r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a2104f935c638b4767ca5ae0d738ef23
85c6af15af749be0ceeae6de17c36925b750f166
5d4789a3696bd7faa9916768cb627bbc89bf70a756d80e53860cbac13c2bc8b1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5D4789A3696BD7FAA9916768CB627BBC89BF70A756D80E53860CBAC13C2BC8B1"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10347
Expires: Sat, 28 Jan 2023 16:37:09 GMT
Date: Sat, 28 Jan 2023 13:44:42 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 2405562765b49b2782ebd2e2994851d5
be7ac8e558f7875bb1fb86ab5ec674424a5ff269
422cfa907461cb7b93b9089d600052f9e94951e5e0c93d97651905002e48ad3e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "422CFA907461CB7B93B9089D600052F9E94951E5E0C93D97651905002E48AD3E"
Last-Modified: Thu, 26 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13764
Expires: Sat, 28 Jan 2023 17:34:06 GMT
Date: Sat, 28 Jan 2023 13:44:42 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bf0c602d32b3c14606f22a86183b5e3c
6eabd8d83475eba731968abe1a05a8bfd272f160
6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 28 Jan 2023 13:35:30 GMT
content-type: application/json
age: 552
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 69f73ac59327cd9ad7d99816ccfcc03e
c54844f82dbee0d5ee4c8ce344eb0139373e6c6b
e81c685b2d8f0e31b89e5cfc911a2c5a99a556646830ac5a8468d991b5e871a3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E81C685B2D8F0E31B89E5CFC911A2C5A99A556646830AC5A8468D991B5E871A3"
Last-Modified: Thu, 26 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7852
Expires: Sat, 28 Jan 2023 15:55:34 GMT
Date: Sat, 28 Jan 2023 13:44:42 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: SlPMqLIMryWAkuFi3c6RvBDqSVgqnF0C7tFgOIxJgsDXnqskkcId/s9bRTP/4eHS7YaN12EgDVA=
x-amz-request-id: Q7XQF9QM1KWS3XMH
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 28 Jan 2023 13:20:59 GMT
age: 1423
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 13:44:42 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
cneer6c7f2.ur.wy5532.com/
37.48.65.150302 Found 11 B URL HTTP/1.1 cneer6c7f2.ur.wy5532.com/
IP 37.48.65.150:0
ASN #60781 LeaseWeb Netherlands B.V.
File type ASCII text, with no line terminators
Hash 32682312d17c7cbf18e73594f5570319
60e22121bdd0bc71cdb2bae2a3aa577006b2eae9
e55fb1a1d731153e943b68844af12dcce8bfac917c98ffdea64c80da0607dd47
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: cneer6c7f2.ur.wy5532.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 11
date: Sat, 28 Jan 2023 13:44:41 GMT
location: http://orest-vlv.com/zcvisitor/eae1561d-9f11-11ed-81fe-1252dfba77f9/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=105f24d0-089a-11ed-bde8-128084d1ce51
server: nginx
set-cookie: sid=ead58b64-9f11-11ed-a7fd-c7806bd617d3; path=/; domain=.wy5532.com; expires=Thu, 15 Feb 2091 16:58:49 GMT; max-age=2147483647; HttpOnly
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Last-Modified, ETag, Expires, Backoff, Content-Length, Cache-Control, Alert, Retry-After, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 28 Jan 2023 12:49:03 GMT
age: 3339
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
orest-vlv.com/zcvisitor/eae1561d-9f11-11ed-81fe-1252dfba77f9/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=105f24d0-089a-11ed-bde8-128084d1ce51
52.7.54.238200 1.1 kB URL HTTP/1.1 orest-vlv.com/zcvisitor/eae1561d-9f11-11ed-81fe-1252dfba77f9/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=105f24d0-089a-11ed-bde8-128084d1ce51
IP 52.7.54.238:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash ec239ad1e815e064eeadd09c662ebcfb
822a2d0c0e2543cf2b1d979a5c8ae41fd152f873
9247bef56f0c57080b72e33bd83f70e6ed3d58f9468bcd7086f0eabfc4bba5d4
GET /zcvisitor/eae1561d-9f11-11ed-81fe-1252dfba77f9/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=105f24d0-089a-11ed-bde8-128084d1ce51 HTTP/1.1
Host: orest-vlv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200
Date: Sat, 28 Jan 2023 13:44:42 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Server: rHngUpAP
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 16a7b6a7128312e2f985d30df18c4487
6017bff79ffb525d9c7f9f32b999b74b5dc69602
663fd12209627f08e759c2ed1c76278a5da79dae1e0b46082dd1bb44775f7a16
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "663FD12209627F08E759C2ED1C76278A5DA79DAE1E0B46082DD1BB44775F7A16"
Last-Modified: Fri, 27 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12183
Expires: Sat, 28 Jan 2023 17:07:46 GMT
Date: Sat, 28 Jan 2023 13:44:43 GMT
Connection: keep-alive
orest-vlv.com/zcredirect?visitid=eae1561d-9f11-11ed-81fe-1252dfba77f9&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false
52.7.54.238200 746 B URL HTTP/1.1 orest-vlv.com/zcredirect?visitid=eae1561d-9f11-11ed-81fe-1252dfba77f9&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false
IP 52.7.54.238:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (330)
Hash bd60de15080b3e857e3bc4dcbded5d5a
74f06ef23767e15d3a396cb46abc13fd70baeeca
eb94deab6945aa1c31372254cde9c85ee59f784e3ed67ec486bea76ed87053dc
GET /zcredirect?visitid=eae1561d-9f11-11ed-81fe-1252dfba77f9&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false HTTP/1.1
Host: orest-vlv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://orest-vlv.com/zcvisitor/eae1561d-9f11-11ed-81fe-1252dfba77f9/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=105f24d0-089a-11ed-bde8-128084d1ce51
Upgrade-Insecure-Requests: 1
HTTP/1.1 200
Date: Sat, 28 Jan 2023 13:44:43 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
redirected: JS
Server: hysmpiPP
push.services.mozilla.com/
54.149.242.38101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.149.242.38:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: xwyIQOW97ajMQsA3U202AA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: +SuIdw9d7Om9rluctwc6WUncXOw=
orest-vlv.com/favicon.ico
52.7.54.238404 653 B URL HTTP/1.1 orest-vlv.com/favicon.ico
IP 52.7.54.238:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (649), with no line terminators
Hash ba2732b1b2fa2626ffaa15f62f9e7d66
203d4e7fbb1d80449d6e4e1f3ae7a9bf8625debe
879861cb72fe9fbb476dab246021c4c83b4066327de2529e05ec54d3afb0a1c8
GET /favicon.ico HTTP/1.1
Host: orest-vlv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://orest-vlv.com/zcredirect?visitid=eae1561d-9f11-11ed-81fe-1252dfba77f9&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false
HTTP/1.1 404
Date: Sat, 28 Jan 2023 13:44:43 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 653
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Content-Language: en
Server: pdjjtQZN
cartining-specute.com/zp-redirect?target=https%3A%2F%2Fwinandlove.com%2FMtnb3wf8%3Faid%3Dbgzzbzgkdk%26kid%3Ddghhfxfxgbx%26clickid%3Dwqngjrtdjnnnol7m2ntjil1m&caid=f72d8c37-b1a8-4074-8f00-3243bfd2c432&zpid=eae1561d-9f11-11ed-81fe-1252dfba77f9&cid=wqngjrtdjnnnol7m2ntjil1m&rt=R
18.197.36.77302 Found 0 B URL HTTP/2 cartining-specute.com/zp-redirect?target=https%3A%2F%2Fwinandlove.com%2FMtnb3wf8%3Faid%3Dbgzzbzgkdk%26kid%3Ddghhfxfxgbx%26clickid%3Dwqngjrtdjnnnol7m2ntjil1m&caid=f72d8c37-b1a8-4074-8f00-3243bfd2c432&zpid=eae1561d-9f11-11ed-81fe-1252dfba77f9&cid=wqngjrtdjnnnol7m2ntjil1m&rt=R
IP 18.197.36.77:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /zp-redirect?target=https%3A%2F%2Fwinandlove.com%2FMtnb3wf8%3Faid%3Dbgzzbzgkdk%26kid%3Ddghhfxfxgbx%26clickid%3Dwqngjrtdjnnnol7m2ntjil1m&caid=f72d8c37-b1a8-4074-8f00-3243bfd2c432&zpid=eae1561d-9f11-11ed-81fe-1252dfba77f9&cid=wqngjrtdjnnnol7m2ntjil1m&rt=R HTTP/1.1
Host: cartining-specute.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://orest-vlv.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Sat, 28 Jan 2023 13:44:43 GMT
content-length: 0
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://winandlove.com/Mtnb3wf8?aid=bgzzbzgkdk&kid=dghhfxfxgbx&clickid=wqngjrtdjnnnol7m2ntjil1m
pragma: no-cache
set-cookie: cc-v4=kI2W4fYo7NWC%2B4QHY%2B1uPJRKtcO4WNpq9BGsAVaj1ATebDSUWP4aT4QD5gbXjlj2pLv2tsTb4zMuzbjW8lIx1ND2YFe6798Wl01HGRYXYFQGNepbC6ya3aaFlI045I3GrBwUH25WaoINyio1hPjBdQ%3D%3D; Max-Age=31536000; Expires=Sun, 28-Jan-2024 13:44:43 GMT; Domain=cartining-specute.com; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2
winandlove.com/Mtnb3wf8?aid=bgzzbzgkdk&kid=dghhfxfxgbx&clickid=wqngjrtdjnnnol7m2ntjil1m
104.21.76.186302 Found 471 B URL HTTP/2 winandlove.com/Mtnb3wf8?aid=bgzzbzgkdk&kid=dghhfxfxgbx&clickid=wqngjrtdjnnnol7m2ntjil1m
IP 104.21.76.186:0
Hash 33f9eccf97d9a5a8907d6a8936e0c12f
c823e2ccd475bae757a4adbbdff2d3b53056eddf
e451fbc25a0cf1263c07e6d6e130fac46dfe70ac48238edf15f802a037129e00
GET /Mtnb3wf8?aid=bgzzbzgkdk&kid=dghhfxfxgbx&clickid=wqngjrtdjnnnol7m2ntjil1m HTTP/1.1
Host: winandlove.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://orest-vlv.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sat, 28 Jan 2023 13:44:43 GMT
content-type: text/html; charset=UTF-8
location: https://hotloveland.com/btB7xg2S?aid=bbzkkpgabx&kid=ggb&clickid=s8hnpa71sre&sub1=38577&sub2=156696&sub3=frd
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
set-cookie: _subid=s8hnpa71sre;Expires=Tuesday, 28-Feb-2023 13:44:43 GMT;Max-Age=2678400;Path=/
b0608=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjQwODI5NFwiOjE2NzQ5MTM0ODMsXCIzMFwiOjE2NzQ5MTM0ODN9LFwiY2FtcGFpZ25zXCI6e1wiMTU2Njk2XCI6MTY3NDkxMzQ4MyxcIjFcIjoxNjc0OTEzNDgzfSxcInRpbWVcIjoxNjc0OTEzNDgzfSJ9.251dUlStwNv-N9RZYyVMAWdnO7qAcVfDliO09D5nhSE;Expires=Wednesday, 26-Feb-2076 03:29:26 GMT;Max-Age=1674999883;Path=/
_token=uuid_s8hnpa71sre_s8hnpa71sre63d526cbb0b806.09633073;Expires=Tuesday, 28-Feb-2023 13:44:43 GMT;Max-Age=2678400;Path=/
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T636BedcCNgMtkKTNXKUMLWF%2FPpIA5n7%2FFiLTuatVo%2BMKye4Wp15OsUMbzbkZirq1KCwiWRL8W4bD7ct8pjA1LmgTVgfnTKr8ptbey4S8RDi4oeabc1FdAPif%2Bn0vQWuHA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 790a2a18cee10b49-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/1qjPNXlPzIY
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/1qjPNXlPzIY
IP 142.250.74.131:0
Hash 33f9eccf97d9a5a8907d6a8936e0c12f
c823e2ccd475bae757a4adbbdff2d3b53056eddf
e451fbc25a0cf1263c07e6d6e130fac46dfe70ac48238edf15f802a037129e00
POST /s/gts1p5/1qjPNXlPzIY HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 13:44:44 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash e89bfe3810af32cf350089f8f541c847
b343f321629723582f5a3ae91236125daaae1387
5775c7cf6a872c5e1e7162b0014cffeaec646f8e4a9aed717e95cc3808d3eb43
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=135947
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 13:44:44 GMT
Etag: "63d496d7-116"
Expires: Mon, 30 Jan 2023 03:30:31 GMT
Last-Modified: Sat, 28 Jan 2023 03:30:31 GMT
Server: nginx
Content-Length: 278
m.luvmenow.com/click?pid=34496&offer_id=5246&sub1=s8hnpa71srn&sub2=34496&sub3=21&sub4=s8hnpa71sre&sub5=38577&sub6=156696&sub7=frd&sub8=
104.21.11.83302 Found 0 B URL HTTP/2 m.luvmenow.com/click?pid=34496&offer_id=5246&sub1=s8hnpa71srn&sub2=34496&sub3=21&sub4=s8hnpa71sre&sub5=38577&sub6=156696&sub7=frd&sub8=
IP 104.21.11.83:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?pid=34496&offer_id=5246&sub1=s8hnpa71srn&sub2=34496&sub3=21&sub4=s8hnpa71sre&sub5=38577&sub6=156696&sub7=frd&sub8= HTTP/1.1
Host: m.luvmenow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://orest-vlv.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sat, 28 Jan 2023 13:44:44 GMT
content-length: 0
location: https://meshho.com/?a=16295&c=43694&p=r&s1=&s2=a_63d526ccc9e111000161ddd5&s4=34496
x-adjust-use-original-forwarded-for: 1
set-cookie: afclick=63d526ccc9e111000161ddd5; expires=Sun, 28 Jan 2024 13:44:44 GMT; secure; SameSite=None
afoffers={"5246":1674913484}; expires=Sun, 28 Jan 2024 13:44:44 GMT; secure; SameSite=None
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZWB875XMGcLVvpc7RnHr%2FxAuvkj6%2BnR8LgPk3hGABl1T%2BoYVlYBAj6%2FZ%2Bi8NJsZ25BeQo1M8KlQ1vvuGktBd0b2BXnRS%2BAep52wXG3SnOieUhfyXHCJQUMpc5iFg9Cdk5A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 790a2a1dee2eb4ee-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash e89bfe3810af32cf350089f8f541c847
b343f321629723582f5a3ae91236125daaae1387
5775c7cf6a872c5e1e7162b0014cffeaec646f8e4a9aed717e95cc3808d3eb43
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 0
Cache-Control: max-age=135947
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 13:44:44 GMT
Etag: "63d496d7-116"
Expires: Mon, 30 Jan 2023 03:30:31 GMT
Last-Modified: Sat, 28 Jan 2023 03:30:31 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 278
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4395
Expires: Sat, 28 Jan 2023 14:57:59 GMT
Date: Sat, 28 Jan 2023 13:44:44 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4395
Expires: Sat, 28 Jan 2023 14:57:59 GMT
Date: Sat, 28 Jan 2023 13:44:44 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4395
Expires: Sat, 28 Jan 2023 14:57:59 GMT
Date: Sat, 28 Jan 2023 13:44:44 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4395
Expires: Sat, 28 Jan 2023 14:57:59 GMT
Date: Sat, 28 Jan 2023 13:44:44 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg
34.120.237.76200 OK 4.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4205d8106659e00fff1cbe9262918b8c
ab4f6528594a1725934727dc7d834c028a79c609
31f1a28602a194bd0856495d4d81d5c72cd7ff4e5bad6bdd1a31ec3041f4a2cc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4475
x-amzn-requestid: b7b272d6-3089-4f33-89b5-5cb388640e10
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_e6HsaIAMF5Lg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d445f8-1789f7f4264270916da323db;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:45:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hAzO-IMqc1CFpiBAlRl8seIYL9UonyrBMATibovyFq5kEuaweY_VyA==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:56:46 GMT
age: 56878
etag: "ab4f6528594a1725934727dc7d834c028a79c609"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22cc3f55-9811-4ec2-a57e-a3e71a3f0554.jpeg
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22cc3f55-9811-4ec2-a57e-a3e71a3f0554.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ea24bcba583bd8bd139559448a343e68
b9d37c2b14f890d41983a59f352e8f7caa9c94bb
e5ef5975eec964ae1684deb424f00833f2d217bdc7e6c385320ed3adeb6bc1c4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22cc3f55-9811-4ec2-a57e-a3e71a3f0554.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7585
x-amzn-requestid: bfb52acb-e0d7-482d-8be9-be5db1c16cac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_vkE5roAMF0Hw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d44663-2d38d314177e0ac40d4c8240;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:47:15 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: K9YWM9eaEc1DQ6wtEEuADnG1U-ahRBXDaiHIAm20dkWMOxPWBlJidw==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 22:46:13 GMT
age: 53911
etag: "b9d37c2b14f890d41983a59f352e8f7caa9c94bb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb781854-72d1-4a71-a095-0416f886f570.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb781854-72d1-4a71-a095-0416f886f570.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 131eb343c5abd61939457d69bd371348
ffb2035cf64fc83f01db5c6f26ffa264b6aac95b
8486eb9dc6325018f8721bc6f37408f260b6e652b145280f2d778d860d3ec2d5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb781854-72d1-4a71-a095-0416f886f570.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7538
x-amzn-requestid: 113924cc-a196-4dbd-91d9-68c213265afe
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e3fobF-ZoAMFjjA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c61302-6b24941a642b22cf21e47dc0;Sampled=0
x-amzn-remapped-date: Tue, 17 Jan 2023 03:16:18 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 2P09wOtKPDHjxxAuzcLFMQJwmGN1zNJcH9LA6IJpeaGiaPVRF4y-TA==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 22:14:23 GMT
age: 55821
etag: "ffb2035cf64fc83f01db5c6f26ffa264b6aac95b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F33ce0741-fcf6-4205-8b3a-016953553eaf.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F33ce0741-fcf6-4205-8b3a-016953553eaf.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 195316042e7f798eeeb7993fecb3a383
4aeca24ad4702f87feaf9674ea0c1ff6d71826a3
b7e0a61060455241fce844d2c91eca500d409804361063ddb61053cbc9c7b1c1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F33ce0741-fcf6-4205-8b3a-016953553eaf.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13376
x-amzn-requestid: 64d0092e-1f1a-4183-a4a6-805e0bf37d32
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa-DvHIyoAMF6fA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d443b1-6387770232ddca74531bce91;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:35:45 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 8cRGlncOQ6qYv7qbI1HxTz-qUYJkTVa5V2qJM1C8XM5dmyXFA8qRvA==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:48:58 GMT
age: 57346
etag: "4aeca24ad4702f87feaf9674ea0c1ff6d71826a3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5fb39717-4b7d-45c4-b211-c2990bf99811.jpeg
34.120.237.76200 OK 7.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5fb39717-4b7d-45c4-b211-c2990bf99811.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3b5b797e164d0f2c91200829d1ec90f8
15a55176d8e55b6816acabae5c7cc3e4528648c9
16eb29148856512f556b22b86a153e54032caaf98dbf141119f8c126e009591f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5fb39717-4b7d-45c4-b211-c2990bf99811.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7395
x-amzn-requestid: 166e5623-fc91-4b12-80c8-f5e1a762b387
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa-ELH3eIAMF56w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d443b4-439b5d2b67b9347d4d634d9d;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:35:48 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: L1BWTWAPsW5tfkJO0UBR4dKoW3_0Le7QhZLjBxtsY0fmf7cwEYWrMQ==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:49:07 GMT
age: 57337
etag: "15a55176d8e55b6816acabae5c7cc3e4528648c9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fddac8c39-e94f-40c1-bf35-4a70c575efbe.jpeg
34.120.237.76200 OK 7.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fddac8c39-e94f-40c1-bf35-4a70c575efbe.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6a40be482a56db1e4d48ba4a8cf515ba
da9c7255d5840c025526c6c24354750d9ba3a4ef
fa0bfe56b97ce5cf450e4799db2fe6d5645553b71d1e2bd928df0278a81a33c8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fddac8c39-e94f-40c1-bf35-4a70c575efbe.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7819
x-amzn-requestid: b9c17e9a-8da5-4736-a8bc-ea430feaef8d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_diGfbIAMFX2g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d445f0-695dd291002d9cc425df0edc;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:45:20 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Gf-xQLbrbbXCRM8Q720PrSNSrvoelOoNlqbKwfiZHNIKCD_59TARLQ==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 22:03:06 GMT
etag: "da9c7255d5840c025526c6c24354750d9ba3a4ef"
content-type: image/jpeg
age: 56498
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp2.globalsign.com/gsalphasha2g2
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp2.globalsign.com/gsalphasha2g2
IP 104.18.21.226:0
Hash 11b1811c1f0172d98291855a429d452a
e37895bae6a968762652823d66a82ec9acdc8f4d
b0ac773456587ea37fce530f14250c4a9d4a968a08c9a7aa354ed487e18f9f57
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 13:44:45 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Wed, 01 Feb 2023 11:40:59 GMT
ETag: "e37895bae6a968762652823d66a82ec9acdc8f4d"
Last-Modified: Sat, 28 Jan 2023 11:41:00 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: EXPIRED
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 790a2a1f2b8eb4f3-OSL
meshho.com/?a=16295&c=43694&p=r&s1=&s2=a_63d526ccc9e111000161ddd5&s4=34496
34.242.116.152302 Found 270 B URL HTTP/1.1 meshho.com/?a=16295&c=43694&p=r&s1=&s2=a_63d526ccc9e111000161ddd5&s4=34496
IP 34.242.116.152:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 9d4324436348f5114807b1f18451cdac
90cc2cd14b8301544055278b9f5e8388cdf0f806
9b616e7c1226040106ee621ed15d5ba27364427bf00778360b28264f9a65161b
GET /?a=16295&c=43694&p=r&s1=&s2=a_63d526ccc9e111000161ddd5&s4=34496 HTTP/1.1
Host: meshho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://orest-vlv.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Cache-Control: private
Content-Length: 270
Content-Type: text/html; charset=utf-8
Date: Sat, 28 Jan 2023 13:44:45 GMT
Location: https://toomoffr.com/?a=16295&c=43694&p=r&s1=&s2=a_63d526ccc9e111000161ddd5&s4=34496&ckmguid=59f02b5a-f752-4594-ae44-607cffaac53e
Connection: close
ocsp.globalsign.com/alphasslcasha256g4
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/alphasslcasha256g4
IP 104.18.21.226:0
Hash bf8b6b41a566b00a36beb8815c125895
5de61062ab0fd58244428666c3c026e2b777f449
2a96dc605f18897add69b39260483be4c52e2cc59d76b03eecb1681618a3f174
POST /alphasslcasha256g4 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 13:44:45 GMT
Content-Type: application/ocsp-response
Content-Length: 1437
Connection: keep-alive
Expires: Wed, 01 Feb 2023 13:31:04 GMT
ETag: "5de61062ab0fd58244428666c3c026e2b777f449"
Last-Modified: Sat, 28 Jan 2023 13:31:05 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: EXPIRED
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 790a2a22e8aab524-OSL
toomoffr.com/?a=16295&c=43694&p=r&s1=&s2=a_63d526ccc9e111000161ddd5&s4=34496&ckmguid=59f02b5a-f752-4594-ae44-607cffaac53e
34.242.116.152302 Found 234 B URL HTTP/1.1 toomoffr.com/?a=16295&c=43694&p=r&s1=&s2=a_63d526ccc9e111000161ddd5&s4=34496&ckmguid=59f02b5a-f752-4594-ae44-607cffaac53e
IP 34.242.116.152:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 1568fcaf65218c4575ced7c0ef95c8ba
b18effbcb4a1f5d6b88cb58988f28c5cc2a5c365
9b7d3996886edf388d436140fe23c8ee309ca4331f8bddce6d44224490fcf5a8
GET /?a=16295&c=43694&p=r&s1=&s2=a_63d526ccc9e111000161ddd5&s4=34496&ckmguid=59f02b5a-f752-4594-ae44-607cffaac53e HTTP/1.1
Host: toomoffr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://orest-vlv.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Cache-Control: private
Content-Length: 234
Content-Type: text/html; charset=utf-8
Date: Sat, 28 Jan 2023 13:44:45 GMT
Location: https://bl.trackham.com/f9908105-7257-45be-97c0-9990466cb2a4?external_id=36197-742629849&source=16295&sum=#p#
P3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: sid=3AKRs3wsbx1xxRNUycnDyafe/EtSNvEV0seiurw+XsXlTB5WZfjtDg==; domain=.toomoffr.com; path=/; HttpOnly
trk=pIuZQgyMyDBLAGqEhA87dafe/EtSNvEV0seiurw+XsXlTB5WZfjtDg==; domain=.toomoffr.com; expires=Tue, 28-Jan-2025 13:44:45 GMT; path=/; HttpOnly
c36197=3AKRs3wsbx1qJ7FfcJv2jSg0YcrLI/V+dqy4ul36A9leCUghiDE1Zg==; domain=.toomoffr.com; expires=Mon, 27-Feb-2023 13:44:45 GMT; path=/; HttpOnly
Connection: close
bl.trackham.com/f9908105-7257-45be-97c0-9990466cb2a4?external_id=36197-742629849&source=16295&sum=
18.193.146.82302 Found 0 B URL HTTP/2 bl.trackham.com/f9908105-7257-45be-97c0-9990466cb2a4?external_id=36197-742629849&source=16295&sum=
IP 18.193.146.82:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /f9908105-7257-45be-97c0-9990466cb2a4?external_id=36197-742629849&source=16295&sum= HTTP/1.1
Host: bl.trackham.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://orest-vlv.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Sat, 28 Jan 2023 13:44:45 GMT
content-length: 0
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://mycasualhookups.com/sl/html/EN3/n.php?cep=zSPKI_En0kC2H_W6XZYyAtgxj-v9ScGV-er0QrFNeGS0BY1QEA4YWMV-g1IWKxAaOQFRaJ3VgU1dn8L80xMP7uvC0zY-q2yHqJj1qRPcsbt1ScH-rIXZnm7FW8kSOCm3bKOqqfYzLfeUoSIyqd-iiLCWWuiOeyi05HI-rTv84ouV04zJMojo85Cbhu4zfle-I437c_ctv3hCzXREmFCpUFh2HxZlgSdJteiq2Zp6tebn2sSj3GJoF1Z8bdsLbT7xlWxBTf6M6uMOTImhIv-cZp_v3f_LQYif_OEARSviA0JZrdK4OKW6-yvXatbtHl4KwvWtec7z7IHV1dyHooNK9JRMgeUTNQ9-xsTuUmxC9aNa3NmQdU9Y10eyYfiu7hUBUJ-M-qp_dba17NGXW1rxObYlzGDBO43YxUMGLZYxbkI&lptoken=16fe74d591ef52ba8537&external_id=36197-742629849&source=16295&sum=
pragma: no-cache
set-cookie: f9908105-7257-45be-97c0-9990466cb2a4-v4=oD1ESqKtFErzSJonFZ42VCLAsPPTfmGZ91ZHwpmhgxI; Max-Age=86400; Expires=Sun, 29-Jan-2023 13:44:45 GMT; Domain=bl.trackham.com; Path=/; Secure; HttpOnly;SameSite=None
cep-v4=6OiI6ugkTo30Q6gk3T85HzVHkYptOXM0V2NGS1u8I-KAzo09PW7r45s9xBbYi_DodEfxMxfo7JUz6tCtPxA54LnV3kMapLLXMoy7Fd3Wj7EwHwtEq1FiIqdYhCj6eTxOn4khU_PzNkyUjby-2wIaXmlPIv0VicCNf8Mczht84rzqdaARreU7gI8kIPIba2Rsqh_XCwRyCndNUCxBYGN4k4VxhW-K5yx8sFVpMMtqpPUm2GdxXAcrunHd8-KvtieXKk8Mc7gItCzooZey0x_ITle5XohsKnul-Duv4Hg03fSqwkxpbB55zZ7tBIp_EKQklRmcfFX5E26wsZshsKvwL1yupacDaE0wq16NVwM8F1xsZwhtd07Qkhp-6S7jmug0wqmdlaERTYkYN6yiCQTGU9NhtRqu0DMMgYd6SPxFo6w; Max-Age=86400; Expires=Sun, 29-Jan-2023 13:44:45 GMT; Domain=bl.trackham.com; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/QsXoNUJjkNc
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/QsXoNUJjkNc
IP 142.250.74.131:0
Hash 33ead3061658172ebe03b4aac89e53fa
ce23c0798409f83dd8ad86dfe5bec832eb25ea66
744650eb4b0f706362e2b0cff52582ccb7d21d3244e21fe59eb342d5f435b9f3
POST /s/gts1p5/QsXoNUJjkNc HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 13:44:46 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
mycasualhookups.com/sl/common/js/lib/additional-methods.min.js
104.26.13.87200 OK 5.5 kB URL HTTP/2 mycasualhookups.com/sl/common/js/lib/additional-methods.min.js
IP 104.26.13.87:0
File type Unicode text, UTF-8 text, with very long lines (17654)
Hash 86a5d83090218186e6864117bc611c97
a1f7c2dbe64a32e53fe88568680dc19c71d29ca3
131330b650ab9481a926e565ece9d56f982cd062f7c7d007bb11cc3a83540f9a
Analyzer Verdict Alert fortinet Phishing
GET /sl/common/js/lib/additional-methods.min.js HTTP/1.1
Host: mycasualhookups.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mycasualhookups.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 13:44:46 GMT
content-type: application/javascript
last-modified: Mon, 26 Sep 2022 15:53:06 GMT
cache-control: max-age=86400
expires: Sun, 29 Jan 2023 06:32:54 GMT
vary: Accept-Encoding
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 2
cf-cache-status: HIT
age: 25911
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DoDS5l7k7NbVqDvAfz%2Fju0q3GLvryCYnWW1AIj3UIhqeKfjtEldCfBrWGgfqDW4X%2B17pT6GQo%2FiUj8Mbhzjn8NI%2BElm%2FPvpBWvfw2%2Fbf8IABL4GzeWJqkHDGc%2FIlegkOAEFaPag%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 790a2a2baf6d0b49-OSL
content-encoding: br
X-Firefox-Spdy: h2
app.api-push.com/get-keys
172.64.163.28200 OK 200 kB URL HTTP/2 app.api-push.com/get-keys
IP 172.64.163.28:0
File type JSON data\012- , ASCII text, with very long lines (2116), with no line terminators
Size 200 kB (200338 bytes)
Hash 1af861676914494033c4e7223af8cd96
8af9b6f5df134982b2fdda7657484005bdf75ad3
4e489a386b9ba401ce3c89e4f9a5c08f05e36a1804816eec87f0f2fdc2aeac41
POST /get-keys HTTP/1.1
Host: app.api-push.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
x-referer: https://mycasualhookups.com/sl/html/EN3/n.php?cep=zSPKI_En0kC2H_W6XZYyAtgxj-v9ScGV-er0QrFNeGS0BY1QEA4YWMV-g1IWKxAaOQFRaJ3VgU1dn8L80xMP7uvC0zY-q2yHqJj1qRPcsbt1ScH-rIXZnm7FW8kSOCm3bKOqqfYzLfeUoSIyqd-iiLCWWuiOeyi05HI-rTv84ouV04zJMojo85Cbhu4zfle-I437c_ctv3hCzXREmFCpUFh2HxZlgSdJteiq2Zp6tebn2sSj3GJoF1Z8bdsLbT7xlWxBTf6M6uMOTImhIv-cZp_v3f_LQYif_OEARSviA0JZrdK4OKW6-yvXatbtHl4KwvWtec7z7IHV1dyHooNK9JRMgeUTNQ9-xsTuUmxC9aNa3NmQdU9Y10eyYfiu7hUBUJ-M-qp_dba17NGXW1rxObYlzGDBO43YxUMGLZYxbkI&lptoken=16fe74d591ef52ba8537&external_id=36197-742629849&source=16295&sum=#p#
Content-Length: 89
Origin: https://mycasualhookups.com
Connection: keep-alive
Referer: https://mycasualhookups.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 13:44:47 GMT
content-type: application/json; charset=utf-8
vary: Origin
access-control-allow-origin: *
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE,PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=15724800; includeSubDomains
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BZ7%2BC9wMl2aFIGBz4%2BpjHuwQOEo%2BhsWoZZ9b1%2B6kQm%2BkEFYe4h8AGlJP0V4YNvmQS9PytUEjTokaael%2BBxZh6ZLmF1W0flTeV%2B3GAqQxuNQ0Q0xrELJa9VVtwwxuObagE%2FlF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 790a2a2e3ee176e7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
mycasualhookups.com/sl/html/EN3/images/m3.jpg
104.26.13.87200 OK 21 kB URL HTTP/2 mycasualhookups.com/sl/html/EN3/images/m3.jpg
IP 104.26.13.87:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 300x400, components 3\012- data
Hash c698f5bab1daf1f3745ff2b31e4b5dc3
a175e04604ee3fd474d9818f52f193ff3e7784a0
672edb2ed70499efa3d65fc0eead7f24337897b874228c230c78c334c3ac0cb4
GET /sl/html/EN3/images/m3.jpg HTTP/1.1
Host: mycasualhookups.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mycasualhookups.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 13:44:47 GMT
content-type: image/jpeg
content-length: 20890
cache-control: max-age=86400
cf-bgj: h2pri
expires: Sun, 29 Jan 2023 04:08:35 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
last-modified: Mon, 26 Sep 2022 15:53:08 GMT
x-endurance-cache-level: 2
cf-cache-status: HIT
age: 34572
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M%2Bbig%2Fol8nu8hmjoJDdSsrIu0DTME8HTcDFHlNxNITEiI57KKnJ5mGXosR0Va4yOWO0dQKhfH8c9jY8%2BZqQMoseegU7L22NOnzoSeB%2F66eUcuqvRV05TUtBbw8NramVmgAZcXl8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 790a2a2f5a8d0b49-OSL
X-Firefox-Spdy: h2
mycasualhookups.com/sl/html/EN3/js/functions.js
104.26.13.87200 OK 153 kB URL HTTP/2 mycasualhookups.com/sl/html/EN3/js/functions.js
IP 104.26.13.87:0
File type ASCII text, with very long lines (11875)
Size 153 kB (153156 bytes)
Hash 5a9c49534cfb8362d8aa6590f01af9f7
603d57cd5316f01b389f9f2a3d177cf677542787
8bd41f1a7a990d8992885974a92adda4017df5208a462f1c6a4cbb16a3b3ca24
Analyzer Verdict Alert fortinet Phishing
GET /sl/html/EN3/js/functions.js HTTP/1.1
Host: mycasualhookups.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mycasualhookups.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 13:44:46 GMT
content-type: application/javascript
cache-control: max-age=86400
cf-bgj: minify
cf-polished: origSize=52042
expires: Sat, 28 Jan 2023 16:13:02 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
last-modified: Mon, 26 Sep 2022 15:53:08 GMT
vary: Accept-Encoding
x-endurance-cache-level: 2
cf-cache-status: HIT
age: 77504
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E4dNYAS6ABtbY5nC5l%2FN8EPR9gsUZCKlWjAOAfLT8po0SKeJiawrrifQ1IO3HzJNAaT9FoJQPRat07HA7yEV3ztGiZrjiHwETsSKX2UQNeniDP3G3OJoXRUHYrHZ7tnPd103QQU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 790a2a2baf760b49-OSL
content-encoding: br
X-Firefox-Spdy: h2
mycasualhookups.com/sl/html/EN3/images/m2.jpg
104.26.13.87200 OK 209 kB URL HTTP/2 mycasualhookups.com/sl/html/EN3/images/m2.jpg
IP 104.26.13.87:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 620x844, components 3\012- data
Size 209 kB (208569 bytes)
Hash 2b4a576f2fd3533b65ff859c612c57d7
d91fa21923d27e32ad46d3698af4b7121fc8ec75
cbb4208d304cb9217350f46c8365e2fa0e6892f0e72263f94bd28e6a70623600
GET /sl/html/EN3/images/m2.jpg HTTP/1.1
Host: mycasualhookups.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mycasualhookups.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 13:44:47 GMT
content-type: image/jpeg
content-length: 208569
cache-control: max-age=86400
cf-bgj: h2pri
expires: Sun, 29 Jan 2023 04:08:35 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
last-modified: Mon, 26 Sep 2022 15:53:08 GMT
x-endurance-cache-level: 2
cf-cache-status: HIT
age: 34572
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nE%2FRFN4mnqw0S0O8vE3tmxQPdNSyvFWkgTXXGGZRUNBNaeiglf%2Ba1avtbcImSI4x0mZqchuRNLgccxWe6hm%2BYgGow3WEe%2FbXVNMtpX2xPmwTyfuJMz9qOV1%2FF8trTGBgjn4T9XA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 790a2a2f5a8c0b49-OSL
X-Firefox-Spdy: h2
mycasualhookups.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
104.26.13.87200 OK 655 B URL HTTP/2 mycasualhookups.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
IP 104.26.13.87:0
File type HTML document, ASCII text, with very long lines (1238)
Hash bc3ba461c8a309acf61b6d9c41cb6236
88482306ecc9258d5e9cbb9ba5314dab223a5db4
31331f1b1519882d2f2fb60367708fd56a7a1ec0bddd0554c635547179c7dc8f
Analyzer Verdict Alert fortinet Phishing
GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1
Host: mycasualhookups.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mycasualhookups.com/sl/common/privacy-policy.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 13:44:47 GMT
content-type: application/javascript
last-modified: Mon, 23 Jan 2023 11:05:52 GMT
etag: W/"63ce6a10-4d7"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CzFlHYe4CAXlWcN%2BQBAO7fyXqNhIeN5sS9%2F%2BUcDQeUrrfC%2Fr1rZ24Ki89C3B5gtPR4T%2BM6j4vogApSP%2F0Fh71t4nIiP%2B5XzIx0QSQ4YmSa3ICNyKmNgKmJqLeBpOau921eRIUCE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 790a2a30ec140b49-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Mon, 30 Jan 2023 13:44:47 GMT
cache-control: max-age=172800, public
content-encoding: gzip
X-Firefox-Spdy: h2
subscribe.api-push.com/subscriber/null/4e027e5d-4862-46c4-9cb6-ae024d88181b
172.64.163.28200 OK 5 B URL HTTP/2 subscribe.api-push.com/subscriber/null/4e027e5d-4862-46c4-9cb6-ae024d88181b
IP 172.64.163.28:0
File type ASCII text, with no line terminators
Hash 68934a3e9455fa72420237eb05902327
7cb6efb98ba5972a9b5090dc2e517fe14d12cb04
fcbcf165908dd18a9e49f7ff27810176db8e9f63b4352213741664245224f8aa
GET /subscriber/null/4e027e5d-4862-46c4-9cb6-ae024d88181b HTTP/1.1
Host: subscribe.api-push.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mycasualhookups.com/
Content-Type: application/json
x-referer: https://mycasualhookups.com/sl/html/EN3/n.php?cep=zSPKI_En0kC2H_W6XZYyAtgxj-v9ScGV-er0QrFNeGS0BY1QEA4YWMV-g1IWKxAaOQFRaJ3VgU1dn8L80xMP7uvC0zY-q2yHqJj1qRPcsbt1ScH-rIXZnm7FW8kSOCm3bKOqqfYzLfeUoSIyqd-iiLCWWuiOeyi05HI-rTv84ouV04zJMojo85Cbhu4zfle-I437c_ctv3hCzXREmFCpUFh2HxZlgSdJteiq2Zp6tebn2sSj3GJoF1Z8bdsLbT7xlWxBTf6M6uMOTImhIv-cZp_v3f_LQYif_OEARSviA0JZrdK4OKW6-yvXatbtHl4KwvWtec7z7IHV1dyHooNK9JRMgeUTNQ9-xsTuUmxC9aNa3NmQdU9Y10eyYfiu7hUBUJ-M-qp_dba17NGXW1rxObYlzGDBO43YxUMGLZYxbkI&lptoken=16fe74d591ef52ba8537&external_id=36197-742629849&source=16295&sum=#p#
Origin: https://mycasualhookups.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 13:44:47 GMT
content-type: application/json; charset=utf-8
content-length: 5
vary: Origin
access-control-allow-origin: *
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE,PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=15724800; includeSubDomains
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VdmXSEgJIdEjaxWoiBg4nQacVlWBv2wCSM%2BUopQcK6MkbtCCpp%2Bi1JL8a%2Bpz78AyIT4MmAi6dqSe489XA35bKONLdYUMxFCRuFhHaW91y99R3SaTZ%2BHHwzRuYFf9B6raCy0JF46fiF3b"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 790a2a32dc4776e7-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
hotloveland.com/btB7xg2S?aid=bbzkkpgabx&kid=ggb&clickid=s8hnpa71sre&sub1=38577&sub2=156696&sub3=frd
172.67.165.105302 Found 0 B URL HTTP/2 hotloveland.com/btB7xg2S?aid=bbzkkpgabx&kid=ggb&clickid=s8hnpa71sre&sub1=38577&sub2=156696&sub3=frd
IP 172.67.165.105:0
GET /btB7xg2S?aid=bbzkkpgabx&kid=ggb&clickid=s8hnpa71sre&sub1=38577&sub2=156696&sub3=frd HTTP/1.1
Host: hotloveland.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://orest-vlv.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sat, 28 Jan 2023 13:44:44 GMT
content-type: text/html; charset=UTF-8
location: https://m.luvmenow.com/click?pid=34496&offer_id=5246&sub1=s8hnpa71srn&sub2=34496&sub3=21&sub4=s8hnpa71sre&sub5=38577&sub6=156696&sub7=frd&sub8=
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
set-cookie: _subid=s8hnpa71srn;Expires=Tuesday, 28-Feb-2023 13:44:44 GMT;Max-Age=2678400;Path=/
b0608=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjE0NVwiOjE2NzQ5MTM0ODR9LFwiY2FtcGFpZ25zXCI6e1wiMjFcIjoxNjc0OTEzNDg0fSxcInRpbWVcIjoxNjc0OTEzNDg0fSJ9.EIZ-5FBYdjZ8MQyCOUrJOFFDcFUIvpO4P1VeOiCkj7s;Expires=Wednesday, 26-Feb-2076 03:29:28 GMT;Max-Age=1674999884;Path=/
_token=uuid_s8hnpa71srn_s8hnpa71srn63d526cc2f13d3.62572132;Expires=Tuesday, 28-Feb-2023 13:44:44 GMT;Max-Age=2678400;Path=/
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EdEyBX1nNF7VTrryZAIxq4hGz%2Fy%2BTR2a7wZhfCzi6sZQDTNU2V7%2FSegFVYoNbSb8R4BK1aFq2k0xCiEYn5Iuk050USUJ9W0Txr8QBcw9AirCBtYYQhqVqAJE%2BePL5rqslTE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 790a2a1b8c021c06-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
mycasualhookups.com/sl/html/EN3/css/style.css
104.26.13.87200 OK 0 B URL HTTP/2 mycasualhookups.com/sl/html/EN3/css/style.css
IP 104.26.13.87:0
GET /sl/html/EN3/css/style.css HTTP/1.1
Host: mycasualhookups.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mycasualhookups.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 13:44:46 GMT
content-type: text/css
cache-control: max-age=86400
cf-bgj: minify
cf-polished: origSize=13343
expires: Sat, 28 Jan 2023 20:09:54 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
last-modified: Mon, 26 Sep 2022 15:53:08 GMT
vary: Accept-Encoding
x-endurance-cache-level: 2
cf-cache-status: HIT
age: 63292
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F0FXsdJC0%2BueqQd5WzXEbhRhfCa90TiwR4tpMMmLl2%2FOjor9fpCMOskNQh50hPmnzzobRtjbU9mz7jlbLsKdzR%2FIuawYB5SadQDxy3TzRLunr5gvE1klaniRR9E1UgTWyjW6dew%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 790a2a2b9f640b49-OSL
content-encoding: br
X-Firefox-Spdy: h2
mycasualhookups.com/sl/common/favicon.ico
104.26.13.87200 OK 0 B URL HTTP/2 mycasualhookups.com/sl/common/favicon.ico
IP 104.26.13.87:0
GET /sl/common/favicon.ico HTTP/1.1
Host: mycasualhookups.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mycasualhookups.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 13:44:47 GMT
content-type: image/x-icon
last-modified: Mon, 26 Sep 2022 15:53:06 GMT
cache-control: max-age=31536000
expires: Thu, 28 Sep 2023 08:42:02 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 2
cf-cache-status: HIT
age: 10558965
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TYksLH%2FyE%2Fh8qJPDiuD0NIBIeDn4dEposM%2FYx3%2B5XLmwsU%2BcJgBc0VRscEhxvSTWZ2yXEIHS06BvhEqS5CgeAA3tH4bnBsjZrYFvQmtgb%2FsHhAxtaM7Vj5hLwLQ4NnCtMCRw0Bk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 790a2a2faacb0b49-OSL
content-encoding: br
X-Firefox-Spdy: h2
mycasualhookups.com/sl/html/EN3/js/langs.js
104.26.13.87200 OK 0 B URL HTTP/2 mycasualhookups.com/sl/html/EN3/js/langs.js
IP 104.26.13.87:0
Analyzer Verdict Alert fortinet Phishing
GET /sl/html/EN3/js/langs.js HTTP/1.1
Host: mycasualhookups.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mycasualhookups.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 13:44:46 GMT
content-type: application/javascript
cache-control: max-age=86400
cf-bgj: minify
cf-polished: origSize=38889
expires: Sat, 28 Jan 2023 20:39:07 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
last-modified: Mon, 26 Sep 2022 15:53:08 GMT
vary: Accept-Encoding
x-endurance-cache-level: 2
cf-cache-status: HIT
age: 61539
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w6%2BjMtz5UDwvrTOEyuIx6cF5uGMy56Tx%2BKlukNviV1%2F9ymbFFuQNtVRMUEohFRkG5p%2FOo7tdlUDhpZ%2BSKz8O4rZDrSAu9BMeG%2BfGrfIUc78%2FNaSUjtEEEZd2fU2qy%2FESbzmc2RY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 790a2a2baf6e0b49-OSL
content-encoding: br
X-Firefox-Spdy: h2
cdn-dt.fcdn.info/swpush.min.js
104.21.234.86200 OK 0 B URL HTTP/2 cdn-dt.fcdn.info/swpush.min.js
IP 104.21.234.86:0
GET /swpush.min.js HTTP/1.1
Host: cdn-dt.fcdn.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mycasualhookups.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 13:44:46 GMT
content-type: application/javascript
last-modified: Sat, 07 May 2022 08:23:17 GMT
etag: W/"62762c75-8692"
cache-control: max-age=31536000
cf-cache-status: HIT
age: 172459
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LO%2FV68%2BkAvPSmNETW33L1clx%2FrOGFBJz1pIcDHv%2FX3xlX%2F8Y0DpergKKRZrJuo9O9gvAt8pUnhH59CIzWcao%2FvtswL1vRKSXSni95YrVpcXqXSBt9MqCWAjm3S0kA731LkuD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 790a2a2c3fd47717-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
mycasualhookups.com/sl/html/EN3/n.php?cep=zSPKI_En0kC2H_W6XZYyAtgxj-v9ScGV-er0QrFNeGS0BY1QEA4YWMV-g1IWKxAaOQFRaJ3VgU1dn8L80xMP7uvC0zY-q2yHqJj1qRPcsbt1ScH-rIXZnm7FW8kSOCm3bKOqqfYzLfeUoSIyqd-iiLCWWuiOeyi05HI-rTv84ouV04zJMojo85Cbhu4zfle-I437c_ctv3hCzXREmFCpUFh2HxZlgSdJteiq2Zp6tebn2sSj3GJoF1Z8bdsLbT7xlWxBTf6M6uMOTImhIv-cZp_v3f_LQYif_OEARSviA0JZrdK4OKW6-yvXatbtHl4KwvWtec7z7IHV1dyHooNK9JRMgeUTNQ9-xsTuUmxC9aNa3NmQdU9Y10eyYfiu7hUBUJ-M-qp_dba17NGXW1rxObYlzGDBO43YxUMGLZYxbkI&lptoken=16fe74d591ef52ba8537&external_id=36197-742629849&source=16295&sum=
104.26.13.87200 OK 0 B URL HTTP/2 mycasualhookups.com/sl/html/EN3/n.php?cep=zSPKI_En0kC2H_W6XZYyAtgxj-v9ScGV-er0QrFNeGS0BY1QEA4YWMV-g1IWKxAaOQFRaJ3VgU1dn8L80xMP7uvC0zY-q2yHqJj1qRPcsbt1ScH-rIXZnm7FW8kSOCm3bKOqqfYzLfeUoSIyqd-iiLCWWuiOeyi05HI-rTv84ouV04zJMojo85Cbhu4zfle-I437c_ctv3hCzXREmFCpUFh2HxZlgSdJteiq2Zp6tebn2sSj3GJoF1Z8bdsLbT7xlWxBTf6M6uMOTImhIv-cZp_v3f_LQYif_OEARSviA0JZrdK4OKW6-yvXatbtHl4KwvWtec7z7IHV1dyHooNK9JRMgeUTNQ9-xsTuUmxC9aNa3NmQdU9Y10eyYfiu7hUBUJ-M-qp_dba17NGXW1rxObYlzGDBO43YxUMGLZYxbkI&lptoken=16fe74d591ef52ba8537&external_id=36197-742629849&source=16295&sum=
IP 104.26.13.87:0
GET /sl/html/EN3/n.php?cep=zSPKI_En0kC2H_W6XZYyAtgxj-v9ScGV-er0QrFNeGS0BY1QEA4YWMV-g1IWKxAaOQFRaJ3VgU1dn8L80xMP7uvC0zY-q2yHqJj1qRPcsbt1ScH-rIXZnm7FW8kSOCm3bKOqqfYzLfeUoSIyqd-iiLCWWuiOeyi05HI-rTv84ouV04zJMojo85Cbhu4zfle-I437c_ctv3hCzXREmFCpUFh2HxZlgSdJteiq2Zp6tebn2sSj3GJoF1Z8bdsLbT7xlWxBTf6M6uMOTImhIv-cZp_v3f_LQYif_OEARSviA0JZrdK4OKW6-yvXatbtHl4KwvWtec7z7IHV1dyHooNK9JRMgeUTNQ9-xsTuUmxC9aNa3NmQdU9Y10eyYfiu7hUBUJ-M-qp_dba17NGXW1rxObYlzGDBO43YxUMGLZYxbkI&lptoken=16fe74d591ef52ba8537&external_id=36197-742629849&source=16295&sum= HTTP/1.1
Host: mycasualhookups.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://orest-vlv.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 13:44:46 GMT
content-type: text/html; charset=UTF-8
cache-control: max-age=300
expires: Sat, 28 Jan 2023 13:49:46 GMT
vary: Accept-Encoding
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 2
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vUO9nkurUgeIhwPyPIxkOvZ53Lbjdge7NbamQ8TjUex7fotlDGbJ1BzJjPP0A%2FnT0mY%2F1blacCmJG2%2B57lI5%2F3iBR716uQLXdFnPFabua4m0Akw6PHHrG2HqSp3HOsubMH%2BBm6k%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 790a2a27cc310b49-OSL
content-encoding: br
X-Firefox-Spdy: h2
mycasualhookups.com/sl/common/js/lib/jquery.validate.min.js
104.26.13.87200 OK 0 B URL HTTP/2 mycasualhookups.com/sl/common/js/lib/jquery.validate.min.js
IP 104.26.13.87:0
Analyzer Verdict Alert fortinet Phishing
GET /sl/common/js/lib/jquery.validate.min.js HTTP/1.1
Host: mycasualhookups.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mycasualhookups.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 13:44:46 GMT
content-type: application/javascript
last-modified: Mon, 26 Sep 2022 15:53:06 GMT
cache-control: max-age=86400
expires: Sun, 29 Jan 2023 06:32:54 GMT
vary: Accept-Encoding
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 2
cf-cache-status: HIT
age: 25911
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ozVa4P%2B0a5i%2FE5xrSyLpf8ovcwE0ovMG%2BNeIBdVbIMQaGlOsfB8JXg6YEnqv3ElxYFOQZ0J4NDsCvTvHpdN%2BWbLndt3EHl7vaoy99xpXcWyexGHK%2BwbUe0yyx74L4%2BA%2F3VeIWbo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 790a2a2baf6c0b49-OSL
content-encoding: br
X-Firefox-Spdy: h2
mycasualhookups.com/sl/html/EN3/js/config.js
104.26.13.87200 OK 0 B URL HTTP/2 mycasualhookups.com/sl/html/EN3/js/config.js
IP 104.26.13.87:0
Analyzer Verdict Alert fortinet Phishing
GET /sl/html/EN3/js/config.js HTTP/1.1
Host: mycasualhookups.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mycasualhookups.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 13:44:46 GMT
content-type: application/javascript
cache-control: max-age=86400
cf-bgj: minify
cf-polished: origSize=701
expires: Sat, 28 Jan 2023 16:13:02 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
last-modified: Tue, 27 Sep 2022 14:26:18 GMT
vary: Accept-Encoding
x-endurance-cache-level: 2
cf-cache-status: HIT
age: 77504
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2zpc0SrilkLZD2VU1754ol4oMkzFvrNW4A9CxaU02UCFFDZnQTc2649Zpt7vN28F0g8nLndxl8n3S6Z2vix9zF075R%2FJEv03xUcRdmGvd8iOVwndt6E%2FHfw2YWM8Ac7%2FItu8ge0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 790a2a2baf6f0b49-OSL
content-encoding: br
X-Firefox-Spdy: h2
mycasualhookups.com/sl/common/js/lib/jquery-3.3.1.min.js
104.26.13.87200 OK 0 B URL HTTP/2 mycasualhookups.com/sl/common/js/lib/jquery-3.3.1.min.js
IP 104.26.13.87:0
Analyzer Verdict Alert fortinet Phishing
GET /sl/common/js/lib/jquery-3.3.1.min.js HTTP/1.1
Host: mycasualhookups.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mycasualhookups.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 13:44:46 GMT
content-type: application/javascript
last-modified: Mon, 26 Sep 2022 15:53:06 GMT
cache-control: max-age=86400
expires: Sun, 29 Jan 2023 06:32:54 GMT
vary: Accept-Encoding
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 2
cf-cache-status: HIT
age: 25911
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LtOnO4RLt8eWRNWmU6EF8HY71iRjlVSN09kQjFdGP4EOC6nyXkvC3PWk75ywTwchz2%2FxMZDQUDUBesnYkqTBvtV7kvB2uM5Jof91AtWW%2FpDKH0jChevLCKpLOQB%2B0l1W2WQ%2FZ2A%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 790a2a2baf6b0b49-OSL
content-encoding: br
X-Firefox-Spdy: h2
mycasualhookups.com/sl/common/js/common-langs.js
104.26.13.87200 OK 0 B URL HTTP/2 mycasualhookups.com/sl/common/js/common-langs.js
IP 104.26.13.87:0
Analyzer Verdict Alert fortinet Phishing
GET /sl/common/js/common-langs.js HTTP/1.1
Host: mycasualhookups.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mycasualhookups.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 13:44:46 GMT
content-type: application/javascript
cache-control: max-age=86400
cf-bgj: minify
cf-polished: origSize=19528
expires: Sun, 29 Jan 2023 06:32:54 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
last-modified: Mon, 26 Sep 2022 15:53:06 GMT
vary: Accept-Encoding
x-endurance-cache-level: 2
cf-cache-status: HIT
age: 25911
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T8hawP1uyNShUfT0GD3Sl57zUy8W%2F7Wgc4R0R1NUlaJP7kBBJePVJIOFrz5ovr%2BDjUkUPKVzTmIwYhR2SdLBklA2Rzw4J4nur8QvSkSyzbSHj%2Fec%2FUWM1oZLmhNCEYoFbmUfU0k%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 790a2a2baf730b49-OSL
content-encoding: br
X-Firefox-Spdy: h2
cdnjam.com/cdn/sdialog.min.css?_=4
172.67.166.71200 OK 0 B URL HTTP/2 cdnjam.com/cdn/sdialog.min.css?_=4
IP 172.67.166.71:0
GET /cdn/sdialog.min.css?_=4 HTTP/1.1
Host: cdnjam.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mycasualhookups.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 13:44:48 GMT
content-type: text/css
content-security-policy: block-all-mixed-content
etag: W/"1d16caacad4ad6c40a99319a5d183947"
last-modified: Mon, 22 Nov 2021 08:00:52 GMT
strict-transport-security: max-age=15724800; includeSubDomains
vary: Origin, Accept-Encoding
x-amz-request-id: 16F5E342988C7B8C
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=14400
cf-cache-status: HIT
age: 5992
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yBB1Bq6IboqctYqWSybjBbSzuEHATL1aPTAkNX5uFvv5%2Bu2MJ5TXX%2F4LP%2F05FfAW%2FZC7AfI%2F50afD1UbTlZbYZfu8gnsWOhTbmhg92pjzfJ99HulN24oRkZU8cqt"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 790a2a3a0ef2b506-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
mycasualhookups.com/sl/common/js/main.js?1674913486
104.26.13.87200 OK 0 B URL HTTP/2 mycasualhookups.com/sl/common/js/main.js?1674913486
IP 104.26.13.87:0
Analyzer Verdict Alert fortinet Phishing
GET /sl/common/js/main.js?1674913486 HTTP/1.1
Host: mycasualhookups.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mycasualhookups.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 13:44:47 GMT
content-type: application/javascript
last-modified: Mon, 26 Sep 2022 15:53:06 GMT
cache-control: max-age=86400
expires: Sun, 29 Jan 2023 13:44:47 GMT
vary: Accept-Encoding
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 2
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Xfa4FQI2sUSsU6bEAsdiKmGm%2FmmtAPxY81adkWRxb9XnGrztqtJk6Yx%2F3RpdwbBxzbYE%2BhCnRHgoZRw%2FZL6nA4rkD3hFi5mp7KcFpQ6cZujC44IkeUnXfGMyL0h%2B1hK5zYHsjT4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 790a2a2baf750b49-OSL
content-encoding: br
X-Firefox-Spdy: h2