2020club.club/clickadu-ind
104.21.1.125301 Moved Permanently 0 B URL HTTP/1.1 2020club.club/clickadu-ind
IP 104.21.1.125:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /clickadu-ind HTTP/1.1
Host: 2020club.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Tue, 17 Jan 2023 07:50:23 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Tue, 17 Jan 2023 08:50:23 GMT
Location: https://2020club.club/clickadu-ind
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g8CacCfS8Jyzj%2FkuCFPBOnhiF6vmswBMStXzjYBQZelYrLH%2Feal2bIYKJWKjt%2FHMFY%2BWBqBp5o8tdYDZTkkCEGqnrKxSIsvnrEcpaXktlb%2FcxwwM4NcjlqoASKDD3QNi"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78ad7fec0ebb0b31-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 2258cd6b877a3aca8f4c84074e65ac4b
4e46c70941f8e497e8afc8d078644e7f81761a1c
faac4e0d123f2112b58953c104ea746cd53047fc1ada0ef5d669feecf78ddfff
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FAAC4E0D123F2112B58953C104EA746CD53047FC1ADA0EF5D669FEECF78DDFFF"
Last-Modified: Sat, 14 Jan 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9479
Expires: Tue, 17 Jan 2023 10:28:22 GMT
Date: Tue, 17 Jan 2023 07:50:23 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 405f8f149ccdf0005ca0d890c96a9cb4
64de3200cef76133dfad901d6709697d6842405e
3a10790c397a419450ac2c90b941fd20bc49af1dbaeb34678836306de8febfce
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3A10790C397A419450AC2C90B941FD20BC49AF1DBAEB34678836306DE8FEBFCE"
Last-Modified: Mon, 16 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9471
Expires: Tue, 17 Jan 2023 10:28:14 GMT
Date: Tue, 17 Jan 2023 07:50:23 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Content-Type, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 17 Jan 2023 07:49:12 GMT
content-type: application/json
age: 71
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash d6e2abd68203014e8e24d4a9e20e980a
5edbbb1a36083d5077b90b82e7aa10049e90c5d6
88cf8dae194a5e92a8c36a4c54ae71a609eaaed6e99d3986b3834c40d2fceeaa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "88CF8DAE194A5E92A8C36A4C54AE71A609EAAED6E99D3986B3834C40D2FCEEAA"
Last-Modified: Sun, 15 Jan 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10023
Expires: Tue, 17 Jan 2023 10:37:26 GMT
Date: Tue, 17 Jan 2023 07:50:23 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: BM034PIJP8YN+DwxgcPhcH5/aawc0HCId3cimKrE3BD6oQ/ppxSDEv2OjfxTVWT7Mk6WoBp44hY=
x-amz-request-id: H026T9AA4PD7YM41
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 17 Jan 2023 06:56:08 GMT
age: 3255
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 17 Jan 2023 07:50:23 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Pragma, Content-Length, Alert, Expires, ETag, Last-Modified, Backoff, Content-Type, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 17 Jan 2023 07:33:47 GMT
age: 997
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash d03545e1fc5a8876441094039811aac5
99fcc840f3516298625c528e9b408132f7fcbb9c
166fa7c7bb716b2cd02a47884ee00df31030dfb4b2a6fdae7b59b19f87739123
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1550
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 17 Jan 2023 07:50:24 GMT
Last-Modified: Tue, 17 Jan 2023 07:24:34 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
34.211.127.63101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.211.127.63:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: LVHCX3QyJHjVam3OT0WkjQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: sjeHSaZKjQHmXF2gIjSUsBpSJdo=
ocsp.sca1b.amazontrust.com/
143.204.42.156200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.156:0
Hash 3e1686710b1d2862bf4a056e78a21afe
bead32823a28368035c4ddac3c40c3f0fcae102e
67310f51c58a44c8c90b3371efef093e3fef62236b8a7278f35d9f97c4230de4
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=149072
Date: Tue, 17 Jan 2023 07:50:24 GMT
Etag: "63c5f60c-1d7"
Expires: Thu, 19 Jan 2023 01:14:56 GMT
Last-Modified: Tue, 17 Jan 2023 01:12:44 GMT
Server: ECS (dcb/7EA2)
X-Cache: Miss from cloudfront
Via: 1.1 6cb1d4b545e7beb4ead790454f4807c6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 1-9fznOa3hAK3e4YC8CKjnMVpJFhm2tn7KuHdQ899--A1OL3Z47caQ==
Age: 132
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 1b2e51abfd12507b00ebd8b7afda6308
4d3d5fa49e007714dd37da7da25d9d490d05bd0a
85a04d4cf987fcc2d087ab815a8d373e164a2adf2bf478e7a5c1fae3e109ba26
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 17 Jan 2023 07:50:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
gomydates.com/bridge/intg.js?v=8
3.121.39.134200 OK 269 B URL HTTP/2 gomydates.com/bridge/intg.js?v=8
IP 3.121.39.134:0
Hash 8c8514ed7eae8968b59692f7897f2857
69e9f6e0625ef8bf0a4099b05f7356587e3e62be
556f2a46047c9b8dedbae5ef8c59dc7ea04ff88e76d7dcda568f1eb2dce03548
Analyzer Verdict Alert fortinet Phishing
GET /bridge/intg.js?v=8 HTTP/1.1
Host: gomydates.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gomydates.com/jump?subid2=%7Bsubid2%7D&tds_ao=1&tds_cid=7f8c68e0a3a9febdc953015427823d0a5beed392&subid=clickadu&tds_p_campaign=b4979kas&tds_oid=23302&dci=8de5c436ab0f019e4e2d4c4d0ad2a49222bb2de2&_tgUrl=aHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzkzMjRiNzAzOGZhZDA2NWFjOTYzZTMyZWM0MmU4ZWM4P19fdD0xNjczOTQxODI1MjY5Jl9fbD0zNjAw&clickid=%7Bclickid%7D&affid=9559e5a1&tds_id=b0506rie_jump_a_1601039183809&id=23302&s1=ps&tds_rt=&utm_source=intc&tds_ac_id=s0624kas&tds_host=gomydates.com&tds_campaign=b0506rie
Cookie: dci=8de5c436ab0f019e4e2d4c4d0ad2a49222bb2de2; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 17 Jan 2023 07:50:25 GMT
content-type: application/javascript; charset=UTF-8
content-length: 269
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
x-robots-tag: noindex
accept-ranges: bytes
cache-control: public, max-age=3600
last-modified: Wed, 28 Dec 2022 12:21:19 GMT
etag: W/"10d-18558ae0a18"
vary: Accept-Encoding
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 1b2e51abfd12507b00ebd8b7afda6308
4d3d5fa49e007714dd37da7da25d9d490d05bd0a
85a04d4cf987fcc2d087ab815a8d373e164a2adf2bf478e7a5c1fae3e109ba26
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 17 Jan 2023 07:50:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sca1b.amazontrust.com/
143.204.42.156200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.156:0
Hash bae4bf4c517818994e64bff273332644
fbf41bd55266fa163ea0b8da2b3a61b194cd795c
b5770b93d0c06bf1365bb7dce86b4080e8b3c8fe2a36b671f19e5808bd60a751
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=150546
Date: Tue, 17 Jan 2023 07:50:25 GMT
Etag: "63c5f8f5-1d7"
Expires: Thu, 19 Jan 2023 01:39:31 GMT
Last-Modified: Tue, 17 Jan 2023 01:25:09 GMT
Server: ECS (dcb/7F39)
X-Cache: Miss from cloudfront
Via: 1.1 bcd5dadccb0831729969c938747ff79a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: eBYVBh2sWXLesBAuNh6g5I0HSfOJEYT7LDovz-2dEP3uLa8b1gSBBw==
Age: 863
gomydates.com/bridge/ao_loader.js
3.121.39.134200 OK 836 B URL HTTP/2 gomydates.com/bridge/ao_loader.js
IP 3.121.39.134:0
File type ASCII text, with very long lines (835)
Hash 05f233960b55dfe40742964902345911
e00af7d954b5032f95c32341794e0f4d73208bff
d5d65364c02602f4fae5c63195607cfff433ac59d4c7d756e4a0a2e6f33ccd19
Analyzer Verdict Alert fortinet Phishing
GET /bridge/ao_loader.js HTTP/1.1
Host: gomydates.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gomydates.com/jump?subid2=%7Bsubid2%7D&tds_ao=1&tds_cid=7f8c68e0a3a9febdc953015427823d0a5beed392&subid=clickadu&tds_p_campaign=b4979kas&tds_oid=23302&dci=8de5c436ab0f019e4e2d4c4d0ad2a49222bb2de2&_tgUrl=aHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzkzMjRiNzAzOGZhZDA2NWFjOTYzZTMyZWM0MmU4ZWM4P19fdD0xNjczOTQxODI1MjY5Jl9fbD0zNjAw&clickid=%7Bclickid%7D&affid=9559e5a1&tds_id=b0506rie_jump_a_1601039183809&id=23302&s1=ps&tds_rt=&utm_source=intc&tds_ac_id=s0624kas&tds_host=gomydates.com&tds_campaign=b0506rie
Cookie: dci=8de5c436ab0f019e4e2d4c4d0ad2a49222bb2de2; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 17 Jan 2023 07:50:25 GMT
content-type: application/javascript; charset=UTF-8
content-length: 836
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
x-robots-tag: noindex
accept-ranges: bytes
cache-control: public, max-age=3600
last-modified: Wed, 28 Dec 2022 12:21:19 GMT
etag: W/"344-18558ae0a18"
vary: Accept-Encoding
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.156200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.156:0
Hash bae4bf4c517818994e64bff273332644
fbf41bd55266fa163ea0b8da2b3a61b194cd795c
b5770b93d0c06bf1365bb7dce86b4080e8b3c8fe2a36b671f19e5808bd60a751
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=149807
Date: Tue, 17 Jan 2023 07:50:25 GMT
Etag: "63c5f8f5-1d7"
Expires: Thu, 19 Jan 2023 01:27:12 GMT
Last-Modified: Tue, 17 Jan 2023 01:25:09 GMT
Server: ECS (dcb/7F5B)
X-Cache: Miss from cloudfront
Via: 1.1 6cb1d4b545e7beb4ead790454f4807c6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 04dij-ITf6tUrlUKA6amtFKSGt4EdUk9mu2PDoZy5qqnb3D85PTJRw==
Age: 123
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 6b6a65d2536cc8f99e68793ae265b595
f65e75f8419bd83e26f49def7fa2604db5f77b4d
94b31f7663e4917e8e97079202ef9fa340766f1ebfc2601360618d947f7dabc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94B31F7663E4917E8E97079202EF9FA340766F1EBFC2601360618D947F7DABC9"
Last-Modified: Sun, 15 Jan 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15868
Expires: Tue, 17 Jan 2023 12:14:53 GMT
Date: Tue, 17 Jan 2023 07:50:25 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 6b6a65d2536cc8f99e68793ae265b595
f65e75f8419bd83e26f49def7fa2604db5f77b4d
94b31f7663e4917e8e97079202ef9fa340766f1ebfc2601360618d947f7dabc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94B31F7663E4917E8E97079202EF9FA340766F1EBFC2601360618D947F7DABC9"
Last-Modified: Sun, 15 Jan 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15868
Expires: Tue, 17 Jan 2023 12:14:53 GMT
Date: Tue, 17 Jan 2023 07:50:25 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 6b6a65d2536cc8f99e68793ae265b595
f65e75f8419bd83e26f49def7fa2604db5f77b4d
94b31f7663e4917e8e97079202ef9fa340766f1ebfc2601360618d947f7dabc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94B31F7663E4917E8E97079202EF9FA340766F1EBFC2601360618D947F7DABC9"
Last-Modified: Sun, 15 Jan 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15868
Expires: Tue, 17 Jan 2023 12:14:53 GMT
Date: Tue, 17 Jan 2023 07:50:25 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 6b6a65d2536cc8f99e68793ae265b595
f65e75f8419bd83e26f49def7fa2604db5f77b4d
94b31f7663e4917e8e97079202ef9fa340766f1ebfc2601360618d947f7dabc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94B31F7663E4917E8E97079202EF9FA340766F1EBFC2601360618D947F7DABC9"
Last-Modified: Sun, 15 Jan 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15868
Expires: Tue, 17 Jan 2023 12:14:53 GMT
Date: Tue, 17 Jan 2023 07:50:25 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9f84f3a0-4f01-4cfe-bde0-a7d64664f3d7.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9f84f3a0-4f01-4cfe-bde0-a7d64664f3d7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ec0e283376914297c3fb2464ed15a31b
acd84e057b6c618fd3b31915983998c00fe21dc4
3d02b82d8f6a00703de7594f5b34baf0010294c1a7023818344ca341e4ac203c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9f84f3a0-4f01-4cfe-bde0-a7d64664f3d7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10660
x-amzn-requestid: ac5d6edc-5228-4318-a99f-c08d3265aa87
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e3HXpH4PoAMF78Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c5ec30-044bf7c40e44de637c0c2dba;Sampled=0
x-amzn-remapped-date: Tue, 17 Jan 2023 00:30:40 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 6wALvrvX2EOL6xe6U3Vf2Xmcx_Nmh0mHXveaX1mZL1yUzOLdKg8f_A==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Tue, 17 Jan 2023 00:45:05 GMT
age: 25520
etag: "acd84e057b6c618fd3b31915983998c00fe21dc4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9297b226-d4aa-49e6-b351-77061f381097.jpeg
34.120.237.76200 OK 3.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9297b226-d4aa-49e6-b351-77061f381097.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1d877fea13674783b11ec5f6c3e93810
6691f478a758386f8c7a0f714fbfe8d36b1bf257
b64d0343ca935e1618a3cedfa7fa837467917daf09bf667cf7709f52341e8015
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9297b226-d4aa-49e6-b351-77061f381097.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3172
x-amzn-requestid: 18de115a-9b45-4dc5-ac81-be90514e7acb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e2s__EXOoAMFhyw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c5c1ff-5aafd9526583391c1e182be6;Sampled=0
x-amzn-remapped-date: Mon, 16 Jan 2023 21:30:39 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: CnUr67O4sv9O5yZucmA3HgM7IXu5CQhEnMMKSdwhooAE-OYdX7Ij5g==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Mon, 16 Jan 2023 21:51:54 GMT
etag: "6691f478a758386f8c7a0f714fbfe8d36b1bf257"
content-type: image/jpeg
age: 35911
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F20129690-ba2c-4d31-9d15-963cf6e4f66e.jpeg
34.120.237.76200 OK 8.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F20129690-ba2c-4d31-9d15-963cf6e4f66e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash fbadbf308733e10efcf26a97bd5f86c7
a51e7e889bfdab10c59624a0fb1c301054e2d3d8
e87c014b465f1deed4316d7e7581ab63329523e68f9ca3e47c180cf14f43d9aa
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F20129690-ba2c-4d31-9d15-963cf6e4f66e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8610
x-amzn-requestid: 14c3776b-05ba-4367-93f1-b887b7e1bd10
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e2tm7FlGoAMFuKw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c5c2f8-125017a12c4b83130a70b836;Sampled=0
x-amzn-remapped-date: Mon, 16 Jan 2023 21:34:48 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: mqgt51FSXFokAtn5znzBQsaXsbqHbLHuJQvqhFlRxFFDFy36peimeg==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Mon, 16 Jan 2023 21:46:15 GMT
age: 36250
etag: "a51e7e889bfdab10c59624a0fb1c301054e2d3d8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4757d4fe-f057-41bb-b2e2-4ed4877c7af4.jpeg
34.120.237.76200 OK 7.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4757d4fe-f057-41bb-b2e2-4ed4877c7af4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a5d0a29e6fe3ce0fb4a9237dd5917778
6919dcbbcdcc241672358cc5733ef064180c928a
6d0d71c35e1ca331ee5f4794bc74747f7c38f2d46863d983377bef526f7ca356
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4757d4fe-f057-41bb-b2e2-4ed4877c7af4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7873
x-amzn-requestid: 8a2a267d-8062-4755-8b1d-1e715ee9c413
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: exco-GL0oAMF-uQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c3a7d2-567e30c7063b71217f8175fc;Sampled=0
x-amzn-remapped-date: Sun, 15 Jan 2023 07:14:26 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: pmqzTZ1Nuqtw5aryFNr3vcfUpQGBs0PxAW2Eu2NE82Q37Die5cgpbw==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Tue, 17 Jan 2023 07:19:37 GMT
age: 1848
etag: "6919dcbbcdcc241672358cc5733ef064180c928a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F47377411-4225-4a7f-9b29-bac47746e2af.jpeg
34.120.237.76200 OK 6.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F47377411-4225-4a7f-9b29-bac47746e2af.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 01321bb31aac6393ee3150260d0f91e9
fc182e84ad2b7909716478769b7d13f71bc38321
3c9e95d5cabd35ce0b5b5c3722b1df2b1a3c6e5cb7a98f48bc4957fd4a0abd3a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F47377411-4225-4a7f-9b29-bac47746e2af.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6527
x-amzn-requestid: 43b20702-cb08-4060-9281-7d6dfaf0e712
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: enh-fF40IAMFzgQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63bfb05c-7bb3633b4c52e447419a72fb;Sampled=0
x-amzn-remapped-date: Thu, 12 Jan 2023 07:01:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: iSG746JBnvmdq2ooyVhli9dVoyxdPICN9JVzZE3G_SYX5-oXl0dtKg==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 3cd7af07832481c336aa1c93c9b4a6fe.cloudfront.net (CloudFront), 1.1 google
date: Tue, 17 Jan 2023 06:01:35 GMT
age: 6530
etag: "fc182e84ad2b7909716478769b7d13f71bc38321"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F36b86ae5-6ee8-42e7-bcb0-c54e39e4fbd6.jpeg
34.120.237.76200 OK 4.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F36b86ae5-6ee8-42e7-bcb0-c54e39e4fbd6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c8077a04cfa8a88823a83c3481fe33eb
534966ca691706e724af5a9891859e1ee3c10b78
b8df497111b6e7876f53bd2433d9a0c5153f8b84b1ccd91dc5eb9bfdbe4579aa
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F36b86ae5-6ee8-42e7-bcb0-c54e39e4fbd6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4736
x-amzn-requestid: 4f03413a-fd17-4b48-ba36-e1580ee5c19a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e2tm-HLroAMFTMg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c5c2f9-08fc93b860c346db68f4a83c;Sampled=0
x-amzn-remapped-date: Mon, 16 Jan 2023 21:34:49 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hr9MJmIisVsbZYgHhEMd6plnerrtoQ_Hvwf7xWfQDjHqocVoXlSoFA==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Mon, 16 Jan 2023 21:46:50 GMT
age: 36215
etag: "534966ca691706e724af5a9891859e1ee3c10b78"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
gomydates.com/ufis/rtr?referer=https%3A%2F%2Fgomydates.com%2Fjump%3Fsubid2%3D%257Bsubid2%257D%26tds_ao%3D1%26tds_cid%3D7f8c68e0a3a9febdc953015427823d0a5beed392%26subid%3Dclickadu%26tds_p_campaign%3Db4979kas%26tds_oid%3D23302%26dci%3D8de5c436ab0f019e4e2d4c4d0ad2a49222bb2de2%26_tgUrl%3DaHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzkzMjRiNzAzOGZhZDA2NWFjOTYzZTMyZWM0MmU4ZWM4P19fdD0xNjczOTQxODI1MjY5Jl9fbD0zNjAw%26clickid%3D%257Bclickid%257D%26affid%3D9559e5a1%26tds_id%3Db0506rie_jump_a_1601039183809%26id%3D23302%26s1%3Dps%26tds_rt%3D%26utm_source%3Dintc%26tds_ac_id%3Ds0624kas%26tds_host%3Dgomydates.com%26tds_campaign%3Db0506rie
3.121.39.134200 OK 10 B URL HTTP/2 gomydates.com/ufis/rtr?referer=https%3A%2F%2Fgomydates.com%2Fjump%3Fsubid2%3D%257Bsubid2%257D%26tds_ao%3D1%26tds_cid%3D7f8c68e0a3a9febdc953015427823d0a5beed392%26subid%3Dclickadu%26tds_p_campaign%3Db4979kas%26tds_oid%3D23302%26dci%3D8de5c436ab0f019e4e2d4c4d0ad2a49222bb2de2%26_tgUrl%3DaHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzkzMjRiNzAzOGZhZDA2NWFjOTYzZTMyZWM0MmU4ZWM4P19fdD0xNjczOTQxODI1MjY5Jl9fbD0zNjAw%26clickid%3D%257Bclickid%257D%26affid%3D9559e5a1%26tds_id%3Db0506rie_jump_a_1601039183809%26id%3D23302%26s1%3Dps%26tds_rt%3D%26utm_source%3Dintc%26tds_ac_id%3Ds0624kas%26tds_host%3Dgomydates.com%26tds_campaign%3Db0506rie
IP 3.121.39.134:0
File type JSON data\012- , ASCII text, with no line terminators
Hash c2db64f99c6ebc0162f2ff0a32704299
d483e5dbd40c7600c97357394ebe7c7e747aee9f
0d891cd61411a07f3c3be0426f9cfdd76d1c8c84955cdd9d3a8e3b95d986b5d6
Analyzer Verdict Alert fortinet Phishing
GET /ufis/rtr?referer=https%3A%2F%2Fgomydates.com%2Fjump%3Fsubid2%3D%257Bsubid2%257D%26tds_ao%3D1%26tds_cid%3D7f8c68e0a3a9febdc953015427823d0a5beed392%26subid%3Dclickadu%26tds_p_campaign%3Db4979kas%26tds_oid%3D23302%26dci%3D8de5c436ab0f019e4e2d4c4d0ad2a49222bb2de2%26_tgUrl%3DaHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzkzMjRiNzAzOGZhZDA2NWFjOTYzZTMyZWM0MmU4ZWM4P19fdD0xNjczOTQxODI1MjY5Jl9fbD0zNjAw%26clickid%3D%257Bclickid%257D%26affid%3D9559e5a1%26tds_id%3Db0506rie_jump_a_1601039183809%26id%3D23302%26s1%3Dps%26tds_rt%3D%26utm_source%3Dintc%26tds_ac_id%3Ds0624kas%26tds_host%3Dgomydates.com%26tds_campaign%3Db0506rie HTTP/1.1
Host: gomydates.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gomydates.com/jump?subid2=%7Bsubid2%7D&tds_ao=1&tds_cid=7f8c68e0a3a9febdc953015427823d0a5beed392&subid=clickadu&tds_p_campaign=b4979kas&tds_oid=23302&dci=8de5c436ab0f019e4e2d4c4d0ad2a49222bb2de2&_tgUrl=aHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzkzMjRiNzAzOGZhZDA2NWFjOTYzZTMyZWM0MmU4ZWM4P19fdD0xNjczOTQxODI1MjY5Jl9fbD0zNjAw&clickid=%7Bclickid%7D&affid=9559e5a1&tds_id=b0506rie_jump_a_1601039183809&id=23302&s1=ps&tds_rt=&utm_source=intc&tds_ac_id=s0624kas&tds_host=gomydates.com&tds_campaign=b0506rie
Cookie: dci=8de5c436ab0f019e4e2d4c4d0ad2a49222bb2de2; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 17 Jan 2023 07:50:25 GMT
content-type: application/json; charset=utf-8
content-length: 10
server: nginx
x-powered-by: Express
access-control-allow-origin: *
etag: W/"a-1IPl29QMdgDJc1c5Tr58fnR67p8"
vary: Accept-Encoding
X-Firefox-Spdy: h2
gomydates.com/ufis/recaptcha/inject/gomydates.com?placement=default&doc_location=https%3A%2F%2Fgomydates.com%2Fjump%3Fsubid2%3D%257Bsubid2%257D%26tds_ao%3D1%26tds_cid%3D7f8c68e0a3a9febdc953015427823d0a5beed392%26subid%3Dclickadu%26tds_p_campaign%3Db4979kas%26tds_oid%3D23302%26dci%3D8de5c436ab0f019e4e2d4c4d0ad2a49222bb2de2%26_tgUrl%3DaHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzkzMjRiNzAzOGZhZDA2NWFjOTYzZTMyZWM0MmU4ZWM4P19fdD0xNjczOTQxODI1MjY5Jl9fbD0zNjAw%26clickid%3D%257Bclickid%257D%26affid%3D9559e5a1%26tds_id%3Db0506rie_jump_a_1601039183809%26id%3D23302%26s1%3Dps%26tds_rt%3D%26utm_source%3Dintc%26tds_ac_id%3Ds0624kas%26tds_host%3Dgomydates.com%26tds_campaign%3Db0506rie
3.121.39.134200 OK 27 B URL HTTP/2 gomydates.com/ufis/recaptcha/inject/gomydates.com?placement=default&doc_location=https%3A%2F%2Fgomydates.com%2Fjump%3Fsubid2%3D%257Bsubid2%257D%26tds_ao%3D1%26tds_cid%3D7f8c68e0a3a9febdc953015427823d0a5beed392%26subid%3Dclickadu%26tds_p_campaign%3Db4979kas%26tds_oid%3D23302%26dci%3D8de5c436ab0f019e4e2d4c4d0ad2a49222bb2de2%26_tgUrl%3DaHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzkzMjRiNzAzOGZhZDA2NWFjOTYzZTMyZWM0MmU4ZWM4P19fdD0xNjczOTQxODI1MjY5Jl9fbD0zNjAw%26clickid%3D%257Bclickid%257D%26affid%3D9559e5a1%26tds_id%3Db0506rie_jump_a_1601039183809%26id%3D23302%26s1%3Dps%26tds_rt%3D%26utm_source%3Dintc%26tds_ac_id%3Ds0624kas%26tds_host%3Dgomydates.com%26tds_campaign%3Db0506rie
IP 3.121.39.134:0
File type JSON data\012- , ASCII text, with no line terminators
Hash c7f55b876f962b6dc8dc3b2145a13315
aef7bcbe00d506bf8ae34b4f469ccc69b701fdb4
341891286e02aad359716b2976363f926c510a574f3ec042f10fb056f629f9af
GET /ufis/recaptcha/inject/gomydates.com?placement=default&doc_location=https%3A%2F%2Fgomydates.com%2Fjump%3Fsubid2%3D%257Bsubid2%257D%26tds_ao%3D1%26tds_cid%3D7f8c68e0a3a9febdc953015427823d0a5beed392%26subid%3Dclickadu%26tds_p_campaign%3Db4979kas%26tds_oid%3D23302%26dci%3D8de5c436ab0f019e4e2d4c4d0ad2a49222bb2de2%26_tgUrl%3DaHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzkzMjRiNzAzOGZhZDA2NWFjOTYzZTMyZWM0MmU4ZWM4P19fdD0xNjczOTQxODI1MjY5Jl9fbD0zNjAw%26clickid%3D%257Bclickid%257D%26affid%3D9559e5a1%26tds_id%3Db0506rie_jump_a_1601039183809%26id%3D23302%26s1%3Dps%26tds_rt%3D%26utm_source%3Dintc%26tds_ac_id%3Ds0624kas%26tds_host%3Dgomydates.com%26tds_campaign%3Db0506rie HTTP/1.1
Host: gomydates.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gomydates.com/jump?subid2=%7Bsubid2%7D&tds_ao=1&tds_cid=7f8c68e0a3a9febdc953015427823d0a5beed392&subid=clickadu&tds_p_campaign=b4979kas&tds_oid=23302&dci=8de5c436ab0f019e4e2d4c4d0ad2a49222bb2de2&_tgUrl=aHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzkzMjRiNzAzOGZhZDA2NWFjOTYzZTMyZWM0MmU4ZWM4P19fdD0xNjczOTQxODI1MjY5Jl9fbD0zNjAw&clickid=%7Bclickid%7D&affid=9559e5a1&tds_id=b0506rie_jump_a_1601039183809&id=23302&s1=ps&tds_rt=&utm_source=intc&tds_ac_id=s0624kas&tds_host=gomydates.com&tds_campaign=b0506rie
Cookie: dci=8de5c436ab0f019e4e2d4c4d0ad2a49222bb2de2; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 17 Jan 2023 07:50:25 GMT
content-type: application/json; charset=utf-8
content-length: 27
server: nginx
x-powered-by: Express
access-control-allow-origin: *
etag: W/"1b-rve8vgDVBr+K40tPRpzMabcB/bQ"
vary: Accept-Encoding
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 6f4934ef37f04950c15313f2cdc6902d
3ed5b8439867115a06edaf046472ee8d271c33ea
3fb58a81be10df91f59e3f6ceed7d607f77409087515cf675ff0d098c482c574
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 17 Jan 2023 07:50:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
gomydates.com/integration.js
3.121.39.134200 OK 1.2 kB URL HTTP/2 gomydates.com/integration.js
IP 3.121.39.134:0
Hash 61e2262eb4fbd733e1ec38f66ba31ec8
867873228dd74bd49e433269afe38f9361b7950f
71c126d1f4567e78b6c4f5d229b805e9fc3882f987c1146d553458daa733d186
Analyzer Verdict Alert fortinet Phishing
GET /integration.js HTTP/1.1
Host: gomydates.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gomydates.com/jump?subid2=%7Bsubid2%7D&tds_ao=1&tds_cid=7f8c68e0a3a9febdc953015427823d0a5beed392&subid=clickadu&tds_p_campaign=b4979kas&tds_oid=23302&dci=8de5c436ab0f019e4e2d4c4d0ad2a49222bb2de2&_tgUrl=aHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzkzMjRiNzAzOGZhZDA2NWFjOTYzZTMyZWM0MmU4ZWM4P19fdD0xNjczOTQxODI1MjY5Jl9fbD0zNjAw&clickid=%7Bclickid%7D&affid=9559e5a1&tds_id=b0506rie_jump_a_1601039183809&id=23302&s1=ps&tds_rt=&utm_source=intc&tds_ac_id=s0624kas&tds_host=gomydates.com&tds_campaign=b0506rie
Cookie: dci=8de5c436ab0f019e4e2d4c4d0ad2a49222bb2de2; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 17 Jan 2023 07:50:25 GMT
content-type: text/javascript; charset=utf-8
server: nginx
x-powered-by: Express
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
etag: W/"710-H5zl18zQTxcN9XgfklJuy0Vv5xg"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
gomydates.com/ufis/main.js?ippContent=null&wpContent=null&pwaContent=null&doc_location=https%3A%2F%2Fgomydates.com%2Fjump%3Fsubid2%3D%257Bsubid2%257D%26tds_ao%3D1%26tds_cid%3D7f8c68e0a3a9febdc953015427823d0a5beed392%26subid%3Dclickadu%26tds_p_campaign%3Db4979kas%26tds_oid%3D23302%26dci%3D8de5c436ab0f019e4e2d4c4d0ad2a49222bb2de2%26_tgUrl%3DaHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzkzMjRiNzAzOGZhZDA2NWFjOTYzZTMyZWM0MmU4ZWM4P19fdD0xNjczOTQxODI1MjY5Jl9fbD0zNjAw%26clickid%3D%257Bclickid%257D%26affid%3D9559e5a1%26tds_id%3Db0506rie_jump_a_1601039183809%26id%3D23302%26s1%3Dps%26tds_rt%3D%26utm_source%3Dintc%26tds_ac_id%3Ds0624kas%26tds_host%3Dgomydates.com%26tds_campaign%3Db0506rie&uaDataValues={}
3.121.39.134200 OK 342 kB URL HTTP/2 gomydates.com/ufis/main.js?ippContent=null&wpContent=null&pwaContent=null&doc_location=https%3A%2F%2Fgomydates.com%2Fjump%3Fsubid2%3D%257Bsubid2%257D%26tds_ao%3D1%26tds_cid%3D7f8c68e0a3a9febdc953015427823d0a5beed392%26subid%3Dclickadu%26tds_p_campaign%3Db4979kas%26tds_oid%3D23302%26dci%3D8de5c436ab0f019e4e2d4c4d0ad2a49222bb2de2%26_tgUrl%3DaHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzkzMjRiNzAzOGZhZDA2NWFjOTYzZTMyZWM0MmU4ZWM4P19fdD0xNjczOTQxODI1MjY5Jl9fbD0zNjAw%26clickid%3D%257Bclickid%257D%26affid%3D9559e5a1%26tds_id%3Db0506rie_jump_a_1601039183809%26id%3D23302%26s1%3Dps%26tds_rt%3D%26utm_source%3Dintc%26tds_ac_id%3Ds0624kas%26tds_host%3Dgomydates.com%26tds_campaign%3Db0506rie&uaDataValues={}
IP 3.121.39.134:0
Size 342 kB (342115 bytes)
Hash e039bbd92f246f197a7f172b1d16dbf0
1e3ad779392b4450d2f6fe1f700f28d1418082ac
80ca75c80c59626346a53aaa3e330036ef9c49f1d743b78c3438abaf60c4069a
GET /ufis/main.js?ippContent=null&wpContent=null&pwaContent=null&doc_location=https%3A%2F%2Fgomydates.com%2Fjump%3Fsubid2%3D%257Bsubid2%257D%26tds_ao%3D1%26tds_cid%3D7f8c68e0a3a9febdc953015427823d0a5beed392%26subid%3Dclickadu%26tds_p_campaign%3Db4979kas%26tds_oid%3D23302%26dci%3D8de5c436ab0f019e4e2d4c4d0ad2a49222bb2de2%26_tgUrl%3DaHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzkzMjRiNzAzOGZhZDA2NWFjOTYzZTMyZWM0MmU4ZWM4P19fdD0xNjczOTQxODI1MjY5Jl9fbD0zNjAw%26clickid%3D%257Bclickid%257D%26affid%3D9559e5a1%26tds_id%3Db0506rie_jump_a_1601039183809%26id%3D23302%26s1%3Dps%26tds_rt%3D%26utm_source%3Dintc%26tds_ac_id%3Ds0624kas%26tds_host%3Dgomydates.com%26tds_campaign%3Db0506rie&uaDataValues={} HTTP/1.1
Host: gomydates.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gomydates.com/jump?subid2=%7Bsubid2%7D&tds_ao=1&tds_cid=7f8c68e0a3a9febdc953015427823d0a5beed392&subid=clickadu&tds_p_campaign=b4979kas&tds_oid=23302&dci=8de5c436ab0f019e4e2d4c4d0ad2a49222bb2de2&_tgUrl=aHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzkzMjRiNzAzOGZhZDA2NWFjOTYzZTMyZWM0MmU4ZWM4P19fdD0xNjczOTQxODI1MjY5Jl9fbD0zNjAw&clickid=%7Bclickid%7D&affid=9559e5a1&tds_id=b0506rie_jump_a_1601039183809&id=23302&s1=ps&tds_rt=&utm_source=intc&tds_ac_id=s0624kas&tds_host=gomydates.com&tds_campaign=b0506rie
Cookie: dci=8de5c436ab0f019e4e2d4c4d0ad2a49222bb2de2; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 17 Jan 2023 07:50:25 GMT
content-type: text/javascript; charset=utf-8
server: nginx
x-powered-by: Express
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
etag: W/"76c0e-U1yn3EYweN8NRWehIWJsg2Uywso"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2
216.58.207.227200 OK 24 kB URL HTTP/2 fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 23580, version 1.0\012- data
Hash e1b3b5908c9cf23dfb2b9c52b9a023ab
fcd4136085f2a03481d9958cc6793a5ed98e714c
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
GET /s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://gomydates.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23580
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 17 Jan 2023 04:29:06 GMT
expires: Wed, 17 Jan 2024 04:29:06 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 26 Apr 2022 15:48:56 GMT
content-type: font/woff2
age: 12080
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 8b4c80fca9a7bc1b84369cdb60024668
91427b4fd16fa613fb83f053b271f00396b36e90
07bb6c4b267a5f46a15cca9ad9644ca38af67daa1448ad67f583f58e3c8dfcc1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 17 Jan 2023 07:50:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 6f4934ef37f04950c15313f2cdc6902d
3ed5b8439867115a06edaf046472ee8d271c33ea
3fb58a81be10df91f59e3f6ceed7d607f77409087515cf675ff0d098c482c574
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 17 Jan 2023 07:50:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sca1b.amazontrust.com/
143.204.42.156200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.156:0
Hash 12da4da7a47320fd008925da582984a7
750c0b8de348cfdb57f9c31aa692bc372af703f6
b970977e83b92f016ef4b90403f0ea6dcb5f6bc1f5bcc58467845ff7c2aaad4e
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Tue, 17 Jan 2023 07:50:26 GMT
Last-Modified: Tue, 17 Jan 2023 07:14:07 GMT
Server: ECS (dcb/7EC6)
X-Cache: Miss from cloudfront
Via: 1.1 bcd5dadccb0831729969c938747ff79a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: aLOEpDiN-bKIGO0U0YtOAf5NKaUjTGKN6iExbiFLB2-Y5ORd29GgCQ==
Age: 2179
www.gstatic.com/firebasejs/8.6.8/firebase-messaging.js
142.250.74.35200 OK 11 kB URL HTTP/2 www.gstatic.com/firebasejs/8.6.8/firebase-messaging.js
IP 142.250.74.35:0
File type ASCII text, with very long lines (40876)
Hash 5df942bc55c20f421cf56876855ced51
61e1c33b26d5a693425a8c229f90b1ea39736f29
3fb9f58427a7229af7bfb3c37e2f9718ba1e8776c368a80c511c6e27466d4932
GET /firebasejs/8.6.8/firebase-messaging.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gomydates.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 10869
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 15 Jan 2023 18:04:45 GMT
expires: Mon, 15 Jan 2024 18:04:45 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 01 Jul 2021 23:11:55 GMT
content-type: text/javascript; charset=UTF-8
age: 135941
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn3reference.com/landings/23302/images/bg-web2.jpg
54.230.111.43200 OK 134 kB URL HTTP/2 cdn3reference.com/landings/23302/images/bg-web2.jpg
IP 54.230.111.43:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 1813x809, components 3\012- data
Size 134 kB (134448 bytes)
Hash ef1a29775d4ead3628064718b908a24d
bdd05dca0cd677973768797fef9bf486a63b8929
650dc0654bd6a95350f544d863fc2a8cf6ac1010a9075b476febee2d861dc77b
GET /landings/23302/images/bg-web2.jpg HTTP/1.1
Host: cdn3reference.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn3reference.com/landings/23302/css/62785c7b6ca9a16c41ce1f973cf812b4.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
content-length: 134448
server: nginx
date: Tue, 17 Jan 2023 07:50:26 GMT
last-modified: Tue, 02 Apr 2019 14:25:38 GMT
etag: "20d30-5858ce9347c80"
accept-ranges: bytes
cache-control: public, max-age=604800
x-cache: Miss from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ayabo-yGoSL9aPzztxvQFoH5aM-mYKXHIkaObAwotNU8syYiFvPngQ==
X-Firefox-Spdy: h2
gomydates.com/ufis/webpush/track?uaDataValues={}&networkGroup=
3.121.39.134200 OK 30 B URL HTTP/2 gomydates.com/ufis/webpush/track?uaDataValues={}&networkGroup=
IP 3.121.39.134:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 81e3f07d1645f13d7cf94d9fe27b2db2
ff7bd614a52eeaf470852cb2c90344225fc3ffa5
33913d055081924c5e30b81bbab55e0a68df0397f2e3ae3c9606467c2d00da64
POST /ufis/webpush/track?uaDataValues={}&networkGroup= HTTP/1.1
Host: gomydates.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json; charset=UTF-8
Content-Length: 1202
Origin: https://gomydates.com
Connection: keep-alive
Referer: https://gomydates.com/jump?subid2=%7Bsubid2%7D&tds_ao=1&tds_cid=7f8c68e0a3a9febdc953015427823d0a5beed392&subid=clickadu&tds_p_campaign=b4979kas&tds_oid=23302&dci=8de5c436ab0f019e4e2d4c4d0ad2a49222bb2de2&_tgUrl=aHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzkzMjRiNzAzOGZhZDA2NWFjOTYzZTMyZWM0MmU4ZWM4P19fdD0xNjczOTQxODI1MjY5Jl9fbD0zNjAw&clickid=%7Bclickid%7D&affid=9559e5a1&tds_id=b0506rie_jump_a_1601039183809&id=23302&s1=ps&tds_rt=&utm_source=intc&tds_ac_id=s0624kas&tds_host=gomydates.com&tds_campaign=b0506rie
Cookie: dci=8de5c436ab0f019e4e2d4c4d0ad2a49222bb2de2; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 17 Jan 2023 07:50:26 GMT
content-type: application/json; charset=utf-8
content-length: 30
server: nginx
x-powered-by: Express
access-control-allow-origin: *
etag: W/"1e-/3vWFKUu6vRwhSyyyQNEIl/D/6U"
vary: Accept-Encoding
X-Firefox-Spdy: h2
gomydates.com/ufis/webpush/track?uaDataValues=%7B%7D&networkGroup=
3.121.39.134200 OK 30 B URL HTTP/2 gomydates.com/ufis/webpush/track?uaDataValues=%7B%7D&networkGroup=
IP 3.121.39.134:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 81e3f07d1645f13d7cf94d9fe27b2db2
ff7bd614a52eeaf470852cb2c90344225fc3ffa5
33913d055081924c5e30b81bbab55e0a68df0397f2e3ae3c9606467c2d00da64
POST /ufis/webpush/track?uaDataValues=%7B%7D&networkGroup= HTTP/1.1
Host: gomydates.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gomydates.com/ufis/webpush/sw.js?uaDataValues={}&networkGroup=
content-type: application/json; charset=UTF-8
Origin: https://gomydates.com
Content-Length: 1263
Connection: keep-alive
Cookie: dci=8de5c436ab0f019e4e2d4c4d0ad2a49222bb2de2; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 17 Jan 2023 07:50:27 GMT
content-type: application/json; charset=utf-8
content-length: 30
server: nginx
x-powered-by: Express
access-control-allow-origin: *
etag: W/"1e-/3vWFKUu6vRwhSyyyQNEIl/D/6U"
vary: Accept-Encoding
X-Firefox-Spdy: h2
gomydates.com/ufis/webpush/track?uaDataValues=%7B%7D&networkGroup=
3.121.39.134200 OK 30 B URL HTTP/2 gomydates.com/ufis/webpush/track?uaDataValues=%7B%7D&networkGroup=
IP 3.121.39.134:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 81e3f07d1645f13d7cf94d9fe27b2db2
ff7bd614a52eeaf470852cb2c90344225fc3ffa5
33913d055081924c5e30b81bbab55e0a68df0397f2e3ae3c9606467c2d00da64
POST /ufis/webpush/track?uaDataValues=%7B%7D&networkGroup= HTTP/1.1
Host: gomydates.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gomydates.com/ufis/webpush/sw.js?uaDataValues={}&networkGroup=
content-type: application/json; charset=UTF-8
Origin: https://gomydates.com
Content-Length: 1219
Connection: keep-alive
Cookie: dci=8de5c436ab0f019e4e2d4c4d0ad2a49222bb2de2; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 17 Jan 2023 07:50:27 GMT
content-type: application/json; charset=utf-8
content-length: 30
server: nginx
x-powered-by: Express
access-control-allow-origin: *
etag: W/"1e-/3vWFKUu6vRwhSyyyQNEIl/D/6U"
vary: Accept-Encoding
X-Firefox-Spdy: h2
gomydates.com/bridge/frodi_data.js
3.121.39.134200 OK 0 B URL HTTP/2 gomydates.com/bridge/frodi_data.js
IP 3.121.39.134:0
Analyzer Verdict Alert fortinet Phishing
GET /bridge/frodi_data.js HTTP/1.1
Host: gomydates.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gomydates.com/jump?subid2=%7Bsubid2%7D&tds_ao=1&tds_cid=7f8c68e0a3a9febdc953015427823d0a5beed392&subid=clickadu&tds_p_campaign=b4979kas&tds_oid=23302&dci=8de5c436ab0f019e4e2d4c4d0ad2a49222bb2de2&_tgUrl=aHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzkzMjRiNzAzOGZhZDA2NWFjOTYzZTMyZWM0MmU4ZWM4P19fdD0xNjczOTQxODI1MjY5Jl9fbD0zNjAw&clickid=%7Bclickid%7D&affid=9559e5a1&tds_id=b0506rie_jump_a_1601039183809&id=23302&s1=ps&tds_rt=&utm_source=intc&tds_ac_id=s0624kas&tds_host=gomydates.com&tds_campaign=b0506rie
Cookie: dci=8de5c436ab0f019e4e2d4c4d0ad2a49222bb2de2; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 17 Jan 2023 07:50:25 GMT
content-type: application/javascript; charset=UTF-8
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
x-robots-tag: noindex
accept-ranges: bytes
cache-control: public, max-age=3600
last-modified: Wed, 28 Dec 2022 12:21:19 GMT
etag: W/"19f8-18558ae0a18"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
gomydates.com/ao.js
3.121.39.134200 OK 0 B IP 3.121.39.134:0
Analyzer Verdict Alert fortinet Phishing
GET /ao.js HTTP/1.1
Host: gomydates.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gomydates.com/jump?subid2=%7Bsubid2%7D&tds_ao=1&tds_cid=7f8c68e0a3a9febdc953015427823d0a5beed392&subid=clickadu&tds_p_campaign=b4979kas&tds_oid=23302&dci=8de5c436ab0f019e4e2d4c4d0ad2a49222bb2de2&_tgUrl=aHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzkzMjRiNzAzOGZhZDA2NWFjOTYzZTMyZWM0MmU4ZWM4P19fdD0xNjczOTQxODI1MjY5Jl9fbD0zNjAw&clickid=%7Bclickid%7D&affid=9559e5a1&tds_id=b0506rie_jump_a_1601039183809&id=23302&s1=ps&tds_rt=&utm_source=intc&tds_ac_id=s0624kas&tds_host=gomydates.com&tds_campaign=b0506rie
Cookie: dci=8de5c436ab0f019e4e2d4c4d0ad2a49222bb2de2; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 17 Jan 2023 07:50:25 GMT
content-type: application/javascript; charset=UTF-8
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
x-robots-tag: noindex
accept-ranges: bytes
cache-control: public, max-age=3600
last-modified: Wed, 28 Dec 2022 12:21:19 GMT
etag: W/"1509-18558ae0a18"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
retarget2core.com/43fbb6270523e1760fa5f0d2579dea07/ac3fc68831981c704535980c826941a5?tds_cid=7f8c68e0a3a9febdc953015427823d0a5beed392&dci=8de5c436ab0f019e4e2d4c4d0ad2a49222bb2de2&j_type=open&jump=23302&jump_name=
52.58.118.128200 OK 0 B URL HTTP/2 retarget2core.com/43fbb6270523e1760fa5f0d2579dea07/ac3fc68831981c704535980c826941a5?tds_cid=7f8c68e0a3a9febdc953015427823d0a5beed392&dci=8de5c436ab0f019e4e2d4c4d0ad2a49222bb2de2&j_type=open&jump=23302&jump_name=
IP 52.58.118.128:0
GET /43fbb6270523e1760fa5f0d2579dea07/ac3fc68831981c704535980c826941a5?tds_cid=7f8c68e0a3a9febdc953015427823d0a5beed392&dci=8de5c436ab0f019e4e2d4c4d0ad2a49222bb2de2&j_type=open&jump=23302&jump_name= HTTP/1.1
Host: retarget2core.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gomydates.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 17 Jan 2023 07:50:26 GMT
content-type: image/gif
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
accept-ch: UA, Platform, Model, Mobile, Arch
set-cookie: dci=c78594343c0a4c2c222b4f22927be8bd099d760b; Max-Age=31536000; Domain=.retarget2core.com; Path=/; Expires=Wed, 17 Jan 2024 07:50:26 GMT; Secure; SameSite=None
X-Firefox-Spdy: h2
gomydates.com/tds/interlayer?handler=FrodiData
3.121.39.134200 OK 0 B URL HTTP/2 gomydates.com/tds/interlayer?handler=FrodiData
IP 3.121.39.134:0
Analyzer Verdict Alert fortinet Phishing
POST /tds/interlayer?handler=FrodiData HTTP/1.1
Host: gomydates.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json; charset=utf-8
Content-Length: 1398
Origin: https://gomydates.com
Connection: keep-alive
Referer: https://gomydates.com/jump?subid2=%7Bsubid2%7D&tds_ao=1&tds_cid=7f8c68e0a3a9febdc953015427823d0a5beed392&subid=clickadu&tds_p_campaign=b4979kas&tds_oid=23302&dci=8de5c436ab0f019e4e2d4c4d0ad2a49222bb2de2&_tgUrl=aHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzkzMjRiNzAzOGZhZDA2NWFjOTYzZTMyZWM0MmU4ZWM4P19fdD0xNjczOTQxODI1MjY5Jl9fbD0zNjAw&clickid=%7Bclickid%7D&affid=9559e5a1&tds_id=b0506rie_jump_a_1601039183809&id=23302&s1=ps&tds_rt=&utm_source=intc&tds_ac_id=s0624kas&tds_host=gomydates.com&tds_campaign=b0506rie
Cookie: dci=8de5c436ab0f019e4e2d4c4d0ad2a49222bb2de2; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 17 Jan 2023 07:50:27 GMT
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
accept-ch: UA, Platform, Model, Mobile, Arch
X-Firefox-Spdy: h2
gomydates.com/tds/ae?tdsId=s0624kas_r&tds_campaign=s0624kas&utm_sub=opnfnl&s1=ps&utm_source=intc&affid=9559e5a1&subid=clickadu&clickid={clickid}&subid2={subid2}
3.121.39.134302 Found 0 B URL HTTP/2 gomydates.com/tds/ae?tdsId=s0624kas_r&tds_campaign=s0624kas&utm_sub=opnfnl&s1=ps&utm_source=intc&affid=9559e5a1&subid=clickadu&clickid={clickid}&subid2={subid2}
IP 3.121.39.134:0
GET /tds/ae?tdsId=s0624kas_r&tds_campaign=s0624kas&utm_sub=opnfnl&s1=ps&utm_source=intc&affid=9559e5a1&subid=clickadu&clickid={clickid}&subid2={subid2} HTTP/1.1
Host: gomydates.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
date: Tue, 17 Jan 2023 07:50:25 GMT
location: https://gomydates.com/jump?subid2=%7Bsubid2%7D&tds_ao=1&tds_cid=7f8c68e0a3a9febdc953015427823d0a5beed392&subid=clickadu&tds_p_campaign=b4979kas&tds_oid=23302&dci=8de5c436ab0f019e4e2d4c4d0ad2a49222bb2de2&_tgUrl=aHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzkzMjRiNzAzOGZhZDA2NWFjOTYzZTMyZWM0MmU4ZWM4P19fdD0xNjczOTQxODI1MjY5Jl9fbD0zNjAw&clickid=%7Bclickid%7D&affid=9559e5a1&tds_id=b0506rie_jump_a_1601039183809&id=23302&s1=ps&tds_rt=&utm_source=intc&tds_ac_id=s0624kas&tds_host=gomydates.com&tds_campaign=b0506rie
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
accept-ch: UA, Platform, Model, Mobile, Arch
set-cookie: dci=8de5c436ab0f019e4e2d4c4d0ad2a49222bb2de2; Max-Age=31536000; Domain=.gomydates.com; Path=/; Expires=Wed, 17 Jan 2024 07:50:25 GMT; Secure; SameSite=None
dm=fe450dd0d1dadc615429144d33241f42; Max-Age=432000; Path=/; Expires=Sun, 22 Jan 2023 07:50:25 GMT
X-Firefox-Spdy: h2
cdn3reference.com/landings/23302/css/62785c7b6ca9a16c41ce1f973cf812b4.css
54.230.111.43200 OK 0 B URL HTTP/2 cdn3reference.com/landings/23302/css/62785c7b6ca9a16c41ce1f973cf812b4.css
IP 54.230.111.43:0
GET /landings/23302/css/62785c7b6ca9a16c41ce1f973cf812b4.css HTTP/1.1
Host: cdn3reference.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gomydates.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css
server: nginx
date: Tue, 17 Jan 2023 07:50:26 GMT
last-modified: Tue, 02 Apr 2019 15:21:31 GMT
content-encoding: gzip
etag: W/"5c1-5858db10f34c0"
x-cache: Miss from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: e8T_U3gfUdIGwIJZmncMfJu1U-2aXiO1zVAvaIFvT3KUhc5WARxI6A==
X-Firefox-Spdy: h2
cdn3reference.com/images/jump-favicon.ico
54.230.111.43200 OK 0 B URL HTTP/2 cdn3reference.com/images/jump-favicon.ico
IP 54.230.111.43:0
GET /images/jump-favicon.ico HTTP/1.1
Host: cdn3reference.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gomydates.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/vnd.microsoft.icon
server: nginx
date: Tue, 17 Jan 2023 07:50:26 GMT
last-modified: Fri, 05 Dec 2014 08:28:50 GMT
cache-control: public, max-age=604800
content-encoding: gzip
etag: W/"47e-50973ddc33480"
x-cache: Miss from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: z5pu3MKlHtLJETw3vCucVPxCFLe-Zc8eFU_VGqo5FzMxneBfB15G8Q==
X-Firefox-Spdy: h2
gomydates.com/ufis/webpush/sw.js?uaDataValues={}&networkGroup=
3.121.39.134200 OK 0 B URL HTTP/2 gomydates.com/ufis/webpush/sw.js?uaDataValues={}&networkGroup=
IP 3.121.39.134:0
GET /ufis/webpush/sw.js?uaDataValues={}&networkGroup= HTTP/1.1
Host: gomydates.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: dci=8de5c436ab0f019e4e2d4c4d0ad2a49222bb2de2; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 17 Jan 2023 07:50:27 GMT
content-type: text/javascript; charset=utf-8
server: nginx
x-powered-by: Express
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
etag: W/"35e5-ggvNzPbrS4iAvrqVuh7HqGhzYqo"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
2020club.club/clickadu-ind
104.21.1.125302 Found 0 B URL HTTP/2 2020club.club/clickadu-ind
IP 104.21.1.125:0
Analyzer Verdict Alert fortinet Phishing
GET /clickadu-ind HTTP/1.1
Host: 2020club.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
date: Tue, 17 Jan 2023 07:50:24 GMT
content-type: text/html; charset=UTF-8
location: https://gomydates.com/tds/ae?tdsId=s0624kas_r&tds_campaign=s0624kas&utm_sub=opnfnl&s1=ps&utm_source=intc&affid=9559e5a1&subid=clickadu&clickid={clickid}&subid2={subid2}
access-control-allow-origin: *
set-cookie: qwerty_clickadu-ind=0; expires=Wed, 18-Jan-2023 07:50:24 GMT; Max-Age=86400; path=/
cache-control: max-age=172800, private, must-revalidate
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=adVnZRzcp2Is1HYyFwq2pDZsEoOBfGQddsOgps%2BR2jE0n1ePBhmbxuPBxZJ4Y%2BSyfgCmfX0LIw%2FPXL356Cx4DRvXt1tPmpQLe7sU2vrAX%2FSnRx5NjHf7zh3TKRbIm%2Bet"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78ad7fedf838b4e8-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
gomydates.com/bridge/crypto-4.1.1.js
3.121.39.134200 OK 0 B URL HTTP/2 gomydates.com/bridge/crypto-4.1.1.js
IP 3.121.39.134:0
Analyzer Verdict Alert fortinet Phishing
GET /bridge/crypto-4.1.1.js HTTP/1.1
Host: gomydates.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gomydates.com/jump?subid2=%7Bsubid2%7D&tds_ao=1&tds_cid=7f8c68e0a3a9febdc953015427823d0a5beed392&subid=clickadu&tds_p_campaign=b4979kas&tds_oid=23302&dci=8de5c436ab0f019e4e2d4c4d0ad2a49222bb2de2&_tgUrl=aHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzkzMjRiNzAzOGZhZDA2NWFjOTYzZTMyZWM0MmU4ZWM4P19fdD0xNjczOTQxODI1MjY5Jl9fbD0zNjAw&clickid=%7Bclickid%7D&affid=9559e5a1&tds_id=b0506rie_jump_a_1601039183809&id=23302&s1=ps&tds_rt=&utm_source=intc&tds_ac_id=s0624kas&tds_host=gomydates.com&tds_campaign=b0506rie
Cookie: dci=8de5c436ab0f019e4e2d4c4d0ad2a49222bb2de2; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 17 Jan 2023 07:50:25 GMT
content-type: application/javascript; charset=UTF-8
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
x-robots-tag: noindex
accept-ranges: bytes
cache-control: public, max-age=3600
last-modified: Wed, 28 Dec 2022 12:21:19 GMT
etag: W/"bde2-18558ae0a18"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
cdn3reference.com/js/dc_img.js?v=8
54.230.111.43200 OK 0 B URL HTTP/2 cdn3reference.com/js/dc_img.js?v=8
IP 54.230.111.43:0
GET /js/dc_img.js?v=8 HTTP/1.1
Host: cdn3reference.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gomydates.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
server: nginx
date: Tue, 17 Jan 2023 07:50:26 GMT
last-modified: Thu, 29 Oct 2020 09:22:15 GMT
etag: W/"1e8-5b2cbd0d9620d"
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 5LX_yeMZJTyVzLha3kzAxAFtEjOEGsLwxmkbiQf6s5l5eXNNqRw4cA==
X-Firefox-Spdy: h2
retarget2core.com/fp/fp_ec.js
52.58.118.128200 OK 0 B URL HTTP/2 retarget2core.com/fp/fp_ec.js
IP 52.58.118.128:0
GET /fp/fp_ec.js HTTP/1.1
Host: retarget2core.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gomydates.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 17 Jan 2023 07:50:26 GMT
content-type: application/javascript; charset=UTF-8
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
x-robots-tag: noindex
accept-ranges: bytes
cache-control: public, max-age=3600
last-modified: Wed, 28 Dec 2022 12:21:19 GMT
etag: W/"4bd-18558ae0a18"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
gomydates.com/jump?subid2=%7Bsubid2%7D&tds_ao=1&tds_cid=7f8c68e0a3a9febdc953015427823d0a5beed392&subid=clickadu&tds_p_campaign=b4979kas&tds_oid=23302&dci=8de5c436ab0f019e4e2d4c4d0ad2a49222bb2de2&_tgUrl=aHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzkzMjRiNzAzOGZhZDA2NWFjOTYzZTMyZWM0MmU4ZWM4P19fdD0xNjczOTQxODI1MjY5Jl9fbD0zNjAw&clickid=%7Bclickid%7D&affid=9559e5a1&tds_id=b0506rie_jump_a_1601039183809&id=23302&s1=ps&tds_rt=&utm_source=intc&tds_ac_id=s0624kas&tds_host=gomydates.com&tds_campaign=b0506rie
3.121.39.134200 OK 0 B URL HTTP/2 gomydates.com/jump?subid2=%7Bsubid2%7D&tds_ao=1&tds_cid=7f8c68e0a3a9febdc953015427823d0a5beed392&subid=clickadu&tds_p_campaign=b4979kas&tds_oid=23302&dci=8de5c436ab0f019e4e2d4c4d0ad2a49222bb2de2&_tgUrl=aHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzkzMjRiNzAzOGZhZDA2NWFjOTYzZTMyZWM0MmU4ZWM4P19fdD0xNjczOTQxODI1MjY5Jl9fbD0zNjAw&clickid=%7Bclickid%7D&affid=9559e5a1&tds_id=b0506rie_jump_a_1601039183809&id=23302&s1=ps&tds_rt=&utm_source=intc&tds_ac_id=s0624kas&tds_host=gomydates.com&tds_campaign=b0506rie
IP 3.121.39.134:0
GET /jump?subid2=%7Bsubid2%7D&tds_ao=1&tds_cid=7f8c68e0a3a9febdc953015427823d0a5beed392&subid=clickadu&tds_p_campaign=b4979kas&tds_oid=23302&dci=8de5c436ab0f019e4e2d4c4d0ad2a49222bb2de2&_tgUrl=aHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzkzMjRiNzAzOGZhZDA2NWFjOTYzZTMyZWM0MmU4ZWM4P19fdD0xNjczOTQxODI1MjY5Jl9fbD0zNjAw&clickid=%7Bclickid%7D&affid=9559e5a1&tds_id=b0506rie_jump_a_1601039183809&id=23302&s1=ps&tds_rt=&utm_source=intc&tds_ac_id=s0624kas&tds_host=gomydates.com&tds_campaign=b0506rie HTTP/1.1
Host: gomydates.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: dci=8de5c436ab0f019e4e2d4c4d0ad2a49222bb2de2; dm=fe450dd0d1dadc615429144d33241f42
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers
HTTP/2 200 OK
date: Tue, 17 Jan 2023 07:50:25 GMT
content-type: text/html; charset=UTF-8
server: nginx
content-encoding: br
X-Firefox-Spdy: h2
gomydates.com/ufis/pwa/sw.js?uaDataValues={}&networkGroup=
3.121.39.134200 OK 0 B URL HTTP/2 gomydates.com/ufis/pwa/sw.js?uaDataValues={}&networkGroup=
IP 3.121.39.134:0
GET /ufis/pwa/sw.js?uaDataValues={}&networkGroup= HTTP/1.1
Host: gomydates.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: dci=8de5c436ab0f019e4e2d4c4d0ad2a49222bb2de2; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 17 Jan 2023 07:50:26 GMT
content-type: text/javascript; charset=utf-8
server: nginx
x-powered-by: Express
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
etag: W/"8a5-jxVx3HNgm8c2Bvxd6GQ6e3r2rSU"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2