Report - dratingmaject.com/573ca57e-93c1-46c3-a4c2-fdf50ca792c4

Report Overview

Submitted URL
dratingmaject.com/573ca57e-93c1-46c3-a4c2-fdf50ca792c4
IP
18.195.149.11
ASN
#16509 AMAZON-02
Submitted
2022-11-30 02:00:19
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
babesroulette.com	281754	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	959 B	654 B	188.114.96.1
dratingmaject.com	821761	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.4 kB	4.8 kB	18.195.149.11
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	34.102.187.140
fonts.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	966 B	62 kB	216.58.207.227
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	229 B	34.117.237.239
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.7 kB	3.5 kB	142.250.74.131
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	52.13.173.34
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.8 kB	62 kB	34.120.237.76
fonts.googleapis.com	8877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	459 B	746 B	142.250.74.106
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.7 kB	7.1 kB	23.36.76.226
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.4 kB	1.4 kB	93.184.220.29
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-11-30	medium	dratingmaject.com/573ca57e-93c1-46c3-a4c2-fdf50ca792c4	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (6)

	URL	Size	First Seen	Last Seen
	babesroulette.com/landers/lander18/?clickid=w1l5mth70rn832rkil9969d2&source=573ca57e-93c1-46c3-a4c2-fdf50ca792c4&cep=zWVfmMcfSklQtey1oTP1I7wxWE5Kv2DPr5lz-sQco8K5-hqugXH1J4qMzvSjGu3nYQK62If8srDbXyb1RP2RSWe_PQZ8eXfZBylZDEdQ1x9n6Nd2uFaHQYYlhoTysfZ-OszYgcWnxL8f5Km9NB6Py0vlMYdoPWn6UC1Z1RX2LCYPfegQHp8ce3XxSuYISXCSmaHeXO8r7vSpl65EvORltDSbV1aPU8VtOU3ZdvUPRWDtXA2pkFMRSq37oIOQCT2FnBCRaXypJ_vLUzF-EA2DH_wFuwnzSGnXa89B9AcBKbXudB6W0Ycwu8f59qwW6Mk0WoDn6zo6tM1S05Pe5GFEFO4TdQ2W_YCIBpKwCdZGICkW3vuf8jd3LkytkHG49vu7&lptoken=16cd692177985411071f	660 B	2023-03-07	2023-04-05
Pretty URL babesroulette.com/landers/lander18/?clickid=w1l5mth70rn832rkil9969d2&source=573ca57e-93c1-46c3-a4c2-fdf50ca792c4&cep=zWVfmMcfSklQtey1oTP1I7wxWE5Kv2DPr5lz-sQco8K5-hqugXH1J4qMzvSjGu3nYQK62If8srDbXyb1RP2RSWe_PQZ8eXfZBylZDEdQ1x9n6Nd2uFaHQYYlhoTysfZ-OszYgcWnxL8f5Km9NB6Py0vlMYdoPWn6UC1Z1RX2LCYPfegQHp8ce3XxSuYISXCSmaHeXO8r7vSpl65EvORltDSbV1aPU8VtOU3ZdvUPRWDtXA2pkFMRSq37oIOQCT2FnBCRaXypJ_vLUzF-EA2DH_wFuwnzSGnXa89B9AcBKbXudB6W0Ycwu8f59qwW6Mk0WoDn6zo6tM1S05Pe5GFEFO4TdQ2W_YCIBpKwCdZGICkW3vuf8jd3LkytkHG49vu7&lptoken=16cd692177985411071f IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:00 Last Seen2023-04-05 01:55:44 Times Seen17 Hash 97441e7379ca32ad9f6044c50451ff13 80fb696604e2b6e293615725845d9642cc4171d7 976578c853ded099ba704b2fda49934f67dbbb03e53d81b589d332ffaa543fdc Loading...

	babesroulette.com/landers/lander18/?clickid=w1l5mth70rn832rkil9969d2&source=573ca57e-93c1-46c3-a4c2-fdf50ca792c4&cep=zWVfmMcfSklQtey1oTP1I7wxWE5Kv2DPr5lz-sQco8K5-hqugXH1J4qMzvSjGu3nYQK62If8srDbXyb1RP2RSWe_PQZ8eXfZBylZDEdQ1x9n6Nd2uFaHQYYlhoTysfZ-OszYgcWnxL8f5Km9NB6Py0vlMYdoPWn6UC1Z1RX2LCYPfegQHp8ce3XxSuYISXCSmaHeXO8r7vSpl65EvORltDSbV1aPU8VtOU3ZdvUPRWDtXA2pkFMRSq37oIOQCT2FnBCRaXypJ_vLUzF-EA2DH_wFuwnzSGnXa89B9AcBKbXudB6W0Ycwu8f59qwW6Mk0WoDn6zo6tM1S05Pe5GFEFO4TdQ2W_YCIBpKwCdZGICkW3vuf8jd3LkytkHG49vu7&lptoken=16cd692177985411071f	1.4 kB	2023-03-07	2023-04-05
Pretty URL babesroulette.com/landers/lander18/?clickid=w1l5mth70rn832rkil9969d2&source=573ca57e-93c1-46c3-a4c2-fdf50ca792c4&cep=zWVfmMcfSklQtey1oTP1I7wxWE5Kv2DPr5lz-sQco8K5-hqugXH1J4qMzvSjGu3nYQK62If8srDbXyb1RP2RSWe_PQZ8eXfZBylZDEdQ1x9n6Nd2uFaHQYYlhoTysfZ-OszYgcWnxL8f5Km9NB6Py0vlMYdoPWn6UC1Z1RX2LCYPfegQHp8ce3XxSuYISXCSmaHeXO8r7vSpl65EvORltDSbV1aPU8VtOU3ZdvUPRWDtXA2pkFMRSq37oIOQCT2FnBCRaXypJ_vLUzF-EA2DH_wFuwnzSGnXa89B9AcBKbXudB6W0Ycwu8f59qwW6Mk0WoDn6zo6tM1S05Pe5GFEFO4TdQ2W_YCIBpKwCdZGICkW3vuf8jd3LkytkHG49vu7&lptoken=16cd692177985411071f IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:00 Last Seen2023-04-05 01:55:44 Times Seen17 Hash 8d9b1690a74f07a3810d671b838dd1bd 636798778433d0449d1a29d4a1dbdd1a23af8c46 185faac7437690399b751628e681b202ceb6f5dc205874483379a82cddd2e737 Loading...

	dratingmaject.com/d/.js?lpref=&lpurl=https%3A%2F%2Fbabesroulette.com%2Flanders%2Flander18%2F%3Fclickid%3Dw1l5mth70rn832rkil9969d2%26source%3D573ca57e-93c1-46c3-a4c2-fdf50ca792c4%26cep%3DzWVfmMcfSklQtey1oTP1I7wxWE5Kv2DPr5lz-sQco8K5-hqugXH1J4qMzvSjGu3nYQK62If8srDbXyb1RP2RSWe_PQZ8eXfZBylZDEdQ1x9n6Nd2uFaHQYYlhoTysfZ-OszYgcWnxL8f5Km9NB6Py0vlMYdoPWn6UC1Z1RX2LCYPfegQHp8ce3XxSuYISXCSmaHeXO8r7vSpl65EvORltDSbV1aPU8VtOU3ZdvUPRWDtXA2pkFMRSq37oIOQCT2FnBCRaXypJ_vLUzF-EA2DH_wFuwnzSGnXa89B9AcBKbXudB6W0Ycwu8f59qwW6Mk0WoDn6zo6tM1S05Pe5GFEFO4TdQ2W_YCIBpKwCdZGICkW3vuf8jd3LkytkHG49vu7%26lptoken%3D16cd692177985411071f&lpt=Title%20here&t=1669773607133	3.0 kB	2023-03-11	2023-03-11
Pretty URL dratingmaject.com/d/.js?lpref=&lpurl=https%3A%2F%2Fbabesroulette.com%2Flanders%2Flander18%2F%3Fclickid%3Dw1l5mth70rn832rkil9969d2%26source%3D573ca57e-93c1-46c3-a4c2-fdf50ca792c4%26cep%3DzWVfmMcfSklQtey1oTP1I7wxWE5Kv2DPr5lz-sQco8K5-hqugXH1J4qMzvSjGu3nYQK62If8srDbXyb1RP2RSWe_PQZ8eXfZBylZDEdQ1x9n6Nd2uFaHQYYlhoTysfZ-OszYgcWnxL8f5Km9NB6Py0vlMYdoPWn6UC1Z1RX2LCYPfegQHp8ce3XxSuYISXCSmaHeXO8r7vSpl65EvORltDSbV1aPU8VtOU3ZdvUPRWDtXA2pkFMRSq37oIOQCT2FnBCRaXypJ_vLUzF-EA2DH_wFuwnzSGnXa89B9AcBKbXudB6W0Ycwu8f59qwW6Mk0WoDn6zo6tM1S05Pe5GFEFO4TdQ2W_YCIBpKwCdZGICkW3vuf8jd3LkytkHG49vu7%26lptoken%3D16cd692177985411071f&lpt=Title%20here&t=1669773607133 IP 18.195.149.11 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 22:44:15 Last Seen2023-03-11 22:44:15 Times Seen1 Hash 6cc4a9a40799bcb730b06e611a0c94c6 da27b2561fc53ec6071efb348214280a9838c1f1 3a6a6061c6d5f90462ce1fa80cbf47df56f84d9017a990b31688462e168f9f07 Loading...

	deefauph.com/pfe/current/micro.tag.min.js?z=4740019&ymid=w1l5mth70rn832rkil9969d2&var=573ca57e-93c1-46c3-a4c2-fdf50ca792c4&sw=/sw-check-permissions-2e801.js	39 kB	2023-03-11	2023-03-11
Pretty URL deefauph.com/pfe/current/micro.tag.min.js?z=4740019&ymid=w1l5mth70rn832rkil9969d2&var=573ca57e-93c1-46c3-a4c2-fdf50ca792c4&sw=/sw-check-permissions-2e801.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 22:26:06 Last Seen2023-03-11 23:29:28 Times Seen1 Hash 46eb6ca69248bc5396d69e18d18ed06b 62bdaab39957bef9f7cf47db6ad5752c45e54ad1 a8aaa86993fa3a8e63997882ffca0a6621134f79933a2219ea5f34e108c8d7a1 Loading...

	babesroulette.com/landers/lander18/?clickid=w1l5mth70rn832rkil9969d2&source=573ca57e-93c1-46c3-a4c2-fdf50ca792c4&cep=zWVfmMcfSklQtey1oTP1I7wxWE5Kv2DPr5lz-sQco8K5-hqugXH1J4qMzvSjGu3nYQK62If8srDbXyb1RP2RSWe_PQZ8eXfZBylZDEdQ1x9n6Nd2uFaHQYYlhoTysfZ-OszYgcWnxL8f5Km9NB6Py0vlMYdoPWn6UC1Z1RX2LCYPfegQHp8ce3XxSuYISXCSmaHeXO8r7vSpl65EvORltDSbV1aPU8VtOU3ZdvUPRWDtXA2pkFMRSq37oIOQCT2FnBCRaXypJ_vLUzF-EA2DH_wFuwnzSGnXa89B9AcBKbXudB6W0Ycwu8f59qwW6Mk0WoDn6zo6tM1S05Pe5GFEFO4TdQ2W_YCIBpKwCdZGICkW3vuf8jd3LkytkHG49vu7&lptoken=16cd692177985411071f	103 B	2023-03-11	2023-03-11
Pretty URL babesroulette.com/landers/lander18/?clickid=w1l5mth70rn832rkil9969d2&source=573ca57e-93c1-46c3-a4c2-fdf50ca792c4&cep=zWVfmMcfSklQtey1oTP1I7wxWE5Kv2DPr5lz-sQco8K5-hqugXH1J4qMzvSjGu3nYQK62If8srDbXyb1RP2RSWe_PQZ8eXfZBylZDEdQ1x9n6Nd2uFaHQYYlhoTysfZ-OszYgcWnxL8f5Km9NB6Py0vlMYdoPWn6UC1Z1RX2LCYPfegQHp8ce3XxSuYISXCSmaHeXO8r7vSpl65EvORltDSbV1aPU8VtOU3ZdvUPRWDtXA2pkFMRSq37oIOQCT2FnBCRaXypJ_vLUzF-EA2DH_wFuwnzSGnXa89B9AcBKbXudB6W0Ycwu8f59qwW6Mk0WoDn6zo6tM1S05Pe5GFEFO4TdQ2W_YCIBpKwCdZGICkW3vuf8jd3LkytkHG49vu7&lptoken=16cd692177985411071f IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 22:44:15 Last Seen2023-03-11 22:44:15 Times Seen1 Hash 1815fd8caf89a903a9e4df5cdda58338 1178f41e605c7bf5fcc3bb1317583a32e06bbe82 6f7fb1723d2151cefd22d5dc8c1e04f9761efcee6c9523b26f41a42e6cb957b3 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 8d895f191a294604056a760e520946fe	80 B	2023-03-11	2023-03-11
Pretty Observations First Seen2023-03-11 22:44:15 Last Seen2023-03-11 22:44:15 Times Seen1 Hash 8d895f191a294604056a760e520946fe 24a1346b24c8e527d4d5cce86b63f108d4b7b416 aafbeaed420aa794146b618862581bab674780d502b140a5268ae5397f50f8a9 Loading...

HTTP Transactions (35)

URL IP Response Size

dratingmaject.com/573ca57e-93c1-46c3-a4c2-fdf50ca792c4

18.195.149.11

302

0 B

URL HTTP/1.1
dratingmaject.com/573ca57e-93c1-46c3-a4c2-fdf50ca792c4
IP
18.195.149.11:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /573ca57e-93c1-46c3-a4c2-fdf50ca792c4 HTTP/1.1
Host: dratingmaject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 
Server: nginx
Date: Wed, 30 Nov 2022 02:00:07 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://babesroulette.com/landers/lander18/?clickid=w1l5mth70rn832rkil9969d2&source=573ca57e-93c1-46c3-a4c2-fdf50ca792c4&cep=zWVfmMcfSklQtey1oTP1I7wxWE5Kv2DPr5lz-sQco8K5-hqugXH1J4qMzvSjGu3nYQK62If8srDbXyb1RP2RSWe_PQZ8eXfZBylZDEdQ1x9n6Nd2uFaHQYYlhoTysfZ-OszYgcWnxL8f5Km9NB6Py0vlMYdoPWn6UC1Z1RX2LCYPfegQHp8ce3XxSuYISXCSmaHeXO8r7vSpl65EvORltDSbV1aPU8VtOU3ZdvUPRWDtXA2pkFMRSq37oIOQCT2FnBCRaXypJ_vLUzF-EA2DH_wFuwnzSGnXa89B9AcBKbXudB6W0Ycwu8f59qwW6Mk0WoDn6zo6tM1S05Pe5GFEFO4TdQ2W_YCIBpKwCdZGICkW3vuf8jd3LkytkHG49vu7&lptoken=16cd692177985411071f
Pragma: no-cache
Set-Cookie: 573ca57e-93c1-46c3-a4c2-fdf50ca792c4-v4=6paJdePPTVfPE64rXlZf_6QBeVEAQy9RvXb4MCj7fKs; Max-Age=86400; Expires=Thu, 01-Dec-2022 02:00:07 GMT; Domain=dratingmaject.com; Path=/; HttpOnly
cep-v4=Df-nlg83i7yKGM04fXA_brunH1fvRKvNI6HrdCuBc1vxd6cPWTL-Zfr5gPHaajk3jLvXWP7TNlLn8zKzahGYdwC02YurliDQLkO1fXCx1fjRbQTkO7u6YGK1_EpNpiY_v3D5xJY4zLQrfz_MfQFyI6aegzswtQ_DroQLIqjYLIYtD5CbF4FPfEkmbJacpN5huokIgCm0LGZQRn8sw91BZ15B6YtwpGTh4dOx2uhMkjOWttSI8f8NyrtxUhprfrXfUxmvDEvM4jrQAh3kdEVTHakRHSIun0-FqvMitHXa3E3-sZBoFNV8rZ2ku_q8yBQrsXGoH1-J055-TrGSV553FFQ4nc4nHeLGa66B7XJsh_89VZnQ7HKJK2O0wkin22RJ; Max-Age=86400; Expires=Thu, 01-Dec-2022 02:00:07 GMT; Domain=dratingmaject.com; Path=/; HttpOnly

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
2d2e7649ce9e9ba6fc8b68aa89352e3c
0153d1d3d830a457043e16bb40d48a0b9ddef4b8
8eed57c91b42ef7b2d5eff1309e306e23e13c3de21219af24a693cbf3e8977fc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8EED57C91B42EF7B2D5EFF1309E306E23E13C3DE21219AF24A693CBF3E8977FC"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3590
Expires: Wed, 30 Nov 2022 02:59:57 GMT
Date: Wed, 30 Nov 2022 02:00:07 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

55 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
HTML document, ASCII text
Size
55 B (55 bytes)
Hash
9f073354411bbaf7a319b1519f10b4b7
571498f38548829bf186f49f5be9d5fa6e689a68
4a7aaaa1c093dee8a191d4469c9f701c5e62e88896bc778a13cc4ffedf9be89a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3185
Cache-Control: max-age=120249
Content-Type: text/html
Date: Wed, 30 Nov 2022 02:00:07 GMT
Etag: "6385df6f-1d7"
Expires: Thu, 01 Dec 2022 11:24:16 GMT
Last-Modified: Tue, 29 Nov 2022 10:31:11 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 55

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
9fce5679881bf302a8978a0b462f01a9
b699fe030ea13ac73813e655c42ed9b531925e2b
a3ec545a8f9364ac9062eddb41279e1465687a1b60f9c1dec6b3a3df8b033eb3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A3EC545A8F9364AC9062EDDB41279E1465687A1B60F9C1DEC6B3A3DF8B033EB3"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6441
Expires: Wed, 30 Nov 2022 03:47:28 GMT
Date: Wed, 30 Nov 2022 02:00:07 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 30 Nov 2022 01:19:38 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2429
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: C5uQvVwHG7C6hd/qcMx2IuWMIL78jtPTmY3LtoXjcejuyd2i3dH0b1lSzFZYxhTqT/cdPFQvxNw=
x-amz-request-id: GPZCCAB7Q75H5EBS
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 30 Nov 2022 01:45:02 GMT
age: 905
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

55 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
HTML document, ASCII text
Size
55 B (55 bytes)
Hash
9f073354411bbaf7a319b1519f10b4b7
571498f38548829bf186f49f5be9d5fa6e689a68
4a7aaaa1c093dee8a191d4469c9f701c5e62e88896bc778a13cc4ffedf9be89a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3124
Cache-Control: public, max-age=1209600
Content-Type: text/html
Date: Wed, 30 Nov 2022 02:00:07 GMT
Etag: "63866b88-37"
Last-Modified: Tue, 29 Nov 2022 20:28:56 GMT
Server: ECS (amb/6B86)
X-Cache: HIT
Content-Length: 55

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 02:00:07 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

55 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
HTML document, ASCII text
Size
55 B (55 bytes)
Hash
9f073354411bbaf7a319b1519f10b4b7
571498f38548829bf186f49f5be9d5fa6e689a68
4a7aaaa1c093dee8a191d4469c9f701c5e62e88896bc778a13cc4ffedf9be89a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3124
Cache-Control: public, max-age=1209600
Content-Type: text/html
Date: Wed, 30 Nov 2022 02:00:07 GMT
Etag: "63866b88-37"
Last-Modified: Tue, 29 Nov 2022 20:28:56 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 55

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
07b8296613be09905e34b09dce4a203f
c97c67e8c4b1247423d089c028c31e05734f124e
c8c7b7cd00d5818bbe4a4ddb1b734a1b766dc6474cce300171bd5a0947adc6b2

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 02:00:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Pragma, Last-Modified, ETag, Alert, Expires, Retry-After, Cache-Control, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 30 Nov 2022 01:08:56 GMT
cache-control: public,max-age=3600
age: 3072
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
07b8296613be09905e34b09dce4a203f
c97c67e8c4b1247423d089c028c31e05734f124e
c8c7b7cd00d5818bbe4a4ddb1b734a1b766dc6474cce300171bd5a0947adc6b2

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 02:00:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.digicert.com/

93.184.220.29

200 OK

55 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
HTML document, ASCII text
Size
55 B (55 bytes)
Hash
9f073354411bbaf7a319b1519f10b4b7
571498f38548829bf186f49f5be9d5fa6e689a68
4a7aaaa1c093dee8a191d4469c9f701c5e62e88896bc778a13cc4ffedf9be89a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5739
Cache-Control: public, max-age=1209600
Content-Type: text/html
Date: Wed, 30 Nov 2022 02:00:08 GMT
Etag: "63866b88-37"
Last-Modified: Tue, 29 Nov 2022 20:28:56 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 55

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
608e4d04a251ebcd51660e801f388303
fcb9aa48fd6ed504a1a9fed7990c5ccde63e6a1d
cc1a34cd0a99e301df97cf184ab0ded2e229659f86f43e4eff479dee221695dc

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 02:00:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
49eee25f3ccd585a29e34e80cf5bb160
73eca8be91deedd049304862759a3d8084c0b07e
531e5685527861b3ed7e8e3865c5a6a40d3f92f5c9d89df3f385dab72406fb56

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 02:00:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

216.58.207.227

200 OK

45 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
data
Size
45 kB (44776 bytes)
Hash
77476a06d37eabe29027cea2b202c002
8c31a9ed4145875a52763e2de03093cea38117d5
9dcfe4a64b78dbe988ee8a5945521376e8d85e824815b8096dc07e3240b3423c

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://babesroulette.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 19:34:15 GMT
expires: Thu, 23 Nov 2023 19:34:15 GMT
cache-control: public, max-age=31536000
age: 541553
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://babesroulette.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 19:33:54 GMT
expires: Thu, 23 Nov 2023 19:33:54 GMT
cache-control: public, max-age=31536000
age: 541574
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
4a21289eb02b33e30b4ac85dcc79d393
5492ec2ad9048b83f7769e4b779b775c32fb6a44
29bebaafdde98055a44cdee4e8b941a424be28aa5042dbc390babfb18d7bc0a1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "29BEBAAFDDE98055A44CDEE4E8B941A424BE28AA5042DBC390BABFB18D7BC0A1"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6786
Expires: Wed, 30 Nov 2022 03:53:14 GMT
Date: Wed, 30 Nov 2022 02:00:08 GMT
Connection: keep-alive

dratingmaject.com/d/.js?lpref=&lpurl=https%3A%2F%2Fbabesroulette.com%2Flanders%2Flander18%2F%3Fclickid%3Dw1l5mth70rn832rkil9969d2%26source%3D573ca57e-93c1-46c3-a4c2-fdf50ca792c4%26cep%3DzWVfmMcfSklQtey1oTP1I7wxWE5Kv2DPr5lz-sQco8K5-hqugXH1J4qMzvSjGu3nYQK62If8srDbXyb1RP2RSWe_PQZ8eXfZBylZDEdQ1x9n6Nd2uFaHQYYlhoTysfZ-OszYgcWnxL8f5Km9NB6Py0vlMYdoPWn6UC1Z1RX2LCYPfegQHp8ce3XxSuYISXCSmaHeXO8r7vSpl65EvORltDSbV1aPU8VtOU3ZdvUPRWDtXA2pkFMRSq37oIOQCT2FnBCRaXypJ_vLUzF-EA2DH_wFuwnzSGnXa89B9AcBKbXudB6W0Ycwu8f59qwW6Mk0WoDn6zo6tM1S05Pe5GFEFO4TdQ2W_YCIBpKwCdZGICkW3vuf8jd3LkytkHG49vu7%26lptoken%3D16cd692177985411071f&lpt=Title%20here&t=1669773607133

18.195.149.11

200 OK

3.0 kB

URL HTTP/2
dratingmaject.com/d/.js?lpref=&lpurl=https%3A%2F%2Fbabesroulette.com%2Flanders%2Flander18%2F%3Fclickid%3Dw1l5mth70rn832rkil9969d2%26source%3D573ca57e-93c1-46c3-a4c2-fdf50ca792c4%26cep%3DzWVfmMcfSklQtey1oTP1I7wxWE5Kv2DPr5lz-sQco8K5-hqugXH1J4qMzvSjGu3nYQK62If8srDbXyb1RP2RSWe_PQZ8eXfZBylZDEdQ1x9n6Nd2uFaHQYYlhoTysfZ-OszYgcWnxL8f5Km9NB6Py0vlMYdoPWn6UC1Z1RX2LCYPfegQHp8ce3XxSuYISXCSmaHeXO8r7vSpl65EvORltDSbV1aPU8VtOU3ZdvUPRWDtXA2pkFMRSq37oIOQCT2FnBCRaXypJ_vLUzF-EA2DH_wFuwnzSGnXa89B9AcBKbXudB6W0Ycwu8f59qwW6Mk0WoDn6zo6tM1S05Pe5GFEFO4TdQ2W_YCIBpKwCdZGICkW3vuf8jd3LkytkHG49vu7%26lptoken%3D16cd692177985411071f&lpt=Title%20here&t=1669773607133
IP
18.195.149.11:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (961)
Size
3.0 kB (2989 bytes)
Hash
6cc4a9a40799bcb730b06e611a0c94c6
da27b2561fc53ec6071efb348214280a9838c1f1
3a6a6061c6d5f90462ce1fa80cbf47df56f84d9017a990b31688462e168f9f07

HTTP Headers

GET /d/.js?lpref=&lpurl=https%3A%2F%2Fbabesroulette.com%2Flanders%2Flander18%2F%3Fclickid%3Dw1l5mth70rn832rkil9969d2%26source%3D573ca57e-93c1-46c3-a4c2-fdf50ca792c4%26cep%3DzWVfmMcfSklQtey1oTP1I7wxWE5Kv2DPr5lz-sQco8K5-hqugXH1J4qMzvSjGu3nYQK62If8srDbXyb1RP2RSWe_PQZ8eXfZBylZDEdQ1x9n6Nd2uFaHQYYlhoTysfZ-OszYgcWnxL8f5Km9NB6Py0vlMYdoPWn6UC1Z1RX2LCYPfegQHp8ce3XxSuYISXCSmaHeXO8r7vSpl65EvORltDSbV1aPU8VtOU3ZdvUPRWDtXA2pkFMRSq37oIOQCT2FnBCRaXypJ_vLUzF-EA2DH_wFuwnzSGnXa89B9AcBKbXudB6W0Ycwu8f59qwW6Mk0WoDn6zo6tM1S05Pe5GFEFO4TdQ2W_YCIBpKwCdZGICkW3vuf8jd3LkytkHG49vu7%26lptoken%3D16cd692177985411071f&lpt=Title%20here&t=1669773607133 HTTP/1.1
Host: dratingmaject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://babesroulette.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 02:00:08 GMT
content-type: application/javascript;charset=UTF-8
content-length: 2989
access-control-allow-origin: *
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
49eee25f3ccd585a29e34e80cf5bb160
73eca8be91deedd049304862759a3d8084c0b07e
531e5685527861b3ed7e8e3865c5a6a40d3f92f5c9d89df3f385dab72406fb56

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 02:00:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

push.services.mozilla.com/

52.13.173.34

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.13.173.34:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: +NqzQ7OVlrjNE31bRtiCoA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: yT/mfSNCKvZziOqq7WxuI9B58pk=

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18969
Expires: Wed, 30 Nov 2022 07:16:18 GMT
Date: Wed, 30 Nov 2022 02:00:09 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18969
Expires: Wed, 30 Nov 2022 07:16:18 GMT
Date: Wed, 30 Nov 2022 02:00:09 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18969
Expires: Wed, 30 Nov 2022 07:16:18 GMT
Date: Wed, 30 Nov 2022 02:00:09 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18969
Expires: Wed, 30 Nov 2022 07:16:18 GMT
Date: Wed, 30 Nov 2022 02:00:09 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18969
Expires: Wed, 30 Nov 2022 07:16:18 GMT
Date: Wed, 30 Nov 2022 02:00:09 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa4f88ec5-5875-45d1-bcd3-d997040d6d42.jpeg

34.120.237.76

200 OK

3.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa4f88ec5-5875-45d1-bcd3-d997040d6d42.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
3.7 kB (3719 bytes)
Hash
ceb8e975fb408de32c43f55febaa6414
453067f6ab356aa87a3ad3b56e33545376597852
e0ecbb6052b4fef75f58da8dae589c81ab9ec9d304de08f26c144a2c3ce9eaac

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa4f88ec5-5875-45d1-bcd3-d997040d6d42.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 3719
x-amzn-requestid: 6fab3454-fedd-4a1e-ae47-468ddd6233bc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYgDaGQ4IAMFUkQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867a15-4b313cf054d6301e71cdc0c1;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:31:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: phw8DXQgjOyH5g4gvbqgZk-2sHr2n9cHVr4lqqPXfXtyhG32gs2pIg==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 21:52:45 GMT
age: 14844
etag: "453067f6ab356aa87a3ad3b56e33545376597852"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F966ff24e-ea85-4a2e-aead-22f1a723c59f.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.7 kB (9674 bytes)
Hash
5508d05a290b663fd89ead9b58f2efd8
53650399f9a986ba54addd668b4557109d12003b
65704a961410fdd318c491fedf002c8e9b184cd34b76fe1b67026d42ce21be3f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F966ff24e-ea85-4a2e-aead-22f1a723c59f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9674
x-amzn-requestid: 7e7d0183-9667-462a-8d44-d125998c1ae3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYgEoHVAoAMFvAQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867a1d-280ba97e3fe1bf7244cbde35;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:31:09 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ym_L3s5E6MLy6BxqNkVxok6L6hA4c-ilSsEqt42j2IbiXYPb4c6-VQ==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 21:52:51 GMT
age: 14838
etag: "53650399f9a986ba54addd668b4557109d12003b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F13e1db4e-7108-464a-85b6-24ac0c4609f9.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.3 kB (9330 bytes)
Hash
bbe350ea797a0fec5a19a450fc5de4b4
2f3a39a528d3b759060203931de33c12303592e1
4d661dac2e19e07ae15d0f8cf00bd268c6c2defb2f5e4de38fcb6e7031dfd605

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F13e1db4e-7108-464a-85b6-24ac0c4609f9.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9330
x-amzn-requestid: 3fad352d-7664-43e0-9395-e840f671ca61
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYgFQFIdoAMFSmw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867a21-5e9847852f8435231d401fe6;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:31:13 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: mCEtSOenWKxay4vNy5mN9cexxXKXKt7TMuLaLw-M86tLKwQ2MwuxPg==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 12a392bc3a7281f8d5d4591bfadc41fc.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 22:00:54 GMT
age: 14355
etag: "2f3a39a528d3b759060203931de33c12303592e1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff2730750-552d-4852-8ce1-503874565f75.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.1 kB (9051 bytes)
Hash
05196ec43964cf559caa0c0279148d62
6170d6776615503e3e29f86783febc3e3e78ca66
47f3a5cde661987e3496ce110a0170b10087dd9ba8d4fd691c4830587ba3fa3f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff2730750-552d-4852-8ce1-503874565f75.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9051
x-amzn-requestid: 1032dd9c-a15e-4e8a-9c81-07419e8caf67
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYhGvEMNIAMFaKw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867bc4-1005c20a33320dbf6567ca31;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:38:12 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: IMaVlQblNnh9mFKwb2LG7hw7h_f1_nVYqO4aEUqY01a2HofnnQqcFQ==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 21:49:31 GMT
age: 15038
etag: "6170d6776615503e3e29f86783febc3e3e78ca66"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52cf4797-5177-4859-9523-faeb4e38f224.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.8 kB (9812 bytes)
Hash
5c5277610f3a542571abb53ffb3d4df1
ce411cc5b0a37bbd89551d06d7d0349f45734e97
3bf1105631ef7fda0249a46390ca90f904ea73b0a4f017c2db85326550a80a3f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52cf4797-5177-4859-9523-faeb4e38f224.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9812
x-amzn-requestid: 70bfeb68-0703-44bf-8550-50c759d52d86
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYgDbFolIAMFYBQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867a15-73fb65ee2b9161372819207f;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:31:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: QQCoNlJBSE2V-IQlZr37dhINTABRu3ms9Y1p4FweO36HD-U6m9vvwg==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 21:52:45 GMT
age: 14844
etag: "ce411cc5b0a37bbd89551d06d7d0349f45734e97"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2fcfcea6-8f79-45f4-b081-2b90a5d95f8f.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.5 kB (5492 bytes)
Hash
acb1e555533322dbfeb8e0d8c956c43d
e1eec39299f081b53c647953b57da4f2f1ba10bc
579d2fd6aab6bba72a405bb1d0259856878adc90671a88b2b0edf5a284dba1f9

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2fcfcea6-8f79-45f4-b081-2b90a5d95f8f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5492
x-amzn-requestid: 4b09d9a8-09fa-40e5-a996-8a6ad9f8283e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYgE9E5TIAMF6ug=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867a1f-2f17467d7a6318796d01fd2e;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:31:11 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 6QhRECWKI2TAlt2bgVuKlQPCeyzkes1_5i5kJ4FQYD591KBADY9qVg==
via: 1.1 42ef990e439ae115ff739f04e3945234.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 21:52:45 GMT
age: 14844
etag: "e1eec39299f081b53c647953b57da4f2f1ba10bc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fde294fb7-e851-4e57-83be-aa3374862dcb.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.0 kB (7971 bytes)
Hash
9e135c29a8769eb12ef8c26f99097400
87447d20e9c0a6a6aeefe6ca107f93cd3598cd0d
ce41ff79c382efc54aa2fd3ab64293d2d2b706a7f21585f4bd8bbcd9a3566126

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fde294fb7-e851-4e57-83be-aa3374862dcb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-length: 7971
x-amzn-requestid: e47d10e4-2b60-4998-b5fa-5b145e60aac2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYhgWHgGoAMFcLA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867c68-5b9710a07b0a59730e73dce4;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:40:56 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: OURSF_raDXrHV3-3ScaEdorNpW9ZKSIQjv6WUCQYHhruGz372BU_QA==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 21:58:15 GMT
age: 14521
etag: "87447d20e9c0a6a6aeefe6ca107f93cd3598cd0d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

babesroulette.com/landers/lander18/?clickid=w1l5mth70rn832rkil9969d2&source=573ca57e-93c1-46c3-a4c2-fdf50ca792c4&cep=zWVfmMcfSklQtey1oTP1I7wxWE5Kv2DPr5lz-sQco8K5-hqugXH1J4qMzvSjGu3nYQK62If8srDbXyb1RP2RSWe_PQZ8eXfZBylZDEdQ1x9n6Nd2uFaHQYYlhoTysfZ-OszYgcWnxL8f5Km9NB6Py0vlMYdoPWn6UC1Z1RX2LCYPfegQHp8ce3XxSuYISXCSmaHeXO8r7vSpl65EvORltDSbV1aPU8VtOU3ZdvUPRWDtXA2pkFMRSq37oIOQCT2FnBCRaXypJ_vLUzF-EA2DH_wFuwnzSGnXa89B9AcBKbXudB6W0Ycwu8f59qwW6Mk0WoDn6zo6tM1S05Pe5GFEFO4TdQ2W_YCIBpKwCdZGICkW3vuf8jd3LkytkHG49vu7&lptoken=16cd692177985411071f

188.114.96.1

200 OK

0 B

URL HTTP/2
babesroulette.com/landers/lander18/?clickid=w1l5mth70rn832rkil9969d2&source=573ca57e-93c1-46c3-a4c2-fdf50ca792c4&cep=zWVfmMcfSklQtey1oTP1I7wxWE5Kv2DPr5lz-sQco8K5-hqugXH1J4qMzvSjGu3nYQK62If8srDbXyb1RP2RSWe_PQZ8eXfZBylZDEdQ1x9n6Nd2uFaHQYYlhoTysfZ-OszYgcWnxL8f5Km9NB6Py0vlMYdoPWn6UC1Z1RX2LCYPfegQHp8ce3XxSuYISXCSmaHeXO8r7vSpl65EvORltDSbV1aPU8VtOU3ZdvUPRWDtXA2pkFMRSq37oIOQCT2FnBCRaXypJ_vLUzF-EA2DH_wFuwnzSGnXa89B9AcBKbXudB6W0Ycwu8f59qwW6Mk0WoDn6zo6tM1S05Pe5GFEFO4TdQ2W_YCIBpKwCdZGICkW3vuf8jd3LkytkHG49vu7&lptoken=16cd692177985411071f
IP
188.114.96.1:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /landers/lander18/?clickid=w1l5mth70rn832rkil9969d2&source=573ca57e-93c1-46c3-a4c2-fdf50ca792c4&cep=zWVfmMcfSklQtey1oTP1I7wxWE5Kv2DPr5lz-sQco8K5-hqugXH1J4qMzvSjGu3nYQK62If8srDbXyb1RP2RSWe_PQZ8eXfZBylZDEdQ1x9n6Nd2uFaHQYYlhoTysfZ-OszYgcWnxL8f5Km9NB6Py0vlMYdoPWn6UC1Z1RX2LCYPfegQHp8ce3XxSuYISXCSmaHeXO8r7vSpl65EvORltDSbV1aPU8VtOU3ZdvUPRWDtXA2pkFMRSq37oIOQCT2FnBCRaXypJ_vLUzF-EA2DH_wFuwnzSGnXa89B9AcBKbXudB6W0Ycwu8f59qwW6Mk0WoDn6zo6tM1S05Pe5GFEFO4TdQ2W_YCIBpKwCdZGICkW3vuf8jd3LkytkHG49vu7&lptoken=16cd692177985411071f HTTP/1.1
Host: babesroulette.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
date: Wed, 30 Nov 2022 02:00:07 GMT
content-type: text/html
last-modified: Thu, 25 Aug 2022 23:06:49 GMT
x-powered-by: PleskLin
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k3Bdpqllo%2BOQ9C1iE025cRJwpxRkH9E6O1irtGk4%2FwUr2mvxzqOsxZaWQ9sqwUlIvYkAVHVyeA036BP4TmPmwJa%2BaCLpzW02AipBvhS%2BIecnC2aMm9NYlRWgFKLVa%2B4gdCA58g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 771ffcd75c94fabc-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Roboto:100,100italic,300,400,400italic,300italic,500,500italic,700,700italic

142.250.74.106

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css?family=Roboto:100,100italic,300,400,400italic,300italic,500,500italic,700,700italic
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css?family=Roboto:100,100italic,300,400,400italic,300italic,500,500italic,700,700italic HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://babesroulette.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 30 Nov 2022 02:00:08 GMT
date: Wed, 30 Nov 2022 02:00:08 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (6)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

HTTP Transactions (35)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP