Overview

URL xxxteensfuck.com/
IP46.8.8.100
ASNGransy s.r.o.
Location Czechia
Report completed2022-09-13 05:28:21 UTC
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-09-13 2 xxxteensfuck.com/ Malware
2022-09-13 2 ww62.xxxteensfuck.com/ Malware
2022-09-13 2 ww62.xxxteensfuck.com/ls.php Malware
2022-09-13 2 datingtime.life/media/d/radarnew/js/bootstrap-slider.min.js Phishing
2022-09-13 2 datingtime.life/util/utils.js Phishing
2022-09-13 2 datingtime.life/media/d/radarnew/js/bootstrap.min.js Phishing
2022-09-13 2 datingtime.life/media/d/radarnew/js/main.js Phishing
2022-09-13 2 datingtime.life/media/bbradar.js Phishing
2022-09-13 2 datingtime.life/media/d/radarnew/js/jquery.min.js Phishing
2022-09-13 2 datingtime.life/media/exit-new/exit1.js Phishing
2022-09-13 2 datingtime.life/media/d/radarnew/js/trls.js Phishing
mnemonic secure dns  No alerts detected
Quad9 DNS
Scan Date Severity Indicator Comment
2022-09-13 2 datingtime.life Sinkholed
2022-09-13 2 datingtime.life Sinkholed
2022-09-13 2 datingtime.life Sinkholed
2022-09-13 2 datingtime.life Sinkholed
2022-09-13 2 datingtime.life Sinkholed
2022-09-13 2 datingtime.life Sinkholed
2022-09-13 2 datingtime.life Sinkholed
2022-09-13 2 datingtime.life Sinkholed
2022-09-13 2 datingtime.life Sinkholed
2022-09-13 2 datingtime.life Sinkholed
2022-09-13 2 datingtime.life Sinkholed
2022-09-13 2 datingtime.life Sinkholed
2022-09-13 2 datingtime.life Sinkholed
2022-09-13 2 datingtime.life Sinkholed
2022-09-13 2 datingtime.life Sinkholed
2022-09-13 2 datingtime.life Sinkholed


Files

No files detected



Passive DNS (12)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-09-12 18:42:19 UTC 143.204.55.27
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-09-12 21:02:00 UTC 143.204.55.110
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-09-12 04:53:23 UTC 34.117.237.239
mnemonic passive DNS d1lxhc4jvstzrp.cloudfront.net (1) 0 2022-07-01 09:28:42 UTC 2022-09-12 23:53:50 UTC 143.204.42.70 Unknown ranking
mnemonic passive DNS push.services.mozilla.com (1) 2140 2015-09-03 10:29:36 UTC 2022-09-13 04:47:34 UTC 54.186.209.73
mnemonic passive DNS uthyr-que.com (3) 0 2022-07-18 14:20:19 UTC 2022-09-13 04:20:07 UTC 52.45.156.125 Unknown ranking
mnemonic passive DNS xxxteensfuck.com (1) 0 2013-05-06 15:23:03 UTC 2022-08-11 09:46:14 UTC 46.8.8.100 Unknown ranking
mnemonic passive DNS r3.o.lencr.org (5) 344 2020-12-02 08:52:13 UTC 2022-09-12 04:51:47 UTC 95.101.11.115
mnemonic passive DNS ww62.xxxteensfuck.com (5) 0 2022-06-14 21:59:21 UTC 2022-07-01 07:44:35 UTC 75.2.120.224 Unknown ranking
mnemonic passive DNS ocsp.digicert.com (1) 86 2012-05-21 07:02:23 UTC 2022-09-12 23:34:51 UTC 93.184.220.29
mnemonic passive DNS img-getpocket.cdn.mozilla.net (7) 1631 2017-09-01 03:40:57 UTC 2022-09-12 12:46:20 UTC 34.120.237.76
mnemonic passive DNS datingtime.life (16) 0 2022-07-18 12:41:09 UTC 2022-09-12 04:53:19 UTC 37.221.65.152 Unknown ranking


Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 46.8.8.100

Date UQ / IDS / BL URL IP
2022-12-08 06:01:02 +0000
0 - 0 - 5 doestenge.com/ 46.8.8.100
2022-12-08 06:00:23 +0000
0 - 0 - 5 whenanunknowntriestoappriachuou.com/ 46.8.8.100
2022-12-06 07:01:16 +0000
0 - 0 - 5 pinsclipart.com/ 46.8.8.100
2022-12-06 07:00:57 +0000
0 - 0 - 5 asambeautyvente.com/ 46.8.8.100
2022-12-06 02:00:05 +0000
0 - 0 - 5 newtownartfestival.com/ 46.8.8.100

Last 5 reports on ASN: Gransy s.r.o.

Date UQ / IDS / BL URL IP
2022-12-08 06:01:02 +0000
0 - 0 - 5 doestenge.com/ 46.8.8.100
2022-12-08 06:00:23 +0000
0 - 0 - 5 whenanunknowntriestoappriachuou.com/ 46.8.8.100
2022-12-07 03:54:12 +0000
0 - 0 - 1 185.38.110.121/ad/2.0/ad.bin?request_type=vas (...) 185.38.110.121
2022-12-07 03:54:10 +0000
0 - 0 - 1 185.38.110.121/ad/2.0/ad.bin?request_type=mma (...) 185.38.110.121
2022-12-07 03:43:07 +0000
0 - 0 - 1 185.38.110.121/ad/2.0/ad.bin?request_type=vas (...) 185.38.110.121

Last 1 reports on domain: xxxteensfuck.com

Date UQ / IDS / BL URL IP
2022-09-13 05:28:21 +0000
0 - 0 - 27 xxxteensfuck.com/ 46.8.8.100

Last 5 reports with similar screenshot

Date UQ / IDS / BL URL IP
2022-12-07 22:39:48 +0000
0 - 0 - 16 a.vfgtc.com/ad76bcae-4cce-4374-96d7-a74297141 (...) 18.192.108.151
2022-12-07 09:16:36 +0000
0 - 0 - 16 t.mbdating.link/833/3785/0 54.230.111.117
2022-12-05 15:10:14 +0000
0 - 0 - 25 datingfall.life/?u=ecgk60t&o=7t2p00b&t=turubae 194.87.208.71
2022-12-05 00:29:23 +0000
0 - 0 - 17 t.ajump1.com/215412/5147 52.1.220.62
2022-12-05 00:27:26 +0000
0 - 0 - 16 a.vfgtf.com/ab267e05-23a0-430a-bac4-772f7f629 (...) 18.192.108.151


JavaScript

Executed Scripts (17)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (44)


Request Response
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.27
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Alert, Content-Length, Content-Type, Backoff
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 13 Sep 2022 05:08:41 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 76c917e0bb0ba45eb834d25d76ee125e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: uSFHXFo66V2s0vscoYDsFbHOK59N6tuMaiFNa9zbrbtWsHyJOkG0Yg==
Age: 1168


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    b593eb39329cfe060d55be5e4a5405e2
Sha1:   78e46c1028e9f94f8569303ad2d90d7df13a059a
Sha256: 08a810103557efe55ca4425ff0cf82593f1f54633df899127eaec9bee05d4d04
                                        
                                            GET / HTTP/1.1 
Host: xxxteensfuck.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         46.8.8.100
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=utf-8
                                        
Location: http://ww62.xxxteensfuck.com/
Set-Cookie: sv=1; Domain=xxxteensfuck.com; Expires=Wed, 13 Sep 2023 05:28:09 GMT; Max-Age=300
Date: Tue, 13 Sep 2022 05:28:09 GMT
Content-Length: 64


--- Additional Info ---
Magic:  HTML document, ASCII text
Size:   64
Md5:    f8ee9f3d194f5a02c7958456a585d788
Sha1:   ab68e2fde14af7af7af0c1bb78546862d40b071d
Sha256: 07188d33689845d6d482187feb58fe7f9f42a93a9f912a346749fd6ed13fae5c

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "D16DE6CC9EB0E1297F53DC1137BB764BF5C21A7727BE32AD05AFEBD1FE9501ED"
Last-Modified: Sat, 10 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9211
Expires: Tue, 13 Sep 2022 08:01:40 GMT
Date: Tue, 13 Sep 2022 05:28:09 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.110
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Mon, 12 Sep 2022 07:17:13 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 a9120cc3ff449047c990e82a4d5566ba.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: JEvQnSocw6vBpsujIkCsLhPhJLbcDOjVxro_v0YWkZSKHbPV_rmwXg==
age: 79857
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    742edb4038f38bc533514982f3d2e861
Sha1:   cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
Sha256: b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Tue, 13 Sep 2022 05:28:09 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.27
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Tue, 13 Sep 2022 05:03:22 GMT
Expires: Tue, 13 Sep 2022 05:47:45 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: BNtgTrVzfAzjm_OPtcS0gLrPvGaHQ5SAzre8nhgqBRpTs-5Aza83Og==
Age: 1487


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            GET / HTTP/1.1 
Host: ww62.xxxteensfuck.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: sv=1
Upgrade-Insecure-Requests: 1

                                         
                                         75.2.120.224
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Tue, 13 Sep 2022 05:28:10 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Redirect: zeropark_zeroclick
X-Template: tpl_Regnitz_twoclick
X-Language: norwegian
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2170)
Size:   2482
Md5:    ce418a843f17a791b3732410294ed28d
Sha1:   e0401b42259cc3849a72fb298109eb1379a15d00
Sha256: 6df0be40750168d8d3ef660038f75aab3e0c6d5af8f667cdcd54bebf427c6394

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /scripts/js3.js HTTP/1.1 
Host: d1lxhc4jvstzrp.cloudfront.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww62.xxxteensfuck.com/

                                         
                                         143.204.42.70
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Content-Length: 1134
Connection: keep-alive
Server: nginx
Date: Tue, 13 Sep 2022 00:46:57 GMT
Last-Modified: Tue, 17 Aug 2021 09:17:22 GMT
Accept-Ranges: bytes
ETag: "611b7ea2-46e"
X-Cache: Hit from cloudfront
Via: 1.1 501ad2910f631f0520a6d389d6f053e8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 81tU4uvX23l_o8Pa8eLC40Ykl8s8GhrF6dbSAiuAXiQcIcttUC-Waw==
Age: 16873


--- Additional Info ---
Magic:  ASCII text, with very long lines (506)
Size:   1134
Md5:    64b79b43df8fbf2c5d082964b9116a68
Sha1:   dc3c763519baf0f4c32bb60bfc429651a491ea01
Sha256: c57e9feec209e3ea5eb1d75a1ba6fa277242a3df250055be8446052b51e58637
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 6036
Cache-Control: 'max-age=158059'
Date: Tue, 13 Sep 2022 05:28:10 GMT
Last-Modified: Tue, 13 Sep 2022 03:47:34 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Zz1CZKLgGt843BLcLfiMBQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         54.186.209.73
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: i0V0T05uRJe7Ca9bMAldWluq58I=

                                        
                                            GET /track.php?domain=xxxteensfuck.com&toggle=browserjs&uid=MTY2MzA0Njg4OS42OTU6NmRmYWRkOTBhNGQ3ZjQzMjY4YzVmNDA5YWEyOWQzNDg5YmFkZGRhNGU3YWYzMGJjZTMzMmNiZTZmOTU2MzVmMjo2MzIwMTRlOWE5YWUy HTTP/1.1 
Host: ww62.xxxteensfuck.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww62.xxxteensfuck.com/
Cookie: sv=1

                                         
                                         75.2.120.224
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Tue, 13 Sep 2022 05:28:10 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Custom-Track: browserjs
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Access-Control-Allow-Origin: *
Content-Encoding: gzip

                                        
                                            POST /ls.php HTTP/1.1 
Host: ww62.xxxteensfuck.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 2122
Origin: http://ww62.xxxteensfuck.com
Connection: keep-alive
Referer: http://ww62.xxxteensfuck.com/
Cookie: sv=1

                                         
                                         75.2.120.224
HTTP/1.1 201 Created
Content-Type: text/javascript;charset=UTF-8
                                        
Date: Tue, 13 Sep 2022 05:28:11 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
X-Log-Success: 632014eb4ede6a330f2a9ccc
Charset: utf-8
Access-Control-Allow-Origin: http://ww62.xxxteensfuck.com
Access-Control-Allow-Methods: POST, OPTIONS
Access-Control-Max-Age: 86400
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_DxLN4OgUnx/ZSe5AL8z1Du1A3e6dyyjkq67ZZx8tyV0cir3su4sIVUffbwZ2KPlGhVyJvg2Eb0UaecsJUFStDw==


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: ww62.xxxteensfuck.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww62.xxxteensfuck.com/
Cookie: sv=1

                                         
                                         75.2.120.224
HTTP/1.1 200 OK
Content-Type: image/x-icon
                                        
Date: Tue, 13 Sep 2022 05:28:11 GMT
Content-Length: 0
Connection: keep-alive
Server: nginx
Last-Modified: Tue, 12 May 2020 14:25:52 GMT
ETag: "5ebab1f0-0"
Accept-Ranges: bytes

                                        
                                            GET /track.php?click=8bc5311fea51f5d88ad90580a49f43a22d8f5165&domain=xxxteensfuck.com&uid=MTY2MzA0Njg4OS42OTU6NmRmYWRkOTBhNGQ3ZjQzMjY4YzVmNDA5YWEyOWQzNDg5YmFkZGRhNGU3YWYzMGJjZTMzMmNiZTZmOTU2MzVmMjo2MzIwMTRlOWE5YWUy&ts=fFJlZ25pdHp8fDMyYjU1fGJ1Y2tldDA3MHx8fHx8fDYzMjAxNGU5YTlhYmZ8fHwxNjYzMDQ2ODg5Ljk4NTR8MWZlNWRkYWVkMTk3YTAzMTFkZjg5MmM4NzU4NzdjMDJiZmM3ZTMzMnx8fHx8MXx8MHwwfHx8fDF8fHx8fDB8MHx8fHx8fHx8fHwwfDB8fDB8fHwwfDB8ZXlKemRIbHNaVWxrSWpvaUlERTBNakF5TkRBME1qZ2lmUT09fHwxfFcxMD18MDNkY2IxZDE5M2M0Y2NkMDhiNGE5NjcyOTJkYmY5ZmNlNmNmMzZlZnwwfGRwLXRlYW1pbnRlcm5ldDAxX2FkdWx0XzNwaHwwfDA%3D&kw=&search=&pcat=&rxid=&bucket=&clientID=&adtest=off HTTP/1.1 
Host: ww62.xxxteensfuck.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww62.xxxteensfuck.com/
Cookie: sv=1

                                         
                                         75.2.120.224
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Tue, 13 Sep 2022 05:28:11 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-View-Match: true
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Access-Control-Allow-Origin: *
Content-Encoding: gzip

                                        
                                            GET /zcvisitor/daa6d806-3324-11ed-b309-124010fa6c4f/1304ac30-8585-11eb-af9e-0a51339b19df?campaignid=23c53dd0-8dec-11ec-b62a-0a918cbcbb97 HTTP/1.1 
Host: uthyr-que.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww62.xxxteensfuck.com/
Upgrade-Insecure-Requests: 1

                                         
                                         52.45.156.125
HTTP/1.1 200
Content-Type: text/html;charset=UTF-8
                                        
Date: Tue, 13 Sep 2022 05:28:11 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Server: ldgusMGu


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   996
Md5:    2180f3ffa33b98d2ec4ff5dd74bc6a4e
Sha1:   49bb0c4b8571ed221683fabd6c7c622f40a1ecc1
Sha256: 92d23e820f247bdf210175475306aead880fbc9c47a4544f04e0b592a98b26dc
                                        
                                            GET /zcredirect?visitid=daa6d806-3324-11ed-b309-124010fa6c4f&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false HTTP/1.1 
Host: uthyr-que.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://uthyr-que.com/zcvisitor/daa6d806-3324-11ed-b309-124010fa6c4f/1304ac30-8585-11eb-af9e-0a51339b19df?campaignid=23c53dd0-8dec-11ec-b62a-0a918cbcbb97
Upgrade-Insecure-Requests: 1

                                         
                                         52.45.156.125
HTTP/1.1 200
Content-Type: text/html;charset=UTF-8
                                        
Date: Tue, 13 Sep 2022 05:28:11 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
redirected: JS
Server: ojAzYiJa


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   314
Md5:    92e14cf5a81957d2bdd8551161886463
Sha1:   8f039e2fd0c853d120cb9b93c1b6f43becdc2dbc
Sha256: 7e9d4cd96a0af2b563e6158c1de8cecce57733f31f7fd8daf63a69de7cd84257
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EC9DDD9D47E4CD14BD7471042CE3060C1D119038DAC5D1F02A4040C617228B0D"
Last-Modified: Mon, 12 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4534
Expires: Tue, 13 Sep 2022 06:43:45 GMT
Date: Tue, 13 Sep 2022 05:28:11 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EC9DDD9D47E4CD14BD7471042CE3060C1D119038DAC5D1F02A4040C617228B0D"
Last-Modified: Mon, 12 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4534
Expires: Tue, 13 Sep 2022 06:43:45 GMT
Date: Tue, 13 Sep 2022 05:28:11 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EC9DDD9D47E4CD14BD7471042CE3060C1D119038DAC5D1F02A4040C617228B0D"
Last-Modified: Mon, 12 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4534
Expires: Tue, 13 Sep 2022 06:43:45 GMT
Date: Tue, 13 Sep 2022 05:28:11 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F77296a12-991a-4ab6-9ce0-05b3a82d6664.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10366
x-amzn-requestid: c66a0e06-d45c-4d16-ba0c-bf6a2368cfc2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YVQPkH2RoAMFX2w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631ec730-5174741f2d86d3ea018e452f;Sampled=0
x-amzn-remapped-date: Mon, 12 Sep 2022 05:44:16 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 0ieBLVDdyIQuPO5pdM8wzjY2XwaMhLJhJWAUtsLfgiWTKVBTOws1tQ==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Mon, 12 Sep 2022 21:58:04 GMT
etag: "c4772b9b182f9f905fead84f3761fe296073ca65"
age: 27007
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10366
Md5:    8c1314c7778ea0d32e8c69dae0c38b6d
Sha1:   c4772b9b182f9f905fead84f3761fe296073ca65
Sha256: 5fc8dc23f9b4d150b834aa69b358edd9f9f5f449607df07d579df66098d8aac6
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f56b68b-fb6b-46aa-8beb-0f89d14a52e9.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8964
x-amzn-requestid: 40fc21d4-d600-4867-9e30-7d4348b780a1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XxMYkHbdIAMFfDA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63105a9d-07ea06b965d15d11536b72bf;Sampled=0
x-amzn-remapped-date: Thu, 01 Sep 2022 07:09:17 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: kkJVkxZX4EyhAItDE0i2qrunY_hWlAaXgYVmhLmXORstS4MhBhCDZQ==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 13 Sep 2022 05:26:59 GMT
age: 72
etag: "737a9379824ccc3e211a0ec048026ab2fb2c972e"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8964
Md5:    024f2b686d27f71b12fabd3acf81898f
Sha1:   737a9379824ccc3e211a0ec048026ab2fb2c972e
Sha256: 167438064a07630eba319a22be43299e520521458e66b0d129d4f27f2a75bee9
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc9a2dff5-4864-4430-8c54-6b68d2bbd35a.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10849
x-amzn-requestid: 722d8d75-0911-4b59-af65-2b408bc09d80
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YXbx6E9-oAMFT8w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631fa672-74ea9343619d4a1865e34818;Sampled=0
x-amzn-remapped-date: Mon, 12 Sep 2022 21:36:50 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 4rpwcrZLDlgcwBtH7wpoHMOb8hhFbKbZSQpjWqUqbt_Sl4ud3dm9Vg==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Mon, 12 Sep 2022 21:42:18 GMT
age: 27953
etag: "2ab2ee20e720b78be6deb55f967ac0d8b7dad048"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10849
Md5:    838f709437b2dfbede4ee15307afe217
Sha1:   2ab2ee20e720b78be6deb55f967ac0d8b7dad048
Sha256: a3b47ce595b475f2aab6f7378888d15ba3e98453d6c8a3d88946efc5d65eedba
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F87c57865-c702-4995-8386-d5a054dd23e8.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 2711
x-amzn-requestid: d1f9060c-585c-4ac8-bc60-2b3a2c80ee65
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YXb4DGKToAMFfog=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631fa699-3522d608453b1c6374e4a94e;Sampled=0
x-amzn-remapped-date: Mon, 12 Sep 2022 21:37:29 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: eDXYc4gzXC8xdyNrP9rMoFU-Kewj4MfKQk0UUJitnTZnutZFtekXaA==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 2ab6211e66998c8b58132661a7e3cade.cloudfront.net (CloudFront), 1.1 google
date: Mon, 12 Sep 2022 21:42:11 GMT
age: 27960
etag: "5955dc0e311eca9988970d55d222bb77a7552fec"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   2711
Md5:    96d4d68111565e0e9d942cb22e3e4e93
Sha1:   5955dc0e311eca9988970d55d222bb77a7552fec
Sha256: 294fe6fa82e831192a0b16e1b2b1e57ac4ff082709a31ef52cc9c8586b9a4906
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d3b6b9b-146c-4409-9d90-4b60cad37e27.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7430
x-amzn-requestid: 7898b8eb-60e3-47b4-980e-061036ac8c4e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YXbepFinIAMFoqg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631fa5f7-3a120c0143cdf1051f94e142;Sampled=0
x-amzn-remapped-date: Mon, 12 Sep 2022 21:34:47 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: eKSciYj4WbRzV_M0LpmWpgrEvYLDfi2haM-slQw4EXm371JAq-pd6Q==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Mon, 12 Sep 2022 21:58:04 GMT
etag: "722607d59e2fa7de70b7b24daebc0ef74903f272"
age: 27007
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7430
Md5:    bade06e72a416ba31c658e41c341a175
Sha1:   722607d59e2fa7de70b7b24daebc0ef74903f272
Sha256: 16033840bfe31372b193a545f5aae57fd865a5e786d12705d67b18dfdbb31388
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2fa3e758-893f-4e13-94ae-85209a30089e.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6670
x-amzn-requestid: 6f0e9fd2-a2a3-4b89-a109-e0ada80efb41
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X_Y9vFPHoAMFkBw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63160857-3c8f54b87e1e502e2308a204;Sampled=0
x-amzn-remapped-date: Mon, 05 Sep 2022 14:31:51 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: s9XL-JvEdgQ31t_VRIubCZ7fMr7qscSLt7pPtnq9FIKOya2WbUfdfQ==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 1481cc55c02c3a782ad420b6bac2cb32.cloudfront.net (CloudFront), 1.1 google
date: Mon, 12 Sep 2022 22:02:04 GMT
age: 26767
etag: "0c9cdc03cf2b5a60542cdb91de6b7b37866254cc"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6670
Md5:    c3057080b51e9f8360222d0bba39807f
Sha1:   0c9cdc03cf2b5a60542cdb91de6b7b37866254cc
Sha256: 303c7c2f54dd0ef80f6a7b2cc050ff118f8907a79334dcab7e8fa4d4cab3b7bb
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: uthyr-que.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://uthyr-que.com/zcredirect?visitid=daa6d806-3324-11ed-b309-124010fa6c4f&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false

                                         
                                         52.45.156.125
HTTP/1.1 404
Content-Type: text/html;charset=utf-8
                                        
Date: Tue, 13 Sep 2022 05:28:11 GMT
Content-Length: 653
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Content-Language: en
Server: YZFHCFfG


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (649), with no line terminators
Size:   653
Md5:    ba2732b1b2fa2626ffaa15f62f9e7d66
Sha1:   203d4e7fbb1d80449d6e4e1f3ae7a9bf8625debe
Sha256: 879861cb72fe9fbb476dab246021c4c83b4066327de2529e05ec54d3afb0a1c8
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "8AA1B033A01281371731626214625F495934917141A8133B5D776E69BD470E08"
Last-Modified: Sun, 11 Sep 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7368
Expires: Tue, 13 Sep 2022 07:30:59 GMT
Date: Tue, 13 Sep 2022 05:28:11 GMT
Connection: keep-alive

                                        
                                            GET /?u=dgnpd0x&o=v9483xk&t=mike-hem-1dx9djpydz HTTP/1.1 
Host: datingtime.life
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://uthyr-que.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         37.221.65.152
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Server: nginx
Date: Tue, 13 Sep 2022 05:28:12 GMT
Content-Length: 13858
Connection: keep-alive
set-cookie: sid=t2~jlewepmb1cw0nkjdy3zvpo4h; path=/
cache-control: private, no-transform


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (528), with CRLF line terminators
Size:   13858
Md5:    b4dcdce2bd8cc83550139cad51a15fdd
Sha1:   9cb6314eba0a46fe9a03fbf2480652d3a21ccec7
Sha256: df691c98065de15eb02adf1586eab87ae86d77b5cbcefee1bf4180f2cbba9a10

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /media/d/radarnew/css/stylesoutdoor.css HTTP/1.1 
Host: datingtime.life
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://datingtime.life/?u=dgnpd0x&o=v9483xk&t=mike-hem-1dx9djpydz
Cookie: sid=t2~jlewepmb1cw0nkjdy3zvpo4h
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         37.221.65.152
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx
Date: Tue, 13 Sep 2022 05:28:12 GMT
Content-Length: 9931
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "03f7f67a73bff5cb76ca8b0c3086915d"
Last-Modified: Wed, 31 Aug 2022 09:33:22 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17145357E6C45ECD
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Wed, 13 Sep 2023 05:28:12 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  assembler source, ASCII text, with CRLF line terminators
Size:   9931
Md5:    03f7f67a73bff5cb76ca8b0c3086915d
Sha1:   db6689a7344d784c97b12467264bdc9cc003844f
Sha256: 3aff9e59a46b2cdd488813c4874a7f9668f74761f94222ef32841fd4350ac8cc

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /media/d/radarnew/css/bootstrap-slider.min.css HTTP/1.1 
Host: datingtime.life
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://datingtime.life/?u=dgnpd0x&o=v9483xk&t=mike-hem-1dx9djpydz
Cookie: sid=t2~jlewepmb1cw0nkjdy3zvpo4h
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         37.221.65.152
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx
Date: Tue, 13 Sep 2022 05:28:12 GMT
Content-Length: 7227
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "4961224724899c120f62718d9a05a11a"
Last-Modified: Wed, 31 Aug 2022 09:33:22 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17145358063CFC34
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Wed, 13 Sep 2023 05:28:12 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with very long lines (6195)
Size:   7227
Md5:    4961224724899c120f62718d9a05a11a
Sha1:   edb2043d6a2727c124a9d2b64a461ef682e73dad
Sha256: a27ecbe0f63af48cceb0dc93fb842d3161462ca44d16bae13ea4a85488a7a8ce

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /media/d/radarnew/css/blue.css HTTP/1.1 
Host: datingtime.life
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://datingtime.life/?u=dgnpd0x&o=v9483xk&t=mike-hem-1dx9djpydz
Cookie: sid=t2~jlewepmb1cw0nkjdy3zvpo4h
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         37.221.65.152
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx
Date: Tue, 13 Sep 2022 05:28:12 GMT
Content-Length: 1505
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "53c8fc393280d00814bfcb0ac9a9948b"
Last-Modified: Wed, 31 Aug 2022 09:33:22 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17145357FA90E908
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Wed, 13 Sep 2023 05:28:12 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text
Size:   1505
Md5:    53c8fc393280d00814bfcb0ac9a9948b
Sha1:   41411e8e1fae0b3a35cb70f547df9df643a6a6dc
Sha256: 0ca1d39f999294e137c538278732cd5f2e0f6bd54617ec7e347773ac5b3d8272

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /media/d/radarnew/js/bootstrap-slider.min.js HTTP/1.1 
Host: datingtime.life
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://datingtime.life/?u=dgnpd0x&o=v9483xk&t=mike-hem-1dx9djpydz
Cookie: sid=t2~jlewepmb1cw0nkjdy3zvpo4h
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         37.221.65.152
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Tue, 13 Sep 2022 05:28:12 GMT
Content-Length: 26183
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "bb00d9d835171fe905a76787cbea604a"
Last-Modified: Wed, 31 Aug 2022 09:33:22 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 171453580DB0D038
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Wed, 13 Sep 2023 05:28:12 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with very long lines (25087)
Size:   26183
Md5:    bb00d9d835171fe905a76787cbea604a
Sha1:   428580aaa3688c5dcca79b6428248b31af85ac1f
Sha256: 926ac5c114974a527367752eef1ab86bdb364c34fafb39e9b976c7ab0c2adda6

Alerts:
  Blocklists:
    - fortinet: Phishing
    - quad9: Sinkholed
                                        
                                            GET /util/utils.js HTTP/1.1 
Host: datingtime.life
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://datingtime.life/?u=dgnpd0x&o=v9483xk&t=mike-hem-1dx9djpydz
Cookie: sid=t2~jlewepmb1cw0nkjdy3zvpo4h
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         37.221.65.152
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Tue, 13 Sep 2022 05:28:12 GMT
Content-Length: 7512
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "01816d15ca03032751161a746e2fb7c3"
Last-Modified: Wed, 31 Aug 2022 09:38:20 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 171452F70CF93535
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Wed, 13 Sep 2023 05:28:12 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with very long lines (641), with CRLF line terminators
Size:   7512
Md5:    01816d15ca03032751161a746e2fb7c3
Sha1:   dcc72ea5fa1356490ba473288159df9786b4a3c3
Sha256: 8b3c83a330bf1120a13eff6ef60c1e268b827b7bc49b42a7a1f5d8ad6941f2ea

Alerts:
  Blocklists:
    - fortinet: Phishing
    - quad9: Sinkholed
                                        
                                            GET /media/d/radarnew/js/bootstrap.min.js HTTP/1.1 
Host: datingtime.life
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://datingtime.life/?u=dgnpd0x&o=v9483xk&t=mike-hem-1dx9djpydz
Cookie: sid=t2~jlewepmb1cw0nkjdy3zvpo4h
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         37.221.65.152
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Tue, 13 Sep 2022 05:28:12 GMT
Content-Length: 29110
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "ba847811448ef90d98d272aeccef2a95"
Last-Modified: Wed, 31 Aug 2022 09:33:22 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17145357F9005F54
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Wed, 13 Sep 2023 05:28:12 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with very long lines (28941)
Size:   29110
Md5:    ba847811448ef90d98d272aeccef2a95
Sha1:   5814e91bb6276f4de8b7951c965f2f190a03978d
Sha256: 898d05a17f2cfc5120ddcdba47a885c378c0b466f30f0700e502757e24b403a1

Alerts:
  Blocklists:
    - fortinet: Phishing
    - quad9: Sinkholed
                                        
                                            GET /media/d/radarnew/js/main.js HTTP/1.1 
Host: datingtime.life
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://datingtime.life/?u=dgnpd0x&o=v9483xk&t=mike-hem-1dx9djpydz
Cookie: sid=t2~jlewepmb1cw0nkjdy3zvpo4h
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         37.221.65.152
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Tue, 13 Sep 2022 05:28:12 GMT
Content-Length: 1446
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "e2a64608889abbe3782f28e512a421dd"
Last-Modified: Wed, 31 Aug 2022 09:33:22 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17145358213B10F4
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Wed, 13 Sep 2023 05:28:12 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   1446
Md5:    e2a64608889abbe3782f28e512a421dd
Sha1:   6c5e589d6cf3c8ee1eb63f057f9852ff67887c44
Sha256: ebd7a92af4d051891df2bbad59bbf1b2a36fc68f1108b15504d12550d656f566

Alerts:
  Blocklists:
    - fortinet: Phishing
    - quad9: Sinkholed
                                        
                                            GET /media/bbradar.js HTTP/1.1 
Host: datingtime.life
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://datingtime.life/?u=dgnpd0x&o=v9483xk&t=mike-hem-1dx9djpydz
Cookie: sid=t2~jlewepmb1cw0nkjdy3zvpo4h
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         37.221.65.152
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Tue, 13 Sep 2022 05:28:12 GMT
Content-Length: 639
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "0d553e4bac91c74bfee2dbabba61e99e"
Last-Modified: Wed, 31 Aug 2022 09:32:33 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 1714535839938B3F
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Wed, 13 Sep 2023 05:28:12 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with very long lines (639), with no line terminators
Size:   639
Md5:    0d553e4bac91c74bfee2dbabba61e99e
Sha1:   5af71e2377c9c012a7826a695f2724901941b19b
Sha256: 1be1304c675449b1bad38ea8c3da6c1da0763ed2fad339ee1aa461c7bf4e2a68

Alerts:
  Blocklists:
    - fortinet: Phishing
    - quad9: Sinkholed
                                        
                                            GET /media/d/radarnew/js/jquery.min.js HTTP/1.1 
Host: datingtime.life
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://datingtime.life/?u=dgnpd0x&o=v9483xk&t=mike-hem-1dx9djpydz
Cookie: sid=t2~jlewepmb1cw0nkjdy3zvpo4h
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         37.221.65.152
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Tue, 13 Sep 2022 05:28:12 GMT
Content-Length: 93435
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "0b6ecf17e30037994d3ffee51b525914"
Last-Modified: Wed, 31 Aug 2022 09:33:22 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17145357FC1825AF
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Wed, 13 Sep 2023 05:28:12 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (65480)
Size:   93435
Md5:    0b6ecf17e30037994d3ffee51b525914
Sha1:   d09d3a99ed25d0f1fbe6856de9e14ffd33557256
Sha256: f554d2f09272c6f71447ebfe4532d3b1dd1959bce669f9a5ccc99e64ef511729

Alerts:
  Blocklists:
    - fortinet: Phishing
    - quad9: Sinkholed
                                        
                                            GET /media/exit-new/exit1.js HTTP/1.1 
Host: datingtime.life
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://datingtime.life/?u=dgnpd0x&o=v9483xk&t=mike-hem-1dx9djpydz
Cookie: sid=t2~jlewepmb1cw0nkjdy3zvpo4h
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         37.221.65.152
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Tue, 13 Sep 2022 05:28:12 GMT
Content-Length: 3473
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "625e5e2950612f771e246beb33c9ea61"
Last-Modified: Wed, 31 Aug 2022 09:34:51 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17145327F212FD67
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Wed, 13 Sep 2023 05:28:12 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with very long lines (641), with CRLF line terminators
Size:   3473
Md5:    625e5e2950612f771e246beb33c9ea61
Sha1:   e4fc251c6c000496c285f8dc3fa097040b031681
Sha256: 618f345a156a0eda55177a1bf0e8a414104f9b6c6ff5cdbe71966f081ccb8a46

Alerts:
  Blocklists:
    - fortinet: Phishing
    - quad9: Sinkholed
                                        
                                            GET /media/d/radarnew/css/bootstrap.css HTTP/1.1 
Host: datingtime.life
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://datingtime.life/?u=dgnpd0x&o=v9483xk&t=mike-hem-1dx9djpydz
Cookie: sid=t2~jlewepmb1cw0nkjdy3zvpo4h
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         37.221.65.152
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx
Date: Tue, 13 Sep 2022 05:28:12 GMT
Content-Length: 110239
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "47ec8e4c717bce27e3dec25375b64c16"
Last-Modified: Wed, 31 Aug 2022 09:33:22 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17145357F9E3BF96
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Wed, 13 Sep 2023 05:28:12 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  assembler source, ASCII text, with very long lines (540)
Size:   110239
Md5:    47ec8e4c717bce27e3dec25375b64c16
Sha1:   23ee6fedf86a1ebb17e96423086f910f72a9e8f5
Sha256: 37d237c2cfc632735d5a1c48184e7e7afc5358ffd8ab8d6bd9f90a16d1e2993f

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /media/d/radarnew/js/trls.js HTTP/1.1 
Host: datingtime.life
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://datingtime.life/?u=dgnpd0x&o=v9483xk&t=mike-hem-1dx9djpydz
Cookie: sid=t2~jlewepmb1cw0nkjdy3zvpo4h
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         37.221.65.152
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Tue, 13 Sep 2022 05:28:12 GMT
Content-Length: 47770
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "acbcd82ae39db3a4cc2eb4a43d8b4338"
Last-Modified: Wed, 31 Aug 2022 09:33:22 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17145456634FF35D
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Wed, 13 Sep 2023 05:28:12 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with CRLF line terminators
Size:   47770
Md5:    acbcd82ae39db3a4cc2eb4a43d8b4338
Sha1:   4bbfdc1fca56ef2aba7b5fd95034ea6860f30a5a
Sha256: 3fc88d3968cd86f76bc3d071b1d3de64729f06840621ab9a39b93f7e2add6303

Alerts:
  Blocklists:
    - fortinet: Phishing
    - quad9: Sinkholed
                                        
                                            GET /media/d/radarnew/images/radar.gif HTTP/1.1 
Host: datingtime.life
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://datingtime.life/?u=dgnpd0x&o=v9483xk&t=mike-hem-1dx9djpydz
Cookie: sid=t2~jlewepmb1cw0nkjdy3zvpo4h
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         37.221.65.152
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx
Date: Tue, 13 Sep 2022 05:28:12 GMT
Content-Length: 175791
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "0d3a894b7b00a48996f702d71fe7e7c3"
Last-Modified: Wed, 31 Aug 2022 09:33:22 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 171453588C086C92
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Wed, 13 Sep 2023 05:28:12 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  GIF image data, version 89a, 179 x 179\012- data
Size:   175791
Md5:    0d3a894b7b00a48996f702d71fe7e7c3
Sha1:   b4f278b2ff6d12f7fb38fdf91c42f3190a69e53c
Sha256: 89495896bcc3deb0b6a643cf55ddfe620ada0cdb66cd09ce4ba801a06396fcef

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /media/d/radarnew/images/outdoor.jpg HTTP/1.1 
Host: datingtime.life
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://datingtime.life/media/d/radarnew/css/stylesoutdoor.css
Cookie: sid=t2~jlewepmb1cw0nkjdy3zvpo4h
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         37.221.65.152
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx
Date: Tue, 13 Sep 2022 05:28:12 GMT
Content-Length: 222141
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "fc523ba36d675d549f0c70815b6b1604"
Last-Modified: Wed, 31 Aug 2022 09:33:22 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17145358B435D84A
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Wed, 13 Sep 2023 05:28:12 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1422x800, components 3\012- data
Size:   222141
Md5:    fc523ba36d675d549f0c70815b6b1604
Sha1:   d8dc530c0e48382f06da7301a7bfb42072f28cfb
Sha256: b0b9b668729dc630f2ff79478f74bdaa7d6eb53a5b8ae665a3144c5cf7629351

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: datingtime.life
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://datingtime.life/?u=dgnpd0x&o=v9483xk&t=mike-hem-1dx9djpydz
Cookie: sid=t2~jlewepmb1cw0nkjdy3zvpo4h
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         37.221.65.152
HTTP/1.1 204 No Content
                                        
Server: nginx
Date: Tue, 13 Sep 2022 05:28:12 GMT
Connection: keep-alive
Cache-Control: no-transform


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa53d9b2d-779c-43d7-b0fb-41855d1192cd.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7831
x-amzn-requestid: 65494896-277e-420e-9697-3b0fe44ca01f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XtmBUHmZIAMFc0Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630eea08-17755f842fb9aff80aae3124;Sampled=0
x-amzn-remapped-date: Wed, 31 Aug 2022 04:56:40 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: qhuq_KUvFJeRPGpKxHE8-ULZ0ep0nUhoOsLfsX6q7cAeOY9oiTOv2A==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 68fadeb91f97256bb67b03bfca74d830.cloudfront.net (CloudFront), 1.1 google
date: Mon, 12 Sep 2022 22:22:46 GMT
age: 25532
etag: "5356b0f4f09626d23a16c950143a76f2e3dbff69"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7831
Md5:    30cec409792503d3d6aa6f2f0d3f88da
Sha1:   5356b0f4f09626d23a16c950143a76f2e3dbff69
Sha256: 22c9ce5a29779a9851f305a7c386d758f1e2a186941be29961cf7fe5053571ff