
459ba7dde2469a6952837ce0ccc6e72a
1ca3caa5611ccdf3a8416b99648e43691616aa79
7bbfd25c3510413be1dae9583c2580bb4866a32290e3aa8732b4d966073f7cee

HTTP Headers

GET /zcredirect?visitid=ee5f22a3-c175-11ed-af10-12b5ddd17dc9&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false HTTP/1.1
Host: cynes-gwf.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cynes-gwf.com/zcvisitor/ee5f22a3-c175-11ed-af10-12b5ddd17dc9/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=0ae13540-5f05-11ed-9380-0a918cbcbb97
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 
Date: Mon, 13 Mar 2023 08:06:18 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
redirected: JS
Server: TUhzVJWb

cynes-gwf.com/favicon.ico

54.237.193.255

404

653 B

URL HTTP/1.1
cynes-gwf.com/favicon.ico
IP
54.237.193.255:0
ASN
#14618 AMAZON-AES

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (649), with no line terminators
Size
653 B (653 bytes)
Hash
ba2732b1b2fa2626ffaa15f62f9e7d66
203d4e7fbb1d80449d6e4e1f3ae7a9bf8625debe
879861cb72fe9fbb476dab246021c4c83b4066327de2529e05ec54d3afb0a1c8

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: cynes-gwf.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cynes-gwf.com/zcredirect?visitid=ee5f22a3-c175-11ed-af10-12b5ddd17dc9&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false

HTTP/1.1 404 
Date: Mon, 13 Mar 2023 08:06:18 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 653
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Content-Language: en
Server: VfkonvKW

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
2573307db8caef0a070ba3ebd4f61e2e
28e8cb63280e9b5e4184017cb22aa5f197007450
87e4699d8ded9c722f137c21826dfe419beb8675f226b91081342c90838cb818

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87E4699D8DED9C722F137C21826DFE419BEB8675F226B91081342C90838CB818"
Last-Modified: Sat, 11 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9268
Expires: Mon, 13 Mar 2023 10:40:47 GMT
Date: Mon, 13 Mar 2023 08:06:19 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
2573307db8caef0a070ba3ebd4f61e2e
28e8cb63280e9b5e4184017cb22aa5f197007450
87e4699d8ded9c722f137c21826dfe419beb8675f226b91081342c90838cb818

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87E4699D8DED9C722F137C21826DFE419BEB8675F226B91081342C90838CB818"
Last-Modified: Sat, 11 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9268
Expires: Mon, 13 Mar 2023 10:40:47 GMT
Date: Mon, 13 Mar 2023 08:06:19 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
2573307db8caef0a070ba3ebd4f61e2e
28e8cb63280e9b5e4184017cb22aa5f197007450
87e4699d8ded9c722f137c21826dfe419beb8675f226b91081342c90838cb818

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87E4699D8DED9C722F137C21826DFE419BEB8675F226B91081342C90838CB818"
Last-Modified: Sat, 11 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9268
Expires: Mon, 13 Mar 2023 10:40:47 GMT
Date: Mon, 13 Mar 2023 08:06:19 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
2573307db8caef0a070ba3ebd4f61e2e
28e8cb63280e9b5e4184017cb22aa5f197007450
87e4699d8ded9c722f137c21826dfe419beb8675f226b91081342c90838cb818

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87E4699D8DED9C722F137C21826DFE419BEB8675F226B91081342C90838CB818"
Last-Modified: Sat, 11 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9268
Expires: Mon, 13 Mar 2023 10:40:47 GMT
Date: Mon, 13 Mar 2023 08:06:19 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F02306d2b-eeaa-457b-818c-f89161dee633.jpeg

34.120.237.76

200 OK

4.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F02306d2b-eeaa-457b-818c-f89161dee633.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.6 kB (4592 bytes)
Hash
c020f73e193d39695b2a327b7f823044
293ecfa11699509057daa07b3c103ae57dfc600b
47d1130ec2fc517545f18557e61b4a78a45b9303dfcb9f4db8683da8160205d9

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F02306d2b-eeaa-457b-818c-f89161dee633.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4592
x-amzn-requestid: 3925b113-7d29-4400-bbab-b64767943c34
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Br_jDEi9IAMF4SA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640e4613-2bbddae45dbbbe8f6a62f300;Sampled=0
x-amzn-remapped-date: Sun, 12 Mar 2023 21:37:23 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: gbtUv0bNfiCz-HwX-L5HGitjTWaezaRQwiukewdVA25WzSEYrpxYqA==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 001e7070d795018d01b93988b9723742.cloudfront.net (CloudFront), 1.1 google
date: Sun, 12 Mar 2023 21:55:43 GMT
age: 36636
etag: "293ecfa11699509057daa07b3c103ae57dfc600b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2bf0ac20-16ad-460d-8fcb-a873994d420a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.9 kB (5853 bytes)
Hash
bbfef97312a1bc4792615717a63a48ba
1008882db3829f830b0f58c9c5b09792e844a31b
2b096364b450b4845252b7a22a9f9aadadf220e7a6a4134558647d308529d2a1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2bf0ac20-16ad-460d-8fcb-a873994d420a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5853
x-amzn-requestid: c8b1593f-4bd9-452d-a904-87b58194d599
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Br_WlHEwoAMFyqw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640e45c3-461a986e5a5544cf574899e4;Sampled=0
x-amzn-remapped-date: Sun, 12 Mar 2023 21:36:03 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: C6xTwOtJHWOoB4SIZ7qDzhmjdyRpZtrJEQ4iSWw5SHWVIKSxfirSCw==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Sun, 12 Mar 2023 21:57:44 GMT
age: 36515
etag: "1008882db3829f830b0f58c9c5b09792e844a31b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F87df4bcd-c6cd-4a0c-a9f5-dffb7f36d2e4.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.5 kB (8487 bytes)
Hash
be71491cee9b47dc3ffb23b4fdff25b3
79c7d22c8df6d305f46c5779ccb9f25169d4d111
e785896e5840fb901ddd0118bef3ccad6b59a96d8eef0e8ccd9c95a3c261ba45

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F87df4bcd-c6cd-4a0c-a9f5-dffb7f36d2e4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8487
x-amzn-requestid: 92381f1a-0140-47e9-a971-594a7de36c3c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BkEcBGizoAMFgOA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640b1ab3-1a54b65a5d7083e62dcb85ab;Sampled=0
x-amzn-remapped-date: Fri, 10 Mar 2023 11:55:31 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: Nn4eV-UeuWZ02ANOxzTUSgE4UODtaZxeIjp8UJfU8PgUny2shFaDjQ==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 74ab105148338444981d1b2277ffd9c4.cloudfront.net (CloudFront), 1.1 google
date: Sun, 12 Mar 2023 21:42:57 GMT
age: 37402
etag: "79c7d22c8df6d305f46c5779ccb9f25169d4d111"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8a23db98-37c4-4464-877f-84e567d782c0.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.3 kB (9252 bytes)
Hash
2a786f27e9ef9e709e65be146e2642cd
ddba0c9cf7e27eab796068b3da048d0815c83c76
aed13ee830dc1940673a820e40dfa9948a97c57e0fcbacae6280937fa6f15f25

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8a23db98-37c4-4464-877f-84e567d782c0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9252
x-amzn-requestid: fd61a972-3530-4c86-8ce5-8c2beb9a02fc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Br_WaGIRIAMFzDA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640e45c2-68cce2b50e5b88cb2b6c5494;Sampled=0
x-amzn-remapped-date: Sun, 12 Mar 2023 21:36:02 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 7E0kX0a54vl3ynwkAob1VIAt5L0hQnBMBAWRlY8L5VlMVm-fASS1Tw==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Sun, 12 Mar 2023 21:57:32 GMT
age: 36527
etag: "ddba0c9cf7e27eab796068b3da048d0815c83c76"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F041d108b-a02d-463a-b8bc-16a820bcaec7.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.3 kB (6311 bytes)
Hash
5f530c45a5cd68b455ef2198ed86ad3f
eb4e56764e88672f9efd7a15ffe16b50e26a0248
cc594af89a6db9aafed4451e84c68d47e4f602ca53eef170d94889aabdbd03ed

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F041d108b-a02d-463a-b8bc-16a820bcaec7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6311
x-amzn-requestid: 2b7244ec-0beb-4755-a295-5c925d4e5e78
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Br_kfG8xIAMF5pw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640e461c-6ed1bdff68e8988a141e86d9;Sampled=0
x-amzn-remapped-date: Sun, 12 Mar 2023 21:37:32 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: bC0qKmaWkNBo6MQN9tmsMSBLFaog0JowDxyASwb0v3QHSocitnbVhw==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 989017835f43d594873bde5a7ee7fe5e.cloudfront.net (CloudFront), 1.1 google
date: Sun, 12 Mar 2023 21:55:43 GMT
age: 36636
etag: "eb4e56764e88672f9efd7a15ffe16b50e26a0248"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F08428b5a-994c-4f3f-b311-ee36987a7d0a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10186 bytes)
Hash
fde9c0f2bc62f215ced01cc6b28daba1
aa4240202d28c4367e5f87eca3021f17e9cc3fcc
7bfa4962c7218e0026bdfe00ac86b24b85073a50f84a92e7d83df3ae2cbdc548

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F08428b5a-994c-4f3f-b311-ee36987a7d0a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10186
x-amzn-requestid: 3da51dbd-ac7e-46e0-9a6f-7501e5b37e90
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Br_VoFN0oAMF9rA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640e45bd-4ad6474110a577f96c485465;Sampled=0
x-amzn-remapped-date: Sun, 12 Mar 2023 21:35:57 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: TalNp1x1HyTF18a4kOJKkQ_3vbBvZD_JNNGvQczEXyOKaK6Lib7yxg==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 91356d2137f5a7345e93da4516c49ec4.cloudfront.net (CloudFront), 1.1 google
date: Sun, 12 Mar 2023 22:07:02 GMT
etag: "aa4240202d28c4367e5f87eca3021f17e9cc3fcc"
content-type: image/jpeg
age: 35957
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

cartining-specute.com/zp-redirect?target=https%3A%2F%2Finspxtrc.com%2F%3Fa%3D12209%26c%3D39658%26s2%3Dwi3084kf3eci0g8niadv19ag%26s3%3D719fbd40-273d-47b8-882f-683d1074b172wi3084kf3eci0g8niadv19ag&caid=091e92cc-6b33-4257-b441-21c89c9e6ad6&zpid=ee5f22a3-c175-11ed-af10-12b5ddd17dc9&cid=wi3084kf3eci0g8niadv19ag&rt=R

18.197.36.77

302 Found

0 B

URL HTTP/2
cartining-specute.com/zp-redirect?target=https%3A%2F%2Finspxtrc.com%2F%3Fa%3D12209%26c%3D39658%26s2%3Dwi3084kf3eci0g8niadv19ag%26s3%3D719fbd40-273d-47b8-882f-683d1074b172wi3084kf3eci0g8niadv19ag&caid=091e92cc-6b33-4257-b441-21c89c9e6ad6&zpid=ee5f22a3-c175-11ed-af10-12b5ddd17dc9&cid=wi3084kf3eci0g8niadv19ag&rt=R
IP
18.197.36.77:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /zp-redirect?target=https%3A%2F%2Finspxtrc.com%2F%3Fa%3D12209%26c%3D39658%26s2%3Dwi3084kf3eci0g8niadv19ag%26s3%3D719fbd40-273d-47b8-882f-683d1074b172wi3084kf3eci0g8niadv19ag&caid=091e92cc-6b33-4257-b441-21c89c9e6ad6&zpid=ee5f22a3-c175-11ed-af10-12b5ddd17dc9&cid=wi3084kf3eci0g8niadv19ag&rt=R HTTP/1.1
Host: cartining-specute.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cynes-gwf.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
server: nginx
date: Mon, 13 Mar 2023 08:06:19 GMT
content-length: 0
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://inspxtrc.com/?a=12209&c=39658&s2=wi3084kf3eci0g8niadv19ag&s3=719fbd40-273d-47b8-882f-683d1074b172wi3084kf3eci0g8niadv19ag
pragma: no-cache
set-cookie: cc-v4=71Ev9QRs4F%2BufRbDnEnYikev%2BFcTnnZpGI%2B%2FDMxNqld5tOerX00i3hZA5gYsGSuDrh4JpE4fwNqRsR6ZZfoGpvRz6Z8GF4d945dxTZ4Z7rxYuX4uDcQD9wJlTYLEcfAESqJUWa23kpx4TBt5RVdRDA%3D%3D; Max-Age=31536000; Expires=Tue, 12-Mar-2024 08:06:19 GMT; Domain=cartining-specute.com; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2

ocsp2.globalsign.com/gsalphasha2g2

104.18.20.226

200 OK

1.4 kB

URL HTTP/1.1
ocsp2.globalsign.com/gsalphasha2g2
IP
104.18.20.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.4 kB (1423 bytes)
Hash
a6e350ddf4abc28e86569ac453821872
cdbb7c44aec76b82fad1d59af0d5a5194370593b
c791f834bb5ff3e8fa411bc816e308961eeb798e6cac0f5433fedb8f4d64e6b4

HTTP Headers

POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 13 Mar 2023 08:06:19 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Fri, 17 Mar 2023 05:44:49 GMT
ETag: "cdbb7c44aec76b82fad1d59af0d5a5194370593b"
Last-Modified: Mon, 13 Mar 2023 05:44:50 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 570
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7a72c6e359201bfa-OSL

inspxtrc.com/?a=12209&c=39658&s2=wi3084kf3eci0g8niadv19ag&s3=719fbd40-273d-47b8-882f-683d1074b172wi3084kf3eci0g8niadv19ag

34.240.89.109

302 Found

337 B

URL HTTP/1.1
inspxtrc.com/?a=12209&c=39658&s2=wi3084kf3eci0g8niadv19ag&s3=719fbd40-273d-47b8-882f-683d1074b172wi3084kf3eci0g8niadv19ag
IP
34.240.89.109:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
337 B (337 bytes)
Hash
a3d57ca24cbf45ab85fb2659c58aa13b
feb605d0849957c0d43c34517fb63ea0f97d97f0
08ffe3bd00d15e472765d6d953fec11a701643151c17a4156ee9b4f79f336e7f

HTTP Headers

GET /?a=12209&c=39658&s2=wi3084kf3eci0g8niadv19ag&s3=719fbd40-273d-47b8-882f-683d1074b172wi3084kf3eci0g8niadv19ag HTTP/1.1
Host: inspxtrc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://cynes-gwf.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/1.1 302 Found
Cache-Control: private
Content-Length: 337
Content-Type: text/html; charset=utf-8
Date: Mon, 13 Mar 2023 08:06:19 GMT
Location: https://www.40-dating.no/dlpm/aff-40d-no-0722-pinboard-couples-1.html?CID=08NOb_284_227189_1&linkid=12209__wi3084kf3eci0g8niadv19ag&accid=12209&subid1=&subid2=wi3084kf3eci0g8niadv19ag&visid=1768852707
P3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: sid=NMSTiDzYE6+NQZDPorJos5BBmftCeeEG7zHQSQnxQUfR66wL/WYT6g==; domain=.inspxtrc.com; path=/; SameSite=None; secure; HttpOnly
trk=mHQDa5dzIrRtjoWv5rebVpBBmftCeeEG7zHQSQnxQUfR66wL/WYT6g==; domain=.inspxtrc.com; expires=Thu, 13-Mar-2025 08:06:19 GMT; path=/; SameSite=None; secure; HttpOnly
c14267=NMSTiDzYE69nWThNROm64oey8CzNfBfVXWcy8STdnHoju18+aFrywQ==; domain=.inspxtrc.com; expires=Wed, 12-Apr-2023 08:06:19 GMT; path=/; SameSite=None; secure; HttpOnly
Connection: close

www.40-dating.no/oms/storage/badges/d40/badgesecure_83x73_no_2x.png

104.17.166.216

200 OK

5.6 kB

URL HTTP/2
www.40-dating.no/oms/storage/badges/d40/badgesecure_83x73_no_2x.png
IP
104.17.166.216:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 166 x 146, 8-bit colormap, non-interlaced\012- data
Size
5.6 kB (5553 bytes)
Hash
82297bd45be168a906260ae8c9509865
9ba906cfd8cf030458bdf34d4df1e9178795e0aa
db9ce319f068351035aeb0f253e3c035f07e8c3c3b618a53a5d0f7712830f5a1

HTTP Headers

GET /oms/storage/badges/d40/badgesecure_83x73_no_2x.png HTTP/1.1
Host: www.40-dating.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.40-dating.no/dlpm/aff-40d-no-0722-pinboard-couples-1.html?CID=08NOb_284_227189_1&linkid=12209__wi3084kf3eci0g8niadv19ag&accid=12209&subid1=&subid2=wi3084kf3eci0g8niadv19ag&visid=1768852707
Connection: keep-alive
Cookie: __cf_bm=7jvQIA.Vse0Nq6A0VjpLFE7_GXHtsytrSQdlaLpL6NI-1678694779-0-Af89A+np9ThQ1TkIIEloYblTknURRLWrNf8DK4RDS2jBHy6mTIkp18M+50tI9dEDettVjaTYMuCfbH33dmc42fuCtt2rtltQbpIVRKSKTlzM
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 13 Mar 2023 08:06:19 GMT
content-type: image/png
content-length: 5553
cf-bgj: imgq:100,h2pri
cf-polished: status=not_needed
last-modified: Mon, 06 Mar 2023 21:24:19 GMT
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2559
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7a72c6e64fa80b59-OSL
X-Firefox-Spdy: h2

www.40-dating.no/oms/storage/assets/d40/tpl-lp/images/warning-symbol.png

104.17.166.216

200 OK

558 B

URL HTTP/2
www.40-dating.no/oms/storage/assets/d40/tpl-lp/images/warning-symbol.png
IP
104.17.166.216:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 60 x 48, 8-bit/color RGBA, non-interlaced\012- data
Size
558 B (558 bytes)
Hash
99f815f554a49ab92ba2bc4be9468dc3
adc7111c516bcd6031a3575448fc8bc08c6d610b
daa1c7ab3003176e8094cb0de660351410571cf196835230c55ce32def863bd8

HTTP Headers

GET /oms/storage/assets/d40/tpl-lp/images/warning-symbol.png HTTP/1.1
Host: www.40-dating.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.40-dating.no/dlpm/aff-40d-no-0722-pinboard-couples-1.html?CID=08NOb_284_227189_1&linkid=12209__wi3084kf3eci0g8niadv19ag&accid=12209&subid1=&subid2=wi3084kf3eci0g8niadv19ag&visid=1768852707
Connection: keep-alive
Cookie: __cf_bm=7jvQIA.Vse0Nq6A0VjpLFE7_GXHtsytrSQdlaLpL6NI-1678694779-0-Af89A+np9ThQ1TkIIEloYblTknURRLWrNf8DK4RDS2jBHy6mTIkp18M+50tI9dEDettVjaTYMuCfbH33dmc42fuCtt2rtltQbpIVRKSKTlzM
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 13 Mar 2023 08:06:19 GMT
content-type: image/png
content-length: 558
cf-bgj: imgq:100,h2pri
cf-polished: status=not_needed
last-modified: Mon, 06 Mar 2023 21:24:19 GMT
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2560
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7a72c6e63f990b59-OSL
X-Firefox-Spdy: h2

www.40-dating.no/oms/storage/assets/components/luxembourg-overlay/images/background.png

104.17.166.216

200 OK

34 kB

URL HTTP/2
www.40-dating.no/oms/storage/assets/components/luxembourg-overlay/images/background.png
IP
104.17.166.216:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 580 x 100, 8-bit gray+alpha, non-interlaced\012- data
Size
34 kB (34375 bytes)
Hash
908d3735254cf9981af6076358241e01
471ccdf7892052f91c6c0884c216abe20091e685
b7bd850eeb029f3fe34c9b5d9730f76cf63a828ee28b7f004dca8f4dc79a36cd

HTTP Headers

GET /oms/storage/assets/components/luxembourg-overlay/images/background.png HTTP/1.1
Host: www.40-dating.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.40-dating.no/dlpm/aff-40d-no-0722-pinboard-couples-1.html?CID=08NOb_284_227189_1&linkid=12209__wi3084kf3eci0g8niadv19ag&accid=12209&subid1=&subid2=wi3084kf3eci0g8niadv19ag&visid=1768852707
Connection: keep-alive
Cookie: __cf_bm=7jvQIA.Vse0Nq6A0VjpLFE7_GXHtsytrSQdlaLpL6NI-1678694779-0-Af89A+np9ThQ1TkIIEloYblTknURRLWrNf8DK4RDS2jBHy6mTIkp18M+50tI9dEDettVjaTYMuCfbH33dmc42fuCtt2rtltQbpIVRKSKTlzM
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 13 Mar 2023 08:06:19 GMT
content-type: image/png
content-length: 34375
cf-bgj: imgq:100,h2pri
cf-polished: origSize=47620
last-modified: Mon, 06 Mar 2023 21:24:19 GMT
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2559
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7a72c6e64fb00b59-OSL
X-Firefox-Spdy: h2

www.40-dating.no/oms/storage/nodes/ZDQwX19uYl9fMjIxOTMx/81475.jpg

104.17.166.216

200 OK

320 kB

URL HTTP/2
www.40-dating.no/oms/storage/nodes/ZDQwX19uYl9fMjIxOTMx/81475.jpg
IP
104.17.166.216:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, progressive, precision 8, 2000x1100, components 3\012- data
Size
320 kB (319834 bytes)
Hash
00f0f554c0989f91cbecfa3ff26410fb
0a385739df7939ca74663086247f8efa5316f6af
37efd572fbe7c69441df4ad6af93f9cff6ef4c6c9ddb7c970c160dee5605a5ac

HTTP Headers

GET /oms/storage/nodes/ZDQwX19uYl9fMjIxOTMx/81475.jpg HTTP/1.1
Host: www.40-dating.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.40-dating.no/dlpm/aff-40d-no-0722-pinboard-couples-1.html?CID=08NOb_284_227189_1&linkid=12209__wi3084kf3eci0g8niadv19ag&accid=12209&subid1=&subid2=wi3084kf3eci0g8niadv19ag&visid=1768852707
Connection: keep-alive
Cookie: __cf_bm=7jvQIA.Vse0Nq6A0VjpLFE7_GXHtsytrSQdlaLpL6NI-1678694779-0-Af89A+np9ThQ1TkIIEloYblTknURRLWrNf8DK4RDS2jBHy6mTIkp18M+50tI9dEDettVjaTYMuCfbH33dmc42fuCtt2rtltQbpIVRKSKTlzM
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 13 Mar 2023 08:06:19 GMT
content-type: image/jpeg
content-length: 319834
cf-bgj: imgq:100,h2pri
cf-polished: origSize=328110
last-modified: Fri, 10 Mar 2023 13:52:31 GMT
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3294
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7a72c6e64fa50b59-OSL
X-Firefox-Spdy: h2

www.40-dating.no/oms/storage/assets/components/luxembourg-overlay/images/flag-lu.jpg

104.17.166.216

200 OK

1.4 kB

URL HTTP/2
www.40-dating.no/oms/storage/assets/components/luxembourg-overlay/images/flag-lu.jpg
IP
104.17.166.216:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 278x167, components 3\012- data
Size
1.4 kB (1354 bytes)
Hash
2cdee573e13d0bcf7ebfa831a4a0103c
45cac7385334587b2c2cd2413e1989ecaf7f9dba
6e114d9d6bfb883fa77c7022ee7778108c1c2cde5941aac60007102968c31fd2

HTTP Headers

GET /oms/storage/assets/components/luxembourg-overlay/images/flag-lu.jpg HTTP/1.1
Host: www.40-dating.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.40-dating.no/dlpm/aff-40d-no-0722-pinboard-couples-1.html?CID=08NOb_284_227189_1&linkid=12209__wi3084kf3eci0g8niadv19ag&accid=12209&subid1=&subid2=wi3084kf3eci0g8niadv19ag&visid=1768852707
Connection: keep-alive
Cookie: __cf_bm=7jvQIA.Vse0Nq6A0VjpLFE7_GXHtsytrSQdlaLpL6NI-1678694779-0-Af89A+np9ThQ1TkIIEloYblTknURRLWrNf8DK4RDS2jBHy6mTIkp18M+50tI9dEDettVjaTYMuCfbH33dmc42fuCtt2rtltQbpIVRKSKTlzM
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 13 Mar 2023 08:06:19 GMT
content-type: image/jpeg
content-length: 1354
cf-bgj: imgq:100,h2pri
cf-polished: origSize=2842
last-modified: Mon, 06 Mar 2023 21:24:19 GMT
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2559
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7a72c6e64fb20b59-OSL
X-Firefox-Spdy: h2

www.40-dating.no/oms/storage/logos/d40/D40_Logo_pos_RGB-no.svg

104.17.166.216

200 OK

6.8 kB

URL HTTP/2
www.40-dating.no/oms/storage/logos/d40/D40_Logo_pos_RGB-no.svg
IP
104.17.166.216:0
ASN
#13335 CLOUDFLARENET

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (5703), with no line terminators
Size
6.8 kB (6786 bytes)
Hash
1d6cfd149e765406a5937692937d5dc9
d5af69536837eefbe53c20e4ba20d74817906625
c2912d3c3cfe168737ce4340e13eedc4fe40ffc81b7db8c99a55109c8a7ccab2

HTTP Headers

GET /oms/storage/logos/d40/D40_Logo_pos_RGB-no.svg HTTP/1.1
Host: www.40-dating.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.40-dating.no/dlpm/aff-40d-no-0722-pinboard-couples-1.html?CID=08NOb_284_227189_1&linkid=12209__wi3084kf3eci0g8niadv19ag&accid=12209&subid1=&subid2=wi3084kf3eci0g8niadv19ag&visid=1768852707
Connection: keep-alive
Cookie: __cf_bm=7jvQIA.Vse0Nq6A0VjpLFE7_GXHtsytrSQdlaLpL6NI-1678694779-0-Af89A+np9ThQ1TkIIEloYblTknURRLWrNf8DK4RDS2jBHy6mTIkp18M+50tI9dEDettVjaTYMuCfbH33dmc42fuCtt2rtltQbpIVRKSKTlzM
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 13 Mar 2023 08:06:19 GMT
content-type: image/svg+xml
last-modified: Mon, 06 Mar 2023 21:24:19 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
referrer-policy: strict-origin-when-cross-origin
cf-cache-status: HIT
age: 2559
vary: Accept-Encoding
server: cloudflare
cf-ray: 7a72c6e63f9e0b59-OSL
content-encoding: br
X-Firefox-Spdy: h2

www.40-dating.no/oms/storage/favicons/d40_x16.png

104.17.166.216

200 OK

419 B

URL HTTP/2
www.40-dating.no/oms/storage/favicons/d40_x16.png
IP
104.17.166.216:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 16 x 16, 8-bit/color RGB, non-interlaced\012- data
Size
419 B (419 bytes)
Hash
cc4f1c79d499c29e5bd280bc089a9b71
35ec0235166acf069bd0ca4f930f8c11131f968f
b42b7f134e4d869ade97bf861cb88d7be565c885037114767b05e2ca33568a33

HTTP Headers

GET /oms/storage/favicons/d40_x16.png HTTP/1.1
Host: www.40-dating.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.40-dating.no/dlpm/aff-40d-no-0722-pinboard-couples-1.html?CID=08NOb_284_227189_1&linkid=12209__wi3084kf3eci0g8niadv19ag&accid=12209&subid1=&subid2=wi3084kf3eci0g8niadv19ag&visid=1768852707
Connection: keep-alive
Cookie: __cf_bm=7jvQIA.Vse0Nq6A0VjpLFE7_GXHtsytrSQdlaLpL6NI-1678694779-0-Af89A+np9ThQ1TkIIEloYblTknURRLWrNf8DK4RDS2jBHy6mTIkp18M+50tI9dEDettVjaTYMuCfbH33dmc42fuCtt2rtltQbpIVRKSKTlzM
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 13 Mar 2023 08:06:19 GMT
content-type: image/png
content-length: 419
cf-bgj: imgq:100,h2pri
cf-polished: status=not_needed
last-modified: Mon, 06 Mar 2023 21:24:19 GMT
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2556
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7a72c6e6d8290b59-OSL
X-Firefox-Spdy: h2

www.40-dating.no/dlpm/aff-40d-no-0722-pinboard-couples-1.html?CID=08NOb_284_227189_1&linkid=12209__wi3084kf3eci0g8niadv19ag&accid=12209&subid1=&subid2=wi3084kf3eci0g8niadv19ag&visid=1768852707

104.17.166.216

200 OK

19 kB

URL HTTP/2
www.40-dating.no/dlpm/aff-40d-no-0722-pinboard-couples-1.html?CID=08NOb_284_227189_1&linkid=12209__wi3084kf3eci0g8niadv19ag&accid=12209&subid1=&subid2=wi3084kf3eci0g8niadv19ag&visid=1768852707
IP
104.17.166.216:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (3123)
Size
19 kB (18744 bytes)
Hash
96f65b27aab39b1092728e7f4c453ef6
518e6d117c403c7b2022180bc2dd01ec7bd77d56
57f5b617f740675ceb83925fbaa0111835e8ff8f59b3ea4060e87592c04f1b0e

HTTP Headers

GET /dlpm/aff-40d-no-0722-pinboard-couples-1.html?CID=08NOb_284_227189_1&linkid=12209__wi3084kf3eci0g8niadv19ag&accid=12209&subid1=&subid2=wi3084kf3eci0g8niadv19ag&visid=1768852707 HTTP/1.1
Host: www.40-dating.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://cynes-gwf.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 13 Mar 2023 08:06:19 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
content-security-policy-report-only: default-src 'self' https://app.40sdating.com *.40-dating.no https://www.google.com *.google-analytics.com https://stats.g.doubleclick.net; child-src *; script-src 'self' https://app.40sdating.com *.40-dating.no 'nonce-94c72003b543d3fd9dd79580d8bb7d66b7d31827b1fe234b8b886793f17fff55' 'unsafe-eval' https://www.google.com *.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://www.googleadservices.com https://connect.facebook.net; style-src 'self' https://app.40sdating.com *.40-dating.no 'unsafe-inline'; img-src 'self' data: https://app.40sdating.com *.40-dating.no https:; media-src 'self' data: https://app.40sdating.com *.40-dating.no; report-uri https://www.40-dating.no/oms/api/v1/ack/csp;
reporting-endpoints: epcsp='https://www.40-dating.no/oms/api/v1/ack/csp'
vary: Accept-Encoding
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
referrer-policy: strict-origin-when-cross-origin
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=7jvQIA.Vse0Nq6A0VjpLFE7_GXHtsytrSQdlaLpL6NI-1678694779-0-Af89A+np9ThQ1TkIIEloYblTknURRLWrNf8DK4RDS2jBHy6mTIkp18M+50tI9dEDettVjaTYMuCfbH33dmc42fuCtt2rtltQbpIVRKSKTlzM; path=/; expires=Mon, 13-Mar-23 08:36:19 GMT; domain=.www.40-dating.no; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 7a72c6e4ce180b59-OSL
content-encoding: br
X-Firefox-Spdy: h2

www.40-dating.no/oms/storage/fonts/dating-social-media-icons/social_media_icons.ttf?adj6um

104.17.166.216

200 OK

9.6 kB

URL HTTP/2
www.40-dating.no/oms/storage/fonts/dating-social-media-icons/social_media_icons.ttf?adj6um
IP
104.17.166.216:0
ASN
#13335 CLOUDFLARENET

File type
TrueType Font data, 11 tables, 1st "OS/2", 14 names, Macintosh, type 1 string, icomoon \012- data
Size
9.6 kB (9611 bytes)
Hash
5af36cbf8e08ffcb53ac6d7edaad669b
a3667c7ca0cb15ae251e492a988e747e74a0620c
92bd2696605459001eb85abc88ffe6bcb062687fd09194adab3fa3e519394855

HTTP Headers

GET /oms/storage/fonts/dating-social-media-icons/social_media_icons.ttf?adj6um HTTP/1.1
Host: www.40-dating.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.40-dating.no/dlpm/aff-40d-no-0722-pinboard-couples-1.html?CID=08NOb_284_227189_1&linkid=12209__wi3084kf3eci0g8niadv19ag&accid=12209&subid1=&subid2=wi3084kf3eci0g8niadv19ag&visid=1768852707
Connection: keep-alive
Cookie: __cf_bm=7jvQIA.Vse0Nq6A0VjpLFE7_GXHtsytrSQdlaLpL6NI-1678694779-0-Af89A+np9ThQ1TkIIEloYblTknURRLWrNf8DK4RDS2jBHy6mTIkp18M+50tI9dEDettVjaTYMuCfbH33dmc42fuCtt2rtltQbpIVRKSKTlzM
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 13 Mar 2023 08:06:19 GMT
content-type: font/ttf
last-modified: Mon, 06 Mar 2023 21:24:19 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
referrer-policy: strict-origin-when-cross-origin
cf-cache-status: HIT
age: 1735
vary: Accept-Encoding
server: cloudflare
cf-ray: 7a72c6e65fb90b59-OSL
content-encoding: br
X-Firefox-Spdy: h2

www.40-dating.no/oms/storage/assets/d40/tpl-lp/images/user-login.svg

104.17.166.216

200 OK

0 B

URL HTTP/2
www.40-dating.no/oms/storage/assets/d40/tpl-lp/images/user-login.svg
IP
104.17.166.216:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /oms/storage/assets/d40/tpl-lp/images/user-login.svg HTTP/1.1
Host: www.40-dating.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.40-dating.no/dlpm/aff-40d-no-0722-pinboard-couples-1.html?CID=08NOb_284_227189_1&linkid=12209__wi3084kf3eci0g8niadv19ag&accid=12209&subid1=&subid2=wi3084kf3eci0g8niadv19ag&visid=1768852707
Connection: keep-alive
Cookie: __cf_bm=7jvQIA.Vse0Nq6A0VjpLFE7_GXHtsytrSQdlaLpL6NI-1678694779-0-Af89A+np9ThQ1TkIIEloYblTknURRLWrNf8DK4RDS2jBHy6mTIkp18M+50tI9dEDettVjaTYMuCfbH33dmc42fuCtt2rtltQbpIVRKSKTlzM
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 13 Mar 2023 08:06:19 GMT
content-type: image/svg+xml
last-modified: Mon, 06 Mar 2023 21:24:19 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
referrer-policy: strict-origin-when-cross-origin
cf-cache-status: HIT
age: 2560
vary: Accept-Encoding
server: cloudflare
cf-ray: 7a72c6e63f940b59-OSL
content-encoding: br
X-Firefox-Spdy: h2

www.40-dating.no/oms/storage/nodes/ZDQwX19uYl9fMjIxOTMx/449d4e125d05433c17a2e33d7bd82143.js

104.17.166.216

200 OK

0 B

URL HTTP/2
www.40-dating.no/oms/storage/nodes/ZDQwX19uYl9fMjIxOTMx/449d4e125d05433c17a2e33d7bd82143.js
IP
104.17.166.216:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /oms/storage/nodes/ZDQwX19uYl9fMjIxOTMx/449d4e125d05433c17a2e33d7bd82143.js HTTP/1.1
Host: www.40-dating.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.40-dating.no/dlpm/aff-40d-no-0722-pinboard-couples-1.html?CID=08NOb_284_227189_1&linkid=12209__wi3084kf3eci0g8niadv19ag&accid=12209&subid1=&subid2=wi3084kf3eci0g8niadv19ag&visid=1768852707
Connection: keep-alive
Cookie: __cf_bm=7jvQIA.Vse0Nq6A0VjpLFE7_GXHtsytrSQdlaLpL6NI-1678694779-0-Af89A+np9ThQ1TkIIEloYblTknURRLWrNf8DK4RDS2jBHy6mTIkp18M+50tI9dEDettVjaTYMuCfbH33dmc42fuCtt2rtltQbpIVRKSKTlzM
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 13 Mar 2023 08:06:19 GMT
content-type: application/javascript
cf-bgj: minify
last-modified: Fri, 10 Mar 2023 13:52:31 GMT
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=15552000; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3294
server: cloudflare
cf-ray: 7a72c6e63f9f0b59-OSL
content-encoding: br
X-Firefox-Spdy: h2

www.40-dating.no/oms/storage/nodes/ZDQwX19uYl9fMjIxOTMx/b311637a0553760a6c1f330339ba9d7d.css

104.17.166.216

200 OK

0 B

URL HTTP/2
www.40-dating.no/oms/storage/nodes/ZDQwX19uYl9fMjIxOTMx/b311637a0553760a6c1f330339ba9d7d.css
IP
104.17.166.216:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /oms/storage/nodes/ZDQwX19uYl9fMjIxOTMx/b311637a0553760a6c1f330339ba9d7d.css HTTP/1.1
Host: www.40-dating.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.40-dating.no/dlpm/aff-40d-no-0722-pinboard-couples-1.html?CID=08NOb_284_227189_1&linkid=12209__wi3084kf3eci0g8niadv19ag&accid=12209&subid1=&subid2=wi3084kf3eci0g8niadv19ag&visid=1768852707
Connection: keep-alive
Cookie: __cf_bm=7jvQIA.Vse0Nq6A0VjpLFE7_GXHtsytrSQdlaLpL6NI-1678694779-0-Af89A+np9ThQ1TkIIEloYblTknURRLWrNf8DK4RDS2jBHy6mTIkp18M+50tI9dEDettVjaTYMuCfbH33dmc42fuCtt2rtltQbpIVRKSKTlzM
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 13 Mar 2023 08:06:19 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=29412
last-modified: Fri, 10 Mar 2023 13:52:31 GMT
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=15552000; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3294
server: cloudflare
cf-ray: 7a72c6e68fec0b59-OSL
content-encoding: br
X-Firefox-Spdy: h2

app.40sdating.com/api/v1/events/pre-registration

104.17.166.216

200 OK

0 B

URL HTTP/2
app.40sdating.com/api/v1/events/pre-registration
IP
104.17.166.216:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

POST /api/v1/events/pre-registration HTTP/1.1
Host: app.40sdating.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.40-dating.no/
Content-Type: application/json
Origin: https://www.40-dating.no
Content-Length: 384
Connection: keep-alive
Cookie: __cf_bm=zWEU_rCjEQuZRNpA17V1r37b1svfq6.kes88U7DgdjM-1678694780-0-AV2A4jrtj+xHOqIC0E3fTtjicHDAczJnoT5nxZTjweGvNwKw6CU6BC6CllkLaTzGoflrTB1r+ALKf5Z55uafTalvbqtt9wgpk5wBO+THFqjf
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Mon, 13 Mar 2023 08:06:20 GMT
content-type: application/json;charset=UTF-8
cf-ray: 7a72c6e94c7b0b41-OSL
access-control-allow-origin: https://www.40-dating.no
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, no-transform, max-age=0, private
content-encoding: gzip
expires: 0
set-cookie: irouted=.biz27; path=/; Secure; HttpOnly
strict-transport-security: max-age=15552000; includeSubDomains
vary: origin,access-control-request-method,access-control-request-headers,accept-encoding
cf-cache-status: DYNAMIC
access-control-allow-credentials: true
content-security-policy: 
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
server: cloudflare
X-Firefox-Spdy: h2

www.40-dating.no/oms/storage/nodes/ZDQwX19uYl9fMjIxOTMx/2044923bc02fd2633ddd1df32503709f.js

104.17.166.216

200 OK

0 B

URL HTTP/2
www.40-dating.no/oms/storage/nodes/ZDQwX19uYl9fMjIxOTMx/2044923bc02fd2633ddd1df32503709f.js
IP
104.17.166.216:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /oms/storage/nodes/ZDQwX19uYl9fMjIxOTMx/2044923bc02fd2633ddd1df32503709f.js HTTP/1.1
Host: www.40-dating.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.40-dating.no/dlpm/aff-40d-no-0722-pinboard-couples-1.html?CID=08NOb_284_227189_1&linkid=12209__wi3084kf3eci0g8niadv19ag&accid=12209&subid1=&subid2=wi3084kf3eci0g8niadv19ag&visid=1768852707
Connection: keep-alive
Cookie: __cf_bm=7jvQIA.Vse0Nq6A0VjpLFE7_GXHtsytrSQdlaLpL6NI-1678694779-0-Af89A+np9ThQ1TkIIEloYblTknURRLWrNf8DK4RDS2jBHy6mTIkp18M+50tI9dEDettVjaTYMuCfbH33dmc42fuCtt2rtltQbpIVRKSKTlzM
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 13 Mar 2023 08:06:19 GMT
content-type: application/javascript
cf-bgj: minify
last-modified: Fri, 10 Mar 2023 13:52:31 GMT
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=15552000; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3294
server: cloudflare
cf-ray: 7a72c6e63f8f0b59-OSL
content-encoding: br
X-Firefox-Spdy: h2

www.40-dating.no/oms/storage/logos/d40/D40_Logo_neg_RGB-no.svg

104.17.166.216

200 OK

0 B

URL HTTP/2
www.40-dating.no/oms/storage/logos/d40/D40_Logo_neg_RGB-no.svg
IP
104.17.166.216:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /oms/storage/logos/d40/D40_Logo_neg_RGB-no.svg HTTP/1.1
Host: www.40-dating.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.40-dating.no/dlpm/aff-40d-no-0722-pinboard-couples-1.html?CID=08NOb_284_227189_1&linkid=12209__wi3084kf3eci0g8niadv19ag&accid=12209&subid1=&subid2=wi3084kf3eci0g8niadv19ag&visid=1768852707
Connection: keep-alive
Cookie: __cf_bm=7jvQIA.Vse0Nq6A0VjpLFE7_GXHtsytrSQdlaLpL6NI-1678694779-0-Af89A+np9ThQ1TkIIEloYblTknURRLWrNf8DK4RDS2jBHy6mTIkp18M+50tI9dEDettVjaTYMuCfbH33dmc42fuCtt2rtltQbpIVRKSKTlzM
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 13 Mar 2023 08:06:19 GMT
content-type: image/svg+xml
last-modified: Mon, 06 Mar 2023 21:24:19 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
referrer-policy: strict-origin-when-cross-origin
cf-cache-status: HIT
age: 2560
vary: Accept-Encoding
server: cloudflare
cf-ray: 7a72c6e63f920b59-OSL
content-encoding: br
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (8)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML