Report - www.orianit.org/fmorim/forum/uploads/files/562_%D7%9B%D7%AA%D7%99%D7%91%D7%AA_%D7%AA%D7%A9%D7%95%D7%91%D7%94_%D7%9E%D7%9C%D7%90%D7%94

Report Overview

Submitted URL
www.orianit.org/fmorim/forum/uploads/files/562_%D7%9B%D7%AA%D7%99%D7%91%D7%AA_%D7%AA%D7%A9%D7%95%D7%91%D7%94_%D7%9E%D7%9C%D7%90%D7%94_%D7%9C%D7%A9%D7%90%D7%9C%D7%94.doc
IP
37.48.65.143
ASN
#60781 LeaseWeb Netherlands B.V.
Submitted
2022-11-28 08:33:18
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
10

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.4 kB	6.2 kB	23.36.77.32
cartining-specute.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	699 B	626 B	18.197.36.77
www.orianit.org	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.1 kB	1.9 kB	37.48.65.143
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	682 B	1.5 kB	93.184.220.29
dipaka-ead.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.6 kB	4.3 kB	3.212.50.125
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	56 kB	34.120.237.76
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.7 kB	3.5 kB	142.250.74.3
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	34.102.187.140
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	229 B	34.117.237.239
ww1.orianit.org	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.9 kB	3.8 kB	64.190.63.136
megaflirt.life	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	4.8 kB	354 kB	194.87.208.5
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	44.242.41.15
img.sedoparking.com	54200	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	318 B	4.8 kB	205.234.175.175
xml.sedodna.com	278378	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	402 B	279 B	173.239.53.32
fonts.googleapis.com	8877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	529 B	122 kB	142.250.74.10
fonts.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	952 B	48 kB	216.58.207.195

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-11-28	medium	megaflirt.life/media/exit-new/exit1.js	Phishing
2022-11-28	medium	megaflirt.life/cookie/js.cookie.js	Phishing
2022-11-28	medium	megaflirt.life/util/utils.js	Phishing
2022-11-28	medium	megaflirt.life/media/bb.js	Phishing
2022-11-28	medium	megaflirt.life/media/dating/toon2/js/jquery-2.2.4.min.js	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (11)

	URL	Size	First Seen	Last Seen
	megaflirt.life/media/dating/toon2/js/jquery-2.2.4.min.js	86 kB	2023-03-07	2024-04-24
Pretty URL megaflirt.life/media/dating/toon2/js/jquery-2.2.4.min.js IP 194.87.208.5 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-04-24 11:15:07 Times Seen383352 Hash 2f6b11a7e914718e0290410e85366fe9 69bb69e25ca7d5ef0935317584e6153f3fd9a88c 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e Loading...

	megaflirt.life/media/bb.js	639 B	2023-03-07	2024-04-24
Pretty URL megaflirt.life/media/bb.js IP 194.87.208.5 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:18 Last Seen2024-04-24 11:45:44 Times Seen13485 Hash 0d553e4bac91c74bfee2dbabba61e99e 5af71e2377c9c012a7826a695f2724901941b19b 1be1304c675449b1bad38ea8c3da6c1da0763ed2fad339ee1aa461c7bf4e2a68 Loading...

	megaflirt.life/media/exit-new/exit1.js	3.5 kB	2023-03-07	2024-04-24
Pretty URL megaflirt.life/media/exit-new/exit1.js IP 194.87.208.5 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:18 Last Seen2024-04-24 11:45:44 Times Seen13158 Hash 625e5e2950612f771e246beb33c9ea61 e4fc251c6c000496c285f8dc3fa097040b031681 618f345a156a0eda55177a1bf0e8a414104f9b6c6ff5cdbe71966f081ccb8a46 Loading...

	www.orianit.org/fmorim/forum/uploads/files/562_%D7%9B%D7%AA%D7%99%D7%91%D7%AA_%D7%AA%D7%A9%D7%95%D7%91%D7%94_%D7%9E%D7%9C%D7%90%D7%94_%D7%9C%D7%A9%D7%90%D7%9C%D7%94.doc	524 B	2023-03-11	2023-03-11
Pretty URL www.orianit.org/fmorim/forum/uploads/files/562_%D7%9B%D7%AA%D7%99%D7%91%D7%AA_%D7%AA%D7%A9%D7%95%D7%91%D7%94_%D7%9E%D7%9C%D7%90%D7%94_%D7%9C%D7%A9%D7%90%D7%9C%D7%94.doc IP 37.48.65.143 ASN #60781 LeaseWeb Netherlands B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 21:49:26 Last Seen2023-03-11 21:49:26 Times Seen1 Hash 8e9afd1424b335abbfce8654be580b37 cc718d03289ed31b90783492bd159b20dbfe392f bf909ec07a1ad3f34d0720c33ce4f10982b4148011bddfbe6564abcab813059c Loading...

	ww1.orianit.org/?sub1=4861b636-6ef7-11ed-b5fc-428b1da2cc82&ec_rls=ogcvuwM6djr2EbC-7BV3tFE4cyuzZhGHhwzU7m6wNhQfWYxDEVi4ypHy0-c7suEh9nEFe3Fec2H4xSS1861sP-YSk5_oa_5toKZNoToAuDJLRvDozRJesn5dX8znUeZrXs2EKHy9BILDE_Hh8aJDwXkfjaVdm2ALK6Haapkp_a-Ix6tWJ691s1EcH8SzCzfKv-AHNlp5TncOdVEkhIWaydmhb5KjBhsAkpjaPX29A	1.1 kB	2023-03-11	2023-03-11
Pretty URL ww1.orianit.org/?sub1=4861b636-6ef7-11ed-b5fc-428b1da2cc82&ec_rls=ogcvuwM6djr2EbC-7BV3tFE4cyuzZhGHhwzU7m6wNhQfWYxDEVi4ypHy0-c7suEh9nEFe3Fec2H4xSS1861sP-YSk5_oa_5toKZNoToAuDJLRvDozRJesn5dX8znUeZrXs2EKHy9BILDE_Hh8aJDwXkfjaVdm2ALK6Haapkp_a-Ix6tWJ691s1EcH8SzCzfKv-AHNlp5TncOdVEkhIWaydmhb5KjBhsAkpjaPX29A IP 64.190.63.136 ASN #47846 SEDO GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 21:49:26 Last Seen2023-03-11 21:49:26 Times Seen1 Hash b5b2059b742d8751643b3f5e91defe75 60f1f112a7f2696a6097f982a06a3e1c8d418763 ce4e198026270aac51f08d0e3b2736ed30c91db3dd805c70cdb63c1109f16a86 Loading...

	dipaka-ead.com/zcvisitor/48fd9833-6ef7-11ed-bffe-12d21f78093b/9232f590-d991-493f-b95d-d38c0c6cdd28?campaignid=50c33cb0-5407-11ed-8dac-0a918cbcbb97	850 B	2023-03-11	2023-03-11
Pretty URL dipaka-ead.com/zcvisitor/48fd9833-6ef7-11ed-bffe-12d21f78093b/9232f590-d991-493f-b95d-d38c0c6cdd28?campaignid=50c33cb0-5407-11ed-8dac-0a918cbcbb97 IP 3.212.50.125 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 21:49:26 Last Seen2023-03-11 21:49:26 Times Seen1 Hash 49f2a56c27774fb2e6167bc21e06a543 12dbec6e3f3b57ad5f82de8c34997161d3dd84b5 4f925f9ca94f93c32899d0d285d5f27aa9a57d6cc935b3434e27a550d0720ae5 Loading...

	dipaka-ead.com/zcredirect?visitid=48fd9833-6ef7-11ed-bffe-12d21f78093b&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false	285 B	2023-03-11	2023-03-11
Pretty URL dipaka-ead.com/zcredirect?visitid=48fd9833-6ef7-11ed-bffe-12d21f78093b&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false IP 3.212.50.125 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 21:49:26 Last Seen2023-03-11 21:49:26 Times Seen1 Hash d11aef2542f4f05fc4cb32cde8357b81 0e8da4dd350decad7752c71951fbb8c73e684b7d 08be3d796e94bce297c3f333193c4631ce02c6bb112edd06d1d98a548f22b9df Loading...

	megaflirt.life/?u=xunwwwr&o=b0bp0zy&cid=wulij96b1bsc3opkivajcqdo	526 B	2023-03-11	2023-03-11
Pretty URL megaflirt.life/?u=xunwwwr&o=b0bp0zy&cid=wulij96b1bsc3opkivajcqdo IP 194.87.208.5 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 21:49:26 Last Seen2023-03-11 21:49:26 Times Seen1 Hash 69e0719f01dad62828c9dd581e0ef6fc 2d6e64852338c64b21e0cc0a14f835bee34a6191 1bb648219beacafe48dbce1c27e812382630fb2838056a5851640bc14d971e0c Loading...

	megaflirt.life/util/utils.js	7.5 kB	2023-03-07	2024-04-24
Pretty URL megaflirt.life/util/utils.js IP 194.87.208.5 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:18 Last Seen2024-04-24 11:45:44 Times Seen20592 Hash 01816d15ca03032751161a746e2fb7c3 dcc72ea5fa1356490ba473288159df9786b4a3c3 8b3c83a330bf1120a13eff6ef60c1e268b827b7bc49b42a7a1f5d8ad6941f2ea Loading...

	megaflirt.life/cookie/js.cookie.js	4.3 kB	2023-03-07	2024-04-24
Pretty URL megaflirt.life/cookie/js.cookie.js IP 194.87.208.5 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:18 Last Seen2024-04-24 11:39:18 Times Seen7555 Hash a7e9883924072f15259de6888d5ef515 7f4f6e5938e68f55aef81e0cd0145f008cd28382 985659942ab60a92b3c0a7f876d9ef60e8f048ff655a622a172fa4b44f901b6c Loading...

	megaflirt.life/?u=xunwwwr&o=b0bp0zy&cid=wulij96b1bsc3opkivajcqdo	311 B	2023-03-07	2023-12-04
Pretty URL megaflirt.life/?u=xunwwwr&o=b0bp0zy&cid=wulij96b1bsc3opkivajcqdo IP 194.87.208.5 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:35:36 Last Seen2023-12-04 22:58:34 Times Seen256 Hash 35bd4aa2b5c5961688fa9add64b0d579 181145d4e43eb12d4e23adb29c5649c602a7902c cb2b611dccd8aefaa4e0645fb6e75d5585c34ddffbdaceb66828389357b9e571 Loading...

HTTP Transactions (51)

URL IP Response Size

www.orianit.org/fmorim/forum/uploads/files/562_%D7%9B%D7%AA%D7%99%D7%91%D7%AA_%D7%AA%D7%A9%D7%95%D7%91%D7%94_%D7%9E%D7%9C%D7%90%D7%94_%D7%9C%D7%A9%D7%90%D7%9C%D7%94.doc

37.48.65.143

200 OK

628 B

URL HTTP/1.1
www.orianit.org/fmorim/forum/uploads/files/562_%D7%9B%D7%AA%D7%99%D7%91%D7%AA_%D7%AA%D7%A9%D7%95%D7%91%D7%94_%D7%9E%D7%9C%D7%90%D7%94_%D7%9C%D7%A9%D7%90%D7%9C%D7%94.doc
IP
37.48.65.143:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (628), with no line terminators
Size
628 B (628 bytes)
Hash
151fe365b17b00867ce53c46f2dda0ab
747bf75245767ff6ed70c1c0cf9d898bc2a2bc5e
5e734b117b085e8b4734cf8317fb75a51f6fb82c0658e8074c8e66c44820d492

HTTP Headers

GET /fmorim/forum/uploads/files/562_%D7%9B%D7%AA%D7%99%D7%91%D7%AA_%D7%AA%D7%A9%D7%95%D7%91%D7%94_%D7%9E%D7%9C%D7%90%D7%94_%D7%9C%D7%A9%D7%90%D7%9C%D7%94.doc HTTP/1.1
Host: www.orianit.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 628
content-type: text/html; charset=utf-8
date: Mon, 28 Nov 2022 08:33:06 GMT
server: nginx
set-cookie: sid=4861b636-6ef7-11ed-b5fc-428b1da2cc82; path=/; domain=.orianit.org; expires=Sat, 16 Dec 2090 11:47:13 GMT; max-age=2147483647; HttpOnly

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
cdbad2434b7d127a4fc769807a9dc3e7
fa98cd9fc2309ab4423f33f683d17bdb17d76713
560cbbb751ab2884024da3b93fba6bc45c6434797dba72a98c05e7fc2bb94bc1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "560CBBB751AB2884024DA3B93FBA6BC45C6434797DBA72A98C05E7FC2BB94BC1"
Last-Modified: Sat, 26 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13774
Expires: Mon, 28 Nov 2022 12:22:40 GMT
Date: Mon, 28 Nov 2022 08:33:06 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
64b2a23eab6e5ae8c010ec7242be930c
0673e4385ba01a5a245711bab96cafc34f765793
64751d193f7af72431e9689581faffcae1a30ff50ea425697b2b80ff61c87909

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6115
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 08:33:07 GMT
Last-Modified: Mon, 28 Nov 2022 06:51:12 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
71f9c681a82440fd55e76c780a20e55d
3147768cfbcdd06e0c6e69684292e68e99917a80
5ea71ce6dd9e927f9bb3f97f59cc1ac7dc25a949024815965b29bc5835614786

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5EA71CE6DD9E927F9BB3F97F59CC1AC7DC25A949024815965B29BC5835614786"
Last-Modified: Sat, 26 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12477
Expires: Mon, 28 Nov 2022 12:01:04 GMT
Date: Mon, 28 Nov 2022 08:33:07 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
567df7db606cf5d0871aa5bc9311b6da
4263faac7cbab2fcaf6661911dcad5091c06be17
e9650e1fdc46fc8678708ddcc37ab369c7a6d50489a004be896f20c7a3a644b0

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 28 Nov 2022 08:19:32 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 815
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: GN4P9pHWTlw0G0KJMOLAy9yoY9UvQC0ipF5j/MGJA0IZJLFBd8MLpva+PPIe+twCGkWUoru+7X8=
x-amz-request-id: DKWKZEVV41ST759X
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 28 Nov 2022 07:41:58 GMT
age: 3069
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 28 Nov 2022 08:33:07 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

www.orianit.org/favicon.ico

37.48.65.143

404 Not Found

9 B

URL HTTP/1.1
www.orianit.org/favicon.ico
IP
37.48.65.143:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
ASCII text, with no line terminators
Size
9 B (9 bytes)
Hash
d8f4a1993546cc4b850cde3599e27aec
094b763b4cfcc0b05e5d040581cd513c3ca08067
907ba78b4545338d3539683e63ecb51cf51c10adc9dabd86e92bd52339f298b9

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.orianit.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.orianit.org/fmorim/forum/uploads/files/562_%D7%9B%D7%AA%D7%99%D7%91%D7%AA_%D7%AA%D7%A9%D7%95%D7%91%D7%94_%D7%9E%D7%9C%D7%90%D7%94_%D7%9C%D7%A9%D7%90%D7%9C%D7%94.doc
Cookie: sid=4861b636-6ef7-11ed-b5fc-428b1da2cc82

HTTP/1.1 404 Not Found
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 9
date: Mon, 28 Nov 2022 08:33:07 GMT
server: nginx

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Alert, Content-Type, ETag, Retry-After, Last-Modified, Content-Length, Cache-Control, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 28 Nov 2022 08:11:12 GMT
cache-control: public,max-age=3600
age: 1315
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

www.orianit.org/fmorim/forum/uploads/files/562_%D7%9B%D7%AA%D7%99%D7%91%D7%AA_%D7%AA%D7%A9%D7%95%D7%91%D7%94_%D7%9E%D7%9C%D7%90%D7%94_%D7%9C%D7%A9%D7%90%D7%9C%D7%94.doc?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY2OTYzMTU4NiwiaWF0IjoxNjY5NjI0Mzg2LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIyc2xyNTI1ODB1NWs1cTljb28zcWhjdWgiLCJuYmYiOjE2Njk2MjQzODYsInRzIjoxNjY5NjI0Mzg2ODc1MjAzfQ.QbLc_5acjEkuwivf5Szz0-qEWR4UJKs4K_54ufTExT4&sid=4861b636-6ef7-11ed-b5fc-428b1da2cc82

37.48.65.143

302 Found

11 B

URL HTTP/1.1
www.orianit.org/fmorim/forum/uploads/files/562_%D7%9B%D7%AA%D7%99%D7%91%D7%AA_%D7%AA%D7%A9%D7%95%D7%91%D7%94_%D7%9E%D7%9C%D7%90%D7%94_%D7%9C%D7%A9%D7%90%D7%9C%D7%94.doc?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY2OTYzMTU4NiwiaWF0IjoxNjY5NjI0Mzg2LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIyc2xyNTI1ODB1NWs1cTljb28zcWhjdWgiLCJuYmYiOjE2Njk2MjQzODYsInRzIjoxNjY5NjI0Mzg2ODc1MjAzfQ.QbLc_5acjEkuwivf5Szz0-qEWR4UJKs4K_54ufTExT4&sid=4861b636-6ef7-11ed-b5fc-428b1da2cc82
IP
37.48.65.143:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
ASCII text, with no line terminators
Size
11 B (11 bytes)
Hash
32682312d17c7cbf18e73594f5570319
60e22121bdd0bc71cdb2bae2a3aa577006b2eae9
e55fb1a1d731153e943b68844af12dcce8bfac917c98ffdea64c80da0607dd47

HTTP Headers

GET /fmorim/forum/uploads/files/562_%D7%9B%D7%AA%D7%99%D7%91%D7%AA_%D7%AA%D7%A9%D7%95%D7%91%D7%94_%D7%9E%D7%9C%D7%90%D7%94_%D7%9C%D7%A9%D7%90%D7%9C%D7%94.doc?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY2OTYzMTU4NiwiaWF0IjoxNjY5NjI0Mzg2LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIyc2xyNTI1ODB1NWs1cTljb28zcWhjdWgiLCJuYmYiOjE2Njk2MjQzODYsInRzIjoxNjY5NjI0Mzg2ODc1MjAzfQ.QbLc_5acjEkuwivf5Szz0-qEWR4UJKs4K_54ufTExT4&sid=4861b636-6ef7-11ed-b5fc-428b1da2cc82 HTTP/1.1
Host: www.orianit.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.orianit.org/fmorim/forum/uploads/files/562_%D7%9B%D7%AA%D7%99%D7%91%D7%AA_%D7%AA%D7%A9%D7%95%D7%91%D7%94_%D7%9E%D7%9C%D7%90%D7%94_%D7%9C%D7%A9%D7%90%D7%9C%D7%94.doc
Cookie: sid=4861b636-6ef7-11ed-b5fc-428b1da2cc82
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 Found
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 11
date: Mon, 28 Nov 2022 08:33:07 GMT
location: http://ww1.orianit.org/?sub1=4861b636-6ef7-11ed-b5fc-428b1da2cc82&ec_rls=ogcvuwM6djr2EbC-7BV3tFE4cyuzZhGHhwzU7m6wNhQfWYxDEVi4ypHy0-c7suEh9nEFe3Fec2H4xSS1861sP-YSk5_oa_5toKZNoToAuDJLRvDozRJesn5dX8znUeZrXs2EKHy9BILDE_Hh8aJDwXkfjaVdm2ALK6Haapkp_a-Ix6tWJ691s1EcH8SzCzfKv-AHNlp5TncOdVEkhIWaydmhb5KjBhsAkpjaPX29A
server: nginx
set-cookie: sid=4861b636-6ef7-11ed-b5fc-428b1da2cc82; path=/; domain=.orianit.org; expires=Sat, 16 Dec 2090 11:47:14 GMT; max-age=2147483647; HttpOnly

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
a6fee11dfe1b88cd768a0ca3e2bd0c89
59cec9a44a4a92467678afe65f347f68641a2174
50870c499aae4d5dfd6df25a36cd04b6d185b66ef0590e46933984bf52e2483f

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5487
Cache-Control: max-age=93912
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 08:33:07 GMT
Etag: "638328ac-1d7"
Expires: Tue, 29 Nov 2022 10:38:19 GMT
Last-Modified: Sun, 27 Nov 2022 09:06:52 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

44.242.41.15

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
44.242.41.15:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: ZQB29wNsnx7F6NAxWu5lEQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: rNs8SIBrsE//lb84y4tMLehDDXE=

ww1.orianit.org/?sub1=4861b636-6ef7-11ed-b5fc-428b1da2cc82&ec_rls=ogcvuwM6djr2EbC-7BV3tFE4cyuzZhGHhwzU7m6wNhQfWYxDEVi4ypHy0-c7suEh9nEFe3Fec2H4xSS1861sP-YSk5_oa_5toKZNoToAuDJLRvDozRJesn5dX8znUeZrXs2EKHy9BILDE_Hh8aJDwXkfjaVdm2ALK6Haapkp_a-Ix6tWJ691s1EcH8SzCzfKv-AHNlp5TncOdVEkhIWaydmhb5KjBhsAkpjaPX29A

64.190.63.136

200 OK

1.3 kB

URL HTTP/1.1
ww1.orianit.org/?sub1=4861b636-6ef7-11ed-b5fc-428b1da2cc82&ec_rls=ogcvuwM6djr2EbC-7BV3tFE4cyuzZhGHhwzU7m6wNhQfWYxDEVi4ypHy0-c7suEh9nEFe3Fec2H4xSS1861sP-YSk5_oa_5toKZNoToAuDJLRvDozRJesn5dX8znUeZrXs2EKHy9BILDE_Hh8aJDwXkfjaVdm2ALK6Haapkp_a-Ix6tWJ691s1EcH8SzCzfKv-AHNlp5TncOdVEkhIWaydmhb5KjBhsAkpjaPX29A
IP
64.190.63.136:0
ASN
#47846 SEDO GmbH

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (758)
Size
1.3 kB (1310 bytes)
Hash
4a97e7fe00f02613b37cc8d866225f4a
6535cfc54faf68b8aa9fdeef2030270efca28185
a932ee5f04b64152533e00e49bcc2f86940c776cbce3cbe5158082dcaec3ec59

HTTP Headers

GET /?sub1=4861b636-6ef7-11ed-b5fc-428b1da2cc82&ec_rls=ogcvuwM6djr2EbC-7BV3tFE4cyuzZhGHhwzU7m6wNhQfWYxDEVi4ypHy0-c7suEh9nEFe3Fec2H4xSS1861sP-YSk5_oa_5toKZNoToAuDJLRvDozRJesn5dX8znUeZrXs2EKHy9BILDE_Hh8aJDwXkfjaVdm2ALK6Haapkp_a-Ix6tWJ691s1EcH8SzCzfKv-AHNlp5TncOdVEkhIWaydmhb5KjBhsAkpjaPX29A HTTP/1.1
Host: ww1.orianit.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.orianit.org/
Connection: keep-alive
Cookie: sid=4861b636-6ef7-11ed-b5fc-428b1da2cc82
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
date: Mon, 28 Nov 2022 08:33:08 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
vary: Accept-Encoding
x-powered-by: PHP/8.1.9
expires: Mon, 26 Jul 1997 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_movvgeIz+ntklKLvepIMBqUZw22Eacs6Oe/xDyQOrJC8DBezkUYpXAM+xGeDG5ETDoNNKWEpWcZKgPCTNvgExQ==
last-modified: Mon, 28 Nov 2022 08:33:07 GMT
x-cache-miss-from: parking-d7dbd8c4d-cp8v7
server: NginX
content-encoding: gzip

img.sedoparking.com/images/js_preloader.gif

205.234.175.175

200 OK

4.3 kB

URL HTTP/1.1
img.sedoparking.com/images/js_preloader.gif
IP
205.234.175.175:0
ASN
#30081 CACHENETWORKS

File type
GIF image data, version 89a, 16 x 16\012- data
Size
4.3 kB (4254 bytes)
Hash
90c93102a88c2ab94bff1575b7a6e86e
56d71bf13de464534643db9d127629a0a3bf677a
5f6ad7031600056b578a6e8c6b34bc718d13125cc8256aa4a9050e549576f81a

HTTP Headers

GET /images/js_preloader.gif HTTP/1.1
Host: img.sedoparking.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww1.orianit.org/

HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 08:33:08 GMT
Content-Type: image/gif
Content-Length: 4254
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=604800
Expires: Mon, 05 Dec 2022 08:33:08 GMT
X-CFHash: "90c93102a88c2ab94bff1575b7a6e86e"
X-CFF: B
Last-Modified: Fri, 15 Mar 2019 12:24:07 GMT
X-CF3: H
CF4Age: 156700
x-cf-tsc: 1648179742
CF4ttl: 31536000.000
X-CF2: H
Server: CFS 0215
X-CF-ReqID: 214eda126bb1784677ac859c1aa8030f
X-CF1: 11696:fA.arn1:cf:cacheN.arn1-01:H
Accept-Ranges: bytes

ww1.orianit.org/search/tsc.php?200=NDE1NTI1OTQw&21=OTEuOTAuNDIuMTU0&681=MTY2OTYyNDM4ODBjZWI1ZThkZWI1ZjQwMmUwYjA1NWIxNWY2YWE5N2Vl&crc=e6c1692daf670b4b48f5f7d530b16d4c7e8ca9bf&cv=1

64.190.63.136

200 OK

0 B

URL HTTP/1.1
ww1.orianit.org/search/tsc.php?200=NDE1NTI1OTQw&21=OTEuOTAuNDIuMTU0&681=MTY2OTYyNDM4ODBjZWI1ZThkZWI1ZjQwMmUwYjA1NWIxNWY2YWE5N2Vl&crc=e6c1692daf670b4b48f5f7d530b16d4c7e8ca9bf&cv=1
IP
64.190.63.136:0
ASN
#47846 SEDO GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /search/tsc.php?200=NDE1NTI1OTQw&21=OTEuOTAuNDIuMTU0&681=MTY2OTYyNDM4ODBjZWI1ZThkZWI1ZjQwMmUwYjA1NWIxNWY2YWE5N2Vl&crc=e6c1692daf670b4b48f5f7d530b16d4c7e8ca9bf&cv=1 HTTP/1.1
Host: ww1.orianit.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww1.orianit.org/?sub1=4861b636-6ef7-11ed-b5fc-428b1da2cc82&ec_rls=ogcvuwM6djr2EbC-7BV3tFE4cyuzZhGHhwzU7m6wNhQfWYxDEVi4ypHy0-c7suEh9nEFe3Fec2H4xSS1861sP-YSk5_oa_5toKZNoToAuDJLRvDozRJesn5dX8znUeZrXs2EKHy9BILDE_Hh8aJDwXkfjaVdm2ALK6Haapkp_a-Ix6tWJ691s1EcH8SzCzfKv-AHNlp5TncOdVEkhIWaydmhb5KjBhsAkpjaPX29A
Cookie: sid=4861b636-6ef7-11ed-b5fc-428b1da2cc82

HTTP/1.1 200 OK
date: Mon, 28 Nov 2022 08:33:08 GMT
content-type: text/html; charset=UTF-8
content-length: 0
x-powered-by: PHP/8.1.9
x-cache-miss-from: parking-d7dbd8c4d-gr8rz
server: NginX

ww1.orianit.org/search/redirect.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DpXEf6K0ZQpg_0&v=MjZhYTAyODhhZWQ4YWFjYmJhM2YyNWMyNWRiNTJlNGMJMQl3dzEub3JpYW5pdC5vcmc2Mzg0NzI0M2IzZTg5Ny42MTIwNDQ3NQl3dzEub3JpYW5pdC5vcmc2Mzg0NzI0M2IzZWFmOS4wOTIzMDA2OQkxNjY5NjI0Mzg4CWFkXzYzXzA=&l=OAk0ZTg2ZDFmZjhkZmI3M2I5NzAxMmExOTk5Mzc5NDc0YQkwCTM1CTAJNTAwZGIzZDExNTJkMzBjODVlMTJiZDIyMTBhZDZiMzEJNDE1NTI1OTQwCW9yaWFuaXQJMAk2Mwk2CTIJMTY2OTYyNDM4OAkwLjAwMDQzOQlOCTAJMAkwCTEyMDUJOTIzMzE3MTcJOTEuOTAuNDIuMTU0CTA%3D

64.190.63.136

302 Found

0 B

URL HTTP/1.1
ww1.orianit.org/search/redirect.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DpXEf6K0ZQpg_0&v=MjZhYTAyODhhZWQ4YWFjYmJhM2YyNWMyNWRiNTJlNGMJMQl3dzEub3JpYW5pdC5vcmc2Mzg0NzI0M2IzZTg5Ny42MTIwNDQ3NQl3dzEub3JpYW5pdC5vcmc2Mzg0NzI0M2IzZWFmOS4wOTIzMDA2OQkxNjY5NjI0Mzg4CWFkXzYzXzA=&l=OAk0ZTg2ZDFmZjhkZmI3M2I5NzAxMmExOTk5Mzc5NDc0YQkwCTM1CTAJNTAwZGIzZDExNTJkMzBjODVlMTJiZDIyMTBhZDZiMzEJNDE1NTI1OTQwCW9yaWFuaXQJMAk2Mwk2CTIJMTY2OTYyNDM4OAkwLjAwMDQzOQlOCTAJMAkwCTEyMDUJOTIzMzE3MTcJOTEuOTAuNDIuMTU0CTA%3D
IP
64.190.63.136:0
ASN
#47846 SEDO GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /search/redirect.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DpXEf6K0ZQpg_0&v=MjZhYTAyODhhZWQ4YWFjYmJhM2YyNWMyNWRiNTJlNGMJMQl3dzEub3JpYW5pdC5vcmc2Mzg0NzI0M2IzZTg5Ny42MTIwNDQ3NQl3dzEub3JpYW5pdC5vcmc2Mzg0NzI0M2IzZWFmOS4wOTIzMDA2OQkxNjY5NjI0Mzg4CWFkXzYzXzA=&l=OAk0ZTg2ZDFmZjhkZmI3M2I5NzAxMmExOTk5Mzc5NDc0YQkwCTM1CTAJNTAwZGIzZDExNTJkMzBjODVlMTJiZDIyMTBhZDZiMzEJNDE1NTI1OTQwCW9yaWFuaXQJMAk2Mwk2CTIJMTY2OTYyNDM4OAkwLjAwMDQzOQlOCTAJMAkwCTEyMDUJOTIzMzE3MTcJOTEuOTAuNDIuMTU0CTA%3D HTTP/1.1
Host: ww1.orianit.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww1.orianit.org/?sub1=4861b636-6ef7-11ed-b5fc-428b1da2cc82&ec_rls=ogcvuwM6djr2EbC-7BV3tFE4cyuzZhGHhwzU7m6wNhQfWYxDEVi4ypHy0-c7suEh9nEFe3Fec2H4xSS1861sP-YSk5_oa_5toKZNoToAuDJLRvDozRJesn5dX8znUeZrXs2EKHy9BILDE_Hh8aJDwXkfjaVdm2ALK6Haapkp_a-Ix6tWJ691s1EcH8SzCzfKv-AHNlp5TncOdVEkhIWaydmhb5KjBhsAkpjaPX29A
Cookie: sid=4861b636-6ef7-11ed-b5fc-428b1da2cc82
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 Found
date: Mon, 28 Nov 2022 08:33:08 GMT
content-type: text/html; charset=UTF-8
content-length: 0
x-powered-by: PHP/8.1.9
expires: Mon, 26 Jul 1997 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
last-modified: Mon, 28 Nov 2022 08:33:08 GMT
location: /search/tcerider.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DpXEf6K0ZQpg_0&v=MjZhYTAyODhhZWQ4YWFjYmJhM2YyNWMyNWRiNTJlNGMJMQl3dzEub3JpYW5pdC5vcmc2Mzg0NzI0M2IzZTg5Ny42MTIwNDQ3NQl3dzEub3JpYW5pdC5vcmc2Mzg0NzI0M2IzZWFmOS4wOTIzMDA2OQkxNjY5NjI0Mzg4CWFkXzYzXzA=&l=OAk0ZTg2ZDFmZjhkZmI3M2I5NzAxMmExOTk5Mzc5NDc0YQkwCTM1CTAJNTAwZGIzZDExNTJkMzBjODVlMTJiZDIyMTBhZDZiMzEJNDE1NTI1OTQwCW9yaWFuaXQJMAk2Mwk2CTIJMTY2OTYyNDM4OAkwLjAwMDQzOQlOCTAJMAkwCTEyMDUJOTIzMzE3MTcJOTEuOTAuNDIuMTU0CTA%3D
x-cache-miss-from: parking-d7dbd8c4d-gr8rz
server: NginX

ww1.orianit.org/search/tcerider.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DpXEf6K0ZQpg_0&v=MjZhYTAyODhhZWQ4YWFjYmJhM2YyNWMyNWRiNTJlNGMJMQl3dzEub3JpYW5pdC5vcmc2Mzg0NzI0M2IzZTg5Ny42MTIwNDQ3NQl3dzEub3JpYW5pdC5vcmc2Mzg0NzI0M2IzZWFmOS4wOTIzMDA2OQkxNjY5NjI0Mzg4CWFkXzYzXzA=&l=OAk0ZTg2ZDFmZjhkZmI3M2I5NzAxMmExOTk5Mzc5NDc0YQkwCTM1CTAJNTAwZGIzZDExNTJkMzBjODVlMTJiZDIyMTBhZDZiMzEJNDE1NTI1OTQwCW9yaWFuaXQJMAk2Mwk2CTIJMTY2OTYyNDM4OAkwLjAwMDQzOQlOCTAJMAkwCTEyMDUJOTIzMzE3MTcJOTEuOTAuNDIuMTU0CTA%3D

64.190.63.136

302 Found

311 B

URL HTTP/1.1
ww1.orianit.org/search/tcerider.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DpXEf6K0ZQpg_0&v=MjZhYTAyODhhZWQ4YWFjYmJhM2YyNWMyNWRiNTJlNGMJMQl3dzEub3JpYW5pdC5vcmc2Mzg0NzI0M2IzZTg5Ny42MTIwNDQ3NQl3dzEub3JpYW5pdC5vcmc2Mzg0NzI0M2IzZWFmOS4wOTIzMDA2OQkxNjY5NjI0Mzg4CWFkXzYzXzA=&l=OAk0ZTg2ZDFmZjhkZmI3M2I5NzAxMmExOTk5Mzc5NDc0YQkwCTM1CTAJNTAwZGIzZDExNTJkMzBjODVlMTJiZDIyMTBhZDZiMzEJNDE1NTI1OTQwCW9yaWFuaXQJMAk2Mwk2CTIJMTY2OTYyNDM4OAkwLjAwMDQzOQlOCTAJMAkwCTEyMDUJOTIzMzE3MTcJOTEuOTAuNDIuMTU0CTA%3D
IP
64.190.63.136:0
ASN
#47846 SEDO GmbH

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
311 B (311 bytes)
Hash
2c8511e9d8eb4f7ce9d4f7b7f952de1f
033e1413c4d4d23b1bdaa4bf42af437631f0f7b3
d4aa6db90b7b8acfbcb2ada5f2ef5c5109d7bbadb38c1c22734fd96fa3b86399

HTTP Headers

GET /search/tcerider.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DpXEf6K0ZQpg_0&v=MjZhYTAyODhhZWQ4YWFjYmJhM2YyNWMyNWRiNTJlNGMJMQl3dzEub3JpYW5pdC5vcmc2Mzg0NzI0M2IzZTg5Ny42MTIwNDQ3NQl3dzEub3JpYW5pdC5vcmc2Mzg0NzI0M2IzZWFmOS4wOTIzMDA2OQkxNjY5NjI0Mzg4CWFkXzYzXzA=&l=OAk0ZTg2ZDFmZjhkZmI3M2I5NzAxMmExOTk5Mzc5NDc0YQkwCTM1CTAJNTAwZGIzZDExNTJkMzBjODVlMTJiZDIyMTBhZDZiMzEJNDE1NTI1OTQwCW9yaWFuaXQJMAk2Mwk2CTIJMTY2OTYyNDM4OAkwLjAwMDQzOQlOCTAJMAkwCTEyMDUJOTIzMzE3MTcJOTEuOTAuNDIuMTU0CTA%3D HTTP/1.1
Host: ww1.orianit.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww1.orianit.org/?sub1=4861b636-6ef7-11ed-b5fc-428b1da2cc82&ec_rls=ogcvuwM6djr2EbC-7BV3tFE4cyuzZhGHhwzU7m6wNhQfWYxDEVi4ypHy0-c7suEh9nEFe3Fec2H4xSS1861sP-YSk5_oa_5toKZNoToAuDJLRvDozRJesn5dX8znUeZrXs2EKHy9BILDE_Hh8aJDwXkfjaVdm2ALK6Haapkp_a-Ix6tWJ691s1EcH8SzCzfKv-AHNlp5TncOdVEkhIWaydmhb5KjBhsAkpjaPX29A
Connection: keep-alive
Cookie: sid=4861b636-6ef7-11ed-b5fc-428b1da2cc82
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 Found
date: Mon, 28 Nov 2022 08:33:08 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
x-powered-by: PHP/8.1.9
expires: Mon, 26 Jul 1997 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
last-modified: Mon, 28 Nov 2022 08:33:08 GMT
location: http://xml.sedodna.com/click?i=pXEf6K0ZQpg_0
x-cache-miss-from: parking-d7dbd8c4d-n225j
server: NginX

xml.sedodna.com/click?i=pXEf6K0ZQpg_0

173.239.53.32

302 Found

0 B

URL HTTP/1.1
xml.sedodna.com/click?i=pXEf6K0ZQpg_0
IP
173.239.53.32:0
ASN
#27257 WEBAIR-INTERNET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /click?i=pXEf6K0ZQpg_0 HTTP/1.1
Host: xml.sedodna.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww1.orianit.org/
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: http://dipaka-ead.com/zcvisitor/48fd9833-6ef7-11ed-bffe-12d21f78093b/9232f590-d991-493f-b95d-d38c0c6cdd28?campaignid=50c33cb0-5407-11ed-8dac-0a918cbcbb97
Pragma: no-cache

dipaka-ead.com/zcvisitor/48fd9833-6ef7-11ed-bffe-12d21f78093b/9232f590-d991-493f-b95d-d38c0c6cdd28?campaignid=50c33cb0-5407-11ed-8dac-0a918cbcbb97

3.212.50.125

200

1.1 kB

URL HTTP/1.1
dipaka-ead.com/zcvisitor/48fd9833-6ef7-11ed-bffe-12d21f78093b/9232f590-d991-493f-b95d-d38c0c6cdd28?campaignid=50c33cb0-5407-11ed-8dac-0a918cbcbb97
IP
3.212.50.125:0
ASN
#14618 AMAZON-AES

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
1.1 kB (1100 bytes)
Hash
e056086dbab4a772f19b7619b4c7f2e5
4aba3b9d5b432fa9187299c3414c15b8aa03e9fe
55ae5a3cc1706ac8cb8f2a92a0602132436644228c305cc4447d00eb2ae6139b

HTTP Headers

GET /zcvisitor/48fd9833-6ef7-11ed-bffe-12d21f78093b/9232f590-d991-493f-b95d-d38c0c6cdd28?campaignid=50c33cb0-5407-11ed-8dac-0a918cbcbb97 HTTP/1.1
Host: dipaka-ead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww1.orianit.org/
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 
Date: Mon, 28 Nov 2022 08:33:08 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Server: HWzayRGX

dipaka-ead.com/zcredirect?visitid=48fd9833-6ef7-11ed-bffe-12d21f78093b&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false

3.212.50.125

200

700 B

URL HTTP/1.1
dipaka-ead.com/zcredirect?visitid=48fd9833-6ef7-11ed-bffe-12d21f78093b&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false
IP
3.212.50.125:0
ASN
#14618 AMAZON-AES

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (307)
Size
700 B (700 bytes)
Hash
1b45753083e47239d43a530aa19ea7ae
3f9fed663bb090ebe24a6fc23488d5b5efdc246d
711ed10855a7048a8a9c5fde2e454f87fd714d3571096476731f14a97f4c6c3a

HTTP Headers

GET /zcredirect?visitid=48fd9833-6ef7-11ed-bffe-12d21f78093b&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false HTTP/1.1
Host: dipaka-ead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://dipaka-ead.com/zcvisitor/48fd9833-6ef7-11ed-bffe-12d21f78093b/9232f590-d991-493f-b95d-d38c0c6cdd28?campaignid=50c33cb0-5407-11ed-8dac-0a918cbcbb97
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 
Date: Mon, 28 Nov 2022 08:33:09 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
redirected: JS
Server: OjtLJfOS

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10248
Expires: Mon, 28 Nov 2022 11:23:57 GMT
Date: Mon, 28 Nov 2022 08:33:09 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10248
Expires: Mon, 28 Nov 2022 11:23:57 GMT
Date: Mon, 28 Nov 2022 08:33:09 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10248
Expires: Mon, 28 Nov 2022 11:23:57 GMT
Date: Mon, 28 Nov 2022 08:33:09 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10248
Expires: Mon, 28 Nov 2022 11:23:57 GMT
Date: Mon, 28 Nov 2022 08:33:09 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F165667de-df17-4cc6-832c-94f49703bdf2.jpeg

34.120.237.76

200 OK

9.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F165667de-df17-4cc6-832c-94f49703bdf2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.4 kB (9430 bytes)
Hash
1f434933b5bd6377d299ada22d1ae7ef
075531f525e625b117b2497f31139c9824d0e9c5
b587a3249e4f20112088608e3651c2ccbc44225a5c9d88d3bf5884d7f0e9029c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F165667de-df17-4cc6-832c-94f49703bdf2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9430
x-amzn-requestid: 454ca8bd-a256-45f2-8b41-feee86c5af82
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cR7wyGCIIAMFhgw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6383d99e-1488f8ce71a91ebc3ad6b7e0;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 21:41:50 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: ibLuLI6j9EWh0dgk51O7kiPBRyURZ0UdNtlgbBD-SXnDg_GT_tJm8Q==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 22:01:16 GMT
age: 37913
etag: "075531f525e625b117b2497f31139c9824d0e9c5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd6c93814-fbc2-4f60-a417-7cb6ff99a2ef.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.3 kB (6263 bytes)
Hash
b24e349e9d22fb30fbc80497b512cead
c033d1ecdb9e7640f3df044e39053bed8292fcbc
2d77e3c39c60a3563613b1ba97ec0b1a256f41ad09936ba49b23d8cf22f8a7a8

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd6c93814-fbc2-4f60-a417-7cb6ff99a2ef.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6263
x-amzn-requestid: 5c3da401-eb9e-4904-a7e9-5e74648b8b77
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cR6_KFfWoAMF99A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6383d860-3110d65625e883502a5078a9;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 21:36:32 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: EpU6HS6f0BpRceJVfwhBhOgKMTMvdMZj4ST9DMATiqfA10pNplyPtQ==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 21:51:04 GMT
age: 38525
etag: "c033d1ecdb9e7640f3df044e39053bed8292fcbc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

13 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbfe1c9b5-b323-496c-a65c-09c1511f882f.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
13 kB (12555 bytes)
Hash
f20d5c4b208740dd4c737b9d95c0e1d0
c843c5422499736a83a80c2b07475a8dbbb8860f
f8d048a2c911aaedfa53b7d6e134638e8c36db0700a874fe99e0d8f847970a1b

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbfe1c9b5-b323-496c-a65c-09c1511f882f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12555
x-amzn-requestid: 2d9827ba-fc88-4deb-9844-f5b42764b2e9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cR6_MHPWIAMFQMg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6383d861-42986aeb284115943c849306;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 21:36:33 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: KcI_BV4rZkM-2CmcFI5qkJLT-OOwYQnRNEPXrQJvlNA9A3Da0EzgEA==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 21:51:04 GMT
age: 38525
etag: "c843c5422499736a83a80c2b07475a8dbbb8860f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a11c6ec-01ab-453a-a13d-c7804535dc69.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.8 kB (8771 bytes)
Hash
b0bd385532089b45a14e461abbecc1af
3da359b1ba09138a425094715b9f3a2f8d0257fe
803001528f2aefc1ea90e585d48de435975862861a1cbe8d898e5cd7ebd297dd

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a11c6ec-01ab-453a-a13d-c7804535dc69.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8771
x-amzn-requestid: 995d3904-9be1-4b40-9813-ff47e60639ec
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cR6_MEAPoAMF0xw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6383d861-3fdb7958064e0c4b1aed2136;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 21:36:33 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: vrBB4JkuL3nbZnDWitQ4dvTruO9M6hSt8mw9NuJliCmcNOw8xvfWhw==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 22:20:34 GMT
age: 36755
etag: "3da359b1ba09138a425094715b9f3a2f8d0257fe"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F36d8942f-c540-4112-a5a9-c7ac53a00a23.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.4 kB (6376 bytes)
Hash
78b1389f425425d0450c94d900404dc4
53b12a8702f7c5b7cc697e2a24da824d9434be65
0c1659ab3afc6e45f9e3acb12f8865bb99e4668f7df4501b1cc740e53f5b62ed

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F36d8942f-c540-4112-a5a9-c7ac53a00a23.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6376
x-amzn-requestid: 25b82353-9c15-44c0-ada5-55f4697de935
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cR6_KGeaoAMFb_Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6383d860-71711cca7c063030292c5e47;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 21:36:32 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: odmAWkNyUMevvXStu7zRJyckokhyBjUwu7-JSvj8by-JWJ9eAm9P5Q==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 22:01:26 GMT
age: 37903
etag: "53b12a8702f7c5b7cc697e2a24da824d9434be65"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcd94c980-e701-4603-9381-0bd47116d31d.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.0 kB (5989 bytes)
Hash
fa848cb85e85df184b078fe7aa95ae52
21aa6418f3a0d2b64925b66d5fb9079b7e84a11c
37d299c166e3350dee6dee647e98a86f8bd916d186bae12c42764ed0a3177085

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcd94c980-e701-4603-9381-0bd47116d31d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5989
x-amzn-requestid: db10fcc5-80ab-4650-af49-d5afe36706f3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cR78LHQqIAMF9_g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6383d9e7-4cbd19e3227894844807742c;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 21:43:03 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: P0Nx-FcvcV-f5cRPwZr5sEMb8pH3AoYFr185q_D0X2bE7z40nDn91w==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 21:51:04 GMT
age: 38525
etag: "21aa6418f3a0d2b64925b66d5fb9079b7e84a11c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

dipaka-ead.com/favicon.ico

3.212.50.125

404

653 B

URL HTTP/1.1
dipaka-ead.com/favicon.ico
IP
3.212.50.125:0
ASN
#14618 AMAZON-AES

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (649), with no line terminators
Size
653 B (653 bytes)
Hash
ba2732b1b2fa2626ffaa15f62f9e7d66
203d4e7fbb1d80449d6e4e1f3ae7a9bf8625debe
879861cb72fe9fbb476dab246021c4c83b4066327de2529e05ec54d3afb0a1c8

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: dipaka-ead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://dipaka-ead.com/zcredirect?visitid=48fd9833-6ef7-11ed-bffe-12d21f78093b&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false

HTTP/1.1 404 
Date: Mon, 28 Nov 2022 08:33:09 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 653
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Content-Language: en
Server: yZqPlqsA

cartining-specute.com/zp-redirect?target=https%3A%2F%2Fmegaflirt.life%2F%3Fu%3Dxunwwwr%26o%3Db0bp0zy%26cid%3Dwulij96b1bsc3opkivajcqdo&caid=7547a5ef-6f0f-46aa-89e9-08545ec92d28&zpid=48fd9833-6ef7-11ed-bffe-12d21f78093b&cid=wulij96b1bsc3opkivajcqdo&rt=R

18.197.36.77

302 Found

0 B

URL HTTP/2
cartining-specute.com/zp-redirect?target=https%3A%2F%2Fmegaflirt.life%2F%3Fu%3Dxunwwwr%26o%3Db0bp0zy%26cid%3Dwulij96b1bsc3opkivajcqdo&caid=7547a5ef-6f0f-46aa-89e9-08545ec92d28&zpid=48fd9833-6ef7-11ed-bffe-12d21f78093b&cid=wulij96b1bsc3opkivajcqdo&rt=R
IP
18.197.36.77:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /zp-redirect?target=https%3A%2F%2Fmegaflirt.life%2F%3Fu%3Dxunwwwr%26o%3Db0bp0zy%26cid%3Dwulij96b1bsc3opkivajcqdo&caid=7547a5ef-6f0f-46aa-89e9-08545ec92d28&zpid=48fd9833-6ef7-11ed-bffe-12d21f78093b&cid=wulij96b1bsc3opkivajcqdo&rt=R HTTP/1.1
Host: cartining-specute.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://dipaka-ead.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
server: nginx
date: Mon, 28 Nov 2022 08:33:09 GMT
content-length: 0
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://megaflirt.life/?u=xunwwwr&o=b0bp0zy&cid=wulij96b1bsc3opkivajcqdo
pragma: no-cache
set-cookie: cc-v4=d0ZswmZYcfqU0vYf4%2FJnICSQtZwtxcKIfGnZ23%2FRt60Xp5XNCGctxWBxLNKJ7VLLAn39A%2F2F0MFP%2FojH1fojZVd5XoC4DBJNIw3rcQwqMHNapXOhtglY6MW4tEHJC2g%2Bt4r0HNBgtBEqkZR1d6umxA%3D%3D; Max-Age=31536000; Expires=Tue, 28-Nov-2023 08:33:09 GMT; Domain=cartining-specute.com; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b6e9d0681bc1317b18d74b65562d58a5
6de30e5b71febc3a99ed9f5e64047e660813ec01
01606480815c3bf99aa3a0eee67f5d9f57a52de00fc414aea242e0acd2243d44

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "01606480815C3BF99AA3A0EEE67F5D9F57A52DE00FC414AEA242E0ACD2243D44"
Last-Modified: Sat, 26 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15657
Expires: Mon, 28 Nov 2022 12:54:07 GMT
Date: Mon, 28 Nov 2022 08:33:10 GMT
Connection: keep-alive

megaflirt.life/?u=xunwwwr&o=b0bp0zy&cid=wulij96b1bsc3opkivajcqdo

194.87.208.5

200 OK

7.2 kB

URL HTTP/1.1
megaflirt.life/?u=xunwwwr&o=b0bp0zy&cid=wulij96b1bsc3opkivajcqdo
IP
194.87.208.5:0
ASN
#0

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (531), with CRLF line terminators
Size
7.2 kB (7215 bytes)
Hash
08d0dcf0427dddeb4aa11a04c54f6e30
95f11efb370f91e8e23ab44bb1c0f7d8a4ea07f4
d9fd0a14d21c10863117cb68733e35235e862ed0d45378b519d94ea8928ee220

HTTP Headers

GET /?u=xunwwwr&o=b0bp0zy&cid=wulij96b1bsc3opkivajcqdo HTTP/1.1
Host: megaflirt.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://dipaka-ead.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 08:33:10 GMT
Content-Type: text/html
Content-Length: 7215
Connection: keep-alive
set-cookie: sid=t2~bc0bjhzqszsacjpywtsditqi; path=/
cache-control: private, no-transform

megaflirt.life/media/dating/toon2/css/animate.min.css

194.87.208.5

200 OK

53 kB

URL HTTP/1.1
megaflirt.life/media/dating/toon2/css/animate.min.css
IP
194.87.208.5:0
ASN
#0

File type
ASCII text, with very long lines (52592)
Size
53 kB (52789 bytes)
Hash
178b651958ceff556cbc5f355e08bbf1
97afa151569f046b2e01f27c1871646e9cd87caf
8fe3fa119255adb5e0c12479331f9e092e85bcff56ab6ecc0510bfa2056b898d

HTTP Headers

GET /media/dating/toon2/css/animate.min.css HTTP/1.1
Host: megaflirt.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megaflirt.life/?u=xunwwwr&o=b0bp0zy&cid=wulij96b1bsc3opkivajcqdo
Cookie: sid=t2~bc0bjhzqszsacjpywtsditqi
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 08:33:10 GMT
Content-Type: text/css
Content-Length: 52789
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "178b651958ceff556cbc5f355e08bbf1"
Last-Modified: Wed, 31 Aug 2022 09:34:40 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172BB27437950116
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 28 Nov 2023 08:33:10 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes

megaflirt.life/media/exit-new/exit1.js

194.87.208.5

200 OK

3.5 kB

URL HTTP/1.1
megaflirt.life/media/exit-new/exit1.js
IP
194.87.208.5:0
ASN
#0

File type
ASCII text, with very long lines (641), with CRLF line terminators
Size
3.5 kB (3473 bytes)
Hash
625e5e2950612f771e246beb33c9ea61
e4fc251c6c000496c285f8dc3fa097040b031681
618f345a156a0eda55177a1bf0e8a414104f9b6c6ff5cdbe71966f081ccb8a46

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /media/exit-new/exit1.js HTTP/1.1
Host: megaflirt.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megaflirt.life/?u=xunwwwr&o=b0bp0zy&cid=wulij96b1bsc3opkivajcqdo
Cookie: sid=t2~bc0bjhzqszsacjpywtsditqi
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 08:33:10 GMT
Content-Type: application/javascript
Content-Length: 3473
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "625e5e2950612f771e246beb33c9ea61"
Last-Modified: Wed, 31 Aug 2022 09:34:51 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172BB14D7600F485
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 28 Nov 2023 08:33:10 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes

megaflirt.life/media/dating/toon2/css/style.css

194.87.208.5

200 OK

8.6 kB

URL HTTP/1.1
megaflirt.life/media/dating/toon2/css/style.css
IP
194.87.208.5:0
ASN
#0

File type
ASCII text, with CRLF line terminators
Size
8.6 kB (8608 bytes)
Hash
549edaff59c582a6a3ca91f95c60ea71
a9edcba7d667efcfd812bcd413ccbdcb2b67cc88
b28722475035fc8fdc751034c2df8f49d66eb25cf28cf031c4e7357414a131da

HTTP Headers

GET /media/dating/toon2/css/style.css HTTP/1.1
Host: megaflirt.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megaflirt.life/?u=xunwwwr&o=b0bp0zy&cid=wulij96b1bsc3opkivajcqdo
Cookie: sid=t2~bc0bjhzqszsacjpywtsditqi
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 08:33:10 GMT
Content-Type: text/css
Content-Length: 8608
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "549edaff59c582a6a3ca91f95c60ea71"
Last-Modified: Wed, 31 Aug 2022 09:34:40 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172BB2744CE46750
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 28 Nov 2023 08:33:10 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes

megaflirt.life/cookie/js.cookie.js

194.87.208.5

200 OK

4.3 kB

URL HTTP/1.1
megaflirt.life/cookie/js.cookie.js
IP
194.87.208.5:0
ASN
#0

File type
ASCII text, with very long lines (1709), with CRLF line terminators
Size
4.3 kB (4264 bytes)
Hash
a7e9883924072f15259de6888d5ef515
7f4f6e5938e68f55aef81e0cd0145f008cd28382
985659942ab60a92b3c0a7f876d9ef60e8f048ff655a622a172fa4b44f901b6c

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /cookie/js.cookie.js HTTP/1.1
Host: megaflirt.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megaflirt.life/?u=xunwwwr&o=b0bp0zy&cid=wulij96b1bsc3opkivajcqdo
Cookie: sid=t2~bc0bjhzqszsacjpywtsditqi
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 08:33:10 GMT
Content-Type: application/javascript
Content-Length: 4264
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "a7e9883924072f15259de6888d5ef515"
Last-Modified: Wed, 31 Aug 2022 09:31:17 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172BB106EF23D840
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 28 Nov 2023 08:33:10 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes

megaflirt.life/util/utils.js

194.87.208.5

200 OK

7.5 kB

URL HTTP/1.1
megaflirt.life/util/utils.js
IP
194.87.208.5:0
ASN
#0

File type
ASCII text, with very long lines (641), with CRLF line terminators
Size
7.5 kB (7512 bytes)
Hash
01816d15ca03032751161a746e2fb7c3
dcc72ea5fa1356490ba473288159df9786b4a3c3
8b3c83a330bf1120a13eff6ef60c1e268b827b7bc49b42a7a1f5d8ad6941f2ea

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /util/utils.js HTTP/1.1
Host: megaflirt.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megaflirt.life/?u=xunwwwr&o=b0bp0zy&cid=wulij96b1bsc3opkivajcqdo
Cookie: sid=t2~bc0bjhzqszsacjpywtsditqi
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 08:33:10 GMT
Content-Type: application/javascript
Content-Length: 7512
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "01816d15ca03032751161a746e2fb7c3"
Last-Modified: Wed, 31 Aug 2022 09:38:20 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172BB1072069FD1E
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 28 Nov 2023 08:33:10 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes

megaflirt.life/media/bb.js

194.87.208.5

200 OK

639 B

URL HTTP/1.1
megaflirt.life/media/bb.js
IP
194.87.208.5:0
ASN
#0

File type
ASCII text, with very long lines (639), with no line terminators
Size
639 B (639 bytes)
Hash
0d553e4bac91c74bfee2dbabba61e99e
5af71e2377c9c012a7826a695f2724901941b19b
1be1304c675449b1bad38ea8c3da6c1da0763ed2fad339ee1aa461c7bf4e2a68

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /media/bb.js HTTP/1.1
Host: megaflirt.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megaflirt.life/?u=xunwwwr&o=b0bp0zy&cid=wulij96b1bsc3opkivajcqdo
Cookie: sid=t2~bc0bjhzqszsacjpywtsditqi
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 08:33:10 GMT
Content-Type: application/javascript
Content-Length: 639
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "0d553e4bac91c74bfee2dbabba61e99e"
Last-Modified: Wed, 31 Aug 2022 09:32:33 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172BB12857A8AEC2
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 28 Nov 2023 08:33:10 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
dfc6d93c89faf83ac654cd676c02764d
ce10d3ff46b50f22f7f79a7df65b0b7a6ddb741d
83947c7c69062338e3712fe76a493a2798aa2d1f63709eac14ba908d71080dd0

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 08:33:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

megaflirt.life/media/dating/toon2/images/123.jpg

194.87.208.5

200 OK

179 kB

URL HTTP/1.1
megaflirt.life/media/dating/toon2/images/123.jpg
IP
194.87.208.5:0
ASN
#0

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=1069, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=620], progressive, precision 8, 620x1032, components 3\012- data
Size
179 kB (179176 bytes)
Hash
a2d245e1c43c61ca34bea001510dd6d9
7a7e0dbf8bb132958fecd093e6741ffe49d060b5
f6113b1f6bdd279404fd53c920f6ba411b66a897db4c67e16d2129af22370a57

HTTP Headers

GET /media/dating/toon2/images/123.jpg HTTP/1.1
Host: megaflirt.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megaflirt.life/?u=xunwwwr&o=b0bp0zy&cid=wulij96b1bsc3opkivajcqdo
Cookie: sid=t2~bc0bjhzqszsacjpywtsditqi
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 08:33:10 GMT
Content-Type: image/jpeg
Content-Length: 179176
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "a2d245e1c43c61ca34bea001510dd6d9"
Last-Modified: Wed, 31 Aug 2022 09:34:40 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172BB27478D58DBF
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 28 Nov 2023 08:33:10 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes

megaflirt.life/media/dating/toon2/js/jquery-2.2.4.min.js

194.87.208.5

200 OK

86 kB

URL HTTP/1.1
megaflirt.life/media/dating/toon2/js/jquery-2.2.4.min.js
IP
194.87.208.5:0
ASN
#0

File type
ASCII text, with very long lines (32065)
Size
86 kB (85578 bytes)
Hash
2f6b11a7e914718e0290410e85366fe9
69bb69e25ca7d5ef0935317584e6153f3fd9a88c
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /media/dating/toon2/js/jquery-2.2.4.min.js HTTP/1.1
Host: megaflirt.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megaflirt.life/?u=xunwwwr&o=b0bp0zy&cid=wulij96b1bsc3opkivajcqdo
Cookie: sid=t2~bc0bjhzqszsacjpywtsditqi
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 08:33:10 GMT
Content-Type: application/javascript
Content-Length: 85578
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "2f6b11a7e914718e0290410e85366fe9"
Last-Modified: Wed, 31 Aug 2022 09:34:40 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172BB27464CFCD06
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 28 Nov 2023 08:33:10 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
dfc6d93c89faf83ac654cd676c02764d
ce10d3ff46b50f22f7f79a7df65b0b7a6ddb741d
83947c7c69062338e3712fe76a493a2798aa2d1f63709eac14ba908d71080dd0

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 08:33:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.googleapis.com/css?family=Lato:100,100i,300,300i,400,400i,700,700i,900,900i|Roboto:100,100i,300,300i,400,400i,500,500i,700,700i,900,900i&subset=cyrillic,cyrillic-ext,latin-ext

142.250.74.10

200 OK

121 kB

URL HTTP/2
fonts.googleapis.com/css?family=Lato:100,100i,300,300i,400,400i,700,700i,900,900i|Roboto:100,100i,300,300i,400,400i,500,500i,700,700i,900,900i&subset=cyrillic,cyrillic-ext,latin-ext
IP
142.250.74.10:0
ASN
#15169 GOOGLE

File type
data
Size
121 kB (121140 bytes)
Hash
665f05403bba1c3046d7246313f7c190
cab872977fd3f19050f997ceee438ade54785a8f
ae1ea2c10c6e3b86592f6960a506edc5b1c8ec568f9a60f72b9ceb83e182d7e1

HTTP Headers

GET /css?family=Lato:100,100i,300,300i,400,400i,700,700i,900,900i|Roboto:100,100i,300,300i,400,400i,500,500i,700,700i,900,900i&subset=cyrillic,cyrillic-ext,latin-ext HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megaflirt.life/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 28 Nov 2022 08:33:10 GMT
date: Mon, 28 Nov 2022 08:33:10 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
cd0a5be4865b85e858cfcaafa90f8dca
122569d314b0900b1f5e5f58cdad0d9fc16b7e1b
624aa7cc70d5c36d732f15cdeb8de3854f30240cb770108dd88103f13393428d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 08:33:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2

216.58.207.195

200 OK

23 kB

URL HTTP/2
fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2
IP
216.58.207.195:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 23040, version 1.0\012- data
Size
23 kB (23040 bytes)
Hash
de69cf9e514df447d1b0bb16f49d2457
2ac78601179c3a63ba3f3f3081556b12ddcaf655
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49

HTTP Headers

GET /s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://megaflirt.life
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23040
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 26 Nov 2022 21:11:39 GMT
expires: Sun, 26 Nov 2023 21:11:39 GMT
cache-control: public, max-age=31536000
age: 127291
last-modified: Tue, 26 Apr 2022 15:56:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
cd0a5be4865b85e858cfcaafa90f8dca
122569d314b0900b1f5e5f58cdad0d9fc16b7e1b
624aa7cc70d5c36d732f15cdeb8de3854f30240cb770108dd88103f13393428d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 08:33:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2

216.58.207.195

200 OK

24 kB

URL HTTP/2
fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2
IP
216.58.207.195:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 23580, version 1.0\012- data
Size
24 kB (23580 bytes)
Hash
e1b3b5908c9cf23dfb2b9c52b9a023ab
fcd4136085f2a03481d9958cc6793a5ed98e714c
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537

HTTP Headers

GET /s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://megaflirt.life
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23580
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 22 Nov 2022 17:10:21 GMT
expires: Wed, 22 Nov 2023 17:10:21 GMT
cache-control: public, max-age=31536000
age: 487369
last-modified: Tue, 26 Apr 2022 15:48:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
cd0a5be4865b85e858cfcaafa90f8dca
122569d314b0900b1f5e5f58cdad0d9fc16b7e1b
624aa7cc70d5c36d732f15cdeb8de3854f30240cb770108dd88103f13393428d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 08:33:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

megaflirt.life/favicon.ico

194.87.208.5

204 No Content

0 B

URL HTTP/1.1
megaflirt.life/favicon.ico
IP
194.87.208.5:0
ASN
#0

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: megaflirt.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://megaflirt.life/?u=xunwwwr&o=b0bp0zy&cid=wulij96b1bsc3opkivajcqdo
Cookie: sid=t2~bc0bjhzqszsacjpywtsditqi
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 204 No Content
Server: nginx
Date: Mon, 28 Nov 2022 08:33:10 GMT
Connection: keep-alive
Cache-Control: no-transform

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (11)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations