Report - amourgirlz.com/?vs=YW1vdXJnaXJsei5jb218bW9yZS1wb3JuLm5ldHw=

Report Overview

Submitted URL
amourgirlz.com/?vs=YW1vdXJnaXJsei5jb218bW9yZS1wb3JuLm5ldHw=
IP
72.52.178.23
ASN
#32244 LIQUIDWEB
Submitted
2022-12-21 22:32:00
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
2
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-09T10:04:36Z	3.2 kB	54 kB	34.120.237.76
yourxfriend.com	unknown	2022-08-03T14:51:08Z	2023-03-09T13:34:08Z	5.6 kB	234 kB	178.79.185.229
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-09T05:09:48Z	333 B	391 B	34.117.237.239
amourgirlz.com	unknown	2012-11-19T12:56:16Z	2022-12-01T04:57:01Z	1.4 kB	3.8 kB	72.52.178.23
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-09T05:09:13Z	606 B	127 B	35.82.221.194
ocsp.r2m02.amazontrust.com	unknown	2022-10-12T16:01:39Z	2023-03-09T09:46:52Z	350 B	1.0 kB	54.230.80.227
phygical-questall.icu	unknown	2020-10-19T12:18:32Z	2023-01-24T04:59:19Z	1.2 kB	1.5 kB	18.193.235.10
alia-iso.com	unknown	2022-12-19T09:09:53Z	2023-03-09T17:21:36Z	1.3 kB	1.3 kB	54.164.128.27
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-09T05:09:05Z	2.4 kB	6.2 kB	23.36.77.32
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-09T05:09:18Z	782 B	2.4 kB	35.241.9.150
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-09T05:09:49Z	413 B	5.8 kB	34.160.144.191
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-09T11:52:10Z	341 B	797 B	93.184.220.29

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2022-12-21 22:31:51	medium	Client IP	Internal IP	ET INFO DNS Query for Suspicious .icu Domain
2022-12-21 22:31:51	medium	Client IP	18.193.235.10	ET INFO Suspicious Domain (*.icu) in TLS SNI

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (5)

	URL	Size	First Seen	Last Seen
	amourgirlz.com/?vs=YW1vdXJnaXJsei5jb218bW9yZS1wb3JuLm5ldHw=	1.6 kB	2023-03-10	2023-03-10
Pretty URL amourgirlz.com/?vs=YW1vdXJnaXJsei5jb218bW9yZS1wb3JuLm5ldHw= IP 72.52.178.23 ASN #32244 LIQUIDWEB Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 01:45:46 Last Seen2023-03-10 01:45:46 Times Seen1 Hash ce542e9bbb1ae787ca092bf7a042ad6f cc2e56fe7b7d33132092f1544f67681c4254b5c9 fccdf0bc21fab4a16c6e6b65024371025882b34d25862e0071442eef403e0862 Loading...

	amourgirlz.com/page/bouncy.php?&bpae=GbhGtLvmtEx%2F9rvvvfEmArVBSQUafiBb9cw1IsHyrnJiHwGFTZ1p3fxdphjRrNZTdXG3YvmW8uY0Qv2zOqHPP2887GIoYJIB3F%2FbBWG4N13eBV%2BEvz6TpUdKljvOGiVyw%2BlJmB4u88b8CYUWe0S%2FtexyiVgtCs4Dj%2B1kvPvR61iV5TL16nM9q1QiEq4axf5lHAvD6%2BRzGmvaXX73XOd9oSdRK3jliR6ZwBkIaJH3NhSPpzgCER2LvO4kxmAgj33KeLsVYc5SuIOLntdG3ZVXF4KwY9S%2F8WB3DTd5l%2BFNTyhqwDgiZY%2BnakglzyqbeoSajrm6HXX85pg8lXGHbpETBZaxsCiYqJrwrWvAZ%2F%2FsAyn3HVLXMrhe%2BhF8Zdxz%2FWFUOU60s5Hbs8ueqD8TxFdEUFyVs0wrzdkc%2Bac4yk7fbRCTZZr9y%2F%2B%2FUlDY%2FxClrp0DFf%2BHRRUfUldMFO33zyCi6OgdIvEtX8j8zUXOIjPyhvOlh9kxwRttqzDwmpitcMys8vg%3D&redirectType=js&inIframe=false&inPopUp=false	702 B	2023-03-10	2023-03-10
Pretty URL amourgirlz.com/page/bouncy.php?&bpae=GbhGtLvmtEx%2F9rvvvfEmArVBSQUafiBb9cw1IsHyrnJiHwGFTZ1p3fxdphjRrNZTdXG3YvmW8uY0Qv2zOqHPP2887GIoYJIB3F%2FbBWG4N13eBV%2BEvz6TpUdKljvOGiVyw%2BlJmB4u88b8CYUWe0S%2FtexyiVgtCs4Dj%2B1kvPvR61iV5TL16nM9q1QiEq4axf5lHAvD6%2BRzGmvaXX73XOd9oSdRK3jliR6ZwBkIaJH3NhSPpzgCER2LvO4kxmAgj33KeLsVYc5SuIOLntdG3ZVXF4KwY9S%2F8WB3DTd5l%2BFNTyhqwDgiZY%2BnakglzyqbeoSajrm6HXX85pg8lXGHbpETBZaxsCiYqJrwrWvAZ%2F%2FsAyn3HVLXMrhe%2BhF8Zdxz%2FWFUOU60s5Hbs8ueqD8TxFdEUFyVs0wrzdkc%2Bac4yk7fbRCTZZr9y%2F%2B%2FUlDY%2FxClrp0DFf%2BHRRUfUldMFO33zyCi6OgdIvEtX8j8zUXOIjPyhvOlh9kxwRttqzDwmpitcMys8vg%3D&redirectType=js&inIframe=false&inPopUp=false IP 72.52.178.23 ASN #32244 LIQUIDWEB Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 01:45:46 Last Seen2023-03-10 01:45:46 Times Seen1 Hash cb6efbd4317626e8e6e988dac5703f2c 21fc258dfb9cb2fc10792d1e3c36e95fc141040a 4083e188330e30bf45158b61485c9f09aff788aa923b0f18b67f7fb1f54639ec Loading...

	alia-iso.com/zcvisitor/42a6c9d2-817f-11ed-a507-0a7407670653/c48f16c0-a519-11ec-9226-0a76dcc61f13?campaignid=6dae6980-b0ec-11ec-b11c-12beee04f19b	849 B	2023-03-10	2023-03-10
Pretty URL alia-iso.com/zcvisitor/42a6c9d2-817f-11ed-a507-0a7407670653/c48f16c0-a519-11ec-9226-0a76dcc61f13?campaignid=6dae6980-b0ec-11ec-b11c-12beee04f19b IP 54.164.128.27 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 01:45:46 Last Seen2023-03-10 01:45:46 Times Seen1 Hash b520f5e0bcb94d5dcd72c4802e3377cc b5cec8fdfba0a68a835f29fd2a56110dc8015056 b372a029635899776d43432388c5678593e36e8b8b73a6d64781fc9f04995eba Loading...

	alia-iso.com/zcredirect?visitid=42a6c9d2-817f-11ed-a507-0a7407670653&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false	807 B	2023-03-10	2023-03-10
Pretty URL alia-iso.com/zcredirect?visitid=42a6c9d2-817f-11ed-a507-0a7407670653&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false IP 54.164.128.27 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 01:45:46 Last Seen2023-03-10 01:45:46 Times Seen1 Hash 2b4f9b9cad75f9707d6787f147453957 ffa0e8931097c0e2d322829642309ff5c2cbeb31 327938a202b978d63f9749feacc8c2ed58af04243275d14232386c8216baef57 Loading...

	yourxfriend.com/P/Norway.M.flow/index.html?cep=HcYay1hgeGlyPPEVIcGfIuDKFd4z1Tg3RPOtha44qt9l4Xsat3dBW4bZvy3fd-QbPXNjcNYnW4iQxjhZgmxFFDGMF4gTdmOtvox4J_glZNVZ4wqhJVePw7cABJG-2Q0KtKXqOaOKiXJ-pcSklyr0rE-VGqfr4tzkmHVblb6PChvI80cRTEYj80Y3ThQSaIRXJkMDUjuXZd2VqfGrE4GQ2BhBySjFoidt6oi8x6zjjFk42Rtm9lkFYP44-v3rDahhsyxTn_Dv65Z-cjjAwb75H5ecqDcn7yOOGp8e6boYGqSCUXD6T01SY7tB3VFD-lp8v_1QKc4-Flv3Zl084dpxMWWBNXUNTH9SkWTS1cqCDSnHo7y18FTkunuYdKjV69qRSN5VEgN5CXLP6h7xE-U4n4QRLi6GVLXFQi7hX30Xbq5CuudqsquDaxyng40IlmfivYCIhcQZtAJcdG_2I0bgDAgRAshThkDLFfN90yRsNtAvzB7yZdDpvPEzLIo5Ku8e_Qo-WXXNjcDRPhiO-JpiGQ&lptoken=16687137660037111151	412 B	2023-03-08	2023-05-28
Pretty URL yourxfriend.com/P/Norway.M.flow/index.html?cep=HcYay1hgeGlyPPEVIcGfIuDKFd4z1Tg3RPOtha44qt9l4Xsat3dBW4bZvy3fd-QbPXNjcNYnW4iQxjhZgmxFFDGMF4gTdmOtvox4J_glZNVZ4wqhJVePw7cABJG-2Q0KtKXqOaOKiXJ-pcSklyr0rE-VGqfr4tzkmHVblb6PChvI80cRTEYj80Y3ThQSaIRXJkMDUjuXZd2VqfGrE4GQ2BhBySjFoidt6oi8x6zjjFk42Rtm9lkFYP44-v3rDahhsyxTn_Dv65Z-cjjAwb75H5ecqDcn7yOOGp8e6boYGqSCUXD6T01SY7tB3VFD-lp8v_1QKc4-Flv3Zl084dpxMWWBNXUNTH9SkWTS1cqCDSnHo7y18FTkunuYdKjV69qRSN5VEgN5CXLP6h7xE-U4n4QRLi6GVLXFQi7hX30Xbq5CuudqsquDaxyng40IlmfivYCIhcQZtAJcdG_2I0bgDAgRAshThkDLFfN90yRsNtAvzB7yZdDpvPEzLIo5Ku8e_Qo-WXXNjcDRPhiO-JpiGQ&lptoken=16687137660037111151 IP 178.79.185.229 ASN #63949 Linode, LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 02:05:01 Last Seen2023-05-28 01:22:06 Times Seen7 Hash eaa3d906c89e0d191b51fadf7e9c9877 e71f9e62cee71ef8f4be22723d49c22237dcbf11 58d9864a8f170495a08b3b4497c8d1b25581960f6d05be4027daf47160fa0845 Loading...

HTTP Transactions (31)

	URL	IP	Response	Size
	r3.o.lencr.org/	23.36.77.32	200 OK	503 B
URL HTTP/1.1 r3.o.lencr.org/ IP 23.36.77.32:0 ASN #20940 Akamai International B.V. File type data Size 503 B (503 bytes) Hash bbea1550fedd5eb9c265712fab75b137 2c2f981747898a380265f766345f2bb9c8c983fd c728286e38c31a4d3f7a39702e0a5f69c14bf69e01a88bc4479714953fbda278 HTTP Headers `POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 503 ETag: "C728286E38C31A4D3F7A39702E0A5F69C14BF69E01A88BC4479714953FBDA278" Last-Modified: Tue, 20 Dec 2022 08:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=2315 Expires: Wed, 21 Dec 2022 23:10:24 GMT Date: Wed, 21 Dec 2022 22:31:49 GMT Connection: keep-alive`

	r3.o.lencr.org/	23.36.77.32	200 OK	503 B
URL HTTP/1.1 r3.o.lencr.org/ IP 23.36.77.32:0 ASN #20940 Akamai International B.V. File type data Size 503 B (503 bytes) Hash b8fbcd7ca1a893d05677318a8a198e7a 0851654c21f6e3741887e7deab8098c1dc56f33c edbade5913ace2fcbb932922e9af69acb2e8759474a2eeaec216307247fea361 HTTP Headers `POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 503 ETag: "EDBADE5913ACE2FCBB932922E9AF69ACB2E8759474A2EEAEC216307247FEA361" Last-Modified: Tue, 20 Dec 2022 08:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=2272 Expires: Wed, 21 Dec 2022 23:09:41 GMT Date: Wed, 21 Dec 2022 22:31:49 GMT Connection: keep-alive`

	firefox.settings.services.mozilla.com/v1/	35.241.9.150	200 OK	939 B
URL HTTP/2 firefox.settings.services.mozilla.com/v1/ IP 35.241.9.150:0 ASN #15169 GOOGLE File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators Size 939 B (939 bytes) Hash dcd75ca6daca51c5e39d431468511793 07f76d3bf23d65c9110d810fa71a994e39e085d3 73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459 HTTP Headers `GET /v1/ HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site` `HTTP/2 200 OK access-control-allow-origin: * access-control-expose-headers: Content-Length, Alert, Content-Type, Retry-After, Backoff content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; strict-transport-security: max-age=31536000 x-content-type-options: nosniff content-length: 939 via: 1.1 google date: Wed, 21 Dec 2022 21:45:58 GMT content-type: application/json age: 2751 cache-control: max-age=3600,public alt-svc: clear X-Firefox-Spdy: h2`

	r3.o.lencr.org/	23.36.77.32	200 OK	503 B
URL HTTP/1.1 r3.o.lencr.org/ IP 23.36.77.32:0 ASN #20940 Akamai International B.V. File type data Size 503 B (503 bytes) Hash 32167242c3bbe7e45a2a865279df94a6 d03436f418ff77d50a553daa892c05e0725ba908 d5578d537296da18f3f349a98465e9fe930dca60a8ed62c183e9c9f6eb53f493 HTTP Headers `POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 503 ETag: "D5578D537296DA18F3F349A98465E9FE930DCA60A8ED62C183E9C9F6EB53F493" Last-Modified: Wed, 21 Dec 2022 11:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=6463 Expires: Thu, 22 Dec 2022 00:19:32 GMT Date: Wed, 21 Dec 2022 22:31:49 GMT Connection: keep-alive`

	content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain	34.160.144.191	200 OK	5.3 kB
URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain IP 34.160.144.191:0 ASN #15169 GOOGLE File type PEM certificate\012- , ASCII text Size 5.3 kB (5348 bytes) Hash b1fcd419a4245617397846e8d17233f6 2a037ce244587640b27ead9a0ec2af4f862d91b2 e059b6d834c06e58494c43fb2ff42acbc27c1a1d8f7f30e2f32ca0e167599e2f HTTP Headers `GET /chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain HTTP/1.1 Host: content-signature-2.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site` `HTTP/2 200 OK x-amz-id-2: OBUNnYsuB1z0/B0mcCAUHKfzAi+ghtuESYattHzGLNWNmygb/W3dmDgYzzxkz3nUBKKjOfilwlM= x-amz-request-id: 1Y5TGV58KMMKT940 content-disposition: attachment accept-ranges: bytes server: AmazonS3 content-length: 5348 via: 1.1 google date: Wed, 21 Dec 2022 21:55:31 GMT age: 2178 last-modified: Tue, 20 Dec 2022 14:47:58 GMT etag: "b1fcd419a4245617397846e8d17233f6" content-type: binary/octet-stream cache-control: public,max-age=3600 alt-svc: clear X-Firefox-Spdy: h2`

	contile.services.mozilla.com/v1/tiles	34.117.237.239	200 OK	12 B
URL HTTP/2 contile.services.mozilla.com/v1/tiles IP 34.117.237.239:0 ASN #15169 GOOGLE File type JSON data\012- , ASCII text, with no line terminators Size 12 B (12 bytes) Hash 23e88fb7b99543fb33315b29b1fad9d6 a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3 HTTP Headers `GET /v1/tiles HTTP/1.1 Host: contile.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site` `HTTP/2 200 OK server: nginx date: Wed, 21 Dec 2022 22:31:49 GMT content-type: application/json content-length: 12 access-control-expose-headers: content-type vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers access-control-allow-credentials: true strict-transport-security: max-age=31536000 via: 1.1 google alt-svc: clear X-Firefox-Spdy: h2`

	firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US	35.241.9.150	200 OK	329 B
URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US IP 35.241.9.150:0 ASN #15169 GOOGLE File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators Size 329 B (329 bytes) Hash 0333b0655111aa68de771adfcc4db243 63f295a144ac87a7c8e23417626724eeca68a7eb 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300 HTTP Headers `GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: application/json Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: application/json Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site` HTTP/2 200 OK access-control-allow-origin: * access-control-expose-headers: Pragma, Alert, ETag, Content-Type, Last-Modified, Cache-Control, Expires, Content-Length, Retry-After, Backoff content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; strict-transport-security: max-age=31536000 x-content-type-options: nosniff content-length: 329 via: 1.1 google date: Wed, 21 Dec 2022 22:08:02 GMT age: 1428 last-modified: Fri, 25 Mar 2022 17:45:46 GMT etag: "1648230346554" content-type: application/json cache-control: max-age=3600,public alt-svc: clear X-Firefox-Spdy: h2

	ocsp.digicert.com/	93.184.220.29	200 OK	471 B
URL HTTP/1.1 ocsp.digicert.com/ IP 93.184.220.29:0 ASN #15133 EDGECAST File type data Size 471 B (471 bytes) Hash 859d899d982bb69df5fb16b8393fa119 580215f1d4f81cda04012c0889cfd9b18ba11863 38159dd549e94d45798b614efa5f968de7b74830c845220d1b6c1435f3940a94 HTTP Headers `POST / HTTP/1.1 Host: ocsp.digicert.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Accept-Ranges: bytes Age: 5301 Cache-Control: max-age=129801 Content-Type: application/ocsp-response Date: Wed, 21 Dec 2022 22:31:50 GMT Etag: "63a2ccaa-1d7" Expires: Fri, 23 Dec 2022 10:35:11 GMT Last-Modified: Wed, 21 Dec 2022 09:06:50 GMT Server: ECS (ska/F70A) X-Cache: HIT Content-Length: 471`

	amourgirlz.com/?vs=YW1vdXJnaXJsei5jb218bW9yZS1wb3JuLm5ldHw=	72.52.178.23	200 OK	2.3 kB
URL HTTP/1.1 amourgirlz.com/?vs=YW1vdXJnaXJsei5jb218bW9yZS1wb3JuLm5ldHw= IP 72.52.178.23:0 ASN #32244 LIQUIDWEB File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (648) Size 2.3 kB (2320 bytes) Hash 8c21c524f16019e7f01dc42f22ab0505 aef286931fb7cbe1b981dec9bbb872b7a482b9ce 8097132491e4fcb05dc2cd8fb37290b16222e384d78aa790c2a8c6b39115012a HTTP Headers `GET /?vs=YW1vdXJnaXJsei5jb218bW9yZS1wb3JuLm5ldHw= HTTP/1.1 Host: amourgirlz.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Upgrade-Insecure-Requests: 1` `HTTP/1.1 200 OK Date: Wed, 21 Dec 2022 22:31:49 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 X-Powered-By: PHP/5.4.16 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8`

	push.services.mozilla.com/	35.82.221.194	101 Switching Protocols	0 B
URL HTTP/1.1 push.services.mozilla.com/ IP 35.82.221.194:0 ASN #16509 AMAZON-02 File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET / HTTP/1.1 Host: push.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Sec-WebSocket-Version: 13 Origin: wss://push.services.mozilla.com/ Sec-WebSocket-Protocol: push-notification Sec-WebSocket-Extensions: permessage-deflate Sec-WebSocket-Key: mx1W4wiLzuA+sIa71yOg8w== Connection: keep-alive, Upgrade Sec-Fetch-Dest: websocket Sec-Fetch-Mode: websocket Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache Upgrade: websocket `HTTP/1.1 101 Switching Protocols Connection: Upgrade Upgrade: websocket Sec-WebSocket-Accept: YWNys3GI6u7ZeDBXAWZnJMCNqLc=`

	amourgirlz.com/page/bouncy.php?&bpae=GbhGtLvmtEx%2F9rvvvfEmArVBSQUafiBb9cw1IsHyrnJiHwGFTZ1p3fxdphjRrNZTdXG3YvmW8uY0Qv2zOqHPP2887GIoYJIB3F%2FbBWG4N13eBV%2BEvz6TpUdKljvOGiVyw%2BlJmB4u88b8CYUWe0S%2FtexyiVgtCs4Dj%2B1kvPvR61iV5TL16nM9q1QiEq4axf5lHAvD6%2BRzGmvaXX73XOd9oSdRK3jliR6ZwBkIaJH3NhSPpzgCER2LvO4kxmAgj33KeLsVYc5SuIOLntdG3ZVXF4KwY9S%2F8WB3DTd5l%2BFNTyhqwDgiZY%2BnakglzyqbeoSajrm6HXX85pg8lXGHbpETBZaxsCiYqJrwrWvAZ%2F%2FsAyn3HVLXMrhe%2BhF8Zdxz%2FWFUOU60s5Hbs8ueqD8TxFdEUFyVs0wrzdkc%2Bac4yk7fbRCTZZr9y%2F%2B%2FUlDY%2FxClrp0DFf%2BHRRUfUldMFO33zyCi6OgdIvEtX8j8zUXOIjPyhvOlh9kxwRttqzDwmpitcMys8vg%3D&redirectType=js&inIframe=false&inPopUp=false	72.52.178.23	200 OK	982 B
URL HTTP/1.1 amourgirlz.com/page/bouncy.php?&bpae=GbhGtLvmtEx%2F9rvvvfEmArVBSQUafiBb9cw1IsHyrnJiHwGFTZ1p3fxdphjRrNZTdXG3YvmW8uY0Qv2zOqHPP2887GIoYJIB3F%2FbBWG4N13eBV%2BEvz6TpUdKljvOGiVyw%2BlJmB4u88b8CYUWe0S%2FtexyiVgtCs4Dj%2B1kvPvR61iV5TL16nM9q1QiEq4axf5lHAvD6%2BRzGmvaXX73XOd9oSdRK3jliR6ZwBkIaJH3NhSPpzgCER2LvO4kxmAgj33KeLsVYc5SuIOLntdG3ZVXF4KwY9S%2F8WB3DTd5l%2BFNTyhqwDgiZY%2BnakglzyqbeoSajrm6HXX85pg8lXGHbpETBZaxsCiYqJrwrWvAZ%2F%2FsAyn3HVLXMrhe%2BhF8Zdxz%2FWFUOU60s5Hbs8ueqD8TxFdEUFyVs0wrzdkc%2Bac4yk7fbRCTZZr9y%2F%2B%2FUlDY%2FxClrp0DFf%2BHRRUfUldMFO33zyCi6OgdIvEtX8j8zUXOIjPyhvOlh9kxwRttqzDwmpitcMys8vg%3D&redirectType=js&inIframe=false&inPopUp=false IP 72.52.178.23:0 ASN #32244 LIQUIDWEB File type HTML document text\012- HTML document text\012- HTML document, ASCII text Size 982 B (982 bytes) Hash d0d458df7f0d3430e5cacf5d32842724 c3f7202ac3c0d8acdde17a86440bb640d35580d7 eb1a5c68bc2ebd48a58be3268623dead059e5864017cd275975c344f39337842 HTTP Headers GET /page/bouncy.php?&bpae=GbhGtLvmtEx%2F9rvvvfEmArVBSQUafiBb9cw1IsHyrnJiHwGFTZ1p3fxdphjRrNZTdXG3YvmW8uY0Qv2zOqHPP2887GIoYJIB3F%2FbBWG4N13eBV%2BEvz6TpUdKljvOGiVyw%2BlJmB4u88b8CYUWe0S%2FtexyiVgtCs4Dj%2B1kvPvR61iV5TL16nM9q1QiEq4axf5lHAvD6%2BRzGmvaXX73XOd9oSdRK3jliR6ZwBkIaJH3NhSPpzgCER2LvO4kxmAgj33KeLsVYc5SuIOLntdG3ZVXF4KwY9S%2F8WB3DTd5l%2BFNTyhqwDgiZY%2BnakglzyqbeoSajrm6HXX85pg8lXGHbpETBZaxsCiYqJrwrWvAZ%2F%2FsAyn3HVLXMrhe%2BhF8Zdxz%2FWFUOU60s5Hbs8ueqD8TxFdEUFyVs0wrzdkc%2Bac4yk7fbRCTZZr9y%2F%2B%2FUlDY%2FxClrp0DFf%2BHRRUfUldMFO33zyCi6OgdIvEtX8j8zUXOIjPyhvOlh9kxwRttqzDwmpitcMys8vg%3D&redirectType=js&inIframe=false&inPopUp=false HTTP/1.1 Host: amourgirlz.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://amourgirlz.com/?vs=YW1vdXJnaXJsei5jb218bW9yZS1wb3JuLm5ldHw= Upgrade-Insecure-Requests: 1 `HTTP/1.1 200 OK Date: Wed, 21 Dec 2022 22:31:51 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 X-Powered-By: PHP/5.4.16 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8`

	ocsp.r2m02.amazontrust.com/	54.230.80.227	200 OK	471 B
URL HTTP/1.1 ocsp.r2m02.amazontrust.com/ IP 54.230.80.227:0 ASN #16509 AMAZON-02 File type data Size 471 B (471 bytes) Hash dff6fe8a1091275914f3e6a93ef27525 b87a11cdcbae2a524740853d2056e023c967a29d 87298ef54041e925e3304b5757b02963555eff98288f6610e95b915dbf7c8db2 HTTP Headers `POST / HTTP/1.1 Host: ocsp.r2m02.amazontrust.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` HTTP/1.1 200 OK Content-Type: application/ocsp-response Content-Length: 471 Connection: keep-alive Accept-Ranges: bytes Cache-Control: max-age=93954 Date: Wed, 21 Dec 2022 22:31:51 GMT Etag: "63a23bd1-1d7" Expires: Fri, 23 Dec 2022 00:37:45 GMT Last-Modified: Tue, 20 Dec 2022 22:48:49 GMT Server: ECS (dcb/7F5C) X-Cache: Miss from cloudfront Via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront) X-Amz-Cf-Pop: OSL50-P1 X-Amz-Cf-Id: cAsSsA-q_UyvjhioKCNklf9gkS5WYgpCRIcWWtAYoYsbBjNq3mx13g== Age: 6536

	phygical-questall.icu/zp-redirect?target=https%3A%2F%2Fyourxfriend.com%2FP%2FNorway.M.flow%2Findex.html%3Fcep%3DHcYay1hgeGlyPPEVIcGfIuDKFd4z1Tg3RPOtha44qt9l4Xsat3dBW4bZvy3fd-QbPXNjcNYnW4iQxjhZgmxFFDGMF4gTdmOtvox4J_glZNVZ4wqhJVePw7cABJG-2Q0KtKXqOaOKiXJ-pcSklyr0rE-VGqfr4tzkmHVblb6PChvI80cRTEYj80Y3ThQSaIRXJkMDUjuXZd2VqfGrE4GQ2BhBySjFoidt6oi8x6zjjFk42Rtm9lkFYP44-v3rDahhsyxTn_Dv65Z-cjjAwb75H5ecqDcn7yOOGp8e6boYGqSCUXD6T01SY7tB3VFD-lp8v_1QKc4-Flv3Zl084dpxMWWBNXUNTH9SkWTS1cqCDSnHo7y18FTkunuYdKjV69qRSN5VEgN5CXLP6h7xE-U4n4QRLi6GVLXFQi7hX30Xbq5CuudqsquDaxyng40IlmfivYCIhcQZtAJcdG_2I0bgDAgRAshThkDLFfN90yRsNtAvzB7yZdDpvPEzLIo5Ku8e_Qo-WXXNjcDRPhiO-JpiGQ%26lptoken%3D16687137660037111151&caid=f7cb4fc7-1064-44cb-9a70-e30418310224&zpid=42a6c9d2-817f-11ed-a507-0a7407670653&cid=&rt=R	18.193.235.10	302 Found	0 B
URL HTTP/2 phygical-questall.icu/zp-redirect?target=https%3A%2F%2Fyourxfriend.com%2FP%2FNorway.M.flow%2Findex.html%3Fcep%3DHcYay1hgeGlyPPEVIcGfIuDKFd4z1Tg3RPOtha44qt9l4Xsat3dBW4bZvy3fd-QbPXNjcNYnW4iQxjhZgmxFFDGMF4gTdmOtvox4J_glZNVZ4wqhJVePw7cABJG-2Q0KtKXqOaOKiXJ-pcSklyr0rE-VGqfr4tzkmHVblb6PChvI80cRTEYj80Y3ThQSaIRXJkMDUjuXZd2VqfGrE4GQ2BhBySjFoidt6oi8x6zjjFk42Rtm9lkFYP44-v3rDahhsyxTn_Dv65Z-cjjAwb75H5ecqDcn7yOOGp8e6boYGqSCUXD6T01SY7tB3VFD-lp8v_1QKc4-Flv3Zl084dpxMWWBNXUNTH9SkWTS1cqCDSnHo7y18FTkunuYdKjV69qRSN5VEgN5CXLP6h7xE-U4n4QRLi6GVLXFQi7hX30Xbq5CuudqsquDaxyng40IlmfivYCIhcQZtAJcdG_2I0bgDAgRAshThkDLFfN90yRsNtAvzB7yZdDpvPEzLIo5Ku8e_Qo-WXXNjcDRPhiO-JpiGQ%26lptoken%3D16687137660037111151&caid=f7cb4fc7-1064-44cb-9a70-e30418310224&zpid=42a6c9d2-817f-11ed-a507-0a7407670653&cid=&rt=R IP 18.193.235.10:0 ASN #16509 AMAZON-02 File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /zp-redirect?target=https%3A%2F%2Fyourxfriend.com%2FP%2FNorway.M.flow%2Findex.html%3Fcep%3DHcYay1hgeGlyPPEVIcGfIuDKFd4z1Tg3RPOtha44qt9l4Xsat3dBW4bZvy3fd-QbPXNjcNYnW4iQxjhZgmxFFDGMF4gTdmOtvox4J_glZNVZ4wqhJVePw7cABJG-2Q0KtKXqOaOKiXJ-pcSklyr0rE-VGqfr4tzkmHVblb6PChvI80cRTEYj80Y3ThQSaIRXJkMDUjuXZd2VqfGrE4GQ2BhBySjFoidt6oi8x6zjjFk42Rtm9lkFYP44-v3rDahhsyxTn_Dv65Z-cjjAwb75H5ecqDcn7yOOGp8e6boYGqSCUXD6T01SY7tB3VFD-lp8v_1QKc4-Flv3Zl084dpxMWWBNXUNTH9SkWTS1cqCDSnHo7y18FTkunuYdKjV69qRSN5VEgN5CXLP6h7xE-U4n4QRLi6GVLXFQi7hX30Xbq5CuudqsquDaxyng40IlmfivYCIhcQZtAJcdG_2I0bgDAgRAshThkDLFfN90yRsNtAvzB7yZdDpvPEzLIo5Ku8e_Qo-WXXNjcDRPhiO-JpiGQ%26lptoken%3D16687137660037111151&caid=f7cb4fc7-1064-44cb-9a70-e30418310224&zpid=42a6c9d2-817f-11ed-a507-0a7407670653&cid=&rt=R HTTP/1.1 Host: phygical-questall.icu User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://alia-iso.com/ Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site HTTP/2 302 Found server: nginx date: Wed, 21 Dec 2022 22:31:51 GMT content-length: 0 cache-control: no-store, no-cache, pre-check=0, post-check=0 expires: Thu, 01 Jan 1970 00:00:00 GMT location: https://yourxfriend.com/P/Norway.M.flow/index.html?cep=HcYay1hgeGlyPPEVIcGfIuDKFd4z1Tg3RPOtha44qt9l4Xsat3dBW4bZvy3fd-QbPXNjcNYnW4iQxjhZgmxFFDGMF4gTdmOtvox4J_glZNVZ4wqhJVePw7cABJG-2Q0KtKXqOaOKiXJ-pcSklyr0rE-VGqfr4tzkmHVblb6PChvI80cRTEYj80Y3ThQSaIRXJkMDUjuXZd2VqfGrE4GQ2BhBySjFoidt6oi8x6zjjFk42Rtm9lkFYP44-v3rDahhsyxTn_Dv65Z-cjjAwb75H5ecqDcn7yOOGp8e6boYGqSCUXD6T01SY7tB3VFD-lp8v_1QKc4-Flv3Zl084dpxMWWBNXUNTH9SkWTS1cqCDSnHo7y18FTkunuYdKjV69qRSN5VEgN5CXLP6h7xE-U4n4QRLi6GVLXFQi7hX30Xbq5CuudqsquDaxyng40IlmfivYCIhcQZtAJcdG_2I0bgDAgRAshThkDLFfN90yRsNtAvzB7yZdDpvPEzLIo5Ku8e_Qo-WXXNjcDRPhiO-JpiGQ&lptoken=16687137660037111151 pragma: no-cache set-cookie: cep-v4=HcYay1hgeGlyPPEVIcGfIuDKFd4z1Tg3RPOtha44qt9l4Xsat3dBW4bZvy3fd-QbPXNjcNYnW4iQxjhZgmxFFDGMF4gTdmOtvox4J_glZNVZ4wqhJVePw7cABJG-2Q0KtKXqOaOKiXJ-pcSklyr0rE-VGqfr4tzkmHVblb6PChvI80cRTEYj80Y3ThQSaIRXJkMDUjuXZd2VqfGrE4GQ2BhBySjFoidt6oi8x6zjjFk42Rtm9lkFYP44-v3rDahhsyxTn_Dv65Z-cjjAwb75H5ecqDcn7yOOGp8e6boYGqSCUXD6T01SY7tB3VFD-lp8v_1QKc4-Flv3Zl084dpxMWWBNXUNTH9SkWTS1cqCDSnHo7y18FTkunuYdKjV69qRSN5VEgN5CXLP6h7xE-U4n4QRLi6GVLXFQi7hX30Xbq5CuudqsquDaxyng40IlmfivYCIhcQZtAJcdG_2I0bgDAgRAshThkDLFfN90yRsNtAvzB7yZdDpvPEzLIo5Ku8e_Qo-WXXNjcDRPhiO-JpiGQ; Max-Age=86400; Expires=Thu, 22-Dec-2022 22:31:51 GMT; Domain=phygical-questall.icu; Path=/; Secure; HttpOnly;SameSite=None X-Firefox-Spdy: h2

	r3.o.lencr.org/	23.36.77.32	200 OK	503 B
URL HTTP/1.1 r3.o.lencr.org/ IP 23.36.77.32:0 ASN #20940 Akamai International B.V. File type data Size 503 B (503 bytes) Hash b5eb8f1a5bff2f556375414710ed5b5f 377e8a5bb606ec5f02845196b65b1d450105021e 68e772eaa26b8548a0c87c9bc46311ed12bbd6d9e6cfcf89989074ff993d4dac HTTP Headers `POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 503 ETag: "68E772EAA26B8548A0C87C9BC46311ED12BBD6D9E6CFCF89989074FF993D4DAC" Last-Modified: Tue, 20 Dec 2022 05:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=13046 Expires: Thu, 22 Dec 2022 02:09:18 GMT Date: Wed, 21 Dec 2022 22:31:52 GMT Connection: keep-alive`

	r3.o.lencr.org/	23.36.77.32	200 OK	503 B
URL HTTP/1.1 r3.o.lencr.org/ IP 23.36.77.32:0 ASN #20940 Akamai International B.V. File type data Size 503 B (503 bytes) Hash db151f8790fc80bb535b13560972296a 768a8261c1529ccdd5f7ecd2f3b4e65d8e6fa0d1 36b57f1a1229e6700cef5491018a90ec4fe375a4c7bb8e3c7ac8a4cf2ad73d5a HTTP Headers `POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 503 ETag: "36B57F1A1229E6700CEF5491018A90EC4FE375A4C7BB8E3C7AC8A4CF2AD73D5A" Last-Modified: Tue, 20 Dec 2022 04:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=8547 Expires: Thu, 22 Dec 2022 00:54:19 GMT Date: Wed, 21 Dec 2022 22:31:52 GMT Connection: keep-alive`

	r3.o.lencr.org/	23.36.77.32	200 OK	503 B
URL HTTP/1.1 r3.o.lencr.org/ IP 23.36.77.32:0 ASN #20940 Akamai International B.V. File type data Size 503 B (503 bytes) Hash db151f8790fc80bb535b13560972296a 768a8261c1529ccdd5f7ecd2f3b4e65d8e6fa0d1 36b57f1a1229e6700cef5491018a90ec4fe375a4c7bb8e3c7ac8a4cf2ad73d5a HTTP Headers `POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 503 ETag: "36B57F1A1229E6700CEF5491018A90EC4FE375A4C7BB8E3C7AC8A4CF2AD73D5A" Last-Modified: Tue, 20 Dec 2022 04:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=8547 Expires: Thu, 22 Dec 2022 00:54:19 GMT Date: Wed, 21 Dec 2022 22:31:52 GMT Connection: keep-alive`

	r3.o.lencr.org/	23.36.77.32	200 OK	503 B
URL HTTP/1.1 r3.o.lencr.org/ IP 23.36.77.32:0 ASN #20940 Akamai International B.V. File type data Size 503 B (503 bytes) Hash db151f8790fc80bb535b13560972296a 768a8261c1529ccdd5f7ecd2f3b4e65d8e6fa0d1 36b57f1a1229e6700cef5491018a90ec4fe375a4c7bb8e3c7ac8a4cf2ad73d5a HTTP Headers `POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 503 ETag: "36B57F1A1229E6700CEF5491018A90EC4FE375A4C7BB8E3C7AC8A4CF2AD73D5A" Last-Modified: Tue, 20 Dec 2022 04:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=8547 Expires: Thu, 22 Dec 2022 00:54:19 GMT Date: Wed, 21 Dec 2022 22:31:52 GMT Connection: keep-alive`

	img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4d485bb-4ea0-4ca2-8687-87df55c571a9.png	34.120.237.76	200 OK	9.4 kB
URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4d485bb-4ea0-4ca2-8687-87df55c571a9.png IP 34.120.237.76:0 ASN #15169 GOOGLE File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size 9.4 kB (9428 bytes) Hash f672d451bfcdb5c6c0ce74f4578c268d 25e1714aaa27435cd939ef03a39e9f067503f807 931dbb511204474ba24283df7c65034e35046ab8e94974f697c52f09c0cbf872 HTTP Headers GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4d485bb-4ea0-4ca2-8687-87df55c571a9.png HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site HTTP/2 200 OK server: nginx content-length: 9428 x-amzn-requestid: e8a380ea-1779-47bb-8c26-0651e0333046 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: dhCrKElsIAMFRhA= x-content-type-options: nosniff x-amzn-trace-id: Root=1-63a37e47-133bc4ce28ba188d4ccea364;Sampled=0 x-amzn-remapped-date: Wed, 21 Dec 2022 21:44:39 GMT x-amz-cf-pop: HIO50-C1, SEA19-C2 x-cache: Miss from cloudfront x-amz-cf-id: rHlDJE7Gj06H2AsYLc0PghmslFpBbD9gYIKn-2SiYnDr3h_KvAv87A== via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 12a392bc3a7281f8d5d4591bfadc41fc.cloudfront.net (CloudFront), 1.1 google date: Wed, 21 Dec 2022 21:53:44 GMT etag: "25e1714aaa27435cd939ef03a39e9f067503f807" content-type: image/jpeg age: 2288 cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2

	img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1d464e4f-e4fe-49d8-b22b-0a735caa4c00.jpeg	34.120.237.76	200 OK	5.6 kB
URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1d464e4f-e4fe-49d8-b22b-0a735caa4c00.jpeg IP 34.120.237.76:0 ASN #15169 GOOGLE File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size 5.6 kB (5551 bytes) Hash 9a5db2564c7218d5e594850fc85607db de58e72eb637e849c33df0c07101ba059347296a 41c0f3d9858312e133e4e28ddb2a4b16b556f7a89d15e46038a5547408e10344 HTTP Headers GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1d464e4f-e4fe-49d8-b22b-0a735caa4c00.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site HTTP/2 200 OK server: nginx content-length: 5551 x-amzn-requestid: 77549f41-9221-46bb-b803-b65be91e4e54 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: dhBhJGE8oAMF0lQ= x-content-type-options: nosniff x-amzn-trace-id: Root=1-63a37c6d-426c8aaa1c5c29710bad2cd5;Sampled=0 x-amzn-remapped-date: Wed, 21 Dec 2022 21:36:45 GMT x-amz-cf-pop: HIO50-C1, SEA19-C2 x-cache: Hit from cloudfront x-amz-cf-id: 7impZ_cSp7ztaLbzeYSBaHUhr2qDq0ywifsQXX7EXyXM0MiqKu8aqg== via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google date: Wed, 21 Dec 2022 21:53:59 GMT age: 2273 etag: "de58e72eb637e849c33df0c07101ba059347296a" content-type: image/jpeg cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2

	img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe214af9e-bbea-4c56-8594-6c13fa8e8658.jpeg	34.120.237.76	200 OK	4.1 kB
URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe214af9e-bbea-4c56-8594-6c13fa8e8658.jpeg IP 34.120.237.76:0 ASN #15169 GOOGLE File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size 4.1 kB (4081 bytes) Hash f10f083831869d290396d5b9066449fb 9752d6ec06f3e55ae86d60d27911d8c82ff4a9c4 4a0a255f740bce3f6515b37dba1c94dfd7869088e1a2043a8ea5b3790de1fb4d HTTP Headers GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe214af9e-bbea-4c56-8594-6c13fa8e8658.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site HTTP/2 200 OK server: nginx content-length: 4081 x-amzn-requestid: b589c193-565b-4069-83f9-47cceac1c56d x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: dhCNkGykoAMF0Mg= x-content-type-options: nosniff x-amzn-trace-id: Root=1-63a37d89-74877b0e74988a776c55561f;Sampled=0 x-amzn-remapped-date: Wed, 21 Dec 2022 21:41:29 GMT x-amz-cf-pop: HIO50-C1, SEA19-C2 x-cache: Miss from cloudfront x-amz-cf-id: bAdhstYbD52w6YX3KsTt8q5nRiBJBkafqewhDw6Yj5GYmEi-ZskoXA== via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google date: Wed, 21 Dec 2022 21:53:54 GMT etag: "9752d6ec06f3e55ae86d60d27911d8c82ff4a9c4" content-type: image/jpeg age: 2278 cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2

	img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F01873799-f599-4f82-a53f-277ef7496596.jpeg	34.120.237.76	200 OK	11 kB
URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F01873799-f599-4f82-a53f-277ef7496596.jpeg IP 34.120.237.76:0 ASN #15169 GOOGLE File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size 11 kB (10977 bytes) Hash 1a690552536ccc61e7bec94d9a15042e 413ca0f3801920896cb63f55a2e77ff896b10128 4e5cf75249af308c3fe579c0b11ccb6bd3bfeee1f13229bf709df30afad835ee HTTP Headers GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F01873799-f599-4f82-a53f-277ef7496596.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site HTTP/2 200 OK server: nginx content-length: 10977 x-amzn-requestid: d4c0e7f1-8056-4a56-b37c-dd36f2b5227c x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: dhBhQFrBIAMFrxg= x-content-type-options: nosniff x-amzn-trace-id: Root=1-63a37c6e-2b85071e123524dc6c69bdea;Sampled=0 x-amzn-remapped-date: Wed, 21 Dec 2022 21:36:46 GMT x-amz-cf-pop: HIO50-C1, SEA19-C2 x-cache: Miss from cloudfront x-amz-cf-id: V5-mY-CnuJztKyXcVEfJj_FPIkG1UCNjhwCpMja_LC4IaJqcK3Tehg== via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google date: Wed, 21 Dec 2022 22:07:35 GMT age: 1457 etag: "413ca0f3801920896cb63f55a2e77ff896b10128" content-type: image/jpeg cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2

	img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fda2ee895-fc83-4df7-99f1-2bbc9cf77c8b.jpeg	34.120.237.76	200 OK	10 kB
URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fda2ee895-fc83-4df7-99f1-2bbc9cf77c8b.jpeg IP 34.120.237.76:0 ASN #15169 GOOGLE File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size 10 kB (10154 bytes) Hash b67d0976563ea9460d94e27ff920f9da f1998577eb3bc2214f195f72a8a1b4ad8aa6bc92 c7ec3c4b87b700796008690562a6033481a7ad826fb2f45875cd6add06189568 HTTP Headers GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fda2ee895-fc83-4df7-99f1-2bbc9cf77c8b.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site HTTP/2 200 OK server: nginx content-length: 10154 x-amzn-requestid: f317432b-7dda-439b-bc02-9c76412e9de1 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: ddt_DGlfoAMF5Rg= x-content-type-options: nosniff x-amzn-trace-id: Root=1-63a229f9-13a5af4c477a1019544222f4;Sampled=0 x-amzn-remapped-date: Tue, 20 Dec 2022 21:32:41 GMT x-amz-cf-pop: SEA19-C3 x-cache: Hit from cloudfront x-amz-cf-id: hmIpamyZaOLQ8eQrYQBFhpOuRUVo-QDZJHVaPq0Pv7FGpRMIOTAOmw== via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 3bb2b699cd244bf37141ea08a6a61732.cloudfront.net (CloudFront), 1.1 google date: Wed, 21 Dec 2022 21:54:39 GMT age: 2233 etag: "f1998577eb3bc2214f195f72a8a1b4ad8aa6bc92" content-type: image/jpeg cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2

	img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F468f380d-ef1e-48dd-8aff-2e9ca043f00c.jpeg	34.120.237.76	200 OK	6.9 kB
URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F468f380d-ef1e-48dd-8aff-2e9ca043f00c.jpeg IP 34.120.237.76:0 ASN #15169 GOOGLE File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size 6.9 kB (6918 bytes) Hash b58432fe5e1f5b86b136f8c19736e07b 27651671cd7e4a370924657ae957a3615e54d432 2bd4aa2ff1fdf446ee880360a929662e82feefac9be38244fb696663e67cb278 HTTP Headers GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F468f380d-ef1e-48dd-8aff-2e9ca043f00c.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site HTTP/2 200 OK server: nginx content-length: 6918 x-amzn-requestid: 28824efa-50de-474b-9c7b-a3d4b414f967 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: dhCc8GjYIAMFxqw= x-content-type-options: nosniff x-amzn-trace-id: Root=1-63a37dec-160ca3a12c5749d75899e1b6;Sampled=0 x-amzn-remapped-date: Wed, 21 Dec 2022 21:43:08 GMT x-amz-cf-pop: HIO50-C1, SEA19-C2 x-cache: Miss from cloudfront x-amz-cf-id: 8GuRAtRhSGQfa5PqKkJ0wjalSoqAopBJvkyktE8EMokRfFVcBP3mOQ== via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google date: Wed, 21 Dec 2022 21:53:44 GMT etag: "27651671cd7e4a370924657ae957a3615e54d432" content-type: image/jpeg age: 2288 cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2

	yourxfriend.com/P/Norway.M.flow/index_files/main.js.download	178.79.185.229	200 OK	164 kB
URL HTTP/2 yourxfriend.com/P/Norway.M.flow/index_files/main.js.download IP 178.79.185.229:0 ASN #63949 Linode, LLC File type ASCII text, with very long lines (568), with CRLF line terminators Size 164 kB (163772 bytes) Hash a0f4da40bd81c65d824afc106743d47f 55b2d4c57fdb017314f62ac2fe8a3e287dcadf7f e40e7cc368c897d6a3a5095fae6ccd6d9a3f88af5ef9c590f79b9fd22293ad10 HTTP Headers GET /P/Norway.M.flow/index_files/main.js.download HTTP/1.1 Host: yourxfriend.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://yourxfriend.com/P/Norway.M.flow/index.html?cep=HcYay1hgeGlyPPEVIcGfIuDKFd4z1Tg3RPOtha44qt9l4Xsat3dBW4bZvy3fd-QbPXNjcNYnW4iQxjhZgmxFFDGMF4gTdmOtvox4J_glZNVZ4wqhJVePw7cABJG-2Q0KtKXqOaOKiXJ-pcSklyr0rE-VGqfr4tzkmHVblb6PChvI80cRTEYj80Y3ThQSaIRXJkMDUjuXZd2VqfGrE4GQ2BhBySjFoidt6oi8x6zjjFk42Rtm9lkFYP44-v3rDahhsyxTn_Dv65Z-cjjAwb75H5ecqDcn7yOOGp8e6boYGqSCUXD6T01SY7tB3VFD-lp8v_1QKc4-Flv3Zl084dpxMWWBNXUNTH9SkWTS1cqCDSnHo7y18FTkunuYdKjV69qRSN5VEgN5CXLP6h7xE-U4n4QRLi6GVLXFQi7hX30Xbq5CuudqsquDaxyng40IlmfivYCIhcQZtAJcdG_2I0bgDAgRAshThkDLFfN90yRsNtAvzB7yZdDpvPEzLIo5Ku8e_Qo-WXXNjcDRPhiO-JpiGQ&lptoken=16687137660037111151 Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin TE: trailers `HTTP/2 200 OK server: nginx date: Wed, 21 Dec 2022 22:31:52 GMT content-type: application/octet-stream content-length: 163772 last-modified: Mon, 17 Jan 2022 09:16:13 GMT etag: "61e533dd-27fbc" accept-ranges: bytes X-Firefox-Spdy: h2`

	yourxfriend.com/P/Norway.M.flow/index_files/sm23.jpg	178.79.185.229	200 OK	60 kB
URL HTTP/2 yourxfriend.com/P/Norway.M.flow/index_files/sm23.jpg IP 178.79.185.229:0 ASN #63949 Linode, LLC File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "Resized on https://ezgif.com/resize", baseline, precision 8, 600x800, components 3\012- data Size 60 kB (59676 bytes) Hash ba0d2f9ad4407dd88d837f6a7d6ee318 c04728db6a0099f9c43b1711f005f4c8a765288b d9be7dd67fd0282a62e152f059d6e53368caf47fde6d32bcdab26cdca7702e82 HTTP Headers `GET /P/Norway.M.flow/index_files/sm23.jpg HTTP/1.1 Host: yourxfriend.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://yourxfriend.com/P/Norway.M.flow/index_files/stylesheet.css Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin TE: trailers` `HTTP/2 200 OK server: nginx date: Wed, 21 Dec 2022 22:31:52 GMT content-type: image/jpeg content-length: 59676 last-modified: Mon, 17 Jan 2022 09:17:12 GMT etag: "61e53418-e91c" expires: Fri, 20 Jan 2023 22:31:52 GMT cache-control: max-age=2592000 accept-ranges: bytes X-Firefox-Spdy: h2`

	yourxfriend.com/P/Norway.M.flow/index_files/favicon.png	178.79.185.229	200 OK	8.8 kB
URL HTTP/2 yourxfriend.com/P/Norway.M.flow/index_files/favicon.png IP 178.79.185.229:0 ASN #63949 Linode, LLC File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data Size 8.8 kB (8827 bytes) Hash 7414631cf8da2a42c1f442328c263463 35f945dcd0ce123d32772d7fbdc5ad03fe5399a6 840b62e05e56e59388393b1be4210e6823a9be25778d7680cd002e4ebfd9487c HTTP Headers GET /P/Norway.M.flow/index_files/favicon.png HTTP/1.1 Host: yourxfriend.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://yourxfriend.com/P/Norway.M.flow/index.html?cep=HcYay1hgeGlyPPEVIcGfIuDKFd4z1Tg3RPOtha44qt9l4Xsat3dBW4bZvy3fd-QbPXNjcNYnW4iQxjhZgmxFFDGMF4gTdmOtvox4J_glZNVZ4wqhJVePw7cABJG-2Q0KtKXqOaOKiXJ-pcSklyr0rE-VGqfr4tzkmHVblb6PChvI80cRTEYj80Y3ThQSaIRXJkMDUjuXZd2VqfGrE4GQ2BhBySjFoidt6oi8x6zjjFk42Rtm9lkFYP44-v3rDahhsyxTn_Dv65Z-cjjAwb75H5ecqDcn7yOOGp8e6boYGqSCUXD6T01SY7tB3VFD-lp8v_1QKc4-Flv3Zl084dpxMWWBNXUNTH9SkWTS1cqCDSnHo7y18FTkunuYdKjV69qRSN5VEgN5CXLP6h7xE-U4n4QRLi6GVLXFQi7hX30Xbq5CuudqsquDaxyng40IlmfivYCIhcQZtAJcdG_2I0bgDAgRAshThkDLFfN90yRsNtAvzB7yZdDpvPEzLIo5Ku8e_Qo-WXXNjcDRPhiO-JpiGQ&lptoken=16687137660037111151 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin TE: trailers `HTTP/2 200 OK server: nginx date: Wed, 21 Dec 2022 22:31:52 GMT content-type: image/png content-length: 8827 last-modified: Fri, 19 Nov 2021 12:55:45 GMT etag: "61979ed1-227b" expires: Fri, 20 Jan 2023 22:31:52 GMT cache-control: max-age=2592000 accept-ranges: bytes X-Firefox-Spdy: h2`

	alia-iso.com/zcvisitor/42a6c9d2-817f-11ed-a507-0a7407670653/c48f16c0-a519-11ec-9226-0a76dcc61f13?campaignid=6dae6980-b0ec-11ec-b11c-12beee04f19b	54.164.128.27	200 OK	0 B
URL HTTP/2 alia-iso.com/zcvisitor/42a6c9d2-817f-11ed-a507-0a7407670653/c48f16c0-a519-11ec-9226-0a76dcc61f13?campaignid=6dae6980-b0ec-11ec-b11c-12beee04f19b IP 54.164.128.27:0 ASN #14618 AMAZON-AES File type Size 0 B (0 bytes) Hash HTTP Headers GET /zcvisitor/42a6c9d2-817f-11ed-a507-0a7407670653/c48f16c0-a519-11ec-9226-0a76dcc61f13?campaignid=6dae6980-b0ec-11ec-b11c-12beee04f19b HTTP/1.1 Host: alia-iso.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: http://amourgirlz.com/ Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site HTTP/2 200 OK date: Wed, 21 Dec 2022 22:31:51 GMT content-type: text/html;charset=UTF-8 cache-control: no-store, no-cache, pre-check=0, post-check=0 content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' x-webkit-csp: default-src 'self'; script-src 'self' 'unsafe-inline' access-control-allow-origin: * access-control-allow-methods: GET,POST,OPTIONS access-control-allow-headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag server: FTCtAxdj X-Firefox-Spdy: h2

	alia-iso.com/zcredirect?visitid=42a6c9d2-817f-11ed-a507-0a7407670653&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false	54.164.128.27	200 OK	0 B
URL HTTP/2 alia-iso.com/zcredirect?visitid=42a6c9d2-817f-11ed-a507-0a7407670653&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false IP 54.164.128.27:0 ASN #14618 AMAZON-AES File type Size 0 B (0 bytes) Hash HTTP Headers GET /zcredirect?visitid=42a6c9d2-817f-11ed-a507-0a7407670653&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false HTTP/1.1 Host: alia-iso.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://alia-iso.com/zcvisitor/42a6c9d2-817f-11ed-a507-0a7407670653/c48f16c0-a519-11ec-9226-0a76dcc61f13?campaignid=6dae6980-b0ec-11ec-b11c-12beee04f19b Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: same-origin TE: trailers HTTP/2 200 OK date: Wed, 21 Dec 2022 22:31:51 GMT content-type: text/html;charset=UTF-8 cache-control: no-store, no-cache, pre-check=0, post-check=0 content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' x-webkit-csp: default-src 'self'; script-src 'self' 'unsafe-inline' access-control-allow-origin: * access-control-allow-methods: GET,POST,OPTIONS access-control-allow-headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag redirected: JS server: xdyQRBfn X-Firefox-Spdy: h2

	yourxfriend.com/P/Norway.M.flow/index.html?cep=HcYay1hgeGlyPPEVIcGfIuDKFd4z1Tg3RPOtha44qt9l4Xsat3dBW4bZvy3fd-QbPXNjcNYnW4iQxjhZgmxFFDGMF4gTdmOtvox4J_glZNVZ4wqhJVePw7cABJG-2Q0KtKXqOaOKiXJ-pcSklyr0rE-VGqfr4tzkmHVblb6PChvI80cRTEYj80Y3ThQSaIRXJkMDUjuXZd2VqfGrE4GQ2BhBySjFoidt6oi8x6zjjFk42Rtm9lkFYP44-v3rDahhsyxTn_Dv65Z-cjjAwb75H5ecqDcn7yOOGp8e6boYGqSCUXD6T01SY7tB3VFD-lp8v_1QKc4-Flv3Zl084dpxMWWBNXUNTH9SkWTS1cqCDSnHo7y18FTkunuYdKjV69qRSN5VEgN5CXLP6h7xE-U4n4QRLi6GVLXFQi7hX30Xbq5CuudqsquDaxyng40IlmfivYCIhcQZtAJcdG_2I0bgDAgRAshThkDLFfN90yRsNtAvzB7yZdDpvPEzLIo5Ku8e_Qo-WXXNjcDRPhiO-JpiGQ&lptoken=16687137660037111151	178.79.185.229	200 OK	0 B
URL HTTP/2 yourxfriend.com/P/Norway.M.flow/index.html?cep=HcYay1hgeGlyPPEVIcGfIuDKFd4z1Tg3RPOtha44qt9l4Xsat3dBW4bZvy3fd-QbPXNjcNYnW4iQxjhZgmxFFDGMF4gTdmOtvox4J_glZNVZ4wqhJVePw7cABJG-2Q0KtKXqOaOKiXJ-pcSklyr0rE-VGqfr4tzkmHVblb6PChvI80cRTEYj80Y3ThQSaIRXJkMDUjuXZd2VqfGrE4GQ2BhBySjFoidt6oi8x6zjjFk42Rtm9lkFYP44-v3rDahhsyxTn_Dv65Z-cjjAwb75H5ecqDcn7yOOGp8e6boYGqSCUXD6T01SY7tB3VFD-lp8v_1QKc4-Flv3Zl084dpxMWWBNXUNTH9SkWTS1cqCDSnHo7y18FTkunuYdKjV69qRSN5VEgN5CXLP6h7xE-U4n4QRLi6GVLXFQi7hX30Xbq5CuudqsquDaxyng40IlmfivYCIhcQZtAJcdG_2I0bgDAgRAshThkDLFfN90yRsNtAvzB7yZdDpvPEzLIo5Ku8e_Qo-WXXNjcDRPhiO-JpiGQ&lptoken=16687137660037111151 IP 178.79.185.229:0 ASN #63949 Linode, LLC File type Size 0 B (0 bytes) Hash HTTP Headers GET /P/Norway.M.flow/index.html?cep=HcYay1hgeGlyPPEVIcGfIuDKFd4z1Tg3RPOtha44qt9l4Xsat3dBW4bZvy3fd-QbPXNjcNYnW4iQxjhZgmxFFDGMF4gTdmOtvox4J_glZNVZ4wqhJVePw7cABJG-2Q0KtKXqOaOKiXJ-pcSklyr0rE-VGqfr4tzkmHVblb6PChvI80cRTEYj80Y3ThQSaIRXJkMDUjuXZd2VqfGrE4GQ2BhBySjFoidt6oi8x6zjjFk42Rtm9lkFYP44-v3rDahhsyxTn_Dv65Z-cjjAwb75H5ecqDcn7yOOGp8e6boYGqSCUXD6T01SY7tB3VFD-lp8v_1QKc4-Flv3Zl084dpxMWWBNXUNTH9SkWTS1cqCDSnHo7y18FTkunuYdKjV69qRSN5VEgN5CXLP6h7xE-U4n4QRLi6GVLXFQi7hX30Xbq5CuudqsquDaxyng40IlmfivYCIhcQZtAJcdG_2I0bgDAgRAshThkDLFfN90yRsNtAvzB7yZdDpvPEzLIo5Ku8e_Qo-WXXNjcDRPhiO-JpiGQ&lptoken=16687137660037111151 HTTP/1.1 Host: yourxfriend.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://alia-iso.com/ Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site `HTTP/2 200 OK server: nginx date: Wed, 21 Dec 2022 22:31:52 GMT content-type: text/html last-modified: Thu, 20 Jan 2022 08:18:50 GMT vary: Accept-Encoding etag: W/"61e91aea-30ea" content-encoding: gzip X-Firefox-Spdy: h2`

	yourxfriend.com/P/Norway.M.flow/index_files/stylesheet.css	178.79.185.229	200 OK	0 B
URL HTTP/2 yourxfriend.com/P/Norway.M.flow/index_files/stylesheet.css IP 178.79.185.229:0 ASN #63949 Linode, LLC File type Size 0 B (0 bytes) Hash HTTP Headers GET /P/Norway.M.flow/index_files/stylesheet.css HTTP/1.1 Host: yourxfriend.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://yourxfriend.com/P/Norway.M.flow/index.html?cep=HcYay1hgeGlyPPEVIcGfIuDKFd4z1Tg3RPOtha44qt9l4Xsat3dBW4bZvy3fd-QbPXNjcNYnW4iQxjhZgmxFFDGMF4gTdmOtvox4J_glZNVZ4wqhJVePw7cABJG-2Q0KtKXqOaOKiXJ-pcSklyr0rE-VGqfr4tzkmHVblb6PChvI80cRTEYj80Y3ThQSaIRXJkMDUjuXZd2VqfGrE4GQ2BhBySjFoidt6oi8x6zjjFk42Rtm9lkFYP44-v3rDahhsyxTn_Dv65Z-cjjAwb75H5ecqDcn7yOOGp8e6boYGqSCUXD6T01SY7tB3VFD-lp8v_1QKc4-Flv3Zl084dpxMWWBNXUNTH9SkWTS1cqCDSnHo7y18FTkunuYdKjV69qRSN5VEgN5CXLP6h7xE-U4n4QRLi6GVLXFQi7hX30Xbq5CuudqsquDaxyng40IlmfivYCIhcQZtAJcdG_2I0bgDAgRAshThkDLFfN90yRsNtAvzB7yZdDpvPEzLIo5Ku8e_Qo-WXXNjcDRPhiO-JpiGQ&lptoken=16687137660037111151 Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin TE: trailers `HTTP/2 200 OK server: nginx date: Wed, 21 Dec 2022 22:31:52 GMT content-type: text/css last-modified: Thu, 20 Jan 2022 07:28:23 GMT vary: Accept-Encoding etag: W/"61e90f17-c8e" expires: Thu, 22 Dec 2022 10:31:52 GMT cache-control: max-age=43200 content-encoding: gzip X-Firefox-Spdy: h2`

	yourxfriend.com/P/Norway.M.flow/index_files/pin.gif	178.79.185.229	200 OK	0 B
URL HTTP/2 yourxfriend.com/P/Norway.M.flow/index_files/pin.gif IP 178.79.185.229:0 ASN #63949 Linode, LLC File type Size 0 B (0 bytes) Hash HTTP Headers GET /P/Norway.M.flow/index_files/pin.gif HTTP/1.1 Host: yourxfriend.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://yourxfriend.com/P/Norway.M.flow/index.html?cep=HcYay1hgeGlyPPEVIcGfIuDKFd4z1Tg3RPOtha44qt9l4Xsat3dBW4bZvy3fd-QbPXNjcNYnW4iQxjhZgmxFFDGMF4gTdmOtvox4J_glZNVZ4wqhJVePw7cABJG-2Q0KtKXqOaOKiXJ-pcSklyr0rE-VGqfr4tzkmHVblb6PChvI80cRTEYj80Y3ThQSaIRXJkMDUjuXZd2VqfGrE4GQ2BhBySjFoidt6oi8x6zjjFk42Rtm9lkFYP44-v3rDahhsyxTn_Dv65Z-cjjAwb75H5ecqDcn7yOOGp8e6boYGqSCUXD6T01SY7tB3VFD-lp8v_1QKc4-Flv3Zl084dpxMWWBNXUNTH9SkWTS1cqCDSnHo7y18FTkunuYdKjV69qRSN5VEgN5CXLP6h7xE-U4n4QRLi6GVLXFQi7hX30Xbq5CuudqsquDaxyng40IlmfivYCIhcQZtAJcdG_2I0bgDAgRAshThkDLFfN90yRsNtAvzB7yZdDpvPEzLIo5Ku8e_Qo-WXXNjcDRPhiO-JpiGQ&lptoken=16687137660037111151 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin TE: trailers `HTTP/2 200 OK server: nginx date: Wed, 21 Dec 2022 22:31:52 GMT content-type: image/gif content-length: 124526 last-modified: Mon, 17 Jan 2022 09:16:16 GMT etag: "61e533e0-1e66e" expires: Fri, 20 Jan 2023 22:31:52 GMT cache-control: max-age=2592000 accept-ranges: bytes X-Firefox-Spdy: h2`

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (5)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (31)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type

Size