Report - dratingmaject.com/3e1955b7-ea84-48f3-bffb-03a175abdbc8

Report Overview

Submitted URL
dratingmaject.com/3e1955b7-ea84-48f3-bffb-03a175abdbc8
IP
18.195.149.11
ASN
#16509 AMAZON-02
Submitted
2022-11-26 08:59:51
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
fonts.googleapis.com	8877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	459 B	746 B	142.250.74.10
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	5.3 kB	23.36.77.32
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.4 kB	2.8 kB	142.250.74.3
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	34.208.34.131
deefauph.com	135892	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.1 kB	38 kB	139.45.197.251
babesroulette.com	281754	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	959 B	652 B	172.67.153.220
dratingmaject.com	821761	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.4 kB	4.8 kB	18.195.149.11
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.4 kB	2.8 kB	93.184.220.29
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	31 kB	34.102.187.140
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	229 B	34.117.237.239
fonts.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	966 B	34 kB	216.58.207.195
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.3 kB	46 kB	34.120.237.76

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-11-26	medium	dratingmaject.com/3e1955b7-ea84-48f3-bffb-03a175abdbc8	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (6)

	URL	Size	First Seen	Last Seen
	babesroulette.com/landers/lander18/?clickid=wqbf73hbgmk8i8ok2i04l16o&source=3e1955b7-ea84-48f3-bffb-03a175abdbc8&cep=q4G9VettgruAJLiNdqAmwg6huP3E80Q37bzVMcv82oFPg8y8Byr1cToDWC9h_PQBL-7OJSQzecby5lcO-Zzb8CX6XVtjJpKgip1FZQbFF5VDOghd2g3Mn2h_Z11L2xOOWtQvRRQwbqrWrcXVM437z-f_54Qpatalot7n2kOSwuvfaredt9lFLSpCdi2ttCRIk5lVYYvx9JVCOLSpDkOqhbH_3GvkTdSMJurZzpQZs9ct68DgNXiQWmsS7Va0O4rYqjxSld1GMKd_ZV8L1H6F56cAH6UfALQyXj2nlzqVM7zxoSIM0X1uQ-otUgMnXNHYSAis4j3nSyuzOh-STQeuFUT8TBKgwMWDaYzL9sgRnURclCVXXMiI_axc-DI-6GNP&lptoken=162569ac45b049018059	660 B	2023-03-07	2023-04-05
Pretty URL babesroulette.com/landers/lander18/?clickid=wqbf73hbgmk8i8ok2i04l16o&source=3e1955b7-ea84-48f3-bffb-03a175abdbc8&cep=q4G9VettgruAJLiNdqAmwg6huP3E80Q37bzVMcv82oFPg8y8Byr1cToDWC9h_PQBL-7OJSQzecby5lcO-Zzb8CX6XVtjJpKgip1FZQbFF5VDOghd2g3Mn2h_Z11L2xOOWtQvRRQwbqrWrcXVM437z-f_54Qpatalot7n2kOSwuvfaredt9lFLSpCdi2ttCRIk5lVYYvx9JVCOLSpDkOqhbH_3GvkTdSMJurZzpQZs9ct68DgNXiQWmsS7Va0O4rYqjxSld1GMKd_ZV8L1H6F56cAH6UfALQyXj2nlzqVM7zxoSIM0X1uQ-otUgMnXNHYSAis4j3nSyuzOh-STQeuFUT8TBKgwMWDaYzL9sgRnURclCVXXMiI_axc-DI-6GNP&lptoken=162569ac45b049018059 IP 172.67.153.220 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:00 Last Seen2023-04-05 01:55:44 Times Seen17 Hash 97441e7379ca32ad9f6044c50451ff13 80fb696604e2b6e293615725845d9642cc4171d7 976578c853ded099ba704b2fda49934f67dbbb03e53d81b589d332ffaa543fdc Loading...

	babesroulette.com/landers/lander18/?clickid=wqbf73hbgmk8i8ok2i04l16o&source=3e1955b7-ea84-48f3-bffb-03a175abdbc8&cep=q4G9VettgruAJLiNdqAmwg6huP3E80Q37bzVMcv82oFPg8y8Byr1cToDWC9h_PQBL-7OJSQzecby5lcO-Zzb8CX6XVtjJpKgip1FZQbFF5VDOghd2g3Mn2h_Z11L2xOOWtQvRRQwbqrWrcXVM437z-f_54Qpatalot7n2kOSwuvfaredt9lFLSpCdi2ttCRIk5lVYYvx9JVCOLSpDkOqhbH_3GvkTdSMJurZzpQZs9ct68DgNXiQWmsS7Va0O4rYqjxSld1GMKd_ZV8L1H6F56cAH6UfALQyXj2nlzqVM7zxoSIM0X1uQ-otUgMnXNHYSAis4j3nSyuzOh-STQeuFUT8TBKgwMWDaYzL9sgRnURclCVXXMiI_axc-DI-6GNP&lptoken=162569ac45b049018059	1.4 kB	2023-03-07	2023-04-05
Pretty URL babesroulette.com/landers/lander18/?clickid=wqbf73hbgmk8i8ok2i04l16o&source=3e1955b7-ea84-48f3-bffb-03a175abdbc8&cep=q4G9VettgruAJLiNdqAmwg6huP3E80Q37bzVMcv82oFPg8y8Byr1cToDWC9h_PQBL-7OJSQzecby5lcO-Zzb8CX6XVtjJpKgip1FZQbFF5VDOghd2g3Mn2h_Z11L2xOOWtQvRRQwbqrWrcXVM437z-f_54Qpatalot7n2kOSwuvfaredt9lFLSpCdi2ttCRIk5lVYYvx9JVCOLSpDkOqhbH_3GvkTdSMJurZzpQZs9ct68DgNXiQWmsS7Va0O4rYqjxSld1GMKd_ZV8L1H6F56cAH6UfALQyXj2nlzqVM7zxoSIM0X1uQ-otUgMnXNHYSAis4j3nSyuzOh-STQeuFUT8TBKgwMWDaYzL9sgRnURclCVXXMiI_axc-DI-6GNP&lptoken=162569ac45b049018059 IP 172.67.153.220 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:00 Last Seen2023-04-05 01:55:44 Times Seen17 Hash 8d9b1690a74f07a3810d671b838dd1bd 636798778433d0449d1a29d4a1dbdd1a23af8c46 185faac7437690399b751628e681b202ceb6f5dc205874483379a82cddd2e737 Loading...

	dratingmaject.com/d/.js?lpref=&lpurl=https%3A%2F%2Fbabesroulette.com%2Flanders%2Flander18%2F%3Fclickid%3Dwqbf73hbgmk8i8ok2i04l16o%26source%3D3e1955b7-ea84-48f3-bffb-03a175abdbc8%26cep%3Dq4G9VettgruAJLiNdqAmwg6huP3E80Q37bzVMcv82oFPg8y8Byr1cToDWC9h_PQBL-7OJSQzecby5lcO-Zzb8CX6XVtjJpKgip1FZQbFF5VDOghd2g3Mn2h_Z11L2xOOWtQvRRQwbqrWrcXVM437z-f_54Qpatalot7n2kOSwuvfaredt9lFLSpCdi2ttCRIk5lVYYvx9JVCOLSpDkOqhbH_3GvkTdSMJurZzpQZs9ct68DgNXiQWmsS7Va0O4rYqjxSld1GMKd_ZV8L1H6F56cAH6UfALQyXj2nlzqVM7zxoSIM0X1uQ-otUgMnXNHYSAis4j3nSyuzOh-STQeuFUT8TBKgwMWDaYzL9sgRnURclCVXXMiI_axc-DI-6GNP%26lptoken%3D162569ac45b049018059&lpt=Title%20here&t=1669453180250	3.0 kB	2023-03-11	2023-03-11
Pretty URL dratingmaject.com/d/.js?lpref=&lpurl=https%3A%2F%2Fbabesroulette.com%2Flanders%2Flander18%2F%3Fclickid%3Dwqbf73hbgmk8i8ok2i04l16o%26source%3D3e1955b7-ea84-48f3-bffb-03a175abdbc8%26cep%3Dq4G9VettgruAJLiNdqAmwg6huP3E80Q37bzVMcv82oFPg8y8Byr1cToDWC9h_PQBL-7OJSQzecby5lcO-Zzb8CX6XVtjJpKgip1FZQbFF5VDOghd2g3Mn2h_Z11L2xOOWtQvRRQwbqrWrcXVM437z-f_54Qpatalot7n2kOSwuvfaredt9lFLSpCdi2ttCRIk5lVYYvx9JVCOLSpDkOqhbH_3GvkTdSMJurZzpQZs9ct68DgNXiQWmsS7Va0O4rYqjxSld1GMKd_ZV8L1H6F56cAH6UfALQyXj2nlzqVM7zxoSIM0X1uQ-otUgMnXNHYSAis4j3nSyuzOh-STQeuFUT8TBKgwMWDaYzL9sgRnURclCVXXMiI_axc-DI-6GNP%26lptoken%3D162569ac45b049018059&lpt=Title%20here&t=1669453180250 IP 18.195.149.11 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 20:35:50 Last Seen2023-03-11 20:35:50 Times Seen1 Hash 35789c0f9f89bdf7aa5d3a42bb9e24c9 f6c1a548dbe7c6a6b6764a1a10e35c382500c14e b5a519c82b0e307763a74156b4a3bb310210a067809bea6009fbd446e2bf31c5 Loading...

	deefauph.com/pfe/current/micro.tag.min.js?z=4740019&ymid=wqbf73hbgmk8i8ok2i04l16o&var=3e1955b7-ea84-48f3-bffb-03a175abdbc8&sw=/sw-check-permissions-2e801.js	78 kB	2023-03-09	2023-03-17
Pretty URL deefauph.com/pfe/current/micro.tag.min.js?z=4740019&ymid=wqbf73hbgmk8i8ok2i04l16o&var=3e1955b7-ea84-48f3-bffb-03a175abdbc8&sw=/sw-check-permissions-2e801.js IP 139.45.197.251 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 23:03:50 Last Seen2023-03-17 22:46:33 Times Seen1 Hash 2ff31a855f49b8556bc52e2c0e4742c4 6e4a4532a83fa78fff0719b7e13f644fb842dc68 46c4d68f925af64956704d5ff2389c648fba60ac4baaf1963624e84abd4b6c1f Loading...

	babesroulette.com/landers/lander18/?clickid=wqbf73hbgmk8i8ok2i04l16o&source=3e1955b7-ea84-48f3-bffb-03a175abdbc8&cep=q4G9VettgruAJLiNdqAmwg6huP3E80Q37bzVMcv82oFPg8y8Byr1cToDWC9h_PQBL-7OJSQzecby5lcO-Zzb8CX6XVtjJpKgip1FZQbFF5VDOghd2g3Mn2h_Z11L2xOOWtQvRRQwbqrWrcXVM437z-f_54Qpatalot7n2kOSwuvfaredt9lFLSpCdi2ttCRIk5lVYYvx9JVCOLSpDkOqhbH_3GvkTdSMJurZzpQZs9ct68DgNXiQWmsS7Va0O4rYqjxSld1GMKd_ZV8L1H6F56cAH6UfALQyXj2nlzqVM7zxoSIM0X1uQ-otUgMnXNHYSAis4j3nSyuzOh-STQeuFUT8TBKgwMWDaYzL9sgRnURclCVXXMiI_axc-DI-6GNP&lptoken=162569ac45b049018059	102 B	2023-03-11	2023-03-11
Pretty URL babesroulette.com/landers/lander18/?clickid=wqbf73hbgmk8i8ok2i04l16o&source=3e1955b7-ea84-48f3-bffb-03a175abdbc8&cep=q4G9VettgruAJLiNdqAmwg6huP3E80Q37bzVMcv82oFPg8y8Byr1cToDWC9h_PQBL-7OJSQzecby5lcO-Zzb8CX6XVtjJpKgip1FZQbFF5VDOghd2g3Mn2h_Z11L2xOOWtQvRRQwbqrWrcXVM437z-f_54Qpatalot7n2kOSwuvfaredt9lFLSpCdi2ttCRIk5lVYYvx9JVCOLSpDkOqhbH_3GvkTdSMJurZzpQZs9ct68DgNXiQWmsS7Va0O4rYqjxSld1GMKd_ZV8L1H6F56cAH6UfALQyXj2nlzqVM7zxoSIM0X1uQ-otUgMnXNHYSAis4j3nSyuzOh-STQeuFUT8TBKgwMWDaYzL9sgRnURclCVXXMiI_axc-DI-6GNP&lptoken=162569ac45b049018059 IP 172.67.153.220 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 20:35:50 Last Seen2023-03-11 20:35:50 Times Seen1 Hash 09e3ec30ca3fea48d662b9e05df5f751 a03e1385fca2dc003982e0720e30e25117d0cb2f cf8f5b0711c20c48c68bb725e06d34a84cc505be5aef8090e861d75fdf4323fe Loading...

		Size	First Seen	Last Seen
	#1 Eval - c112a78e95686e43112f1fe06024f3f2	79 B	2023-03-11	2023-03-11
Pretty Observations First Seen2023-03-11 20:35:50 Last Seen2023-03-11 20:35:50 Times Seen1 Hash c112a78e95686e43112f1fe06024f3f2 1ba90eb0d84c9d72d6e5a459f240b7c6487d67f9 21ba1a9f83390cad1fd64093a1c0f9fe6b828821aca5d796d0953a892f02d8a2 Loading...

HTTP Transactions (33)

URL IP Response Size

dratingmaject.com/3e1955b7-ea84-48f3-bffb-03a175abdbc8

18.195.149.11

302

0 B

URL HTTP/1.1
dratingmaject.com/3e1955b7-ea84-48f3-bffb-03a175abdbc8
IP
18.195.149.11:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /3e1955b7-ea84-48f3-bffb-03a175abdbc8 HTTP/1.1
Host: dratingmaject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 
Server: nginx
Date: Sat, 26 Nov 2022 08:59:40 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://babesroulette.com/landers/lander18/?clickid=wqbf73hbgmk8i8ok2i04l16o&source=3e1955b7-ea84-48f3-bffb-03a175abdbc8&cep=q4G9VettgruAJLiNdqAmwg6huP3E80Q37bzVMcv82oFPg8y8Byr1cToDWC9h_PQBL-7OJSQzecby5lcO-Zzb8CX6XVtjJpKgip1FZQbFF5VDOghd2g3Mn2h_Z11L2xOOWtQvRRQwbqrWrcXVM437z-f_54Qpatalot7n2kOSwuvfaredt9lFLSpCdi2ttCRIk5lVYYvx9JVCOLSpDkOqhbH_3GvkTdSMJurZzpQZs9ct68DgNXiQWmsS7Va0O4rYqjxSld1GMKd_ZV8L1H6F56cAH6UfALQyXj2nlzqVM7zxoSIM0X1uQ-otUgMnXNHYSAis4j3nSyuzOh-STQeuFUT8TBKgwMWDaYzL9sgRnURclCVXXMiI_axc-DI-6GNP&lptoken=162569ac45b049018059
Pragma: no-cache
Set-Cookie: 3e1955b7-ea84-48f3-bffb-03a175abdbc8-v4=8coG6dRYfRVYGQaLu-dKEXEwPm44PJFN0kENKAceE94; Max-Age=86400; Expires=Sun, 27-Nov-2022 08:59:40 GMT; Domain=dratingmaject.com; Path=/; HttpOnly
cep-v4=mSnwzhpm1t4xDMDc1tAlR7hCBvuXjSLMCUPjOVNphCH_PLah-ofaLqq5r93syhPN3XwzImqAxx7Knny3GW8SUY-rwKHPxrR33v70ERLdhKl_0jIxYNH3NFPDcNFoUeUX5tXr4BT1QTrwGWAZfLYoW4vQTY592p1YxY1IimbBr8JqiWDCdxYfmhh_de-dZ-sgvc61CkGNWRaNo5EyuMMyMdENB4PwXrfcz6N3U9DGptITnesMHO5kKj-SQESN8U-4J4DMGEpz-xo9u5iWrC7tQadf4xCzPfnmHzjMKGSuet0E8ju1s-m9s9Hc6x25WQEUeOKqoKQqsj91OmijkC8vmi6S3diNlBKDYEY1D2bTc3I63WiNHvsFNZtRMpTjKExX; Max-Age=86400; Expires=Sun, 27-Nov-2022 08:59:40 GMT; Domain=dratingmaject.com; Path=/; HttpOnly

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a9f1d4d98705c281fed3b60343463200
db6f8aa98d2eda4e5473b116a222c3055568bb78
164d11173045b569cafb32e300e4c1ec6d6ab177fd34d0414cc40c541268779f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "164D11173045B569CAFB32E300E4C1EC6D6AB177FD34D0414CC40C541268779F"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12742
Expires: Sat, 26 Nov 2022 12:32:02 GMT
Date: Sat, 26 Nov 2022 08:59:40 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
10730f388c028d64e19b8a48d414768f
e43b104e57e5ea7ff8568835776858cf2ede6f00
f3c30c6d139288f1bfe13fce85c6ddc1514e1639fcf4d31a6012a3309ed1d50d

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2081
Cache-Control: max-age=93975
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 08:59:40 GMT
Etag: "63809972-1d7"
Expires: Sun, 27 Nov 2022 11:05:55 GMT
Last-Modified: Fri, 25 Nov 2022 10:31:14 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8c63b226725ca6e92e3ef586ac19e603
d21ae42a1927501e5293ff3564f52b49f6b0decc
141ac47acc3800e5d35a82012fa4b044277abad3a95dc24415f66fb72c972ae6

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "141AC47ACC3800E5D35A82012FA4B044277ABAD3A95DC24415F66FB72C972AE6"
Last-Modified: Wed, 23 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4042
Expires: Sat, 26 Nov 2022 10:07:02 GMT
Date: Sat, 26 Nov 2022 08:59:40 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
d130218d0e2841f39c99610fe1a2ab90
29fbe1e177ee55c7a61ae0a206afff271cf5f945
6b6d74dccf10c2bc98a91c3388280d7ba1d9596bf8cadd7db0e2f63720b3d152

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Alert, Content-Type, Retry-After, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 26 Nov 2022 08:19:13 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2427
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: oL6t/6f6FEhaXevTD/FRzaidt648t3cEUanDWxji+pwiiM5Ev65AIBs78+E1lCu+XUOfGBuNksE=
x-amz-request-id: E9EMFBCNET95SW3H
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 26 Nov 2022 08:41:08 GMT
age: 1112
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
18a304f6585a230cdf137bccd851817d
6b59d769b687bc2eaecaa278adefc4a36755f0de
4e687d994f51b880c9c0632a7d6fdd9528de9314ad7824f5aabf12bfce0b283e

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=118883
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 08:59:40 GMT
Etag: "638102df-117"
Expires: Sun, 27 Nov 2022 18:01:03 GMT
Last-Modified: Fri, 25 Nov 2022 18:01:03 GMT
Server: nginx
Content-Length: 279

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 26 Nov 2022 08:59:40 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
18a304f6585a230cdf137bccd851817d
6b59d769b687bc2eaecaa278adefc4a36755f0de
4e687d994f51b880c9c0632a7d6fdd9528de9314ad7824f5aabf12bfce0b283e

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 0
Cache-Control: max-age=118883
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 08:59:40 GMT
Etag: "638102df-117"
Expires: Sun, 27 Nov 2022 18:01:03 GMT
Last-Modified: Fri, 25 Nov 2022 18:01:03 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 279

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

29 kB

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
data
Size
29 kB (29245 bytes)
Hash
ffd6f27aa7fe65f2b59d6ea9f1dca0e2
99fe6d92f07f07b5ed95435a936557fd02f7bf49
5b2c5c5522c9e9317ec95d72520ed1230a52790ab00b43c49569360db9c628bb

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Cache-Control, ETag, Pragma, Expires, Backoff, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 26 Nov 2022 08:08:54 GMT
cache-control: public,max-age=3600
age: 3046
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
619fa0039b94697fc8a5bd24f57e8aa2
53a366391a51d625029cc6d32fb4e8b6060990fd
dff604305831a0399aa44b2fac806e43512afa846569ba6e5685eca6495d9fa5

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 08:59:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
619fa0039b94697fc8a5bd24f57e8aa2
53a366391a51d625029cc6d32fb4e8b6060990fd
dff604305831a0399aa44b2fac806e43512afa846569ba6e5685eca6495d9fa5

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 08:59:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
df06e70fc8a35facf1d8db463d18e231
fa8a2975566cc792898f870e48ae7518d3657326
4cef7e704f4d575ce6733f6f2d803d241b597be51ff3fb03f72e5c33a893b504

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6393
Cache-Control: max-age=93223
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 08:59:41 GMT
Etag: "638085ab-1d7"
Expires: Sun, 27 Nov 2022 10:53:24 GMT
Last-Modified: Fri, 25 Nov 2022 09:06:51 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
b05606331c6f88a724d9e404e62974e4
72176bc6b618fbbe567b5746ed54e14d381a9815
7179b3d4ee227d9bf6d768a5fb1a9499f285d5949d21893c9a6997da8ea7b026

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 08:59:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.195

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.195:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://babesroulette.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 19:34:08 GMT
expires: Thu, 23 Nov 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 221133
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
6f90d7389de142e4ae43f2fda9aeb063
ceff2d184ff0a0a813d0738c3aa94fb6eb1c5727
95f0a595aef2bc7f5d4bdf5893af5cd8ee385981271029260ccffda5594f6cc6

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "95F0A595AEF2BC7F5D4BDF5893AF5CD8EE385981271029260CCFFDA5594F6CC6"
Last-Modified: Wed, 23 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10738
Expires: Sat, 26 Nov 2022 11:58:39 GMT
Date: Sat, 26 Nov 2022 08:59:41 GMT
Connection: keep-alive

dratingmaject.com/d/.js?lpref=&lpurl=https%3A%2F%2Fbabesroulette.com%2Flanders%2Flander18%2F%3Fclickid%3Dwqbf73hbgmk8i8ok2i04l16o%26source%3D3e1955b7-ea84-48f3-bffb-03a175abdbc8%26cep%3Dq4G9VettgruAJLiNdqAmwg6huP3E80Q37bzVMcv82oFPg8y8Byr1cToDWC9h_PQBL-7OJSQzecby5lcO-Zzb8CX6XVtjJpKgip1FZQbFF5VDOghd2g3Mn2h_Z11L2xOOWtQvRRQwbqrWrcXVM437z-f_54Qpatalot7n2kOSwuvfaredt9lFLSpCdi2ttCRIk5lVYYvx9JVCOLSpDkOqhbH_3GvkTdSMJurZzpQZs9ct68DgNXiQWmsS7Va0O4rYqjxSld1GMKd_ZV8L1H6F56cAH6UfALQyXj2nlzqVM7zxoSIM0X1uQ-otUgMnXNHYSAis4j3nSyuzOh-STQeuFUT8TBKgwMWDaYzL9sgRnURclCVXXMiI_axc-DI-6GNP%26lptoken%3D162569ac45b049018059&lpt=Title%20here&t=1669453180250

18.195.149.11

200 OK

3.0 kB

URL HTTP/2
dratingmaject.com/d/.js?lpref=&lpurl=https%3A%2F%2Fbabesroulette.com%2Flanders%2Flander18%2F%3Fclickid%3Dwqbf73hbgmk8i8ok2i04l16o%26source%3D3e1955b7-ea84-48f3-bffb-03a175abdbc8%26cep%3Dq4G9VettgruAJLiNdqAmwg6huP3E80Q37bzVMcv82oFPg8y8Byr1cToDWC9h_PQBL-7OJSQzecby5lcO-Zzb8CX6XVtjJpKgip1FZQbFF5VDOghd2g3Mn2h_Z11L2xOOWtQvRRQwbqrWrcXVM437z-f_54Qpatalot7n2kOSwuvfaredt9lFLSpCdi2ttCRIk5lVYYvx9JVCOLSpDkOqhbH_3GvkTdSMJurZzpQZs9ct68DgNXiQWmsS7Va0O4rYqjxSld1GMKd_ZV8L1H6F56cAH6UfALQyXj2nlzqVM7zxoSIM0X1uQ-otUgMnXNHYSAis4j3nSyuzOh-STQeuFUT8TBKgwMWDaYzL9sgRnURclCVXXMiI_axc-DI-6GNP%26lptoken%3D162569ac45b049018059&lpt=Title%20here&t=1669453180250
IP
18.195.149.11:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (961)
Size
3.0 kB (2989 bytes)
Hash
35789c0f9f89bdf7aa5d3a42bb9e24c9
f6c1a548dbe7c6a6b6764a1a10e35c382500c14e
b5a519c82b0e307763a74156b4a3bb310210a067809bea6009fbd446e2bf31c5

HTTP Headers

GET /d/.js?lpref=&lpurl=https%3A%2F%2Fbabesroulette.com%2Flanders%2Flander18%2F%3Fclickid%3Dwqbf73hbgmk8i8ok2i04l16o%26source%3D3e1955b7-ea84-48f3-bffb-03a175abdbc8%26cep%3Dq4G9VettgruAJLiNdqAmwg6huP3E80Q37bzVMcv82oFPg8y8Byr1cToDWC9h_PQBL-7OJSQzecby5lcO-Zzb8CX6XVtjJpKgip1FZQbFF5VDOghd2g3Mn2h_Z11L2xOOWtQvRRQwbqrWrcXVM437z-f_54Qpatalot7n2kOSwuvfaredt9lFLSpCdi2ttCRIk5lVYYvx9JVCOLSpDkOqhbH_3GvkTdSMJurZzpQZs9ct68DgNXiQWmsS7Va0O4rYqjxSld1GMKd_ZV8L1H6F56cAH6UfALQyXj2nlzqVM7zxoSIM0X1uQ-otUgMnXNHYSAis4j3nSyuzOh-STQeuFUT8TBKgwMWDaYzL9sgRnURclCVXXMiI_axc-DI-6GNP%26lptoken%3D162569ac45b049018059&lpt=Title%20here&t=1669453180250 HTTP/1.1
Host: dratingmaject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://babesroulette.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 26 Nov 2022 08:59:41 GMT
content-type: application/javascript;charset=UTF-8
content-length: 2989
access-control-allow-origin: *
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

216.58.207.195

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
216.58.207.195:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://babesroulette.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 18:53:49 GMT
expires: Thu, 23 Nov 2023 18:53:49 GMT
cache-control: public, max-age=31536000
age: 223552
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

push.services.mozilla.com/

34.208.34.131

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
34.208.34.131:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: tR0XW7X6NJ6l5y6/Sail2g==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: ZpHHpHKCgDG2wtx3XEkq9MmPjLI=

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
b05606331c6f88a724d9e404e62974e4
72176bc6b618fbbe567b5746ed54e14d381a9815
7179b3d4ee227d9bf6d768a5fb1a9499f285d5949d21893c9a6997da8ea7b026

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 08:59:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8bb181e3f5ca898c6e31a8efc2e28291
eda3a91f8e2cbc5467da08ad85e6f6a30702b66c
0e943aacb4a46480ab031ef294a0e089976ec125c331c15116b6c79f6b0f2ff0

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E943AACB4A46480AB031EF294A0E089976EC125C331C15116B6C79F6B0F2FF0"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10885
Expires: Sat, 26 Nov 2022 12:01:07 GMT
Date: Sat, 26 Nov 2022 08:59:42 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8bb181e3f5ca898c6e31a8efc2e28291
eda3a91f8e2cbc5467da08ad85e6f6a30702b66c
0e943aacb4a46480ab031ef294a0e089976ec125c331c15116b6c79f6b0f2ff0

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E943AACB4A46480AB031EF294A0E089976EC125C331C15116B6C79F6B0F2FF0"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10885
Expires: Sat, 26 Nov 2022 12:01:07 GMT
Date: Sat, 26 Nov 2022 08:59:42 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8bb181e3f5ca898c6e31a8efc2e28291
eda3a91f8e2cbc5467da08ad85e6f6a30702b66c
0e943aacb4a46480ab031ef294a0e089976ec125c331c15116b6c79f6b0f2ff0

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E943AACB4A46480AB031EF294A0E089976EC125C331C15116B6C79F6B0F2FF0"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10885
Expires: Sat, 26 Nov 2022 12:01:07 GMT
Date: Sat, 26 Nov 2022 08:59:42 GMT
Connection: keep-alive

deefauph.com/pfe/current/micro.tag.min.js?z=4740019&ymid=wqbf73hbgmk8i8ok2i04l16o&var=3e1955b7-ea84-48f3-bffb-03a175abdbc8&sw=/sw-check-permissions-2e801.js

139.45.197.251

200 OK

37 kB

URL HTTP/2
deefauph.com/pfe/current/micro.tag.min.js?z=4740019&ymid=wqbf73hbgmk8i8ok2i04l16o&var=3e1955b7-ea84-48f3-bffb-03a175abdbc8&sw=/sw-check-permissions-2e801.js
IP
139.45.197.251:0
ASN
#9002 RETN Limited

File type
data
Size
37 kB (37261 bytes)
Hash
9ffe8211f87e63a276eb460c88ef999c
1e6b7f30445b06efa17b74f3c9c7b164beabcff8
d64edf29f43c03c79921b07fb49a2a8a3f4d899fd28743c4cdc7f561e063986f

HTTP Headers

GET /pfe/current/micro.tag.min.js?z=4740019&ymid=wqbf73hbgmk8i8ok2i04l16o&var=3e1955b7-ea84-48f3-bffb-03a175abdbc8&sw=/sw-check-permissions-2e801.js HTTP/1.1
Host: deefauph.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://babesroulette.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 26 Nov 2022 08:59:41 GMT
content-type: application/javascript
last-modified: Thu, 24 Nov 2022 15:53:54 GMT
etag: W/"637f9392-12fca"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf04cc9f-ee4b-42fd-914f-cd86b9dc30eb.jpeg

34.120.237.76

200 OK

3.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf04cc9f-ee4b-42fd-914f-cd86b9dc30eb.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
3.5 kB (3502 bytes)
Hash
a783df85f30f9c555f9df6b99f61744d
61f9bed607e81606be78285596acdc5e0e4f4994
19db42201d0fa059f680d890ede6683c04e893e6308a2256d0203f826a7f34de

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf04cc9f-ee4b-42fd-914f-cd86b9dc30eb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 3502
x-amzn-requestid: ca3f2610-e03c-48a7-abb3-fbbab76f63d2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cCvYUHO5IAMFqDA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637dc5ce-7e36137711dc4668278c1c94;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 07:03:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: QS3ZKYetcm87GNwSr34eRPF2d4r8ppwf3fT19aV-u84f7ObX4bU8wQ==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 07:13:26 GMT
age: 6376
etag: "61f9bed607e81606be78285596acdc5e0e4f4994"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F88ca6be9-2485-4243-a3fe-1e61449736dd.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.4 kB (6431 bytes)
Hash
801dd70f0c591086062e2a9054f78efc
6a2f4d4bfec41d16fa84b0a9b0b13f7dcff2be3d
ba28f27ea906aaa6db1fbdca53ecbd4366b99d2696fb888e47b731e21c0f82da

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F88ca6be9-2485-4243-a3fe-1e61449736dd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6431
x-amzn-requestid: 0daa58b7-3fd8-463f-85f5-6f84fdb17661
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLVOBEpEIAMF87A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6381358c-3f8b9c18598ba2532518668d;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:37:16 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: PuOd4PnHQfvwM2zDA15uprEEgoy7BfUUgjvkrf89DYmN43XfEfyJvg==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 21:49:35 GMT
age: 40207
etag: "6a2f4d4bfec41d16fa84b0a9b0b13f7dcff2be3d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.3 kB (4309 bytes)
Hash
841a4b110022a99ddea6f7bf66df0fa1
126771b86638108050cf57c0d12faa27f80f0edb
240fbffc1f9104433297d3ff7afba2d0b58d7f1b13d9a9260a1bad25216665db

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4309
x-amzn-requestid: 47c2739d-73c5-4d91-914c-fe635cb09772
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b1U8xGxgIAMF-qQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63786851-6fbe19dc5c4c20dd657604e3;Sampled=0
x-amzn-remapped-date: Sat, 19 Nov 2022 05:23:29 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ezHvyK3va4SioabOjSittTiLQRs_Q8k4TPxkiGp_svtZ8omDPTUN-A==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 05:04:28 GMT
age: 14114
etag: "126771b86638108050cf57c0d12faa27f80f0edb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcc7a5b86-3ad1-40c7-b173-8a9ac078c227.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.9 kB (8913 bytes)
Hash
5088223f5973e3cd56f03f50a1e84b79
0b6c9b51d10762a4747286ab5b1c2354fa39c622
8159e4f7eec7bea518bb29e3fdb070bab4fb70116205577f7b7d74ad4d0dfbc7

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcc7a5b86-3ad1-40c7-b173-8a9ac078c227.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8913
x-amzn-requestid: d0a9414c-eccf-44e8-adb7-92654544eeb5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLWWXEpeIAMFnzw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6381375b-5825510666b3e80a5f83cafa;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:44:59 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: LDrq5UcFhG63XFZhmeS5Z_mEkwrvuQ2bLfT8hV9I3E1s1lJLZF5Dww==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 21:46:24 GMT
age: 40398
etag: "0b6c9b51d10762a4747286ab5b1c2354fa39c622"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F30fddcf4-c88b-41c3-90f7-a4530639de73.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.0 kB (7025 bytes)
Hash
7e0c5064718601e80b7bfc931120ff70
741e5e48c4fb170efee9b611be5638d999a09bd2
d0b1537f43277e7f59152e6272d4f3888ab4618fa7fe0e4b24e2f851dbf0f4cd

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F30fddcf4-c88b-41c3-90f7-a4530639de73.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7025
x-amzn-requestid: 2c9cd3bc-80d4-4578-a0aa-4f1ff7f19d30
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLVNYGwaIAMFU8w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63813588-0c66a293144f894f001ae0cf;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:37:12 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: gxs4AeIklafRh02vSn6hA5r7MZagrQsqNR0zhpl5HHiQhQEswFc8RQ==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 21:48:35 GMT
age: 40267
etag: "741e5e48c4fb170efee9b611be5638d999a09bd2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6c125eba-03aa-443e-b99e-10c7890258e8.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.8 kB (9787 bytes)
Hash
95101ded0fe92a85649a086992948008
afed98649590f2524a9e530c53eebbc1ba36da6a
7f754cb2105494045efe657c47313e77bb26361ca45a6f8cbce1fdb52a15ba01

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6c125eba-03aa-443e-b99e-10c7890258e8.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-length: 9787
x-amzn-requestid: 51d9848a-868c-4e51-b1a8-30596d0108b6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLUfxHjToAMFeGA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63813464-749244df2aa06b23445d675c;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:32:20 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: mSCEUQ3aOXg6rxJV0iWPgFZ6TE2pCucWwOI3KAsdbu_EadcDDa5vwg==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 559326ad73233233a9e52cb9e8601ede.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 22:07:47 GMT
age: 39122
etag: "afed98649590f2524a9e530c53eebbc1ba36da6a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

deefauph.com/zone?&pub=0&zone_id=4740019&is_mobile=false&domain=babesroulette.com&var=3e1955b7-ea84-48f3-bffb-03a175abdbc8&ymid=wqbf73hbgmk8i8ok2i04l16o&var_3=&dsig=&action=prerequest

139.45.197.251

200 OK

0 B

URL HTTP/2
deefauph.com/zone?&pub=0&zone_id=4740019&is_mobile=false&domain=babesroulette.com&var=3e1955b7-ea84-48f3-bffb-03a175abdbc8&ymid=wqbf73hbgmk8i8ok2i04l16o&var_3=&dsig=&action=prerequest
IP
139.45.197.251:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /zone?&pub=0&zone_id=4740019&is_mobile=false&domain=babesroulette.com&var=3e1955b7-ea84-48f3-bffb-03a175abdbc8&ymid=wqbf73hbgmk8i8ok2i04l16o&var_3=&dsig=&action=prerequest HTTP/1.1
Host: deefauph.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://babesroulette.com
Connection: keep-alive
Referer: https://babesroulette.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 200 OK
server: nginx
date: Sat, 26 Nov 2022 08:59:49 GMT
content-length: 0
x-trace-id: fadb8a41a6559f83164d7db71aafaaa0
access-control-allow-origin: https://babesroulette.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

babesroulette.com/landers/lander18/?clickid=wqbf73hbgmk8i8ok2i04l16o&source=3e1955b7-ea84-48f3-bffb-03a175abdbc8&cep=q4G9VettgruAJLiNdqAmwg6huP3E80Q37bzVMcv82oFPg8y8Byr1cToDWC9h_PQBL-7OJSQzecby5lcO-Zzb8CX6XVtjJpKgip1FZQbFF5VDOghd2g3Mn2h_Z11L2xOOWtQvRRQwbqrWrcXVM437z-f_54Qpatalot7n2kOSwuvfaredt9lFLSpCdi2ttCRIk5lVYYvx9JVCOLSpDkOqhbH_3GvkTdSMJurZzpQZs9ct68DgNXiQWmsS7Va0O4rYqjxSld1GMKd_ZV8L1H6F56cAH6UfALQyXj2nlzqVM7zxoSIM0X1uQ-otUgMnXNHYSAis4j3nSyuzOh-STQeuFUT8TBKgwMWDaYzL9sgRnURclCVXXMiI_axc-DI-6GNP&lptoken=162569ac45b049018059

172.67.153.220

200 OK

0 B

URL HTTP/2
babesroulette.com/landers/lander18/?clickid=wqbf73hbgmk8i8ok2i04l16o&source=3e1955b7-ea84-48f3-bffb-03a175abdbc8&cep=q4G9VettgruAJLiNdqAmwg6huP3E80Q37bzVMcv82oFPg8y8Byr1cToDWC9h_PQBL-7OJSQzecby5lcO-Zzb8CX6XVtjJpKgip1FZQbFF5VDOghd2g3Mn2h_Z11L2xOOWtQvRRQwbqrWrcXVM437z-f_54Qpatalot7n2kOSwuvfaredt9lFLSpCdi2ttCRIk5lVYYvx9JVCOLSpDkOqhbH_3GvkTdSMJurZzpQZs9ct68DgNXiQWmsS7Va0O4rYqjxSld1GMKd_ZV8L1H6F56cAH6UfALQyXj2nlzqVM7zxoSIM0X1uQ-otUgMnXNHYSAis4j3nSyuzOh-STQeuFUT8TBKgwMWDaYzL9sgRnURclCVXXMiI_axc-DI-6GNP&lptoken=162569ac45b049018059
IP
172.67.153.220:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /landers/lander18/?clickid=wqbf73hbgmk8i8ok2i04l16o&source=3e1955b7-ea84-48f3-bffb-03a175abdbc8&cep=q4G9VettgruAJLiNdqAmwg6huP3E80Q37bzVMcv82oFPg8y8Byr1cToDWC9h_PQBL-7OJSQzecby5lcO-Zzb8CX6XVtjJpKgip1FZQbFF5VDOghd2g3Mn2h_Z11L2xOOWtQvRRQwbqrWrcXVM437z-f_54Qpatalot7n2kOSwuvfaredt9lFLSpCdi2ttCRIk5lVYYvx9JVCOLSpDkOqhbH_3GvkTdSMJurZzpQZs9ct68DgNXiQWmsS7Va0O4rYqjxSld1GMKd_ZV8L1H6F56cAH6UfALQyXj2nlzqVM7zxoSIM0X1uQ-otUgMnXNHYSAis4j3nSyuzOh-STQeuFUT8TBKgwMWDaYzL9sgRnURclCVXXMiI_axc-DI-6GNP&lptoken=162569ac45b049018059 HTTP/1.1
Host: babesroulette.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
date: Sat, 26 Nov 2022 08:59:40 GMT
content-type: text/html
last-modified: Thu, 25 Aug 2022 23:06:49 GMT
x-powered-by: PleskLin
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TAo9QiCSinZrpcxnodVc6qTPSVHYVdCcMCYpH%2BNoQthqbbIoeWOk00RglE%2FUCd6tqNWZqOHF9u164BrYBE9nz%2BUPgfuc4vvwY8XwlG10I3tb%2BPad3BONCs9yjUitZrsAyHLLUA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77016dea48300b61-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Roboto:100,100italic,300,400,400italic,300italic,500,500italic,700,700italic

142.250.74.10

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css?family=Roboto:100,100italic,300,400,400italic,300italic,500,500italic,700,700italic
IP
142.250.74.10:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css?family=Roboto:100,100italic,300,400,400italic,300italic,500,500italic,700,700italic HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://babesroulette.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 26 Nov 2022 08:59:41 GMT
date: Sat, 26 Nov 2022 08:59:41 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (6)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

HTTP Transactions (33)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP