Report - www.girls-nearby.com/c/01ed466905be7123

Report Overview

Submitted URL
www.girls-nearby.com/c/01ed466905be7123
IP
52.19.101.114
ASN
#16509 AMAZON-02
Submitted
2022-09-27 08:10:38
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
static.dating	232879	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	436 B	183 kB	35.227.221.175
hetetreff.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.2 kB	101 kB	35.227.210.22
www.google-analytics.com	40	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	358 B	20 kB	142.250.74.174
stats.g.doubleclick.net	96	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.2 kB	1.4 kB	64.233.162.154
ocsp2.globalsign.com	1544	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	690 B	3.8 kB	104.18.21.226
samlesamtykke.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	845 B	19 kB	35.195.163.35
pxltrck.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	476 B	546 B	63.33.122.202
landers.cdnware.io	255018	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	357 B	113 kB	35.227.234.99
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	5.8 kB	143.204.55.25
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321 B	229 B	34.117.237.239
tracksrouting.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	527 B	898 B	34.240.168.77
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	329 B	737 B	93.184.220.29
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	6.4 kB	13 kB	142.250.74.3
www.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	425 B	203 kB	142.250.74.163
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	758 B	2.7 kB	143.204.55.115
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	5.3 kB	23.36.77.32
fonts.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	952 B	33 kB	142.250.74.163
api.samlesamtykke.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.3 kB	7.6 kB	35.195.163.35
www.google.com	7	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	766 B	2.4 kB	142.250.74.164
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.7 kB	66 kB	34.120.237.76
www.google.no	25607	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	499 B	694 B	142.250.74.3
www.girls-nearby.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	358 B	636 B	52.19.101.114
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594 B	127 B	35.162.110.205

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-09-27	medium	www.girls-nearby.com/c/01ed466905be7123	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (18)

	URL	Size	First Seen	Last Seen
	www.google.com/recaptcha/enterprise.js?render=6Lc2aYkcAAAAANp1JsXLqbWbhNIDzi_7RBy95c-s	974 B	2023-03-07	2023-03-08
Pretty URL www.google.com/recaptcha/enterprise.js?render=6Lc2aYkcAAAAANp1JsXLqbWbhNIDzi_7RBy95c-s IP 142.250.74.164 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 23:58:00 Last Seen2023-03-08 02:23:55 Times Seen1 Hash 1b4f2245dcc7d89900dfde26487af5b6 a7c9d434d6bbfe12f8fab7d00a9e9f2ea311939c 236e697fceee377fee82ac873d3bc659b5c7e658525e91d31410fc432cd8d278 Loading...

	hetetreff.com/landing9?pi=770&pt1=3474604130&pe=	308 B	2023-03-07	2024-04-19
Pretty URL hetetreff.com/landing9?pi=770&pt1=3474604130&pe= IP 35.227.210.22 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:09:25 Last Seen2024-04-19 12:28:41 Times Seen820 Hash 8a81377a647bdea836809865c62d171b dd72dda89aacfe74746d2c73421ea55a23ab313d 9c7aa944eeb31b5765d0c1674cdc445dff6dd572a6fe897f6d5137ce181d44a9 Loading...

	www.google.com/recaptcha/enterprise.js	940 B	2023-03-07	2023-03-08
Pretty URL www.google.com/recaptcha/enterprise.js IP 142.250.74.164 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 23:58:00 Last Seen2023-03-08 02:23:55 Times Seen1 Hash 0bd036ba148d0b81cbf311cd73716c32 a0ca06a60db2e524517c1e7c194070653ab3ac3f d089a2f5146cf1be2613e980192d40544df2dae4cc18e2ecdf287c3ffc5e8cd6 Loading...

	www.gstatic.com/recaptcha/releases/ovmhLiigaw4D9ujHYlHcKKhP/recaptcha__en.js	398 kB	2023-03-07	2023-03-10
Pretty URL www.gstatic.com/recaptcha/releases/ovmhLiigaw4D9ujHYlHcKKhP/recaptcha__en.js IP 142.250.74.163 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 23:46:10 Last Seen2023-03-10 14:27:44 Times Seen1 Hash dff1edaf9fa8e0138b7342527bb2fdaf 9c1d9e6f3a8785ffdd088f57e3e8803dd2c459b0 23d94b3877e873dff9124312f3627f15071fe84a751d32c6e76b4c693ce8a9b9 Loading...

	www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Lc2aYkcAAAAANp1JsXLqbWbhNIDzi_7RBy95c-s&co=aHR0cHM6Ly9oZXRldHJlZmYuY29tOjQ0Mw..&hl=en&v=ovmhLiigaw4D9ujHYlHcKKhP&size=invisible&cb=hq4f201yzfuf	35 kB	2023-03-08	2023-03-08
Pretty URL www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Lc2aYkcAAAAANp1JsXLqbWbhNIDzi_7RBy95c-s&co=aHR0cHM6Ly9oZXRldHJlZmYuY29tOjQ0Mw..&hl=en&v=ovmhLiigaw4D9ujHYlHcKKhP&size=invisible&cb=hq4f201yzfuf IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 02:21:17 Last Seen2023-03-08 02:21:17 Times Seen1 Hash 8a4312df4b12e3d831137a7d04c89403 28b9867138ccef70732b27db1ab987a5b24f2f2b 75314ef0c90276776d5b6946e7c0e6b977efd4e68cbbe3a841634d897d7631b2 Loading...

	hetetreff.com/landing9?pi=770&pt1=3474604130&pe=	147 B	2023-03-07	2024-04-19
Pretty URL hetetreff.com/landing9?pi=770&pt1=3474604130&pe= IP 35.227.210.22 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:09:25 Last Seen2024-04-19 12:28:41 Times Seen882 Hash b85aa80cb826211a36318337793411db e34920a6965fb7b9102be2dcde8ae363e4355686 e4de3377c03566f32b347f14973f5e998466e585c9bbd27f7dc9099ecf77e7a2 Loading...

	www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Lc2aYkcAAAAANp1JsXLqbWbhNIDzi_7RBy95c-s&co=aHR0cHM6Ly9oZXRldHJlZmYuY29tOjQ0Mw..&hl=en&v=ovmhLiigaw4D9ujHYlHcKKhP&size=invisible&cb=hq4f201yzfuf	75 B	2023-03-07	2024-04-24
Pretty URL www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Lc2aYkcAAAAANp1JsXLqbWbhNIDzi_7RBy95c-s&co=aHR0cHM6Ly9oZXRldHJlZmYuY29tOjQ0Mw..&hl=en&v=ovmhLiigaw4D9ujHYlHcKKhP&size=invisible&cb=hq4f201yzfuf IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:15:59 Last Seen2024-04-24 17:29:51 Times Seen10343 Hash dca9d53787fff314e5bd1a123b28906a 1350c858f60bbb03d1b53b05cbad6cea82ff29d1 2475d902b4182bac667d464a44c89ee405e5cfd64156b30f811557cf2b347e2f Loading...

	hetetreff.com/landing9?pi=770&pt1=3474604130&pe=	103 B	2023-03-07	2024-04-15
Pretty URL hetetreff.com/landing9?pi=770&pt1=3474604130&pe= IP 35.227.210.22 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:09:25 Last Seen2024-04-15 10:45:38 Times Seen405 Hash 7c30234b7bf626af1abf57d402628101 631dbf3c494a82cb7ce1c84de335ec50feff2f38 dc87051dc947ab8cdb9093cc5b02fa705d0ec2453052986be2beaa380a644f2c Loading...

	landers.cdnware.io/media-registry.js	112 kB	2023-03-07	2023-03-17
Pretty URL landers.cdnware.io/media-registry.js IP 35.227.234.99 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 17:04:14 Last Seen2023-03-17 12:41:32 Times Seen1 Hash 380ed079154cd891212b82889e64f5d3 449897e695f434cab1dfb6261841fc7d03c562ad 8ef4720f844f4427687724020d0a85e6eddd2681c231f00dd1bd28d11decaa68 Loading...

	samlesamtykke.com/cc.js?wId=28oTX6uLXHkFoLq9L7hglB&domain=hetetreff.com&languageCode=nb&languageTerritory=NO&sessionId=23e0e6f0bbc3482f9522f2bfe09f6c62	120 kB	2023-03-08	2023-03-08
Pretty URL samlesamtykke.com/cc.js?wId=28oTX6uLXHkFoLq9L7hglB&domain=hetetreff.com&languageCode=nb&languageTerritory=NO&sessionId=23e0e6f0bbc3482f9522f2bfe09f6c62 IP 35.195.163.35 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 02:21:17 Last Seen2023-03-08 02:21:17 Times Seen1 Hash 5a585eaafbe0142ba559aef63bf21df5 ef456e5159bc42acac6bda234807b2d73e8461c1 288e9eb0d8096e4756d3723d5aa4543e731419ca58943cbd23b97131970d3d21 Loading...

	www.google-analytics.com/analytics.js	50 kB	2023-03-07	2024-01-06
Pretty URL www.google-analytics.com/analytics.js IP 142.250.74.174 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 18:05:31 Last Seen2024-01-06 17:39:53 Times Seen66 Hash 99ba52a15d2da967b023016d1af58cbd 5c2246049c43834d17113877b4731bd4f9803d55 9e25469f734732205f33dd80ff8ca12080406c18d2fa99a1f368103e51f7999f Loading...

	hetetreff.com/landers/js/landing009.js	69 kB	2023-03-08	2023-03-08
Pretty URL hetetreff.com/landers/js/landing009.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 02:21:17 Last Seen2023-03-08 02:21:17 Times Seen1 Hash 44197d0058f33e5b1e73fdf73bd013fa 610b8f8bc08de64473efaa9c11c89106a9364278 1425508e74a2cc9c000bea8a72457fed0d7f6a30d4b0667c52415137817adf8e Loading...

	hetetreff.com/landing9?pi=770&pt1=3474604130&pe=	6.1 kB	2023-03-08	2023-03-08
Pretty URL hetetreff.com/landing9?pi=770&pt1=3474604130&pe= IP 35.227.210.22 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 02:21:17 Last Seen2023-03-08 07:42:13 Times Seen1 Hash d4eb8909411b1ba56a6a244770c87b09 1f100ca7f085af08051ab656c9a7c952fb1e215e 05bcb17a649d3b6b1f3f8a268d54da5f0054cc4b6fdfe749745b49d68dbc3b43 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 8255e47c8659ff37c9b3a0934673908e	22 B	2023-03-07	2023-03-08
Pretty Observations First Seen2023-03-07 23:04:59 Last Seen2023-03-08 03:22:24 Times Seen1 Hash 8255e47c8659ff37c9b3a0934673908e e851f0d2bd2c672883af76176e787f6530feabcf d651a2902f113132877a12117727707b1031e8f12615f8a3a0ad138ea5eb79ea Loading...

	#2 Eval - 2851c27fe4d7dcfce30aeaa53cfb59ed	16 kB	2023-03-07	2023-03-08
Pretty Observations First Seen2023-03-07 23:04:59 Last Seen2023-03-08 03:22:24 Times Seen1 Hash 2851c27fe4d7dcfce30aeaa53cfb59ed e6d6747077359e2996fcb8ce60c94647e548a120 b7bb0c5ac33ab436c5fe975360ef1af5f66987c6c8bf5c0569e749197b16ecaa Loading...

	#3 Eval - 8dff10614bd27fcf55645cfd205171a6	22 kB	2023-03-08	2023-03-08
Pretty Observations First Seen2023-03-08 02:21:17 Last Seen2023-03-08 02:21:17 Times Seen1 Hash 8dff10614bd27fcf55645cfd205171a6 cf8fba033390c5b805d0ca92be564decb79117d0 14361d2ef18f44c51ed5da1c1704008274d7019232663a77c4bd90dcc66a1c66 Loading...

	#4 Eval - c4bcc9c08455c63b6941587911bb5e33	62 B	2023-03-07	2023-03-08
Pretty Observations First Seen2023-03-07 23:04:59 Last Seen2023-03-08 03:22:24 Times Seen1 Hash c4bcc9c08455c63b6941587911bb5e33 a63bdfb594e7769cde32b002448f0fec82476ce7 9a40ef33f7700831131770a8048c5a08faa312d7311fc2c6ced1909ea6e458ce Loading...

	#5 Eval - 1845a1a5613a3cc719cdfd0f4354c64d	22 B	2023-03-07	2023-03-08
Pretty Observations First Seen2023-03-07 23:04:59 Last Seen2023-03-08 03:22:24 Times Seen1 Hash 1845a1a5613a3cc719cdfd0f4354c64d d98cc33e5143dec9bb98528b47284c10072c60ce 531ec07d216cb5810b6ebf63f292c8c1759049139e175d847973b17cd08238fa Loading...

HTTP Transactions (66)

URL IP Response Size

www.girls-nearby.com/c/01ed466905be7123

52.19.101.114

302 Found

106 B

URL HTTP/1.1
www.girls-nearby.com/c/01ed466905be7123
IP
52.19.101.114:0
ASN
#16509 AMAZON-02

File type
HTML document, ASCII text
Size
106 B (106 bytes)
Hash
fb078566881260b7543b63105cc1269f
9e0acdccc15c1c56953b74b61d8faa0dbf27f2f7
e3a742d82a1813876ba7ffdde7c96c6bfa53d28764839cd5b8ff486342427324

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /c/01ed466905be7123 HTTP/1.1
Host: www.girls-nearby.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 Found
Server: nginx
Date: Tue, 27 Sep 2022 08:10:26 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 106
Connection: keep-alive
Location: https://pxltrck.com/?a=770&c=57863&s1=&s3=&s4=aftbe6332aff20008c968
Set-Cookie: unique_id=6332aff20003af9e; Path=/; Expires=Sat, 26 Nov 2022 08:10:26 GMT
unique_id2=6332aff20003b9e8; Path=/; Expires=Mon, 26 Dec 2022 08:10:26 GMT
impression=; Path=/; Expires=Tue, 27 Sep 2022 08:10:26 GMT
tid=aftbe6332aff20008c968; Path=/; Expires=Wed, 01 Sep 2027 08:10:26 GMT

firefox.settings.services.mozilla.com/v1/

143.204.55.115

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.115:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Backoff, Retry-After, Content-Length
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 27 Sep 2022 07:15:30 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: x75ssSZ8SIW2zxYJ7rB8M_BNaDSra2S0PDva4o6MSprWr7T8fPIWOw==
Age: 3296

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d2560f62890e75b8de444fed96c22f52
334ce0c48e606ee029f31eeb1463af87b1024bb9
4397e6b45b5822fbab9b83abe0b96ee70efba7cd2160b51936159865ede5fdb1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4397E6B45B5822FBAB9B83ABE0B96EE70EFBA7CD2160B51936159865EDE5FDB1"
Last-Modified: Sun, 25 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4950
Expires: Tue, 27 Sep 2022 09:32:56 GMT
Date: Tue, 27 Sep 2022 08:10:26 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain

143.204.55.25

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP
143.204.55.25:0
ASN
#16509 AMAZON-02

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
date: Mon, 26 Sep 2022 09:17:07 GMT
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
etag: "6113f8408c59aebe188d6af273b90743"
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 475d4ecb64796af058573c6f1048e898.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Yo90oKq7WtJD3p_2k6v5R6BFKhmNzaN_7-QO_NAX1D4ASDYVvOKeKQ==
age: 82400
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 08:10:26 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp2.globalsign.com/gsalphasha2g2

104.18.21.226

200 OK

1.4 kB

URL HTTP/1.1
ocsp2.globalsign.com/gsalphasha2g2
IP
104.18.21.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.4 kB (1423 bytes)
Hash
f1b8d759bcb5228be2519d3e7978b4a6
869d4f60671bbfd0793c1553159893bf6ce17ac4
48f266304b89ad5718f71d7eec3b7697bc77040a935b615140781db94664ddf4

HTTP Headers

POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 08:10:26 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Sat, 01 Oct 2022 06:51:53 GMT
ETag: "869d4f60671bbfd0793c1553159893bf6ce17ac4"
Last-Modified: Tue, 27 Sep 2022 06:51:54 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: EXPIRED
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7512c34b3d591c02-OSL

pxltrck.com/?a=770&c=57863&s1=&s3=&s4=aftbe6332aff20008c968

63.33.122.202

302 Found

255 B

URL HTTP/1.1
pxltrck.com/?a=770&c=57863&s1=&s3=&s4=aftbe6332aff20008c968
IP
63.33.122.202:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
255 B (255 bytes)
Hash
d73299adf6ed97682348e0558e39531b
6794d20ff405467ec59ff7f707551b77054c21e1
dd9579ebdeb89f5aeba62846b27b0f2f4cb0c5275cbf548e0b06265c1bf9a784

HTTP Headers

GET /?a=770&c=57863&s1=&s3=&s4=aftbe6332aff20008c968 HTTP/1.1
Host: pxltrck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/1.1 302 Found
Cache-Control: private
Content-Length: 255
Content-Type: text/html; charset=utf-8
Date: Tue, 27 Sep 2022 08:10:26 GMT
Location: https://tracksrouting.com/?a=770&c=57863&s1=&s3=&s4=aftbe6332aff20008c968&ckmguid=8a899119-bb3b-4c7f-9c5f-f2cea1f5aad5
Connection: close

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

143.204.55.115

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
143.204.55.115:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Tue, 27 Sep 2022 07:10:46 GMT
Expires: Tue, 27 Sep 2022 07:38:30 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 277d0e3af1ffdcb1ee40b7dc9f040146.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: vDSUdr3ZJRgUYaayfILtfBxQfNB8dGmlfeycL1kDxxpY600SAvKAbg==
Age: 3580

ocsp2.globalsign.com/gsalphasha2g2

104.18.21.226

200 OK

1.4 kB

URL HTTP/1.1
ocsp2.globalsign.com/gsalphasha2g2
IP
104.18.21.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.4 kB (1423 bytes)
Hash
bd06c1458a44a5b10ba2037e4fc19ab5
04ce325ae260414db6b2bd0da90aacb89a1cc7af
39d071a6d81b9bbc2a5a2c377f38dfb3c942a3c304d57ec00dd57c4381b2de33

HTTP Headers

POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 08:10:26 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Sat, 01 Oct 2022 05:42:31 GMT
ETag: "04ce325ae260414db6b2bd0da90aacb89a1cc7af"
Last-Modified: Tue, 27 Sep 2022 05:42:32 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 56
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7512c34dbfbe1c02-OSL

tracksrouting.com/?a=770&c=57863&s1=&s3=&s4=aftbe6332aff20008c968&ckmguid=8a899119-bb3b-4c7f-9c5f-f2cea1f5aad5

34.240.168.77

302 Found

181 B

URL HTTP/1.1
tracksrouting.com/?a=770&c=57863&s1=&s3=&s4=aftbe6332aff20008c968&ckmguid=8a899119-bb3b-4c7f-9c5f-f2cea1f5aad5
IP
34.240.168.77:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
181 B (181 bytes)
Hash
e1231b0790b1c058fb5990d40cec33c5
fc607da75eb09cad2848cd6884acdb2a756aa595
d25e865e3e9bf556ad4fbb403aa7fe980a106394fa7101663cd1625ed192a87e

HTTP Headers

GET /?a=770&c=57863&s1=&s3=&s4=aftbe6332aff20008c968&ckmguid=8a899119-bb3b-4c7f-9c5f-f2cea1f5aad5 HTTP/1.1
Host: tracksrouting.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/1.1 302 Found
Cache-Control: private
Content-Length: 181
Content-Type: text/html; charset=utf-8
Date: Tue, 27 Sep 2022 08:10:26 GMT
Location: https://hetetreff.com/landing9?pi=770&pt1=3474604130&pe=
P3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: sid=OtynPe0qoGnpaoHk1KKa7DguKBn/mtcYtqfgmN0jIsgWVsbPQGqWxQ==; domain=.tracksrouting.com; path=/; HttpOnly
trk=8/u9snUNlut6Ogdv+kusRDguKBn/mtcYtqfgmN0jIsgWVsbPQGqWxQ==; domain=.tracksrouting.com; expires=Fri, 27-Sep-2024 08:10:26 GMT; path=/; HttpOnly
c15453=OtynPe0qoGlmcuSSiOZMbWeeHeKdt14j/SC8r7+niWM5HSzQ9RU1WA==; domain=.tracksrouting.com; expires=Thu, 27-Oct-2022 08:10:26 GMT; path=/; HttpOnly
Connection: close

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
5adb7eb1d103eadeeafac36e663ffdd3
23b784388dd634fa736cd60aed71570661e73d02
5c95ba48bc342887b4f7ef697bd4def50f6f2f472f654169179e5ac44df883d9

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4908
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 08:10:27 GMT
Last-Modified: Tue, 27 Sep 2022 06:48:39 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471

ocsp.pki.goog/s/gts1d4/YrioWwBqqRw

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1d4/YrioWwBqqRw
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
e5feab96785141d92c345d9105e410c7
24cc859d246576dbce1a6b07b661e9d6a54aa739
10bf713a6c462f233504aa28d7afd058582b01bed91f480ef4a043c1a877be7b

HTTP Headers

POST /s/gts1d4/YrioWwBqqRw HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 08:10:27 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

push.services.mozilla.com/

35.162.110.205

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
35.162.110.205:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: n60bZhxoPkA6SCMqXAaxAg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: n9Pv4nnAitxVxr0HYfmpzoxSom4=

ocsp.pki.goog/s/gts1d4/YrioWwBqqRw

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1d4/YrioWwBqqRw
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
e5feab96785141d92c345d9105e410c7
24cc859d246576dbce1a6b07b661e9d6a54aa739
10bf713a6c462f233504aa28d7afd058582b01bed91f480ef4a043c1a877be7b

HTTP Headers

POST /s/gts1d4/YrioWwBqqRw HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 08:10:27 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
5b7b66f5886a12421c3f3970bbf49d5a
13a31565fb5b2f1e75d67ba1ce09dae339f1c0e8
3ed8ffa99cefdf81381912b426c0ab9091fb5888836665d9012435965f99feba

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 08:10:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
5b7b66f5886a12421c3f3970bbf49d5a
13a31565fb5b2f1e75d67ba1ce09dae339f1c0e8
3ed8ffa99cefdf81381912b426c0ab9091fb5888836665d9012435965f99feba

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 08:10:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.com/recaptcha/enterprise.js?render=6Lc2aYkcAAAAANp1JsXLqbWbhNIDzi_7RBy95c-s

142.250.74.164

200 OK

616 B

URL HTTP/2
www.google.com/recaptcha/enterprise.js?render=6Lc2aYkcAAAAANp1JsXLqbWbhNIDzi_7RBy95c-s
IP
142.250.74.164:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (974), with no line terminators
Size
616 B (616 bytes)
Hash
54ac056033e5aef07d6f13155be90f3e
01b6f6963e46745e27e87b95360d465d9e1394b7
d25bd1c8d1c5816c5dae6d8d3332dd1b63878a81653bb7b075b11d8149e868aa

HTTP Headers

GET /recaptcha/enterprise.js?render=6Lc2aYkcAAAAANp1JsXLqbWbhNIDzi_7RBy95c-s HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hetetreff.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
expires: Tue, 27 Sep 2022 08:10:27 GMT
date: Tue, 27 Sep 2022 08:10:27 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 616
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google.com/recaptcha/enterprise.js

142.250.74.164

200 OK

585 B

URL HTTP/2
www.google.com/recaptcha/enterprise.js
IP
142.250.74.164:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (940), with no line terminators
Size
585 B (585 bytes)
Hash
5d77e6a3e33bb19527afd8bb44ef84b0
62c996798457349a76758599546eff80a50ef4e6
103fcfb8e2652e98b1f8e6b6439f6b2d0b9f08bf338ae6f6b00e87adc533077d

HTTP Headers

GET /recaptcha/enterprise.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hetetreff.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
expires: Tue, 27 Sep 2022 08:10:27 GMT
date: Tue, 27 Sep 2022 08:10:27 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 585
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
4538701cf9bc34d908f50370beb922f4
df141b9c3ec626ecaba7c1899073a48b811c4113
61497b93eb237687a8fff5845a7a81aff2f2f53dc56f2d0818bfb98dd1256d6f

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 08:10:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
737756d717fd215d94458a21028ae486
ee3c3097bcb2ff3f5482b0dc6056b1549afa8f1f
8e705bae2060960e1b2f79c42ebc445d52f307aeac41b34d3a1789879e51b85a

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 08:10:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
737756d717fd215d94458a21028ae486
ee3c3097bcb2ff3f5482b0dc6056b1549afa8f1f
8e705bae2060960e1b2f79c42ebc445d52f307aeac41b34d3a1789879e51b85a

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 08:10:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.gstatic.com/recaptcha/releases/ovmhLiigaw4D9ujHYlHcKKhP/recaptcha__en.js

142.250.74.163

200 OK

202 kB

URL HTTP/2
www.gstatic.com/recaptcha/releases/ovmhLiigaw4D9ujHYlHcKKhP/recaptcha__en.js
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Unicode text, UTF-8 text, with very long lines (60065)
Size
202 kB (201783 bytes)
Hash
822cd9003ee0529092b169576303c28b
321dbee54c0c58cedbf7d46aed02f8dc96190311
7000d6003feb9cd20177cb0822788b4718c2b8f9a4d7dce36a642db14cb1f036

HTTP Headers

GET /recaptcha/releases/ovmhLiigaw4D9ujHYlHcKKhP/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hetetreff.com/
Origin: https://hetetreff.com
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 158248
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 25 Sep 2022 22:25:55 GMT
expires: Mon, 25 Sep 2023 22:25:55 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 19 Sep 2022 04:01:43 GMT
content-type: text/javascript
age: 121472
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/s/gts1d4/avT9nzwKolY

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1d4/avT9nzwKolY
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
07533186a9826b477e0943e5e8c9096b
e1bd65d8ffc95505e3c4ec22f10f0f2e412da47f
135a22fb7612979e4d195f5415c2072ba86fac8f545f1d87a87088a265e22d2e

HTTP Headers

POST /s/gts1d4/avT9nzwKolY HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 08:10:27 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
737756d717fd215d94458a21028ae486
ee3c3097bcb2ff3f5482b0dc6056b1549afa8f1f
8e705bae2060960e1b2f79c42ebc445d52f307aeac41b34d3a1789879e51b85a

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 08:10:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

landers.cdnware.io/media-registry.js

35.227.234.99

200 OK

112 kB

URL HTTP/2
landers.cdnware.io/media-registry.js
IP
35.227.234.99:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (65536), with no line terminators
Size
112 kB (112222 bytes)
Hash
380ed079154cd891212b82889e64f5d3
449897e695f434cab1dfb6261841fc7d03c562ad
8ef4720f844f4427687724020d0a85e6eddd2681c231f00dd1bd28d11decaa68

HTTP Headers

GET /media-registry.js HTTP/1.1
Host: landers.cdnware.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hetetreff.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-guploader-uploadid: ADPycduOUdBHzGCabsL_P8Z_KrYOTI3vCZTV40cKL9AYeSv-CZdYZPLklKsKqnchkiorpZUo9-zYBzj3K4EyAZ3O3Y90jw
x-goog-generation: 1663076119154166
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 112222
x-goog-hash: crc32c=c23ikw==, md5=OA7QeRVM2JEhK4KInmT10w==
x-goog-storage-class: STANDARD
accept-ranges: bytes
content-length: 112222
server: UploadServer
date: Tue, 27 Sep 2022 08:01:56 GMT
expires: Tue, 27 Sep 2022 09:01:56 GMT
cache-control: public, max-age=3600
age: 511
last-modified: Tue, 13 Sep 2022 13:35:19 GMT
etag: "380ed079154cd891212b82889e64f5d3"
content-type: application/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/s/gts1d4/avT9nzwKolY

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1d4/avT9nzwKolY
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
07533186a9826b477e0943e5e8c9096b
e1bd65d8ffc95505e3c4ec22f10f0f2e412da47f
135a22fb7612979e4d195f5415c2072ba86fac8f545f1d87a87088a265e22d2e

HTTP Headers

POST /s/gts1d4/avT9nzwKolY HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 08:10:28 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

samlesamtykke.com/cc.js?wId=28oTX6uLXHkFoLq9L7hglB&domain=hetetreff.com&languageCode=nb&languageTerritory=NO&sessionId=23e0e6f0bbc3482f9522f2bfe09f6c62

35.195.163.35

200 OK

14 kB

URL HTTP/2
samlesamtykke.com/cc.js?wId=28oTX6uLXHkFoLq9L7hglB&domain=hetetreff.com&languageCode=nb&languageTerritory=NO&sessionId=23e0e6f0bbc3482f9522f2bfe09f6c62
IP
35.195.163.35:0
ASN
#15169 GOOGLE

File type
ASCII text
Size
14 kB (14065 bytes)
Hash
c79b39b9a54504068e0acf4ad8924cc7
32fee4369074552035dc2838fce44a805252faab
f951a31f87826f11507a3c8b186ecc5ef409b93680c63a9fa0185510c808287e

HTTP Headers

GET /cc.js?wId=28oTX6uLXHkFoLq9L7hglB&domain=hetetreff.com&languageCode=nb&languageTerritory=NO&sessionId=23e0e6f0bbc3482f9522f2bfe09f6c62 HTTP/1.1
Host: samlesamtykke.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hetetreff.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx/1.10.3 (Ubuntu)
date: Tue, 27 Sep 2022 08:10:28 GMT
content-type: application/javascript
content-length: 14065
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=63072000;
x-content-type-options: nosniff
X-Firefox-Spdy: h2

ocsp.pki.goog/s/gts1d4/ElIZiSiUWAM

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1d4/ElIZiSiUWAM
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
28892436462e2b2d218a9524acdd3f4f
a956994e7dbffa76a32589d3a859527ca6ac43d6
fbfdf449aa3aab817668556c0faa6b452fb7a6c51994317eed0a3a9ac5643495

HTTP Headers

POST /s/gts1d4/ElIZiSiUWAM HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 08:10:28 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

static.dating/lander/translations/nb-no2.json

35.227.221.175

200 OK

182 kB

URL HTTP/2
static.dating/lander/translations/nb-no2.json
IP
35.227.221.175:0
ASN
#15169 GOOGLE

File type
JSON data\012- , Unicode text, UTF-8 text, with very long lines (64546), with no line terminators
Size
182 kB (182278 bytes)
Hash
50ac9286e7e1d6dfb82ef25e87d8cd9d
6f8d8b95724811f438244c3aad4c4aa9ab9d5852
fc5e52e13cbed5d6d1cba354f2ff5aef5eac3a49e66449fe733a76ea2ab08826

HTTP Headers

GET /lander/translations/nb-no2.json HTTP/1.1
Host: static.dating
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hetetreff.com/
Origin: https://hetetreff.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-guploader-uploadid: ADPycdtWYT8-CDA2ziTPwH-1OXjqAnFut1YivVr4KcVJtem3o9HTPPskLxqX8y3OZTfB2ckjUNcfl_jcaEaI3-qQ8h49VtP_rhXx
x-goog-generation: 1658411406859850
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 182278
x-goog-hash: crc32c=AxdH/A==, md5=UKyShufh1t+4LvJeh9jNnQ==
x-goog-storage-class: MULTI_REGIONAL
accept-ranges: bytes
content-length: 182278
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
server: UploadServer
date: Tue, 27 Sep 2022 07:47:48 GMT
expires: Tue, 27 Sep 2022 08:47:48 GMT
cache-control: public, max-age=3600
age: 1360
last-modified: Thu, 21 Jul 2022 13:50:06 GMT
etag: "50ac9286e7e1d6dfb82ef25e87d8cd9d"
content-type: application/octet-stream
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/s/gts1d4/ElIZiSiUWAM

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1d4/ElIZiSiUWAM
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
28892436462e2b2d218a9524acdd3f4f
a956994e7dbffa76a32589d3a859527ca6ac43d6
fbfdf449aa3aab817668556c0faa6b452fb7a6c51994317eed0a3a9ac5643495

HTTP Headers

POST /s/gts1d4/ElIZiSiUWAM HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 08:10:28 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

hetetreff.com/landers/css/theme/pornhub.css

35.227.210.22

200 OK

100 kB

URL HTTP/2
hetetreff.com/landers/css/theme/pornhub.css
IP
35.227.210.22:0
ASN
#15169 GOOGLE

File type
data
Size
100 kB (99575 bytes)
Hash
dab25225ef519cf675768a80ce79136d
4bfb779d17a475554c01aa786988fbf2ad40a4aa
6651520719522fe4361469d9ebec696d59e9dcfe281310d07c50f87c9b56e19a

HTTP Headers

GET /landers/css/theme/pornhub.css HTTP/1.1
Host: hetetreff.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hetetreff.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 27 Sep 2022 07:59:53 GMT
server: nginx/1.14.2
content-type: text/css;charset=UTF-8
x-powered-by: PHP/7.2.34
x-host: hetetreff.com
content-encoding: gzip
x-cacheable: YES
cache-control: max-age=300
xkey: lander
vary: Accept-Encoding
x-varnish: 73422931 73169760
age: 0
x-cache: HIT
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000, h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via: 1.1 varnish (Varnish/6.0), 1.1 google, 1.1 google
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
c939f97c8bcbfea356e92036803714bc
608c795e7c4fb943a4db49a4e4533c41ea717023
b05b38c78c15c259720bfc6783ac65ab60ceb1e6037b45b08113f183554f08cb

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 08:10:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google-analytics.com/analytics.js

142.250.74.174

200 OK

20 kB

URL HTTP/2
www.google-analytics.com/analytics.js
IP
142.250.74.174:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1325)
Size
20 kB (19826 bytes)
Hash
cae538dcce82598fbe43c0bf443e62dd
cc68ac6be9c5e0087a0000e5735b83270ace30f5
954b9e9d9744e1319c51760780a35de2dec353afffac705c2cca6d836a5e056d

HTTP Headers

GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hetetreff.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 19826
date: Tue, 27 Sep 2022 06:41:09 GMT
expires: Tue, 27 Sep 2022 08:41:09 GMT
cache-control: public, max-age=7200
age: 5359
last-modified: Sun, 11 Sep 2022 13:50:09 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

142.250.74.163

200 OK

15 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Size
15 kB (15344 bytes)
Hash
5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

HTTP Headers

GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 24 Sep 2022 12:31:58 GMT
expires: Sun, 24 Sep 2023 12:31:58 GMT
cache-control: public, max-age=31536000
age: 243510
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

142.250.74.163

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Size
16 kB (15552 bytes)
Hash
285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

HTTP Headers

GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 23 Sep 2022 00:48:31 GMT
expires: Sat, 23 Sep 2023 00:48:31 GMT
cache-control: public, max-age=31536000
age: 372117
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
c939f97c8bcbfea356e92036803714bc
608c795e7c4fb943a4db49a4e4533c41ea717023
b05b38c78c15c259720bfc6783ac65ab60ceb1e6037b45b08113f183554f08cb

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 08:10:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

samlesamtykke.com/cc.css

35.195.163.35

200 OK

3.9 kB

URL HTTP/2
samlesamtykke.com/cc.css
IP
35.195.163.35:0
ASN
#15169 GOOGLE

File type
assembler source, ASCII text
Size
3.9 kB (3892 bytes)
Hash
594c3c757e637b29a91f9ded0113b707
2c04f908c419910a88bd5fca0e8e0f70b612834f
98c9c36b6b36127768c2156ffec51625b0f8dea705b02522c9db50ca6073098c

HTTP Headers

GET /cc.css HTTP/1.1
Host: samlesamtykke.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hetetreff.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx/1.10.3 (Ubuntu)
date: Tue, 27 Sep 2022 08:10:28 GMT
content-type: text/css
content-length: 3892
last-modified: Thu, 15 Oct 2020 08:07:25 GMT
etag: "6073-5b1b123761e40-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=63072000;
x-content-type-options: nosniff
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4662
Expires: Tue, 27 Sep 2022 09:28:10 GMT
Date: Tue, 27 Sep 2022 08:10:28 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4662
Expires: Tue, 27 Sep 2022 09:28:10 GMT
Date: Tue, 27 Sep 2022 08:10:28 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4662
Expires: Tue, 27 Sep 2022 09:28:10 GMT
Date: Tue, 27 Sep 2022 08:10:28 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4662
Expires: Tue, 27 Sep 2022 09:28:10 GMT
Date: Tue, 27 Sep 2022 08:10:28 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4662
Expires: Tue, 27 Sep 2022 09:28:10 GMT
Date: Tue, 27 Sep 2022 08:10:28 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3823d156-2245-40a3-a9a3-7cb4a5c4a14d.jpeg

34.120.237.76

200 OK

7.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3823d156-2245-40a3-a9a3-7cb4a5c4a14d.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.7 kB (7716 bytes)
Hash
8ef8d9284ebd57a7cf76ceb762291356
2b53c4f836970501a682dae07235215c487d35cc
3529ab97ab2214ee9c67ee234beac96cd40f0bd6092b92b71c60956ed5710b41

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3823d156-2245-40a3-a9a3-7cb4a5c4a14d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7716
x-amzn-requestid: 1cf0b1c7-4611-40bf-b72a-412ebd03ef79
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y2KguFL7IAMFzKA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632bf137-2b7c15d3071e0266586fd17d;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 05:23:03 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: eE2AvjvM7j07Go69VVEmTF8Q-KA5bZwOBdn_SgR5fcZj8lL760_q2Q==
via: 1.1 d042f60a962591f741406f28a8170c5a.cloudfront.net (CloudFront), 1.1 ebe4011a81a36e2bf678f69ce1711330.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 17:57:22 GMT
age: 51186
etag: "2b53c4f836970501a682dae07235215c487d35cc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F334b6513-7266-4f03-aae2-328c1b58a30e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (10864 bytes)
Hash
56c3768b851e6a5206cbfbe3f5a97cae
2a2fabd9f9792daf9c058fc754d5616267b703f1
668dba22a0c81c4580637806c293521b176512b18ebcc2fe951be2f27f43134d

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F334b6513-7266-4f03-aae2-328c1b58a30e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10864
x-amzn-requestid: 104fb4b4-d1cc-47ee-9cc2-9b61e235d43f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4e41GJUoAMFs6A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632cde9e-55cda4c12c907e8d74ec9730;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 22:15:58 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: W7NFcpiPV1dBHdWeQnhlOwWtNQ6-opRHWo6U49ECaRYDjyRNbVx9KQ==
via: 1.1 95b0ac620fa3a80ee590ecf1cda1c698.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 07:52:35 GMT
age: 1073
etag: "2a2fabd9f9792daf9c058fc754d5616267b703f1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F63a7aeb3-999a-4e57-9255-c40e0376d08e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.3 kB (5319 bytes)
Hash
46e31aa06b8e86a9a5f9ba1cc3feca08
75df3341e30281fcbf78c7074980356fdf0be8e2
d1fd4f81b7e0f43de960f0ee024d9e87bcb395f032a4ab0360e3829d1ec8a42b

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F63a7aeb3-999a-4e57-9255-c40e0376d08e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5319
x-amzn-requestid: 74191b02-ebea-48bd-8522-f05bf8080f31
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZFlOKFtsIAMFyGQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63321bf4-1f2daa9d7906bf9812e10953;Sampled=0
x-amzn-remapped-date: Mon, 26 Sep 2022 21:39:00 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: Y0gjPs-l9_JD9F-LSH_i1uL2Nz0UcWCG-9PmDmRH8cN_cNAeSchJTA==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 68fadeb91f97256bb67b03bfca74d830.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 21:39:00 GMT
etag: "75df3341e30281fcbf78c7074980356fdf0be8e2"
content-type: image/jpeg
age: 37888
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F658e1cdd-3e54-47dd-9724-ec65659721ea.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.4 kB (6390 bytes)
Hash
14218a43c5e5bbce546735a780c8ccce
61676358cdbb2373bc644e66f8a84fbc8cc5daf6
905b1c30a2273aef69904f2eb1451c756fc1fdba02e86ea5c957629dd056aeda

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F658e1cdd-3e54-47dd-9724-ec65659721ea.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6390
x-amzn-requestid: b2681ff8-ab83-41e6-adef-3e6772c93c3f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZGFJ6Gc_oAMF44g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63324f0c-3dbf9f4e2047567b5abdbe74;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 01:17:00 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 8JXEBo_L_xKuKdeoOXEJ6FO7ZVsZVQzUmQFe7fYcxaHRQNEq1HWp6w==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 01:37:50 GMT
age: 23558
etag: "61676358cdbb2373bc644e66f8a84fbc8cc5daf6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1bfe3adc-1955-4f21-9e44-c0bc53a4edc5.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.2 kB (9163 bytes)
Hash
deb8d1e3b6d7fbc8c8ba478269621676
84f5a4c8b38acde814bc790e5b514347718d5bb9
ed14fa766f0708b4166e83b61f160db5671af430917b7c67184bf18d9208742b

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1bfe3adc-1955-4f21-9e44-c0bc53a4edc5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9163
x-amzn-requestid: 8ccd9b1f-bef9-4591-be32-e6dd98f4ee78
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZFlKpEZrIAMFS1Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63321bdd-4a40b9c8281b64c725fec0f1;Sampled=0
x-amzn-remapped-date: Mon, 26 Sep 2022 21:38:37 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: bs6HOUmHOoYKDuzBoVHhcr8d4HP4bBmwUF3EtOmwKXo7ozhfaIYEvw==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 21:39:07 GMT
age: 37881
etag: "84f5a4c8b38acde814bc790e5b514347718d5bb9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbde62996-d83a-4f97-a8ad-f7719aff0bff.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.7 kB (7701 bytes)
Hash
9ff2dbdbf6d450f0d9774777b3c5aa6e
2f7876bd0e4b52aa04ccf1c2a45359156eaefb97
4c2184b8150834adf1e9ec807f3175b6fcd574920a98c857db2cfb01b78da2fe

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbde62996-d83a-4f97-a8ad-f7719aff0bff.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7701
x-amzn-requestid: 63bfd7b5-f18e-4396-99a8-fb24dee1ee0c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZGCmmGswoAMF2zg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63324af6-04fa1b18525182b7213f844c;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 00:59:34 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: DiTKUZCtnzzWsLnaX07RzIFfcP2_SiKqzETIMe3RoXWnQOBaB8BhmQ==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 d01e7742f82df0bbc1fb681d709ed69c.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 01:05:14 GMT
age: 25514
etag: "2f7876bd0e4b52aa04ccf1c2a45359156eaefb97"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

api.samlesamtykke.com/consent/collector

35.195.163.35

200 OK

0 B

URL HTTP/2
api.samlesamtykke.com/consent/collector
IP
35.195.163.35:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /consent/collector HTTP/1.1
Host: api.samlesamtykke.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://hetetreff.com/
Origin: https://hetetreff.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx/1.10.3 (Ubuntu)
date: Tue, 27 Sep 2022 08:10:28 GMT
content-type: application/vnd.api+json
content-length: 0
access-control-allow-origin: https://hetetreff.com
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-allow-headers: content-type
strict-transport-security: max-age=63072000;
x-content-type-options: nosniff
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
002d49bafbcc428a44fe523322ad9e05
b39aad0d1e941121f28af8f9b6d76f19216800d5
59a10c7762be219b689cd518aea4d034aa725c6a632b7f866989dcf984b5e007

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 08:10:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
002d49bafbcc428a44fe523322ad9e05
b39aad0d1e941121f28af8f9b6d76f19216800d5
59a10c7762be219b689cd518aea4d034aa725c6a632b7f866989dcf984b5e007

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 08:10:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

api.samlesamtykke.com/consent/collector

35.195.163.35

200 OK

4.4 kB

URL HTTP/2
api.samlesamtykke.com/consent/collector
IP
35.195.163.35:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (4414), with no line terminators
Size
4.4 kB (4414 bytes)
Hash
8e449f90b910a8766d803bd6f9c6d7ca
d104bd7baa01f86b419f256278bceaef2e54d6ef
e296064009fb932ea54aa52f24858a4b742c3cc2521dae16211513b9b1352d37

HTTP Headers

POST /consent/collector HTTP/1.1
Host: api.samlesamtykke.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hetetreff.com/
Content-Type: application/json
Content-Length: 168
Origin: https://hetetreff.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx/1.10.3 (Ubuntu)
date: Tue, 27 Sep 2022 08:10:28 GMT
content-type: application/vnd.api+json
content-length: 4414
access-control-allow-origin: https://hetetreff.com
access-control-allow-credentials: true
strict-transport-security: max-age=63072000;
x-content-type-options: nosniff
X-Firefox-Spdy: h2

stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j97&tid=UA-132064855-2&cid=1277889060.1664266226&jid=679959477&gjid=968734872&_gid=2002227457.1664266226&_u=IEBAAEAAAAAAAC~&z=710732741

64.233.162.154

200 OK

1 B

URL HTTP/2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j97&tid=UA-132064855-2&cid=1277889060.1664266226&jid=679959477&gjid=968734872&_gid=2002227457.1664266226&_u=IEBAAEAAAAAAAC~&z=710732741
IP
64.233.162.154:0
ASN
#15169 GOOGLE

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

HTTP Headers

POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j97&tid=UA-132064855-2&cid=1277889060.1664266226&jid=679959477&gjid=968734872&_gid=2002227457.1664266226&_u=IEBAAEAAAAAAAC~&z=710732741 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hetetreff.com/
Content-Type: text/plain
Content-Length: 0
Origin: https://hetetreff.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: https://hetetreff.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Tue, 27 Sep 2022 08:10:28 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j97&tid=UA-132064855-5&cid=1277889060.1664266226&jid=657502363&gjid=329723446&_gid=2002227457.1664266226&_u=IEDAAEABAAAAAC~&z=440428146

64.233.162.154

200 OK

4 B

URL HTTP/2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j97&tid=UA-132064855-5&cid=1277889060.1664266226&jid=657502363&gjid=329723446&_gid=2002227457.1664266226&_u=IEDAAEABAAAAAC~&z=440428146
IP
64.233.162.154:0
ASN
#15169 GOOGLE

File type
ASCII text, with no line terminators
Size
4 B (4 bytes)
Hash
48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a

HTTP Headers

POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j97&tid=UA-132064855-5&cid=1277889060.1664266226&jid=657502363&gjid=329723446&_gid=2002227457.1664266226&_u=IEDAAEABAAAAAC~&z=440428146 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hetetreff.com/
Content-Type: text/plain
Content-Length: 0
Origin: https://hetetreff.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: https://hetetreff.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Tue, 27 Sep 2022 08:10:28 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

api.samlesamtykke.com/consent/loadSegment

35.195.163.35

200 OK

0 B

URL HTTP/2
api.samlesamtykke.com/consent/loadSegment
IP
35.195.163.35:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /consent/loadSegment HTTP/1.1
Host: api.samlesamtykke.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://hetetreff.com/
Origin: https://hetetreff.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx/1.10.3 (Ubuntu)
date: Tue, 27 Sep 2022 08:10:28 GMT
content-type: application/vnd.api+json
content-length: 0
access-control-allow-origin: https://hetetreff.com
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-allow-headers: content-type
strict-transport-security: max-age=63072000;
x-content-type-options: nosniff
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
002d49bafbcc428a44fe523322ad9e05
b39aad0d1e941121f28af8f9b6d76f19216800d5
59a10c7762be219b689cd518aea4d034aa725c6a632b7f866989dcf984b5e007

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 08:10:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

api.samlesamtykke.com/consent/loadSegment

35.195.163.35

200 OK

284 B

URL HTTP/2
api.samlesamtykke.com/consent/loadSegment
IP
35.195.163.35:0
ASN
#15169 GOOGLE

File type
JSON data\012- HTML document, Unicode text, UTF-8 text, with no line terminators
Size
284 B (284 bytes)
Hash
3b5b46131cac937efb3f56e11e0412a9
58ce0cff3be7080200e85206df18f1cd5d6c4841
4927caed672e4a6ab0dec07adfb90e5c15213e562a6873e0943699d82cca467e

HTTP Headers

POST /consent/loadSegment HTTP/1.1
Host: api.samlesamtykke.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hetetreff.com/
Content-Type: application/json
Content-Length: 223
Origin: https://hetetreff.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx/1.10.3 (Ubuntu)
date: Tue, 27 Sep 2022 08:10:28 GMT
content-type: application/vnd.api+json
content-length: 284
access-control-allow-origin: https://hetetreff.com
access-control-allow-credentials: true
strict-transport-security: max-age=63072000;
x-content-type-options: nosniff
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
95f95fee6e94fb192e7c06459e3e3f8e
025638b85afcc833cd592c98cc941dd011d2526f
dbc8654990b37741f8e393d069054ae68d584c2496421892e814e7a8c45467fd

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 08:10:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

api.samlesamtykke.com/consent/loadSegment

35.195.163.35

200 OK

360 B

URL HTTP/2
api.samlesamtykke.com/consent/loadSegment
IP
35.195.163.35:0
ASN
#15169 GOOGLE

File type
JSON data\012- HTML document, Unicode text, UTF-8 text, with very long lines (357), with no line terminators
Size
360 B (360 bytes)
Hash
b81ec878e5adcd0863faef7e7e6fe44a
faed2737ec33732d35c72dd8032da0c3a925ea0d
d4e02dfa1bd03cd275a801d83acadb1c3fdaced7f6ff26abdf36addaeda5d714

HTTP Headers

POST /consent/loadSegment HTTP/1.1
Host: api.samlesamtykke.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hetetreff.com/
Content-Type: application/json
Content-Length: 224
Origin: https://hetetreff.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx/1.10.3 (Ubuntu)
date: Tue, 27 Sep 2022 08:10:28 GMT
content-type: application/vnd.api+json
content-length: 360
access-control-allow-origin: https://hetetreff.com
access-control-allow-credentials: true
strict-transport-security: max-age=63072000;
x-content-type-options: nosniff
X-Firefox-Spdy: h2

www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-132064855-5&cid=1277889060.1664266226&jid=657502363&_u=IEDAAEABAAAAAC~&z=1899369679

142.250.74.3

200 OK

42 B

URL HTTP/2
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-132064855-5&cid=1277889060.1664266226&jid=657502363&_u=IEDAAEABAAAAAC~&z=1899369679
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-132064855-5&cid=1277889060.1664266226&jid=657502363&_u=IEDAAEABAAAAAC~&z=1899369679 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hetetreff.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 27 Sep 2022 08:10:28 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
95f95fee6e94fb192e7c06459e3e3f8e
025638b85afcc833cd592c98cc941dd011d2526f
dbc8654990b37741f8e393d069054ae68d584c2496421892e814e7a8c45467fd

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 08:10:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

api.samlesamtykke.com/consent/confirmExplicit

35.195.163.35

200 OK

0 B

URL HTTP/2
api.samlesamtykke.com/consent/confirmExplicit
IP
35.195.163.35:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /consent/confirmExplicit HTTP/1.1
Host: api.samlesamtykke.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://hetetreff.com/
Origin: https://hetetreff.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx/1.10.3 (Ubuntu)
date: Tue, 27 Sep 2022 08:10:28 GMT
content-type: application/vnd.api+json
content-length: 0
access-control-allow-origin: https://hetetreff.com
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-allow-headers: content-type
strict-transport-security: max-age=63072000;
x-content-type-options: nosniff
X-Firefox-Spdy: h2

api.samlesamtykke.com/consent/confirmExplicit

35.195.163.35

200 OK

0 B

URL HTTP/2
api.samlesamtykke.com/consent/confirmExplicit
IP
35.195.163.35:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /consent/confirmExplicit HTTP/1.1
Host: api.samlesamtykke.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hetetreff.com/
Content-Type: application/json
Content-Length: 489
Origin: https://hetetreff.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx/1.10.3 (Ubuntu)
date: Tue, 27 Sep 2022 08:10:28 GMT
content-type: application/vnd.api+json
content-length: 0
access-control-allow-origin: https://hetetreff.com
access-control-allow-credentials: true
strict-transport-security: max-age=63072000;
x-content-type-options: nosniff
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff092f2d0-abd6-40d2-ad33-9fb0ded1ec0a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11881 bytes)
Hash
91d97447a6a35813e57d942f685544c4
3b660de9902fbfcf2efb477f40480b08545ebc5f
08c1ea19c4918273da12c9a2e962edf4463c486a30f60c8a279a45e5edcf972a

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff092f2d0-abd6-40d2-ad33-9fb0ded1ec0a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-length: 11881
x-amzn-requestid: 584a2270-56ef-4f46-8ab2-dc0e519b5f45
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YshLfEfoIAMFX9g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6328157c-12f8e8e31318d2da70796520;Sampled=0
x-amzn-remapped-date: Mon, 19 Sep 2022 07:08:44 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: bDpP2pZgrMz5bH_vy76SvyPojDGhPIHfOtv2i4dfHCs1GUuSZVC87w==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 5954c6394458ffb44c970b3819d7ff2a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 22:33:24 GMT
age: 34631
etag: "3b660de9902fbfcf2efb477f40480b08545ebc5f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

hetetreff.com/landing9?pi=770&pt1=3474604130&pe=

35.227.210.22

200 OK

0 B

URL HTTP/2
hetetreff.com/landing9?pi=770&pt1=3474604130&pe=
IP
35.227.210.22:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /landing9?pi=770&pt1=3474604130&pe= HTTP/1.1
Host: hetetreff.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
date: Tue, 27 Sep 2022 08:10:27 GMT
server: nginx/1.14.2
content-type: text/html;charset=UTF-8
x-powered-by: PHP/7.2.34
x-host: hetetreff.com
content-encoding: gzip
x-cacheable: YES
cache-control: max-age=300
xkey: lander
vary: Accept-Encoding
x-varnish: 70694492
age: 0
x-cache: MISS
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000, h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via: 1.1 varnish (Varnish/6.0), 1.1 google, 1.1 google
X-Firefox-Spdy: h2

hetetreff.com/landers/css/landing009.css

35.227.210.22

200 OK

0 B

URL HTTP/2
hetetreff.com/landers/css/landing009.css
IP
35.227.210.22:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /landers/css/landing009.css HTTP/1.1
Host: hetetreff.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hetetreff.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 27 Sep 2022 08:10:27 GMT
server: nginx/1.14.2
content-type: text/css;charset=UTF-8
x-powered-by: PHP/7.2.34
x-host: hetetreff.com
content-encoding: gzip
x-cacheable: YES
cache-control: max-age=300
xkey: lander
vary: Accept-Encoding
x-varnish: 10414749
age: 0
x-cache: MISS
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000, h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via: 1.1 varnish (Varnish/6.0), 1.1 google, 1.1 google
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (18)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations