Report - kektds.com/nH69Pgdw

Report Overview

URL

kektds.com/nH69Pgdw
IP

185.162.87.36

ASN

#39572 DataWeb Global Group B.V.
Submitted

2022-11-27T13:52:10Z

Access
Tags

None
urlquery detections

No alerts detected

Detections

urlquery

0
Network Intrusion Detection

0
Threat Detection Systems

1

Domain Summary

Domain	Rank	First Seen	Last Seen	Sent	Received	IP
content-signature-2.cdn.mozilla.net (1)	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413	5843	34.160.144.191
push.services.mozilla.com (1)	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606	127	52.38.139.17
ocsp.sca1b.amazontrust.com (1)	1015	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	350	1004	143.204.42.165
www.clarity.ms (2)	1404	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	754	57672	13.107.238.53
region1.analytics.google.com (1)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	794	559	216.239.32.36
stats.g.doubleclick.net (1)	96	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	478	559	142.251.1.155
fonts.googleapis.com (1)	8877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	393	746	142.250.74.10
easy-lay.com (1)	254260	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	541	2852	172.67.181.117
www.googletagmanager.com (1)	75	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	378	58062	142.250.74.168
www.google.no (1)	25607	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	478	694	142.250.74.3
botd.fpapi.io (1)	297160	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	450	510	34.193.232.22
c.bing.com (1)	247	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	468	795	13.107.21.200
b.clarity.ms (1)	3462	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	440	281	20.75.32.255
static.cloudflareinsights.com (1)	1294	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	449	393	104.16.57.101
kektds.com (1)	271713	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	350	1014	185.162.87.36
contile.services.mozilla.com (1)	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333	229	34.117.237.239
ocsp.pki.goog (8)	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2744	6483	142.250.74.35
www.googleoptimize.com (1)	1604	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	381	47489	142.250.74.78
my.rtmark.net (1)	9054	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	435	1228	139.45.195.8
c.clarity.ms (2)	803	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	837	1185	20.234.93.27
r3.o.lencr.org (8)	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2704	7090	23.36.76.226
ocsp.digicert.com (5)	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1705	3345	93.184.220.29
firefox.settings.services.mozilla.com (2)	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782	2483	34.102.187.140
icalendar.datingtopgirls.com (1)	260095	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	373	2057	31.220.24.141
img-getpocket.cdn.mozilla.net (6)	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3246	63108	34.120.237.76

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-11-27	medium	icalendar.datingtopgirls.com/icalendar.js	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

HTTP Transactions (51)

URL IP Response Size

kektds.com/nH69Pgdw

United Kingdom DataWeb Global Group B.V.

185.162.87.36

302 Found

URL HTTP/1.1

kektds.com/nH69Pgdw
IP

185.162.87.36:0
ASN

#39572 DataWeb Global Group B.V.

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET /nH69Pgdw HTTP/1.1
Host: kektds.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                        HTTP/1.1 302 Found
Server: nginx
Date: Sun, 27 Nov 2022 13:51:58 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate,post-check=0,pre-check=0
Expires: 0
Last-Modified: Sun, 27 Nov 2022 13:51:58 GMT
Location: https://easy-lay.com/tt/16?affiliate_id=15001&sub1=s8hnpa52tm5a&sub2=422425&sub8=&sub7=42&source=242542&c1=arb%7C1037%7C
Pragma: no-cache
Set-Cookie: _subid=s8hnpa52tm5a;Expires=Wednesday, 28-Dec-2022 13:51:58 GMT;Max-Age=2678400;Path=/
_token=uuid_s8hnpa52tm5a_s8hnpa52tm5a63836b7e7b3c57.74050765;Expires=Wednesday, 28-Dec-2022 13:51:58 GMT;Max-Age=2678400;Path=/
bdeee=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjI0MjVcIjoxNjY5NTU3MTE4fSxcImNhbXBhaWduc1wiOntcIjEwMzdcIjoxNjY5NTU3MTE4fSxcInRpbWVcIjoxNjY5NTU3MTE4fSJ9.EO4brwWoXWJ1NbcvA7GzJhRxcB3e2XkGDJSyo3jwGgo;Expires=Friday, 25-Oct-2075 03:43:56 GMT;Max-Age=1669643518;Path=/
Vary: Accept-Encoding
Access-Control-Allow-Origin: *

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

150792cfc458af013998f4ef6bdf5f74

d5179b2dcb11d06f82606bf6eb6648319998d63e

72937c756d3feeae6d04a6f445398b0436bdf559f8c7437e3a3233263943900e

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "72937C756D3FEEAE6D04A6F445398B0436BDF559F8C7437E3A3233263943900E"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3080
Expires: Sun, 27 Nov 2022 14:43:18 GMT
Date: Sun, 27 Nov 2022 13:51:58 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

471
Hash

64b2a23eab6e5ae8c010ec7242be930c

0673e4385ba01a5a245711bab96cafc34f765793

64751d193f7af72431e9689581faffcae1a30ff50ea425697b2b80ff61c87909

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5776
Cache-Control: max-age=166531
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 13:51:58 GMT
Etag: "63833c71-1d7"
Expires: Tue, 29 Nov 2022 12:07:29 GMT
Last-Modified: Sun, 27 Nov 2022 10:31:13 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

3b56944f0e5716fd4fad2ec18994d4be

61cafa4de31ba960d1145ec37272f6f6b6944e0c

4fd46b0b6a2ea24f5ce175985a3933c04b4c01bd3e32bee2e50a61a65eef7af4

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4FD46B0B6A2EA24F5CE175985A3933C04B4C01BD3E32BEE2E50A61A65EEF7AF4"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10000
Expires: Sun, 27 Nov 2022 16:38:38 GMT
Date: Sun, 27 Nov 2022 13:51:58 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939

URL HTTP/2

firefox.settings.services.mozilla.com/v1/
IP

34.102.187.140:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (939), with no line terminators

Size

939
Hash

d130218d0e2841f39c99610fe1a2ab90

29fbe1e177ee55c7a61ae0a206afff271cf5f945

6b6d74dccf10c2bc98a91c3388280d7ba1d9596bf8cadd7db0e2f63720b3d152

HTTP Headers

                                        GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Alert, Content-Type, Retry-After, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 27 Nov 2022 13:17:40 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2058
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain

34.160.144.191

200 OK

5348

URL HTTP/2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP

34.160.144.191:0
ASN

#15169 GOOGLE

Magic

PEM certificate\012- , ASCII text

Size

5348
Hash

9ebddc2b260d081ebbefee47c037cb28

492bad62a7ca6a74738921ef5ae6f0be5edebf39

74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5

HTTP Headers

                                        GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
x-amz-id-2: RpRFEtdbILanCGg4N5GP5lkzh5pE9BthIkDE9eZqDZduSp0HljpB29DVvoxdsYsmyjHgVlZOH4g=
x-amz-request-id: C8ENZAJ9FXZ1VGYD
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 27 Nov 2022 13:44:39 GMT
age: 439
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

279

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

279
Hash

8d8432ef77d72da15a4e2f5275cd1fcd

dc9f589a382272f637a307030d4de54bf1fd1240

67f42d9eb43824d1621533605d9400169bfaa5ce927be28faea55b3eb1816e58

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 558
Cache-Control: max-age=89644
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 13:51:58 GMT
Etag: "6382247c-117"
Expires: Mon, 28 Nov 2022 14:46:02 GMT
Last-Modified: Sat, 26 Nov 2022 14:36:44 GMT
Server: ECS (amb/6BA3)
X-Cache: HIT
Content-Length: 279

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

URL HTTP/2

contile.services.mozilla.com/v1/tiles
IP

34.117.237.239:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with no line terminators

Size

12
Hash

23e88fb7b99543fb33315b29b1fad9d6

a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce

7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

                                        GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 13:51:58 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

279

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

279
Hash

8d8432ef77d72da15a4e2f5275cd1fcd

dc9f589a382272f637a307030d4de54bf1fd1240

67f42d9eb43824d1621533605d9400169bfaa5ce927be28faea55b3eb1816e58

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 558
Cache-Control: max-age=89644
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 13:51:58 GMT
Etag: "6382247c-117"
Expires: Mon, 28 Nov 2022 14:46:02 GMT
Last-Modified: Sat, 26 Nov 2022 14:36:44 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 279

ocsp.digicert.com/

93.184.220.29

200 OK

279

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

279
Hash

46be323bc79f562de2849d93b20ae76e

8f39777956be6e476b5a1c9648e2c585d7ddeda7

55140433a1d1011107c4f18c87249ba048ac0993ad2be18e0a1255208ac4a5ce

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5213
Cache-Control: max-age=152253
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 13:51:59 GMT
Etag: "638306df-117"
Expires: Tue, 29 Nov 2022 08:09:32 GMT
Last-Modified: Sun, 27 Nov 2022 06:42:39 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 279

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

1357

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.35:0
ASN

#15169 GOOGLE

Magic

data

Size

1357
Hash

7d5337ed28ea9ea8c47f0279f4465e6d

f804a43913fbe7909abccd972b647d7e41a28dcc

2e8fc779cc342e2b324d731833984da2f20ee280e8676189f45921467967d334

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 13:51:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

67cab66298314bd85ba924a163d8a007

1ec98e2302941764d21e5afa059e0210108450fc

aa7e9aa849c5e2c49b609cc0b77d2a09c66870578f16e7eff5f14f91f7b20203

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AA7E9AA849C5E2C49B609CC0B77D2A09C66870578F16E7EFF5F14F91F7B20203"
Last-Modified: Sat, 26 Nov 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4340
Expires: Sun, 27 Nov 2022 15:04:19 GMT
Date: Sun, 27 Nov 2022 13:51:59 GMT
Connection: keep-alive

icalendar.datingtopgirls.com/icalendar.js

31.220.24.141

200 OK

1796

URL HTTP/1.1

icalendar.datingtopgirls.com/icalendar.js
IP

31.220.24.141:0
ASN

#39572 DataWeb Global Group B.V.

Magic

ASCII text

Size

1796
Hash

d39f355915d9633385c213781d160c84

f22997c5f291268e4f7996b2664ad19c241fd31f

533ecbbbb80cdf2f49dc8333f2801b3ab1a508bacc1abedcde6872c622c0d92e

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

                                        GET /icalendar.js HTTP/1.1
Host: icalendar.datingtopgirls.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://easy-lay.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Sun, 27 Nov 2022 13:51:59 GMT
Content-Type: application/javascript
Last-Modified: Mon, 23 May 2022 15:29:00 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"628ba83c-173d"
Content-Encoding: gzip

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.35:0
ASN

#15169 GOOGLE

Magic

data

Size

472
Hash

5af61422c4eaa1b995ec63e463abda26

db75634681ed688840773ce828c169ac9da7d131

506791493bb08d458008ad072ac34a26c2170c1e775b83f55f20cd8af97aa895

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 13:51:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.35:0
ASN

#15169 GOOGLE

Magic

data

Size

472
Hash

0ee1d1a60ec1770ec3e880a25c257f5d

015b05feff63bdcf8fae4d1a8c0c83c923a2ca67

b6845619444a37f322c044933a44cf3fd283a18a54d03bad4f76a2ed8c2cbaf6

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 13:51:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

438

URL HTTP/2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP

34.102.187.140:0
ASN

#15169 GOOGLE

Magic

data

Size

438
Hash

11c95a7b2a996fc17651176ecd684737

76c80619b4d2bb4a629b957d7c78b4c655b008d5

7091e656887c9d6a70f5a5741d8f8967191414dee481c654c9fd8bb87eefd026

HTTP Headers

                                        GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Cache-Control, ETag, Pragma, Expires, Backoff, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 27 Nov 2022 13:08:54 GMT
cache-control: public,max-age=3600
age: 2585
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

www.googletagmanager.com/gtm.js?id=GTM-T76Q9QX

142.250.74.168

200 OK

57299

URL HTTP/2

www.googletagmanager.com/gtm.js?id=GTM-T76Q9QX
IP

142.250.74.168:0
ASN

#15169 GOOGLE

Magic

ASCII text, with very long lines (2985)

Size

57299
Hash

8ca9a5bee7651109237b011e581eb483

33ccb0cc5b5264916fda9e3be5025d1776b1eda1

2ffed0ab62d8cca2925ac0bdab5b076eee9b90a1f6336a07a74fb81e8f1f5be0

HTTP Headers

                                        GET /gtm.js?id=GTM-T76Q9QX HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://easy-lay.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 27 Nov 2022 13:51:59 GMT
expires: Sun, 27 Nov 2022 13:51:59 GMT
cache-control: private, max-age=900
last-modified: Sun, 27 Nov 2022 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 57299
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

471
Hash

a6fee11dfe1b88cd768a0ca3e2bd0c89

59cec9a44a4a92467678afe65f347f68641a2174

50870c499aae4d5dfd6df25a36cd04b6d185b66ef0590e46933984bf52e2483f

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2218
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 13:51:59 GMT
Last-Modified: Sun, 27 Nov 2022 13:15:02 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.35:0
ASN

#15169 GOOGLE

Magic

data

Size

472
Hash

0ee1d1a60ec1770ec3e880a25c257f5d

015b05feff63bdcf8fae4d1a8c0c83c923a2ca67

b6845619444a37f322c044933a44cf3fd283a18a54d03bad4f76a2ed8c2cbaf6

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 13:51:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

push.services.mozilla.com/

52.38.139.17

101 Switching Protocols

URL HTTP/1.1

push.services.mozilla.com/
IP

52.38.139.17:0
ASN

#16509 AMAZON-02

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Gm9lRC+4QHNH+c19ncypMQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                        HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: VWC7fQRThuLcWdk3YhldDqutTek=

www.googleoptimize.com/optimize.js?id=OPT-NN2R6FM

142.250.74.78

200 OK

46772

URL HTTP/2

www.googleoptimize.com/optimize.js?id=OPT-NN2R6FM
IP

142.250.74.78:0
ASN

#15169 GOOGLE

Magic

ASCII text, with very long lines (15264)

Size

46772
Hash

38cd6ea86f56e86c3f2f9ae8ff59c449

71add8ed7f1daa68d2dfa68a29bc185169a619b0

9a3f4175a1189ff9fae5ce10c3c99d67fa0d87523e15ef245bc37252dc2dd437

HTTP Headers

                                        GET /optimize.js?id=OPT-NN2R6FM HTTP/1.1
Host: www.googleoptimize.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://easy-lay.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 27 Nov 2022 13:52:00 GMT
expires: Sun, 27 Nov 2022 13:52:00 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 46772
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

43dca8ebcf06bd09eb16b5516072ec48

84fe572e189c13383dc0a805a90c07de69c48ee6

be524e069364f1231ff9f6f8a5ca6ae8aa4353ba95fa7913c30c13ed008ab8fd

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BE524E069364F1231FF9F6F8A5CA6AE8AA4353BA95FA7913C30C13ED008AB8FD"
Last-Modified: Sat, 26 Nov 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18946
Expires: Sun, 27 Nov 2022 19:07:46 GMT
Date: Sun, 27 Nov 2022 13:52:00 GMT
Connection: keep-alive

my.rtmark.net/p.js?f=sync&lr=1&partner=bea467c9e34e8272bd1bf9a4a452ac3653f0e23d224530e911cd838f39a107cc

139.45.195.8

200 OK

697

URL HTTP/2

my.rtmark.net/p.js?f=sync&lr=1&partner=bea467c9e34e8272bd1bf9a4a452ac3653f0e23d224530e911cd838f39a107cc
IP

139.45.195.8:0
ASN

#9002 RETN Limited

Magic

ASCII text

Size

697
Hash

1ba2794f0f7dd2b29159959320fd42bd

8e73fa295266b44f59b5bc53cafb7febe3c85e39

3ae0c3406428498610c125ba13450e55a412406359bd6b2cf21bdf5f5be4486c

HTTP Headers

                                        GET /p.js?f=sync&lr=1&partner=bea467c9e34e8272bd1bf9a4a452ac3653f0e23d224530e911cd838f39a107cc HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://easy-lay.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 13:52:00 GMT
content-type: text/javascript
content-length: 697
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

471

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.35:0
ASN

#15169 GOOGLE

Magic

data

Size

471
Hash

d3c9b092aee5820bdab6595daad65d61

89e983faeedf25b3e15696f9bf6dbf76feb07868

58d24c4dde4a578c2c0191a19a5a42bdcb5be03b21a1907f60c8deaee78b7331

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 13:52:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-Q7W6GLM2DR&cid=1655333971.1669557120&gtm=2oeb90&aip=1&z=811052777

142.250.74.3

200 OK

URL HTTP/2

www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-Q7W6GLM2DR&cid=1655333971.1669557120&gtm=2oeb90&aip=1&z=811052777
IP

142.250.74.3:0
ASN

#15169 GOOGLE

Magic

GIF image data, version 89a, 1 x 1\012- data

Size

42
Hash

d89746888da2d9510b64a9f031eaecd5

d5fceb6532643d0d84ffe09c40c481ecdf59e15a

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

                                        GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-Q7W6GLM2DR&cid=1655333971.1669557120&gtm=2oeb90&aip=1&z=811052777 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://easy-lay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 27 Nov 2022 13:52:00 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.sca1b.amazontrust.com/

143.204.42.165

200 OK

471

URL HTTP/1.1

ocsp.sca1b.amazontrust.com/
IP

143.204.42.165:0
ASN

#16509 AMAZON-02

Magic

data

Size

471
Hash

ec490fb1655bc4688d88b1ed8e68b70d

9f75ada2488ea84d2f9267cbf5dc790f090ba088

ab990f382d28bd37e53e4bee48f490232c9ed7c9f1dbf5dc3ab1ccc6d8a7e142

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=138209
Date: Sun, 27 Nov 2022 13:52:00 GMT
Etag: "6382d036-1d7"
Expires: Tue, 29 Nov 2022 04:15:29 GMT
Last-Modified: Sun, 27 Nov 2022 02:49:26 GMT
Server: ECS (dcb/7F3A)
X-Cache: Miss from cloudfront
Via: 1.1 dac7cf040932e0c072eeed10afdd7b3e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: EFEiehcOgMshRs7Bbl1fGUFjus1ytrIo5SRX0WXEbcGW9ppQR7eKAg==
Age: 5163

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

471

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.35:0
ASN

#15169 GOOGLE

Magic

data

Size

471
Hash

d3c9b092aee5820bdab6595daad65d61

89e983faeedf25b3e15696f9bf6dbf76feb07868

58d24c4dde4a578c2c0191a19a5a42bdcb5be03b21a1907f60c8deaee78b7331

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 13:52:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

botd.fpapi.io/api/v1/detect?version=0.1.23

34.193.232.22

401 Unauthorized

URL HTTP/2

botd.fpapi.io/api/v1/detect?version=0.1.23
IP

34.193.232.22:0
ASN

#14618 AMAZON-AES

Magic

data

Size

69
Hash

32ba2944a9fb9f71e7edc24a56593f3d

52b5da6230916b04a19d6f712ef247513831038c

e2d1e1dce80588c0d6bd72d2ab94eb6ed4ea63771f52fc16d4ef2b96fef2dac9

HTTP Headers

                                        POST /api/v1/detect?version=0.1.23 HTTP/1.1
Host: botd.fpapi.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://easy-lay.com/
Content-Type: text/plain
Origin: https://easy-lay.com
Content-Length: 21915
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 401 Unauthorized
date: Sun, 27 Nov 2022 13:52:00 GMT
content-type: application/octet-stream
content-length: 69
server: nginx
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Origin, Content-Length, Accept-Encoding, Authorization, Auth-Subscriptions, Botd-Password
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://easy-lay.com
X-Firefox-Spdy: h2

www.clarity.ms/tag/bvsqia2v2y?ref=gtm

United States MICROSOFT-CORP-MSN-AS-BLOCK

13.107.238.53

200 OK

1552

URL HTTP/2

www.clarity.ms/tag/bvsqia2v2y?ref=gtm
IP

13.107.238.53:0
ASN

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

data

Size

1552
Hash

1576fda486c7e72b0d5cb62631e383ad

53a1d0338ac914c4b16ad3bd67d20e96802e1754

2059aad147882074e2ecf03d12af53bc7709d7bd6c7c050b1f11b67d7a476d91

HTTP Headers

                                        GET /tag/bvsqia2v2y?ref=gtm HTTP/1.1
Host: www.clarity.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://easy-lay.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
cache-control: no-cache, no-store
content-type: application/x-javascript
expires: -1
set-cookie: CLID=9779e8080a41489c9766ec5953b9e66d.20221127.20231127; expires=Mon, 27 Nov 2023 13:52:00 GMT; path=/; secure; samesite=none; httponly
request-context: appId=cid-v1:9c7c879b-c51a-427e-9701-218438da5f81
x-cache: CONFIG_NOCACHE
x-azure-ref: 0gGuDYwAAAABp5J0B/IQqTrZO2Bk9vuwWQ1BIMzBFREdFMDQyMQA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
date: Sun, 27 Nov 2022 13:52:00 GMT
X-Firefox-Spdy: h2

c.clarity.ms/c.gif

20.234.93.27

302 Found

URL HTTP/2

c.clarity.ms/c.gif
IP

20.234.93.27:0
ASN

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET /c.gif HTTP/1.1
Host: c.clarity.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://easy-lay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 302 Found
cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
location: https://c.bing.com/c.gif?CtsSyncId=C7F79D20D6F440799E4BD78A4E4852D2&RedC=c.clarity.ms&MXFR=176254F1E23965D200114698E6396BF5
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
set-cookie: SM=T; domain=c.clarity.ms; path=/; SameSite=None; Secure;
MUID=176254F1E23965D200114698E6396BF5; domain=.clarity.ms; expires=Fri, 22-Dec-2023 13:52:01 GMT; path=/; SameSite=None; Secure; Priority=High;
date: Sun, 27 Nov 2022 13:52:00 GMT
content-length: 0
X-Firefox-Spdy: h2

c.bing.com/c.gif?CtsSyncId=C7F79D20D6F440799E4BD78A4E4852D2&RedC=c.clarity.ms&MXFR=176254F1E23965D200114698E6396BF5

13.107.21.200

302 Found

URL HTTP/2

c.bing.com/c.gif?CtsSyncId=C7F79D20D6F440799E4BD78A4E4852D2&RedC=c.clarity.ms&MXFR=176254F1E23965D200114698E6396BF5
IP

13.107.21.200:0
ASN

#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET /c.gif?CtsSyncId=C7F79D20D6F440799E4BD78A4E4852D2&RedC=c.clarity.ms&MXFR=176254F1E23965D200114698E6396BF5 HTTP/1.1
Host: c.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://easy-lay.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 302 Found
cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
location: https://c.clarity.ms/c.gif?CtsSyncId=C7F79D20D6F440799E4BD78A4E4852D2&MUID=065AAC848A1062E00EB9BEED8B4763CB
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
set-cookie: SRM_B=065AAC848A1062E00EB9BEED8B4763CB; domain=c.bing.com; expires=Fri, 22-Dec-2023 13:52:01 GMT; path=/; SameSite=None; Secure;
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 6CFB42DA14F64D4696235CE5AAA8571E Ref B: OSL30EDGE0414 Ref C: 2022-11-27T13:52:01Z
date: Sun, 27 Nov 2022 13:52:00 GMT
content-length: 0
X-Firefox-Spdy: h2

c.clarity.ms/c.gif?CtsSyncId=C7F79D20D6F440799E4BD78A4E4852D2&MUID=065AAC848A1062E00EB9BEED8B4763CB

20.234.93.27

200 OK

URL HTTP/2

c.clarity.ms/c.gif?CtsSyncId=C7F79D20D6F440799E4BD78A4E4852D2&MUID=065AAC848A1062E00EB9BEED8B4763CB
IP

20.234.93.27:0
ASN

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

GIF image data, version 89a, 1 x 1\012- data

Size

42
Hash

32023bb33cfb2a1990a4ef2d85b6ac16

23dcc6d4b5bfe00357fd0248bb5955b8e36bb8f1

99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

HTTP Headers

                                        GET /c.gif?CtsSyncId=C7F79D20D6F440799E4BD78A4E4852D2&MUID=065AAC848A1062E00EB9BEED8B4763CB HTTP/1.1
Host: c.clarity.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://easy-lay.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                        HTTP/2 200 OK
cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
content-type: image/gif
last-modified: Thu, 13 Oct 2022 20:07:05 GMT
accept-ranges: bytes
etag: "40db785d3fdfd81:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
set-cookie: ANONCHK=0; domain=c.clarity.ms; expires=Sun, 27-Nov-2022 14:02:01 GMT; path=/; SameSite=None; Secure;
date: Sun, 27 Nov 2022 13:52:00 GMT
content-length: 42
X-Firefox-Spdy: h2

region1.analytics.google.com/g/collect?v=2&tid=G-Q7W6GLM2DR&gtm=2oeb90&_p=753863940&_gaz=1&cid=1655333971.1669557120&ul=en-us&sr=1280x1024&_s=1&sid=1669557120&sct=1&seg=0&dl=https%3A%2F%2Feasy-lay.com%2Ftt%2F16&dt=EasyLay.com%20-%20search%20all%20best%20free%20online%20dating%20sites&en=page_view&_fv=1&_nsi=1&_ss=1&up.visitor_id=s8hnpa52tm5a&up.member_id=&up.tour=16&up.user_status=GUEST&up.networkname=easy-lay

216.239.32.36

204 No Content

URL HTTP/2

region1.analytics.google.com/g/collect?v=2&tid=G-Q7W6GLM2DR&gtm=2oeb90&_p=753863940&_gaz=1&cid=1655333971.1669557120&ul=en-us&sr=1280x1024&_s=1&sid=1669557120&sct=1&seg=0&dl=https%3A%2F%2Feasy-lay.com%2Ftt%2F16&dt=EasyLay.com%20-%20search%20all%20best%20free%20online%20dating%20sites&en=page_view&_fv=1&_nsi=1&_ss=1&up.visitor_id=s8hnpa52tm5a&up.member_id=&up.tour=16&up.user_status=GUEST&up.networkname=easy-lay
IP

216.239.32.36:0
ASN

#15169 GOOGLE

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        POST /g/collect?v=2&tid=G-Q7W6GLM2DR&gtm=2oeb90&_p=753863940&_gaz=1&cid=1655333971.1669557120&ul=en-us&sr=1280x1024&_s=1&sid=1669557120&sct=1&seg=0&dl=https%3A%2F%2Feasy-lay.com%2Ftt%2F16&dt=EasyLay.com%20-%20search%20all%20best%20free%20online%20dating%20sites&en=page_view&_fv=1&_nsi=1&_ss=1&up.visitor_id=s8hnpa52tm5a&up.member_id=&up.tour=16&up.user_status=GUEST&up.networkname=easy-lay HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://easy-lay.com
Connection: keep-alive
Referer: https://easy-lay.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

                                        HTTP/2 204 No Content
access-control-allow-origin: https://easy-lay.com
date: Sun, 27 Nov 2022 13:52:01 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.35:0
ASN

#15169 GOOGLE

Magic

data

Size

472
Hash

770555aa8a0a52c611bafb289ca8a650

62504cadc49747f328e3c31ad3aa7a740043072c

6317c8530220392b1339be640b8c1181c468ff8e3f3d1d5692b39cb32404216f

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 13:52:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

stats.g.doubleclick.net/g/collect?v=2&tid=G-Q7W6GLM2DR&cid=1655333971.1669557120&gtm=2oeb90&aip=1

142.251.1.155

204 No Content

URL HTTP/2

stats.g.doubleclick.net/g/collect?v=2&tid=G-Q7W6GLM2DR&cid=1655333971.1669557120&gtm=2oeb90&aip=1
IP

142.251.1.155:0
ASN

#15169 GOOGLE

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        POST /g/collect?v=2&tid=G-Q7W6GLM2DR&cid=1655333971.1669557120&gtm=2oeb90&aip=1 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://easy-lay.com
Connection: keep-alive
Referer: https://easy-lay.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

                                        HTTP/2 204 No Content
access-control-allow-origin: https://easy-lay.com
date: Sun, 27 Nov 2022 13:52:01 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.clarity.ms/eus2/s/0.6.43/clarity.js

13.107.238.53

200 OK

55116

URL HTTP/2

www.clarity.ms/eus2/s/0.6.43/clarity.js
IP

13.107.238.53:0
ASN

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

Unicode text, UTF-8 text, with very long lines (55029)

Size

55116
Hash

441723b72633b1ac9757ad7c63168005

806166ca9ebb5839dd90a5e5c9335e3e0b18c169

cc8a16ce849d72f106bd67187e4b60c20da3093375202bf0b53f23e8f40a8b11

HTTP Headers

                                        GET /eus2/s/0.6.43/clarity.js HTTP/1.1
Host: www.clarity.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://easy-lay.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                        HTTP/2 200 OK
cache-control: public,max-age=86400
content-length: 55116
content-type: application/javascript;charset=utf-8
last-modified: Wed, 01 Jun 2022 12:22:22 GMT
accept-ranges: bytes
etag: "1d8fe62948d1d4c"
request-context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
x-cache: CONFIG_NOCACHE
x-azure-ref: 0gGuDYwAAAABsDuSuF1XIQYmQt8ttfGdCQ1BIMzBFREdFMDQyMQA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
date: Sun, 27 Nov 2022 13:52:00 GMT
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

aebda342a81ad83f60d2523f54ccda67

e590d9326e4a283e0929a8ffccb13cc4308af0e6

bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5985
Expires: Sun, 27 Nov 2022 15:31:46 GMT
Date: Sun, 27 Nov 2022 13:52:01 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

aebda342a81ad83f60d2523f54ccda67

e590d9326e4a283e0929a8ffccb13cc4308af0e6

bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5985
Expires: Sun, 27 Nov 2022 15:31:46 GMT
Date: Sun, 27 Nov 2022 13:52:01 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

aebda342a81ad83f60d2523f54ccda67

e590d9326e4a283e0929a8ffccb13cc4308af0e6

bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5985
Expires: Sun, 27 Nov 2022 15:31:46 GMT
Date: Sun, 27 Nov 2022 13:52:01 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

aebda342a81ad83f60d2523f54ccda67

e590d9326e4a283e0929a8ffccb13cc4308af0e6

bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5985
Expires: Sun, 27 Nov 2022 15:31:46 GMT
Date: Sun, 27 Nov 2022 13:52:01 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F53b989dd-5b05-43e6-807e-30a5611591c1.jpeg

34.120.237.76

200 OK

12505

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F53b989dd-5b05-43e6-807e-30a5611591c1.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

12505
Hash

9443750de7962c9e235cbb6dbda24df0

05de7f68103849bd0cd80a704ef97685d0150800

d84e37f9bfd9888a385364c52cdc0d817aa680ee0a83e579ca1f1083f1131468

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F53b989dd-5b05-43e6-807e-30a5611591c1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 12505
x-amzn-requestid: a89c780f-e1a4-451e-842b-656ba43958be
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLVOeHzfIAMFpGQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6381358f-3478b6c81d94ec65388bd3da;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:37:19 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: mUic7CJjKQ8l7EKhTTSs2LTLaCqnVQUBuxzmfzET4TwSa_LX8na-MA==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 21:46:33 GMT
age: 57928
etag: "05de7f68103849bd0cd80a704ef97685d0150800"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9926

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F661e728e-05a1-40d9-ae81-c058443324b3.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

9926
Hash

892849386662d30042f01ab952a3ec14

3b349ac17a00d68875e64bee110ec85d07cffda2

893797d55f15081d45af7a31af9fefe106ace9ba236e9b113787d07ab416faf9

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F661e728e-05a1-40d9-ae81-c058443324b3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 9926
x-amzn-requestid: 4e2c72af-2cce-4740-9962-6a7f9e217272
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b_cVCHwEoAMF3lQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637c7420-51c2e04b4fae5b576a679db5;Sampled=0
x-amzn-remapped-date: Tue, 22 Nov 2022 07:02:56 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: rZTk5ONMhQB66WF0VWIRmlTOdzEJO-NJVl4TCibzbH2fZXY_9Mx9kQ==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 559326ad73233233a9e52cb9e8601ede.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 18:42:19 GMT
age: 68982
etag: "3b349ac17a00d68875e64bee110ec85d07cffda2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10944

Report Overview

URL

IP

ASN

Submitted

Access

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (23)

#1 JS:Script (size: 381)

#2 JS:Script (size: 86841)

#3 JS:Script (size: 182)

#4 JS:Script (size: 708)

#5 JS:Script (size: 158225)

#6 JS:Script (size: 133537)

#7 JS:Script (size: 55116)

#8 JS:Script (size: 17031)

#9 JS:Script (size: 23781)

#10 JS:Script (size: 100)

#11 JS:Script (size: 219)

#12 JS:Script (size: 1005)

#13 JS:Script (size: 5949)

#14 JS:Script (size: 12500)

#15 JS:Script (size: 549)

#16 JS:Script (size: 228471)

#17 JS:Script (size: 65)

#18 JS:Script (size: 506)

#19 JS:Script (size: 1551)

#20 JS:Script (size: 3325)

#21 JS:Script (size: 42185)

#22 JS:Script (size: 697)

#23 JS:Script (size: 1509)

HTTP Transactions (51)

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

Magic

Size