Report - easy-lay.com/?sub1=639c955014faad000190be19&sub2=&affiliate

Report Overview

Submitted URL
easy-lay.com/?sub1=639c955014faad000190be19&sub2=&affiliate_id=1698&source=&mst=2&sub3=
IP
188.114.97.1
ASN
#13335 CLOUDFLARENET
Submitted
2022-12-16 15:57:34
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	54.148.84.125
www.clarity.ms	1404	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	369 B	518 B	13.107.238.53
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.7 kB	6.5 kB	142.250.74.131
icalendar.datingtopgirls.com	260095	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	373 B	2.1 kB	31.220.24.141
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.4 kB	5.5 kB	93.184.220.29
el.datingtopgirls.com	392973	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	393 B	35 kB	31.220.24.141
c.bing.com	247	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	468 B	795 B	204.79.197.200
b.clarity.ms	3462	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	440 B	281 B	20.75.32.255
easy-lay.com	254260	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.6 kB	4.9 kB	172.67.181.117
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	391 B	34.117.237.239
ocsp.sca1b.amazontrust.com	1015	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	350 B	1.0 kB	143.204.42.158
botd.fpapi.io	297160	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	910 B	5.0 kB	54.167.181.12
region1.analytics.google.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	800 B	559 B	216.239.32.36
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.4 kB	8.9 kB	95.101.11.115
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	35.241.9.150
static.cloudflareinsights.com	1294	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	449 B	6.6 kB	104.16.57.101
www.googleoptimize.com	1604	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	381 B	45 kB	142.250.74.174
my.rtmark.net	9054	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	945 B	1.9 kB	139.45.195.8
c.clarity.ms	803	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	837 B	1.2 kB	20.234.93.27
www.google.no	25607	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	476 B	694 B	142.250.74.163
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.8 kB	72 kB	34.120.237.76
fonts.googleapis.com	8877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	393 B	1.6 kB	142.250.74.106
www.googletagmanager.com	75	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	378 B	58 kB	142.250.74.168
stats.g.doubleclick.net	96	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	476 B	559 B	74.125.205.156

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-12-16	medium	icalendar.datingtopgirls.com/icalendar.js	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (25)

	URL	Size	First Seen	Last Seen
	easy-lay.com/tt	231 B	2023-03-09	2023-03-09
Pretty URL easy-lay.com/tt IP 104.21.48.74 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 12:18:31 Last Seen2023-03-09 12:18:31 Times Seen1 Hash 178cda2c59ddc04e3eaf2e0bacea6a19 e872e173435165cfc20df1e4b52c1d1cb15317b5 975131ab563c85c6b63159a0ac88e22e59eaf1dd98499a4832993a59bd8d90b7 Loading...

	easy-lay.com/js/script.js?82	12 kB	2023-03-08	2023-03-26
Pretty URL easy-lay.com/js/script.js?82 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 03:24:10 Last Seen2023-03-26 00:16:44 Times Seen8 Hash 6855532b091e028a339171c55834e4a3 8c2f4a43bd7fc25d532392105b8e830769b43a20 ea4e519e27a134a65801c8498d0f57c16f8bde82799f951fe59748f8f2eabfe2 Loading...

	easy-lay.com/fav/el/js/script.js?82	182 B	2023-03-07	2023-03-17
Pretty URL easy-lay.com/fav/el/js/script.js?82 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:20:39 Last Seen2023-03-17 12:47:52 Times Seen1 Hash 67d8b2043b84a7fbda205f5e6e69cc57 57fc3af147cad3c441628c56c200e338f79ea7c2 6a397734fd24fd54fab407d0244016fe3dfcd2edee93ba425f778b4181b251a0 Loading...

	icalendar.datingtopgirls.com/icalendar.js	5.9 kB	2023-03-07	2023-03-17
Pretty URL icalendar.datingtopgirls.com/icalendar.js IP 31.220.24.141 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:26 Last Seen2023-03-17 12:47:52 Times Seen1 Hash 1542e1c96753770e587968d803376c9a c49a24c38a498620e420951e65ddf65f46dda447 2887db4531172d1c88a4d6b55bda50c5f0dacb95918e2666129cda5d8ec98a8b Loading...

	www.googletagmanager.com/gtm.js?id=GTM-T76Q9QX	158 kB	2023-03-09	2023-03-09
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-T76Q9QX IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 12:18:31 Last Seen2023-03-09 12:18:31 Times Seen1 Hash 482afde86ffb9298d58bcd55118b7804 83734be8a3fb1ee2345711dcbf1e046edd8ad757 8ff63fd62c437bb6548348e657bd2f36b1d640af31c1910e884b38acc883302d Loading...

	easy-lay.com/tt	516 B	2023-03-09	2023-03-09
Pretty URL easy-lay.com/tt IP 104.21.48.74 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 12:18:31 Last Seen2023-03-09 12:18:31 Times Seen1 Hash 5b380b5e521eea8f04845eca249cc745 806694eb411db085c399a42f7ccf629bfe17011b 7970a6f870ef37ef5abd56c9d0324d938a497772f4ec8c47c4d4362282716ec1 Loading...

	static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993	17 kB	2023-03-08	2024-02-28
Pretty URL static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993 IP 104.16.57.101 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:25:00 Last Seen2024-02-28 12:44:37 Times Seen1362 Hash 33100f2355611b2375f05486299abf05 0b2d1b75f6695e67b884bee2eb72165d6e881a26 0f48c5678ce459a596423b0e55344e7ad8eb3d3b1b27c54cd76a9d4cee7dd6c3 Loading...

	easy-lay.com/tt	100 B	2023-03-07	2024-02-02
Pretty URL easy-lay.com/tt IP 104.21.48.74 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:26 Last Seen2024-02-02 00:56:36 Times Seen139 Hash 6657d5cb319244c6cf4c7378f47596e1 cb008f36db33ff73fa420f12425c18e65a3053ff 1bbc661e1e53aa8c4b872fba1e02a35e276b0a21bfe29d3c93a57257d6546aa6 Loading...

	easy-lay.com/tt	1.4 kB	2023-03-09	2023-03-09
Pretty URL easy-lay.com/tt IP 104.21.48.74 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 12:18:31 Last Seen2023-03-09 12:18:31 Times Seen1 Hash f5e3239a71744ffccea08e224983bcf8 e039ed2f67374eff18683af2d606cbc1b83fe506 0273e43efabd91f8308051dd062e1a29cf495f3c8ebc30678891f7b677b62d49 Loading...

	easy-lay.com/tt	381 B	2023-03-07	2024-04-25
Pretty URL easy-lay.com/tt IP 104.21.48.74 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:26 Last Seen2024-04-25 08:02:51 Times Seen483 Hash 2d63d2fc063a3b79517968ef422bfae2 3f5020fc07330429b607f808fc5373f5bede54a0 5c0085f5aec987d46f3ebd4a6ed616c806878b0a82cf6f8c926cb41925d637d1 Loading...

	easy-lay.com/tt	549 B	2023-03-07	2024-01-27
Pretty URL easy-lay.com/tt IP 104.21.48.74 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:20:39 Last Seen2024-01-27 00:28:52 Times Seen16 Hash 8cb5927ea644de865ad4e031bf42e51a eba9139c96ad1a98da622d259333b76c094570f5 e30c7634986a5453d76cdaff0eae5cf67ec0f24650f21a09e88b644f025b6d25 Loading...

	unknown	0 B	2023-03-07	2024-04-25
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-25 19:38:45 Times Seen37071475 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	easy-lay.com/t/event/v4?e_t=pageview&url=https%253A%252F%252Feasy-lay.com%252Ftt&ref=&d_r=1&d_s=1280x1024&d_w=1280x939&t_s=1671206240320&t_i=1671206240603&u_tz=0&u_l=en-US&u_l2=&u_l3=&n_c=&n_s=&pv_uid=c6bcd4e8-80d8-4a70-aee3-17c29f576bfe&nav_rc=0&nav_nt=NAVIGATE&p_nn=easy-lay&p_pt=&p_tt=desktop&p_l=en&p_z=NONAUTHORIZED&p_u_m_id=&p_u_s=GUEST&p_u_v_id=639c955014faad000190be19&fpid_sa=1671206240603&fpid=&feid_sa=1&sid_sa=1&feid=86a98dd2b6d57b89488cdb4f04c91f2f&sid=4854f3cd68268d3da404f5d4b6f248ba&u_adb=0&vn=S-2.8.3&s_rst=1&st_d=%7B%7D&e_d=%7B%22affid%22%3A%221698%22%2C%22source%22%3A%22unknown%22%2C%22page_id%22%3A%228bd1d77f759ab2828d67bb0d0c767ebe%22%2C%22tour%22%3A%22t%2F02%22%7D&t_op=0.266&cb=gl.cb.pv	65 B	2023-03-09	2023-03-09
Pretty URL easy-lay.com/t/event/v4?e_t=pageview&url=https%253A%252F%252Feasy-lay.com%252Ftt&ref=&d_r=1&d_s=1280x1024&d_w=1280x939&t_s=1671206240320&t_i=1671206240603&u_tz=0&u_l=en-US&u_l2=&u_l3=&n_c=&n_s=&pv_uid=c6bcd4e8-80d8-4a70-aee3-17c29f576bfe&nav_rc=0&nav_nt=NAVIGATE&p_nn=easy-lay&p_pt=&p_tt=desktop&p_l=en&p_z=NONAUTHORIZED&p_u_m_id=&p_u_s=GUEST&p_u_v_id=639c955014faad000190be19&fpid_sa=1671206240603&fpid=&feid_sa=1&sid_sa=1&feid=86a98dd2b6d57b89488cdb4f04c91f2f&sid=4854f3cd68268d3da404f5d4b6f248ba&u_adb=0&vn=S-2.8.3&s_rst=1&st_d=%7B%7D&e_d=%7B%22affid%22%3A%221698%22%2C%22source%22%3A%22unknown%22%2C%22page_id%22%3A%228bd1d77f759ab2828d67bb0d0c767ebe%22%2C%22tour%22%3A%22t%2F02%22%7D&t_op=0.266&cb=gl.cb.pv IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 12:18:31 Last Seen2023-03-09 12:18:31 Times Seen1 Hash c5917c047834c697713c21c741f3ade9 255ede5665d4236da6577da32a5c73fe8094bb44 ca0e9c9129ef646c876cf9e9ba29b350eb17b4683ef80b5b6652d4f7bf083c76 Loading...

	easy-lay.com/fav/el/js/tt/02/main.js?82	5.2 kB	2023-03-08	2023-03-17
Pretty URL easy-lay.com/fav/el/js/tt/02/main.js?82 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:36:52 Last Seen2023-03-17 12:47:52 Times Seen1 Hash 22e8afd3149af924e8f4eb07f72c7328 86b87e0f7519b57523da7b1ca619c15d6f5c2f0d 8c9353d934631facae4b301308ef90bfa32882b139c9cf904b7bba9fbf193575 Loading...

	www.clarity.ms/eus2/s/0.7.1/clarity.js	57 kB	2023-03-09	2023-11-05
Pretty URL www.clarity.ms/eus2/s/0.7.1/clarity.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 10:22:27 Last Seen2023-11-05 22:32:51 Times Seen3 Hash b9b253f431c87fd6d386778bb4f53db8 7e1615b8e242a06e0631ed4e0662cc3fb6487fc6 da5186fe0bb5dd59e7ece6ee7efac70c31755611e385fa423585572cb9628fcf Loading...

	easy-lay.com/js/main.js?82	24 kB	2023-03-07	2023-03-17
Pretty URL easy-lay.com/js/main.js?82 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:31:41 Last Seen2023-03-17 12:47:52 Times Seen1 Hash 2cc8c012627c00ba257b84425b55e9e4 1fc7ad744f1eb3f195140dace57eecc62d2fd80f 4eed62e402335ca04f23bef09046e4c62acc16d67482e6089d114354b77dbbdf Loading...

	easy-lay.com/fav/el/js/jquery-3.3.1.min.js	87 kB	2023-03-07	2024-04-25
Pretty URL easy-lay.com/fav/el/js/jquery-3.3.1.min.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:26 Last Seen2024-04-25 08:02:52 Times Seen12145 Hash af4078402c5e090d3f81d1abd71e2250 9592732de681f4365e9b7016dc5cf76e2a55ee9b 8603b20b548270423fb03c2138c16f5f863ead4c48eb0999167df869e2eef8a6 Loading...

	easy-lay.com/tt	33 B	2023-03-07	2023-10-16
Pretty URL easy-lay.com/tt IP 104.21.48.74 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:58:52 Last Seen2023-10-16 08:02:38 Times Seen117 Hash 8dbba962f13697f99ed698b6c7b8bff1 2780151745bf59ad74e28bac3be556a13d160596 798f3fd7c6503da88144be4e39f30d1c056b0cdff5deab0b2a752642f20f35f3 Loading...

	easy-lay.com/js/notify.js?82	2.9 kB	2023-03-07	2023-03-17
Pretty URL easy-lay.com/js/notify.js?82 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 15:25:21 Last Seen2023-03-17 12:47:52 Times Seen1 Hash a36984dbb2e2fc58ceed2df6de66fce3 43f4bbef2dd1fd000abf72336ccfb901d5b102d2 9a4a793d9d5fdb3d9c959cfb8aa98177439dcc67c1255520073fc2403692aa42 Loading...

	http:blank	580 B	2023-03-09	2023-03-09
Pretty URL http:blank IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 12:18:31 Last Seen2023-03-09 12:18:31 Times Seen1 Hash 4ac06edc555a320e037d278107cf2756 7c48c47acfba0820d750daee192cb55b00fb62ed fe3512ee07e44dd37e86e3da8211806ac4d75f43a77b9d59f114e11d0a72cd64 Loading...

	easy-lay.com/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1671192000	42 kB	2023-03-09	2023-03-09
Pretty URL easy-lay.com/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1671192000 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 12:18:31 Last Seen2023-03-09 12:18:31 Times Seen1 Hash 9683f06b2686ab378a3ec01b3b0f3040 a74d814fedf5f7470993dec5ca724f3abc130a4d 07be52c7a5d89b2124664b95885485f1d1dd6f4ef59f1213f0ba516630653e57 Loading...

	www.clarity.ms/tag/bvsqia2v2y?ref=gtm	865 B	2023-03-09	2023-03-13
Pretty URL www.clarity.ms/tag/bvsqia2v2y?ref=gtm IP 13.107.238.53 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 10:29:15 Last Seen2023-03-13 07:03:40 Times Seen1 Hash 16a07c173f244151ece9185bac7c5d3f fd6a3bf7f0777154eb2dcede2eb619d7c4ab78d0 3bd6524149904b4d70eba79c3d20f7020fdc26a7e0b63a66f683638c594ed410 Loading...

	easy-lay.com/tt	1.0 kB	2023-03-09	2023-03-09
Pretty URL easy-lay.com/tt IP 104.21.48.74 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 12:18:31 Last Seen2023-03-09 12:18:31 Times Seen1 Hash fd6d86d964bce05835ef6d77d0eab909 eff0f4b29e7c2c96f9c5a494db0ac34a2929f330 1389d597609ba1db340a17ffe5b317ad7e58c0eb552caec03b9240e53132d866 Loading...

	my.rtmark.net/p.js?f=sync&lr=1&partner=bea467c9e34e8272bd1bf9a4a452ac3653f0e23d224530e911cd838f39a107cc	697 B	2023-03-08	2024-02-25
Pretty URL my.rtmark.net/p.js?f=sync&lr=1&partner=bea467c9e34e8272bd1bf9a4a452ac3653f0e23d224530e911cd838f39a107cc IP 139.45.195.8 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:23:15 Last Seen2024-02-25 15:06:23 Times Seen1042 Hash 1ba2794f0f7dd2b29159959320fd42bd 8e73fa295266b44f59b5bc53cafb7febe3c85e39 3ae0c3406428498610c125ba13450e55a412406359bd6b2cf21bdf5f5be4486c Loading...

	www.googleoptimize.com/optimize.js?id=OPT-NN2R6FM	112 kB	2023-03-09	2023-03-12
Pretty URL www.googleoptimize.com/optimize.js?id=OPT-NN2R6FM IP 142.250.74.174 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 10:08:35 Last Seen2023-03-12 15:16:32 Times Seen1 Hash dbd1abdf099ee76617a988fad3e5ea7f b69913980f0dd3cadacf6a10d54b38922d09299c a22dae965d31c21f4731b4f6a78497c04148fc7ef34daeed3146c0ebe818f672 Loading...

HTTP Transactions (56)

URL IP Response Size

easy-lay.com/?sub1=639c955014faad000190be19&sub2=&affiliate_id=1698&source=&mst=2&sub3=

172.67.181.117

301 Moved Permanently

549 B

URL HTTP/1.1
easy-lay.com/?sub1=639c955014faad000190be19&sub2=&affiliate_id=1698&source=&mst=2&sub3=
IP
172.67.181.117:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (386), with CRLF, LF line terminators
Size
549 B (549 bytes)
Hash
a240e58bb1d1962378043f7ea030b85e
7b5997f668f9a3364cff0d7895cf204e9a1d9973
669a2ba49d04057c6686460181fd3faf23deee22d99e5668a9ab51f5be1d501a

HTTP Headers

GET /?sub1=639c955014faad000190be19&sub2=&affiliate_id=1698&source=&mst=2&sub3= HTTP/1.1
Host: easy-lay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Date: Fri, 16 Dec 2022 15:57:22 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://easy-lay.com/?sub1=639c955014faad000190be19&sub2=&affiliate_id=1698&source=&mst=2&sub3=
CF-Cache-Status: DYNAMIC
Server-Timing: cf-q-config;dur=6.0000002122251e-06
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Rij2yOR4eruTD0XOvs%2FzE8ZJf%2BCkHwuQmhOsHcIc1hvssicPkBQQl2W2MnAgfOoMIAMd4w%2BRI5yUgFJKA9kXZ2M9gZ3cvN1seou1KqAqWoTTPK1wBh5toGQ7ckzws%2Fg%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 77a89d485f0ab523-OSL
alt-svc: h2=":443"; ma=60

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
381442da2a14cb93770f4c8f6e19d35b
31c48467751e2450a63004c57eea0c7872023eaf
61b0985f47033bd7020ab3b8cdcbc6c17be6ab9b6feba69e006088b78e21c0f0

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "61B0985F47033BD7020AB3B8CDCBC6C17BE6AB9B6FEBA69E006088B78E21C0F0"
Last-Modified: Thu, 15 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6714
Expires: Fri, 16 Dec 2022 17:49:16 GMT
Date: Fri, 16 Dec 2022 15:57:22 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
4a5e9bc8b7891ac5f4552c29bcbaedb0
39735081eeb64eae477c61c1147daeb68fb37b22
c465efaf205ff2992af02c16187ca14a658cd5335b892903374f3adab32a8cd9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C465EFAF205FF2992AF02C16187CA14A658CD5335B892903374F3ADAB32A8CD9"
Last-Modified: Thu, 15 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2535
Expires: Fri, 16 Dec 2022 16:39:37 GMT
Date: Fri, 16 Dec 2022 15:57:22 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Backoff, Content-Length, Content-Type, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 16 Dec 2022 15:34:01 GMT
content-type: application/json
age: 1401
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
51bd0cc75ed746fd33c950eb12936b7e
4a1007ea6c6e4f5e8b4a7d1f85f7a3e329dc8f50
188d4a0d544f40048dc7476cb4f5e478f1eb49a8ef1d51699fb155d2ae258655

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "188D4A0D544F40048DC7476CB4F5E478F1EB49A8EF1D51699FB155D2AE258655"
Last-Modified: Tue, 13 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3609
Expires: Fri, 16 Dec 2022 16:57:31 GMT
Date: Fri, 16 Dec 2022 15:57:22 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: 0lOsHaG/8i0ioNp8Z7/d81D0iRx+bU7jMo4VbXmThm1uUWd/xgLmCAgYOSMwYFlIe74AfxuB86A=
x-amz-request-id: 5JEE2PG48Z8HY0HS
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 16 Dec 2022 15:53:18 GMT
age: 244
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 16 Dec 2022 15:57:22 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

278 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
278 B (278 bytes)
Hash
5710753e6f170f4581cd492e4b8ce2ff
09a2b11bb05082bfc47db28f381dd4659b6f1369
7dafac9922dd6535bc83e809945bfa970e00b257b4ddcb9b79a853c73b5f8b31

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=167973
Content-Type: application/ocsp-response
Date: Fri, 16 Dec 2022 15:57:22 GMT
Etag: "639c8287-116"
Expires: Sun, 18 Dec 2022 14:36:55 GMT
Last-Modified: Fri, 16 Dec 2022 14:36:55 GMT
Server: nginx
Content-Length: 278

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Last-Modified, ETag, Cache-Control, Alert, Content-Length, Pragma, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 16 Dec 2022 15:33:23 GMT
age: 1440
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

278 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
278 B (278 bytes)
Hash
5710753e6f170f4581cd492e4b8ce2ff
09a2b11bb05082bfc47db28f381dd4659b6f1369
7dafac9922dd6535bc83e809945bfa970e00b257b4ddcb9b79a853c73b5f8b31

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1
Cache-Control: max-age=167973
Content-Type: application/ocsp-response
Date: Fri, 16 Dec 2022 15:57:23 GMT
Etag: "639c8287-116"
Expires: Sun, 18 Dec 2022 14:36:56 GMT
Last-Modified: Fri, 16 Dec 2022 14:36:55 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 278

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
142400be99b933ea5e0c68ea6a6b3e89
80e94132940e5ebe69dd0a03396764127b8fda49
20e8cde3c6907a3c5d97fe9fbcf6a44035e1f7482f7e166adb2c38a30a9084ea

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5082
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 16 Dec 2022 15:57:23 GMT
Last-Modified: Fri, 16 Dec 2022 14:32:41 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

3.4 kB

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
3.4 kB (3374 bytes)
Hash
a1763b2e591692d266b20b79bd9663f5
5e39103a7a5231096760834b97060ed3be47c782
1756c04cbd36ef5d6d2f3f6e67edecc53e564e686b3d0118d3f85e63628273a5

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3580
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 16 Dec 2022 15:57:23 GMT
Last-Modified: Fri, 16 Dec 2022 14:57:43 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 279

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
f8d21614a5f07dffe6f4fb52c6133ce1
aefac3c1cd05fd22634f71247cd4dd2e6fa1be88
b0f085491438d08c58906100ae4ddc2fea2e4b34b333c8f3a5a2258fdfd7a51e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Dec 2022 15:57:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
f8d21614a5f07dffe6f4fb52c6133ce1
aefac3c1cd05fd22634f71247cd4dd2e6fa1be88
b0f085491438d08c58906100ae4ddc2fea2e4b34b333c8f3a5a2258fdfd7a51e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Dec 2022 15:57:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3d0b8a78c8c26f56f3e7663087e93cf4
05985b7d45fdcde615fbcd7de08b2108a20c5caf
a99f19e2ff2feec42bc0b32bbc37d3f68f647e7104cf35d35ede1da04cdf7854

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99F19E2FF2FEEC42BC0B32BBC37D3F68F647E7104CF35D35EDE1DA04CDF7854"
Last-Modified: Thu, 15 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19197
Expires: Fri, 16 Dec 2022 21:17:20 GMT
Date: Fri, 16 Dec 2022 15:57:23 GMT
Connection: keep-alive

fonts.googleapis.com/icon?family=Material+Icons

142.250.74.106

200 OK

844 B

URL HTTP/2
fonts.googleapis.com/icon?family=Material+Icons
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type
data
Size
844 B (844 bytes)
Hash
7ef1ab4edbd7c5b706ac19735fdf6957
34203ad62a5e95b594342420fc73c32952b1c763
33f42cc8d3e2446ca6b364a6e74b177fa67b01632f4cc2e129e7775cdff4a9d8

HTTP Headers

GET /icon?family=Material+Icons HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://easy-lay.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 16 Dec 2022 15:57:23 GMT
date: Fri, 16 Dec 2022 15:57:23 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

1.4 kB

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
1.4 kB (1356 bytes)
Hash
5b3286e8e18fbeded6fc693d3a1704c9
ef3db81ad688a3e9cb51c0be529545ff4d6daf1e
775d267e9650ca8e2f46350814b190c30a614e3731de87acdce4e225af3890d8

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Dec 2022 15:57:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

icalendar.datingtopgirls.com/icalendar.js

31.220.24.141

200 OK

1.8 kB

URL HTTP/1.1
icalendar.datingtopgirls.com/icalendar.js
IP
31.220.24.141:0
ASN
#39572 DataWeb Global Group B.V.

File type
ASCII text
Size
1.8 kB (1796 bytes)
Hash
d39f355915d9633385c213781d160c84
f22997c5f291268e4f7996b2664ad19c241fd31f
533ecbbbb80cdf2f49dc8333f2801b3ab1a508bacc1abedcde6872c622c0d92e

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /icalendar.js HTTP/1.1
Host: icalendar.datingtopgirls.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://easy-lay.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Fri, 16 Dec 2022 15:57:23 GMT
Content-Type: application/javascript
Last-Modified: Fri, 15 Apr 2022 08:51:55 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"6259322b-173d"
Content-Encoding: gzip

www.googletagmanager.com/gtm.js?id=GTM-T76Q9QX

142.250.74.168

200 OK

57 kB

URL HTTP/2
www.googletagmanager.com/gtm.js?id=GTM-T76Q9QX
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2985)
Size
57 kB (57329 bytes)
Hash
3ec3245b673e3e54bb0f2dc7612919d6
2bbea0e8b0271cb1454d6add7afdca42fd8fbbbd
e1b666195826914ded9c6a7e4dade9e543688b5638d05d0ae0279b28cd2c335a

HTTP Headers

GET /gtm.js?id=GTM-T76Q9QX HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://easy-lay.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 16 Dec 2022 15:57:23 GMT
expires: Fri, 16 Dec 2022 15:57:23 GMT
cache-control: private, max-age=900
last-modified: Fri, 16 Dec 2022 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 57329
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

el.datingtopgirls.com/util/101-small.jpg

31.220.24.141

200 OK

35 kB

URL HTTP/1.1
el.datingtopgirls.com/util/101-small.jpg
IP
31.220.24.141:0
ASN
#39572 DataWeb Global Group B.V.

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 240x240, components 3\012- data
Size
35 kB (34711 bytes)
Hash
a6da5fb31a41c05ae6b56256ce9a7f2e
5a821b399ba5b76313d9c5b79a0a3bda44e8d4e3
32ab5f3b385c1b3b756141ff6581b4042353b98a1f8d6e4993bccb5eaae2ae4c

HTTP Headers

GET /util/101-small.jpg HTTP/1.1
Host: el.datingtopgirls.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://easy-lay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Fri, 16 Dec 2022 15:57:23 GMT
Content-Type: image/jpeg
Content-Length: 34711
Last-Modified: Fri, 02 Apr 2021 14:16:22 GMT
Connection: keep-alive
ETag: "60672736-8797"
Accept-Ranges: bytes

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
d8ee7b5ed9f1ce2717492af01f420e1f
1e1cfe7134e0d88f1398c5e8b54c2632a7d3459b
1b0f0eff510a5eee48139d1f2a02a4f98109541998da638034bc04b05ef72d32

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Dec 2022 15:57:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

push.services.mozilla.com/

54.148.84.125

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.148.84.125:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 8EXS2ETpqz6vbdrZOpQUOA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: efFMKItxDyB+aagAGnVHgIEMMEY=

static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993

104.16.57.101

200 OK

6.2 kB

URL HTTP/2
static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993
IP
104.16.57.101:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (17031), with no line terminators
Size
6.2 kB (6158 bytes)
Hash
dfd1fdd9197381188d9240427038f970
85135c355457345ea5c9d08ef12a7f872cdb363b
c6307b7ecc7e28db203c3ba4660652eaa799fc238bd8b810374c9f4cd162e549

HTTP Headers

GET /beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://easy-lay.com
Connection: keep-alive
Referer: https://easy-lay.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 16 Dec 2022 15:57:23 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/2022.10.1
last-modified: Fri, 21 Oct 2022 01:56:09 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 77a89d4e4e76b509-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

www.googleoptimize.com/optimize.js?id=OPT-NN2R6FM

142.250.74.174

200 OK

44 kB

URL HTTP/2
www.googleoptimize.com/optimize.js?id=OPT-NN2R6FM
IP
142.250.74.174:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1921)
Size
44 kB (43945 bytes)
Hash
f6b50c9e56e9f1e6b78da178f10fda2f
73252d321ccbea968de4f42fa598507f0fa335b9
5a8ece491a037834d3a2e82ba16d06fd20dbb247da3465825b4091d23d72b904

HTTP Headers

GET /optimize.js?id=OPT-NN2R6FM HTTP/1.1
Host: www.googleoptimize.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://easy-lay.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 16 Dec 2022 15:57:23 GMT
expires: Fri, 16 Dec 2022 15:57:23 GMT
cache-control: private, max-age=900
last-modified: Fri, 16 Dec 2022 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43945
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

571 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
571 B (571 bytes)
Hash
7d9eaf334a509f71b9b54c5f1ccf05ac
23a4418d1c3a555c7cecc88292916e3138d21cb5
4fb76403381faa5aaf0e555dcb45418044309acdcdf207340d326539f220a2f2

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "738A1DD790976268299F326F60BE978515DC6EF2388DD44C0486EB7E627A8F53"
Last-Modified: Thu, 15 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7602
Expires: Fri, 16 Dec 2022 18:04:05 GMT
Date: Fri, 16 Dec 2022 15:57:23 GMT
Connection: keep-alive

my.rtmark.net/p.js?f=sync&lr=1&partner=bea467c9e34e8272bd1bf9a4a452ac3653f0e23d224530e911cd838f39a107cc

139.45.195.8

200 OK

697 B

URL HTTP/2
my.rtmark.net/p.js?f=sync&lr=1&partner=bea467c9e34e8272bd1bf9a4a452ac3653f0e23d224530e911cd838f39a107cc
IP
139.45.195.8:0
ASN
#9002 RETN Limited

File type
ASCII text
Size
697 B (697 bytes)
Hash
1ba2794f0f7dd2b29159959320fd42bd
8e73fa295266b44f59b5bc53cafb7febe3c85e39
3ae0c3406428498610c125ba13450e55a412406359bd6b2cf21bdf5f5be4486c

HTTP Headers

GET /p.js?f=sync&lr=1&partner=bea467c9e34e8272bd1bf9a4a452ac3653f0e23d224530e911cd838f39a107cc HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://easy-lay.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 16 Dec 2022 15:57:24 GMT
content-type: text/javascript
content-length: 697
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

c.clarity.ms/c.gif

20.234.93.27

302 Found

0 B

URL HTTP/2
c.clarity.ms/c.gif
IP
20.234.93.27:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /c.gif HTTP/1.1
Host: c.clarity.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://easy-lay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
location: https://c.bing.com/c.gif?CtsSyncId=EE05A22A2DAB4092BD0D63DA201B1D9F&RedC=c.clarity.ms&MXFR=38708306AA346CFC3A3D917AAE34629A
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
set-cookie: SM=T; domain=c.clarity.ms; path=/; SameSite=None; Secure;
MUID=38708306AA346CFC3A3D917AAE34629A; domain=.clarity.ms; expires=Wed, 10-Jan-2024 15:57:24 GMT; path=/; SameSite=None; Secure; Priority=High;
date: Fri, 16 Dec 2022 15:57:23 GMT
content-length: 0
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
8b1f3ab941f9af9d95c8b8de3919330c
581032c8d194a696e353070d25165321504c0176
852cc4977786c9e7c01867e8d4fafc93fa44fd1c4c6d25a9986cf6856aff991c

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Dec 2022 15:57:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

c.bing.com/c.gif?CtsSyncId=EE05A22A2DAB4092BD0D63DA201B1D9F&RedC=c.clarity.ms&MXFR=38708306AA346CFC3A3D917AAE34629A

204.79.197.200

302 Found

0 B

URL HTTP/2
c.bing.com/c.gif?CtsSyncId=EE05A22A2DAB4092BD0D63DA201B1D9F&RedC=c.clarity.ms&MXFR=38708306AA346CFC3A3D917AAE34629A
IP
204.79.197.200:0
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /c.gif?CtsSyncId=EE05A22A2DAB4092BD0D63DA201B1D9F&RedC=c.clarity.ms&MXFR=38708306AA346CFC3A3D917AAE34629A HTTP/1.1
Host: c.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://easy-lay.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
location: https://c.clarity.ms/c.gif?CtsSyncId=EE05A22A2DAB4092BD0D63DA201B1D9F&MUID=35EEECD16A8060A42DEEFEAD6BD76169
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
set-cookie: SRM_B=35EEECD16A8060A42DEEFEAD6BD76169; domain=c.bing.com; expires=Wed, 10-Jan-2024 15:57:24 GMT; path=/; SameSite=None; Secure;
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 16CAE1DC2289455F8E5499F0D1794F20 Ref B: OSL30EDGE0420 Ref C: 2022-12-16T15:57:24Z
date: Fri, 16 Dec 2022 15:57:24 GMT
content-length: 0
X-Firefox-Spdy: h2

www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-Q7W6GLM2DR&cid=33035647.1671206241&gtm=2oebu0&aip=1&z=166714945

142.250.74.163

200 OK

42 B

URL HTTP/2
www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-Q7W6GLM2DR&cid=33035647.1671206241&gtm=2oebu0&aip=1&z=166714945
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-Q7W6GLM2DR&cid=33035647.1671206241&gtm=2oebu0&aip=1&z=166714945 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://easy-lay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 16 Dec 2022 15:57:24 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

c.clarity.ms/c.gif?CtsSyncId=EE05A22A2DAB4092BD0D63DA201B1D9F&MUID=35EEECD16A8060A42DEEFEAD6BD76169

20.234.93.27

200 OK

42 B

URL HTTP/2
c.clarity.ms/c.gif?CtsSyncId=EE05A22A2DAB4092BD0D63DA201B1D9F&MUID=35EEECD16A8060A42DEEFEAD6BD76169
IP
20.234.93.27:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
32023bb33cfb2a1990a4ef2d85b6ac16
23dcc6d4b5bfe00357fd0248bb5955b8e36bb8f1
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

HTTP Headers

GET /c.gif?CtsSyncId=EE05A22A2DAB4092BD0D63DA201B1D9F&MUID=35EEECD16A8060A42DEEFEAD6BD76169 HTTP/1.1
Host: c.clarity.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://easy-lay.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
content-type: image/gif
last-modified: Mon, 12 Dec 2022 18:28:34 GMT
accept-ranges: bytes
etag: "ea79178b57ed91:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
set-cookie: ANONCHK=0; domain=c.clarity.ms; expires=Fri, 16-Dec-2022 16:07:24 GMT; path=/; SameSite=None; Secure;
date: Fri, 16 Dec 2022 15:57:23 GMT
content-length: 42
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
06612a702dd3686207e6a4031f79d34e
3a1be9901f9c9271b91a2b00ee7e6abc49086ba5
154da1479719d54b088120f2435ab08c2a44743abe2c2e67ae78db9537ecef40

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Dec 2022 15:57:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.sca1b.amazontrust.com/

143.204.42.158

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
143.204.42.158:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
aeb0d6a7f28ee9b4798e41ab1e154c1c
ef529456f777ed5e6394fbb2e6b8c73c99d7000e
e346a2f2efd5393851d5e704d62f69ec27dbb83f6ff0d0b6fa579add29c9366a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=129830
Date: Fri, 16 Dec 2022 15:57:24 GMT
Etag: "639bdcb1-1d7"
Expires: Sun, 18 Dec 2022 04:01:14 GMT
Last-Modified: Fri, 16 Dec 2022 02:49:21 GMT
Server: ECS (nyb/1D15)
X-Cache: Miss from cloudfront
Via: 1.1 a2b4f68a89fc87406bff22c95fc07fba.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: B1HSIBD7DTzrtSIC99LM05PKdgIJ9-rHUr2mjjXHcCE5OYY5OOZ-lA==
Age: 4313

botd.fpapi.io/api/v1/detect?version=0.1.23

54.167.181.12

200 OK

3.7 kB

URL HTTP/2
botd.fpapi.io/api/v1/detect?version=0.1.23
IP
54.167.181.12:0
ASN
#14618 AMAZON-AES

File type
data
Size
3.7 kB (3652 bytes)
Hash
733b5a61dc233223a05ae73aaff5bacc
34ea71da59a49a84634be3aaf57e065f40d1a9a4
b81440e03ce2edcb02593d4b1e6b745da9000813a31f41ec2552e765ac246b9f

HTTP Headers

POST /api/v1/detect?version=0.1.23 HTTP/1.1
Host: botd.fpapi.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://easy-lay.com/
Content-Type: text/plain
Origin: https://easy-lay.com
Content-Length: 21950
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 16 Dec 2022 15:57:24 GMT
content-type: application/octet-stream
content-length: 44
server: nginx
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Origin, Content-Length, Accept-Encoding, Authorization, Auth-Subscriptions, Botd-Password
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://easy-lay.com
x-amzn-trace-id: Root=1-639c9564-45a7d66059e3b07610d50615
X-Firefox-Spdy: h2

my.rtmark.net/img.gif?f=sync&partner=bea467c9e34e8272bd1bf9a4a452ac3653f0e23d224530e911cd838f39a107cc&ttl=&rurl=https%3A%2F%2Feasy-lay.com%2Ftt

139.45.195.8

200 OK

43 B

URL HTTP/2
my.rtmark.net/img.gif?f=sync&partner=bea467c9e34e8272bd1bf9a4a452ac3653f0e23d224530e911cd838f39a107cc&ttl=&rurl=https%3A%2F%2Feasy-lay.com%2Ftt
IP
139.45.195.8:0
ASN
#9002 RETN Limited

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

HTTP Headers

GET /img.gif?f=sync&partner=bea467c9e34e8272bd1bf9a4a452ac3653f0e23d224530e911cd838f39a107cc&ttl=&rurl=https%3A%2F%2Feasy-lay.com%2Ftt HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://easy-lay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 16 Dec 2022 15:57:24 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=5bb802ffd38244c9b0a1671190d8ab4d; expires=Sat, 16 Dec 2023 15:57:24 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

botd.fpapi.io/api/v1/verify

54.167.181.12

200 OK

326 B

URL HTTP/2
botd.fpapi.io/api/v1/verify
IP
54.167.181.12:0
ASN
#14618 AMAZON-AES

File type
JSON data\012- , ASCII text, with very long lines (325)
Size
326 B (326 bytes)
Hash
411f953ea187817907d227a36a2ada7f
61049136424cf4d4d877e4d2f8ba7e65825d929a
1dd586e6439354b4ccb5401fcd67b527493ba6f76afd73ed39f596aee80ecca0

HTTP Headers

POST /api/v1/verify HTTP/1.1
Host: botd.fpapi.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://easy-lay.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://easy-lay.com
Content-Length: 81
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 16 Dec 2022 15:57:24 GMT
content-type: application/json; charset=utf-8
content-length: 326
server: nginx
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Origin, Content-Length, Accept-Encoding, Authorization, Auth-Subscriptions, Botd-Password
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://easy-lay.com
x-amzn-trace-id: Root=1-639c9564-2592562a2146e05306d1ed3f
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
0e5a8cf5962c05bf28a3b45f5c8745e2
9c5d7e8aeab26f9fd2e753ab4dc65d6fa8ea955f
f614642045fcd0ee373ed6cabe67514f4bb54c7fb4f1181b52eaec12d7e0479e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F614642045FCD0EE373ED6CABE67514F4BB54C7FB4F1181B52EAEC12D7E0479E"
Last-Modified: Thu, 15 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16199
Expires: Fri, 16 Dec 2022 20:27:24 GMT
Date: Fri, 16 Dec 2022 15:57:25 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
0e5a8cf5962c05bf28a3b45f5c8745e2
9c5d7e8aeab26f9fd2e753ab4dc65d6fa8ea955f
f614642045fcd0ee373ed6cabe67514f4bb54c7fb4f1181b52eaec12d7e0479e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F614642045FCD0EE373ED6CABE67514F4BB54C7FB4F1181B52EAEC12D7E0479E"
Last-Modified: Thu, 15 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16199
Expires: Fri, 16 Dec 2022 20:27:24 GMT
Date: Fri, 16 Dec 2022 15:57:25 GMT
Connection: keep-alive

b.clarity.ms/collect

20.75.32.255

204 No Content

0 B

URL HTTP/2
b.clarity.ms/collect
IP
20.75.32.255:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /collect HTTP/1.1
Host: b.clarity.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 657
Origin: https://easy-lay.com
Connection: keep-alive
Referer: https://easy-lay.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
vary: Origin
server: Microsoft-IIS/10.0
request-context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
access-control-allow-origin: https://easy-lay.com
access-control-allow-credentials: true
date: Fri, 16 Dec 2022 15:57:24 GMT
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
0e5a8cf5962c05bf28a3b45f5c8745e2
9c5d7e8aeab26f9fd2e753ab4dc65d6fa8ea955f
f614642045fcd0ee373ed6cabe67514f4bb54c7fb4f1181b52eaec12d7e0479e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F614642045FCD0EE373ED6CABE67514F4BB54C7FB4F1181B52EAEC12D7E0479E"
Last-Modified: Thu, 15 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16199
Expires: Fri, 16 Dec 2022 20:27:24 GMT
Date: Fri, 16 Dec 2022 15:57:25 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
0e5a8cf5962c05bf28a3b45f5c8745e2
9c5d7e8aeab26f9fd2e753ab4dc65d6fa8ea955f
f614642045fcd0ee373ed6cabe67514f4bb54c7fb4f1181b52eaec12d7e0479e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F614642045FCD0EE373ED6CABE67514F4BB54C7FB4F1181B52EAEC12D7E0479E"
Last-Modified: Thu, 15 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16199
Expires: Fri, 16 Dec 2022 20:27:24 GMT
Date: Fri, 16 Dec 2022 15:57:25 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
0e5a8cf5962c05bf28a3b45f5c8745e2
9c5d7e8aeab26f9fd2e753ab4dc65d6fa8ea955f
f614642045fcd0ee373ed6cabe67514f4bb54c7fb4f1181b52eaec12d7e0479e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F614642045FCD0EE373ED6CABE67514F4BB54C7FB4F1181B52EAEC12D7E0479E"
Last-Modified: Thu, 15 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16199
Expires: Fri, 16 Dec 2022 20:27:24 GMT
Date: Fri, 16 Dec 2022 15:57:25 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F62fa3452-e15b-41dd-b257-cd6d8cfaea78.jpeg

34.120.237.76

200 OK

5.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F62fa3452-e15b-41dd-b257-cd6d8cfaea78.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.8 kB (5791 bytes)
Hash
c89c607de35e59fa4b8f79762af0f269
362e1b907abcaccb16b3750c21ed04e4fa91f04c
7b9a28ad984bc7544d0798ff38cf8e1ce9f2f21a0112c18ee127a7566ba683e4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F62fa3452-e15b-41dd-b257-cd6d8cfaea78.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5791
x-amzn-requestid: 2fb8518c-1fe3-426e-94ed-eea686005473
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dNRKYHeoIAMFgKA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639b9575-0e312c40469090d033c6fc6a;Sampled=0
x-amzn-remapped-date: Thu, 15 Dec 2022 21:45:25 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: -baQ_JUiZDWWBIizZVrOZrXdHTSgQbIJubNqHqA7Zjj-eKTvCNfKSg==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Dec 2022 22:09:08 GMT
age: 64097
etag: "362e1b907abcaccb16b3750c21ed04e4fa91f04c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

13 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ae976ce-079c-4e5f-b8b9-c1ee2adaa868.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
13 kB (12785 bytes)
Hash
78c629538ec0e3052bbfc30143472461
4730867561c6116e461a82d5448d7fb10d5df533
8987e66414a582c18eaf65e0c2139213817cdc524dcffe2abc4f4a7c7cb3342e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ae976ce-079c-4e5f-b8b9-c1ee2adaa868.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12785
x-amzn-requestid: 55fe73e5-e843-4f9b-88ee-fc3aa5365dc6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dNQQLFqaoAMFQHQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639b9400-0a135ed9618b37ea59813d56;Sampled=0
x-amzn-remapped-date: Thu, 15 Dec 2022 21:39:12 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: WKzermMXjxJ_I7wum86KjSEfxd-OvBXbsYdNCshK0n7mhnfb2fPHVw==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Dec 2022 22:25:03 GMT
age: 63142
etag: "4730867561c6116e461a82d5448d7fb10d5df533"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F119528a5-7370-4990-b83c-626c858ba99d.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.6 kB (8601 bytes)
Hash
20c9788db0532c15e2d42faffc192bba
5051c939cdedb14e313d7413c0dff5fa0eab50ea
0a2e782b848394b167d6e2a9b521be11d473e96048de715a22bd6afaf7c58057

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F119528a5-7370-4990-b83c-626c858ba99d.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8601
x-amzn-requestid: f3be9b43-d8d9-4862-b06a-bac1de46d2c1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dNQ84Hh6oAMFRGw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639b951f-3b85d738211ce0ff0f8e6e74;Sampled=0
x-amzn-remapped-date: Thu, 15 Dec 2022 21:43:59 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ZISFRsj2Nq7L27qJheQ33qkfyNdG5_q6S6BcV-dGgcUmvPnYUS2FmA==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Dec 2022 22:09:03 GMT
age: 64102
etag: "5051c939cdedb14e313d7413c0dff5fa0eab50ea"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fad9b3731-4e58-4b83-86cf-7f2ecd6c4eb1.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10132 bytes)
Hash
cab96eaa42941683dff4d1b6b093c007
ba5269c77dd0422ab275c9a3529fb2e1a1af6bc3
4fe48e9a35a50b7ae88f4b4de67aa82c4acbbe43aab655921f7bacb5524789f1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fad9b3731-4e58-4b83-86cf-7f2ecd6c4eb1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10132
x-amzn-requestid: 9484ad87-61cb-40e5-9823-930ec9925e02
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dH-dXEfTIAMFZQw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63997788-5dea61195ba653a87915845d;Sampled=0
x-amzn-remapped-date: Wed, 14 Dec 2022 07:13:12 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: VImsv72dpcwiDXWm67XU-rpUEuO5CMDwFs00DA9C6l-sKX5e2ChsQA==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 16 Dec 2022 06:51:09 GMT
age: 32776
etag: "ba5269c77dd0422ab275c9a3529fb2e1a1af6bc3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5326af81-e7e2-4d6c-93a6-779a6e46a642.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.0 kB (7028 bytes)
Hash
26fd0eea87bdde875285073a695d3005
03ec879b4eaef86b85f7528abecf1f383b9367d3
f0fbee34d53cc5ff66722caab6917f0833c778ed26b1b31a87424c06af7d480c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5326af81-e7e2-4d6c-93a6-779a6e46a642.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7028
x-amzn-requestid: f516be09-a7cf-486c-8bbd-75593c381048
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dJ8xJEPVIAMFdLw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639a41a0-00fdce7b73e084af4ce63583;Sampled=0
x-amzn-remapped-date: Wed, 14 Dec 2022 21:35:28 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: AUZTGtM2WUYSAjcONdieLwogB9Wav1U5Ouc4kydxuoC4_SbBj0PVdw==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Dec 2022 21:46:01 GMT
age: 65484
etag: "03ec879b4eaef86b85f7528abecf1f383b9367d3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe34f6337-b00d-4487-82ce-cbed5b4f3f4f.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.6 kB (7616 bytes)
Hash
0d2294cdacdc84b8b19874ba56035a6d
53009a81b15e464d5529d36b1e04b841b2ae034e
67d59aa026b43ed3f698f3853b986fc7c07e4e6e5f7b3551e59238f79978480a

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe34f6337-b00d-4487-82ce-cbed5b4f3f4f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7616
x-amzn-requestid: 71bbe208-11e3-4280-bf09-bff8bd18fcb4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c82fXGmPoAMF3Og=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63950462-12393ca432808b7f0b2771dc;Sampled=0
x-amzn-remapped-date: Sat, 10 Dec 2022 22:12:50 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: G1MopDnv-WOAbIBMe0v-V9xXeJIVDReKWSMG33dQt1q5GpK41RU0PQ==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 559326ad73233233a9e52cb9e8601ede.cloudfront.net (CloudFront), 1.1 google
date: Fri, 16 Dec 2022 07:15:01 GMT
age: 31344
etag: "53009a81b15e464d5529d36b1e04b841b2ae034e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

region1.analytics.google.com/g/collect?v=2&tid=G-Q7W6GLM2DR&gtm=2oebu0&_p=1311630446&_gaz=1&cid=33035647.1671206241&ul=en-us&sr=1280x1024&_s=1&sid=1671206241&sct=1&seg=0&dl=https%3A%2F%2Feasy-lay.com%2Ftt&dt=EasyLay.com%20-%20search%20all%20best%20free%20online%20dating%20sites&en=page_view&_fv=1&_nsi=1&_ss=1&up.visitor_id=639c955014faad000190be19&up.member_id=&up.tour=02&up.user_status=GUEST&up.networkname=easy-lay

216.239.32.36

204 No Content

0 B

URL HTTP/2
region1.analytics.google.com/g/collect?v=2&tid=G-Q7W6GLM2DR&gtm=2oebu0&_p=1311630446&_gaz=1&cid=33035647.1671206241&ul=en-us&sr=1280x1024&_s=1&sid=1671206241&sct=1&seg=0&dl=https%3A%2F%2Feasy-lay.com%2Ftt&dt=EasyLay.com%20-%20search%20all%20best%20free%20online%20dating%20sites&en=page_view&_fv=1&_nsi=1&_ss=1&up.visitor_id=639c955014faad000190be19&up.member_id=&up.tour=02&up.user_status=GUEST&up.networkname=easy-lay
IP
216.239.32.36:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-Q7W6GLM2DR&gtm=2oebu0&_p=1311630446&_gaz=1&cid=33035647.1671206241&ul=en-us&sr=1280x1024&_s=1&sid=1671206241&sct=1&seg=0&dl=https%3A%2F%2Feasy-lay.com%2Ftt&dt=EasyLay.com%20-%20search%20all%20best%20free%20online%20dating%20sites&en=page_view&_fv=1&_nsi=1&_ss=1&up.visitor_id=639c955014faad000190be19&up.member_id=&up.tour=02&up.user_status=GUEST&up.networkname=easy-lay HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://easy-lay.com
Connection: keep-alive
Referer: https://easy-lay.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://easy-lay.com
date: Fri, 16 Dec 2022 15:57:25 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
64e4713c6a6c50b04568b649c8c75ee4
f5ab3abfd798fe68af2b608d2dfba492675d0cb1
65305e9bbdb4ff07a4fccb67598d03d9648afd0d984645c85e62fdc1af6f5ba2

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Dec 2022 15:57:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

stats.g.doubleclick.net/g/collect?v=2&tid=G-Q7W6GLM2DR&cid=33035647.1671206241&gtm=2oebu0&aip=1

74.125.205.156

204 No Content

0 B

URL HTTP/2
stats.g.doubleclick.net/g/collect?v=2&tid=G-Q7W6GLM2DR&cid=33035647.1671206241&gtm=2oebu0&aip=1
IP
74.125.205.156:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-Q7W6GLM2DR&cid=33035647.1671206241&gtm=2oebu0&aip=1 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://easy-lay.com
Connection: keep-alive
Referer: https://easy-lay.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://easy-lay.com
date: Fri, 16 Dec 2022 15:57:25 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
64e4713c6a6c50b04568b649c8c75ee4
f5ab3abfd798fe68af2b608d2dfba492675d0cb1
65305e9bbdb4ff07a4fccb67598d03d9648afd0d984645c85e62fdc1af6f5ba2

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Dec 2022 15:57:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe5de62f4-2e0a-4c45-87fd-f9690df72d83.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (12482 bytes)
Hash
7368b60db0458b59ffc968f09b85fdd5
f359f9799d0f0dc7dccfbadeaf922b4050a5e692
26aa7f684080dace9064fc7973c6a5761985c69e73373fb24c644ab2efe26c54

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe5de62f4-2e0a-4c45-87fd-f9690df72d83.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-length: 12482
x-amzn-requestid: edd7e693-4c4a-4203-8b12-c044825947bb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dNRJvGAUIAMF1gA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639b9571-151a50943b420ba86ab61dda;Sampled=0
x-amzn-remapped-date: Thu, 15 Dec 2022 21:45:21 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: s2ITT38OGjs_LjIKFKnrqzT0Oay3veQw3iPUL8b3tdD1yOhIzwvu4g==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Dec 2022 22:17:09 GMT
age: 63622
etag: "f359f9799d0f0dc7dccfbadeaf922b4050a5e692"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

easy-lay.com/?sub1=639c955014faad000190be19&sub2=&affiliate_id=1698&source=&mst=2&sub3=

104.21.48.74

302 Found

0 B

URL HTTP/2
easy-lay.com/?sub1=639c955014faad000190be19&sub2=&affiliate_id=1698&source=&mst=2&sub3=
IP
104.21.48.74:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /?sub1=639c955014faad000190be19&sub2=&affiliate_id=1698&source=&mst=2&sub3= HTTP/1.1
Host: easy-lay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 302 Found
date: Fri, 16 Dec 2022 15:57:23 GMT
content-type: text/html; charset=UTF-8
set-cookie: hashid=84df6a3b3e09996eed74366c3f608ca3; expires=Sat, 16-Dec-2023 15:57:23 GMT; Max-Age=31536000; path=/
country=Norway; expires=Sat, 16-Dec-2023 15:57:23 GMT; Max-Age=31536000; path=/
region=Oslo+County; expires=Sat, 16-Dec-2023 15:57:23 GMT; Max-Age=31536000; path=/
country_code=no; expires=Sat, 16-Dec-2023 15:57:23 GMT; Max-Age=31536000; path=/
city=Oslo; expires=Sat, 16-Dec-2023 15:57:23 GMT; Max-Age=31536000; path=/
latitude=59.955; expires=Sat, 16-Dec-2023 15:57:23 GMT; Max-Age=31536000; path=/
longitude=10.859; expires=Sat, 16-Dec-2023 15:57:23 GMT; Max-Age=31536000; path=/
tour=2; expires=Mon, 15-Dec-2025 15:57:23 GMT; Max-Age=94608000; path=/
hashid=6658d8d2f84c99c3b3866d1096473788; expires=Sat, 16-Dec-2023 15:57:23 GMT; Max-Age=31536000; path=/
sub1=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
sub1=639c955014faad000190be19; expires=Sat, 16-Dec-2023 15:57:23 GMT; Max-Age=31536000; path=/
sub2=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
sub3=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
sub4=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
sub5=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
sub6=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
sub7=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
sub8=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
source=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
affiliate_id=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
affiliate_id=1698; expires=Sat, 16-Dec-2023 15:57:23 GMT; Max-Age=31536000; path=/
cid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
mst=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
mst=2; expires=Sat, 16-Dec-2023 15:57:23 GMT; Max-Age=31536000; path=/
ot=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
st=1671206243; expires=Sat, 17-Dec-2022 15:57:23 GMT; Max-Age=86400; path=/
push_v2=15; expires=Fri, 23-Dec-2022 15:57:23 GMT; Max-Age=604800; path=/
location: /tt
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YsbFZKj6T%2BS10yF02h51RrVFR%2Bj3vs%2BXR4YemTyAPDxXuoLSLqC3QkVMOv1zCL7Ex3MM5wH0RlOvEevWWqzAqk%2F0FDgILns3AzhR0yCIqvLrH1q9Wq%2FwWUqBGCUskN0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77a89d4b6f1bb4e8-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

easy-lay.com/tt

104.21.48.74

200 OK

0 B

URL HTTP/2
easy-lay.com/tt
IP
104.21.48.74:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /tt HTTP/1.1
Host: easy-lay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: hashid=6658d8d2f84c99c3b3866d1096473788; country=Norway; region=Oslo+County; country_code=no; city=Oslo; latitude=59.955; longitude=10.859; tour=2; sub1=639c955014faad000190be19; affiliate_id=1698; mst=2; st=1671206243; push_v2=15
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers

HTTP/2 200 OK
date: Fri, 16 Dec 2022 15:57:23 GMT
content-type: text/html; charset=UTF-8
set-cookie: hashid=6658d8d2f84c99c3b3866d1096473788; expires=Sat, 16-Dec-2023 15:57:23 GMT; Max-Age=31536000; path=/
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U6cKr%2BqLZrN8FEppV7JbHHBNrUPz5PNdJf1tRvT1s2ICqbj4Le%2Fa1mKny66prOL30alS4HcZTksFGdctherlx3vJgdIhikmjl6nl2dAMkci83GZ0pkVWLaQ8vCynzdg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77a89d4c7868b4e8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

www.clarity.ms/tag/bvsqia2v2y?ref=gtm

13.107.238.53

200 OK

0 B

URL HTTP/2
www.clarity.ms/tag/bvsqia2v2y?ref=gtm
IP
13.107.238.53:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /tag/bvsqia2v2y?ref=gtm HTTP/1.1
Host: www.clarity.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://easy-lay.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
cache-control: no-cache, no-store
content-type: application/x-javascript
expires: -1
set-cookie: CLID=8255e0f1368d4945889ce2c745064219.20221216.20231216; expires=Sat, 16 Dec 2023 15:57:24 GMT; path=/; secure; samesite=none; httponly
request-context: appId=cid-v1:593e4080-f032-4d00-a652-e17f01252a9d
x-cache: CONFIG_NOCACHE
x-azure-ref: 0ZJWcYwAAAAA61Vjt61JYSZG78eYG9QIKU1ZHMjBFREdFMDUxMwA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
date: Fri, 16 Dec 2022 15:57:23 GMT
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (25)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations