Overview

URL social.medialinks.cc/files/hot_song.rar
IP37.48.65.152
ASNLeaseWeb Netherlands B.V.
Location Netherlands
Report completed2022-10-04 03:15:52 UTC
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-10-04 2 social.medialinks.cc/files/hot_song.rar Malware
mnemonic secure dns  No alerts detected
Quad9 DNS  No alerts detected


Files

No files detected



Passive DNS (16)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS social.medialinks.cc (3) 0 2020-04-10 10:42:50 UTC 2022-10-03 12:29:48 UTC 81.171.22.7 Unknown ranking
mnemonic passive DNS r3.o.lencr.org (5) 344 2020-12-02 08:52:13 UTC 2022-10-03 07:33:36 UTC 23.36.76.226
mnemonic passive DNS push.services.mozilla.com (1) 2140 2015-09-03 10:29:36 UTC 2022-10-03 09:28:24 UTC 34.212.166.60
mnemonic passive DNS ocsp.pki.goog (4) 175 2017-06-14 07:23:31 UTC 2022-10-03 07:14:52 UTC 142.250.74.3
mnemonic passive DNS img-getpocket.cdn.mozilla.net (7) 1631 2017-09-01 03:40:57 UTC 2022-10-03 14:02:45 UTC 34.120.237.76
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2020-05-27 20:08:30 UTC 2022-10-03 17:23:50 UTC 143.204.55.35
mnemonic passive DNS code.jquery.com (1) 634 2012-05-21 17:28:02 UTC 2022-10-03 09:28:27 UTC 69.16.175.10
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-10-03 08:07:24 UTC 143.204.55.35
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-10-03 09:28:24 UTC 34.117.237.239
mnemonic passive DNS ocsp.digicert.com (1) 86 2012-05-21 07:02:23 UTC 2022-10-03 20:32:42 UTC 93.184.220.29
mnemonic passive DNS example.org (1) 2333 2012-08-07 17:20:46 UTC 2022-10-03 10:14:43 UTC 93.184.216.34
mnemonic passive DNS irene-eux.com (3) 0 2022-09-21 16:06:22 UTC 2022-10-03 16:27:20 UTC 34.239.209.41 Unknown ranking
mnemonic passive DNS cartining-specute.com (1) 0 2021-01-31 23:37:43 UTC 2022-10-03 02:13:55 UTC 18.197.36.77 Unknown ranking
mnemonic passive DNS fonts.gstatic.com (1) 0 2014-08-29 13:43:22 UTC 2022-10-03 19:40:13 UTC 172.217.21.163 Domain (gstatic.com) ranked at: 540
mnemonic passive DNS flirtyhoookup.com (1) 0 2020-03-26 11:26:33 UTC 2022-10-03 02:13:55 UTC 104.21.52.165 Unknown ranking
mnemonic passive DNS fonts.googleapis.com (1) 8877 2013-06-10 20:14:26 UTC 2022-10-03 17:32:53 UTC 216.58.211.10


Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 37.48.65.152

Date UQ / IDS / BL URL IP
2022-12-06 03:57:12 +0000
0 - 0 - 1 wrrpnqa.nn.wy5532.com/ 37.48.65.152
2022-12-06 03:40:43 +0000
0 - 0 - 4 xiaoimi.com/5/login.globalsources.com.zip 37.48.65.152
2022-12-06 02:58:31 +0000
0 - 0 - 1 lkjkui.852fa.ve.wy5532.com/ 37.48.65.152
2022-12-05 20:53:14 +0000
0 - 0 - 1 wasqrlct.uu.wy5532.com/ 37.48.65.152
2022-12-05 20:41:14 +0000
0 - 0 - 1 re815f2.ic.wy5532.com/ 37.48.65.152

Last 5 reports on ASN: LeaseWeb Netherlands B.V.

Date UQ / IDS / BL URL IP
2022-12-06 10:35:48 +0000
0 - 0 - 1 wtyovak.google.wy5532.com/ 37.48.65.149
2022-12-06 10:00:15 +0000
0 - 0 - 1 weretrtrt441cf.sw.wy5532.com/ 81.171.22.6
2022-12-06 09:38:47 +0000
0 - 0 - 2 rasvetakandela.com/js/.ch/660e4be8f59ae4c3ab7 (...) 85.17.187.35
2022-12-06 09:31:02 +0000
0 - 0 - 1 gsuyffsi.nn.wy5532.com/ 37.48.65.149
2022-12-06 09:28:30 +0000
0 - 0 - 1 iuyuy.5691b.zs.wy5532.com/ 37.48.65.151

Last 5 reports on domain: medialinks.cc

Date UQ / IDS / BL URL IP
2022-11-10 11:40:44 +0000
0 - 0 - 1 social.medialinks.cc/files/scan0001.rar 81.171.22.5
2022-11-09 20:31:44 +0000
0 - 0 - 1 social.medialinks.cc/files/hot_song.rar 185.107.56.200
2022-11-09 02:37:30 +0000
0 - 0 - 5 social.medialinks.cc/files/hot_song.rar 185.107.56.199
2022-11-09 02:32:57 +0000
0 - 0 - 1 social.medialinks.cc/files/scan0001.rar 185.107.56.199
2022-11-08 11:42:39 +0000
0 - 0 - 3 social.medialinks.cc/files/hot_song.rar 81.171.22.7

Last 5 reports with similar screenshot

Date UQ / IDS / BL URL IP
2022-12-05 23:29:16 +0000
0 - 0 - 1 oilkjm.1ac08.zy.wy5532.com/ 172.93.103.100
2022-12-04 22:23:11 +0000
0 - 0 - 1 wqwqw.782ab.wq.wy5532.com/ 172.93.103.100
2022-11-30 19:34:41 +0000
0 - 0 - 1 iuyuy.50812.pt.wy5532.com/ 199.115.115.118
2022-11-29 17:37:41 +0000
0 - 0 - 1 edcvr9641.rh.wy5532.com/ 185.107.56.200
2022-11-27 14:03:02 +0000
0 - 0 - 1 lepeffee.wy5532.com/ 81.171.22.7


JavaScript

Executed Scripts (9)


Executed Evals (19)

#1 JavaScript::Eval (size: 34, repeated: 1) - SHA256: 1793bf3a5d4ab2080846499c0d7bf8b754b9a0f515ae7685f09ab7b6f0e743a2

                                        Boolean(FileSystemDirectoryHandle)
                                    

#2 JavaScript::Eval (size: 142, repeated: 1) - SHA256: 7c22b44f3ca365ec28b11ce4432231eea6de7569658bded3ac6c7b8644c51fd2

                                        let canvas2 = document.getElementById('__fhMyCanvas2');
let gl2 = canvas2.getContext('webgl');
gl2.getExtension('WEBGL_draw_buffers') !== null
                                    

#3 JavaScript::Eval (size: 51, repeated: 1) - SHA256: 3906813149363f1ecb7fe2c95126d12999e7ddd966cfb00a50e446ea4423818a

                                        ShadowRoot.prototype.hasOwnProperty('onslotchange')
                                    

#4 JavaScript::Eval (size: 44, repeated: 1) - SHA256: ef0cec074a1308361ef6b1a50fb53163d7dea6f35bfa7eaaa33d6f5cd853b4ba

                                        XRAnchorSet.prototype.hasOwnProperty('size')
                                    

#5 JavaScript::Eval (size: 90, repeated: 1) - SHA256: 6c62e1035d91781258fef8d30617f55b5692ba56617087082c68069ddd95b168

                                        window.getComputedStyle(document.getElementById('__fhTestBlock2')).flexBasis === 'content'
                                    

#6 JavaScript::Eval (size: 158, repeated: 1) - SHA256: 5fd2b7ac06f14aa445293ae600a6650f7a44e5f0b1e100e2b864221aee71fd26

                                        let abortController = new AbortController();
let signal2 = abortController.signal;
abortController.abort('test2');
typeof signal2.throwIfAborted == 'function'
                                    

#7 JavaScript::Eval (size: 57, repeated: 1) - SHA256: 93afe750f893331c7709e79b3b40b7122d4119cde3263346bdd3ad822216c2d7

                                        navigator.locks !== null && navigator.locks !== undefined
                                    

#8 JavaScript::Eval (size: 67, repeated: 1) - SHA256: 361a831d09ef76b907d6a416524915baec50c238905852e548fe0f2221a4620a

                                        typeof document.getElementById('__fhMyDialog').close === 'function'
                                    

#9 JavaScript::Eval (size: 28, repeated: 1) - SHA256: a4f48a08d01416c2784a28ba62c656e9e732761d75534f41f69892d61280fc6a

                                        Boolean(crypto.randomUUID())
                                    

#10 JavaScript::Eval (size: 38, repeated: 1) - SHA256: fe43b3c21a3b344dc633abee619610ebdbb8f1467c8a3ed3874c7c81f2ef5a86

                                        typeof self.reportError === 'function'
                                    

#11 JavaScript::Eval (size: 36, repeated: 1) - SHA256: 01c41e932bc9a6e9718861f97ad6fdb35bd4f2b699d11c479abb9788c1d52958

                                        Boolean(document.hasStorageAccess())
                                    

#12 JavaScript::Eval (size: 37, repeated: 1) - SHA256: 92a69774ed25091a7d27f3692984ca2cf78cea3e730543b9d3a867ca3701fc5d

                                        'accent-color' in document.body.style
                                    

#13 JavaScript::Eval (size: 92, repeated: 1) - SHA256: acb4db590b2797dcc50197ea1bad6bdfa76883bff09fd8ea23f0f21ae1fa0b60

                                        window.getComputedStyle(document.getElementById('__fhTestBlock')).color === 'rgb(255, 0, 0)'
                                    

#14 JavaScript::Eval (size: 42, repeated: 1) - SHA256: 420ef951a9f49fcb514fde5a2d4bd07a98cf609fba23fcdc2fc660cb2cb10524

                                        CSSCounterStyleRule.negative === undefined
                                    

#15 JavaScript::Eval (size: 25, repeated: 1) - SHA256: c0fee6b934b08df7fd5858201cc0c4127a85dc7d0c8fd8eb83d58cfcc1cac18a

                                        new Uint8Array([1]).at(0)
                                    

#16 JavaScript::Eval (size: 37, repeated: 1) - SHA256: 2d6f98223aee606d4b6ff2b57a1c847225406aa1380becd205bb685b3adf5871

                                        'aspect-ratio' in document.body.style
                                    

#17 JavaScript::Eval (size: 73, repeated: 1) - SHA256: 4339a0c1f2bef4619c2d2f4f3c90d08e012bcf418288c88da1ac89faccf36ec9

                                        typeof document.getElementById('__fhDateInput').showPicker === 'function'
                                    

#18 JavaScript::Eval (size: 24, repeated: 1) - SHA256: 2daeb3ad53fdaffdb2055a20bab28c77ea1cc1111862db83ac5e074d63a3e381

                                        Boolean(structuredClone)
                                    

#19 JavaScript::Eval (size: 33, repeated: 1) - SHA256: f543f9b1beb8bb051d13da0f873ab6801661e63d8b16b88b1af69ff098fb07c6

                                        'tab-size' in document.body.style
                                    

Executed Writes (0)



HTTP Transactions (34)


Request Response
                                        
                                            GET /files/hot_song.rar HTTP/1.1 
Host: social.medialinks.cc
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         81.171.22.7
HTTP/1.1 200 OK
content-type: text/html; charset=utf-8
                                        
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 494
date: Tue, 04 Oct 2022 03:15:41 GMT
server: nginx
set-cookie: sid=d39eeede-4392-11ed-8763-f6a8911396ff; path=/; domain=.medialinks.cc; expires=Sun, 22 Oct 2090 06:29:48 GMT; max-age=2147483647; HttpOnly


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (494), with no line terminators
Size:   494
Md5:    1f9d7397384b1bad3dc6fba0666d2872
Sha1:   7bc86ed329db1ebeb860ae802d77a0e90404d003
Sha256: e08299e306f57880c9d857c32ebd47c44d2adb423b26a767fca40615679c95a2

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.35
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Backoff, Retry-After, Content-Length
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 04 Oct 2022 02:47:04 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 76c917e0bb0ba45eb834d25d76ee125e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: NY2f1KpSPOqjPvrVuw9gY0DZY2fHJ6stYBthhvthECS4J5BHEdiS4g==
Age: 1717


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    2d12f67fe57a87e7366b662d153a5582
Sha1:   d7b02d81cc74f24a251d9363e0f4b0a149264ec1
Sha256: 73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "1F611155394FAC39439B8EC8217D8CD493D6B588D372D264E0D66C03129C50C6"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19994
Expires: Tue, 04 Oct 2022 08:48:55 GMT
Date: Tue, 04 Oct 2022 03:15:41 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.35
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Mon, 03 Oct 2022 05:28:28 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: F7QsJZgT--3DnILDy8WRo0n_2qTj5W25oLCBzwnbTEHPFHSp27-4ag==
age: 78434
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    6113f8408c59aebe188d6af273b90743
Sha1:   7398873bf00f99944eaa77ad3ebc0d43c23dba6b
Sha256: b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Tue, 04 Oct 2022 03:15:41 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: social.medialinks.cc
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://social.medialinks.cc/files/hot_song.rar
Cookie: sid=d39eeede-4392-11ed-8763-f6a8911396ff

                                         
                                         81.171.22.7
HTTP/1.1 404 Not Found
                                        
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 9
date: Tue, 04 Oct 2022 03:15:41 GMT
server: nginx


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   9
Md5:    d8f4a1993546cc4b850cde3599e27aec
Sha1:   094b763b4cfcc0b05e5d040581cd513c3ca08067
Sha256: 907ba78b4545338d3539683e63ecb51cf51c10adc9dabd86e92bd52339f298b9
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.35
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Tue, 04 Oct 2022 02:29:33 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Tue, 04 Oct 2022 03:10:58 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 e49f22f18c16784c0f42291e768d1daa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: w54jZWxQF47XB6J3zojgSQYqOXWcGmwVRhPYaKyuYp5n06E485H-Jg==
Age: 2768


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 2591
Cache-Control: 'max-age=158059'
Date: Tue, 04 Oct 2022 03:15:42 GMT
Last-Modified: Tue, 04 Oct 2022 02:32:32 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /files/hot_song.rar?js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY2NDg2MDU0MSwiaWF0IjoxNjY0ODUzMzQxLCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIyc2RidWlvYzBrM2s3OXBqOW8xcDFjZzkiLCJuYmYiOjE2NjQ4NTMzNDEsInRzIjoxNjY0ODUzMzQxMzExODU2fQ.adAc6Ed0unEyuIorhdNZlC5M3MGMTAK78_FkNR_eaXg&sid=d39eeede-4392-11ed-8763-f6a8911396ff HTTP/1.1 
Host: social.medialinks.cc
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://social.medialinks.cc/files/hot_song.rar
Cookie: sid=d39eeede-4392-11ed-8763-f6a8911396ff
Upgrade-Insecure-Requests: 1

                                         
                                         81.171.22.7
HTTP/1.1 302 Found
                                        
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 11
date: Tue, 04 Oct 2022 03:15:42 GMT
location: http://irene-eux.com/zcvisitor/d3dbd885-4392-11ed-91c9-12f6f11932a1/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=e5232290-2de1-11ed-8859-0a918cbcbb97
server: nginx
set-cookie: sid=d39eeede-4392-11ed-8763-f6a8911396ff; path=/; domain=.medialinks.cc; expires=Sun, 22 Oct 2090 06:29:49 GMT; max-age=2147483647; HttpOnly


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   11
Md5:    32682312d17c7cbf18e73594f5570319
Sha1:   60e22121bdd0bc71cdb2bae2a3aa577006b2eae9
Sha256: e55fb1a1d731153e943b68844af12dcce8bfac917c98ffdea64c80da0607dd47
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: fbhG3HR1r+9g8girJV86kA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         34.212.166.60
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: VkhrsHy+723VVtj1oq2++sieqqk=

                                        
                                            GET /zcvisitor/d3dbd885-4392-11ed-91c9-12f6f11932a1/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=e5232290-2de1-11ed-8859-0a918cbcbb97 HTTP/1.1 
Host: irene-eux.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://social.medialinks.cc/
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         34.239.209.41
HTTP/1.1 200
Content-Type: text/html;charset=UTF-8
                                        
Date: Tue, 04 Oct 2022 03:15:42 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Server: TbyJTQap


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   996
Md5:    5969704b036b1ffdd4c117a2833d048a
Sha1:   8f5e5506265cbfc392d2ddc1702adfcf8f3f8d8c
Sha256: edd4764351f82ff72bb8807a3bbbf70ee704e09415d97b4c52c7b134c0843839
                                        
                                            GET /zcredirect?visitid=d3dbd885-4392-11ed-91c9-12f6f11932a1&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false HTTP/1.1 
Host: irene-eux.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://irene-eux.com/zcvisitor/d3dbd885-4392-11ed-91c9-12f6f11932a1/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=e5232290-2de1-11ed-8859-0a918cbcbb97
Upgrade-Insecure-Requests: 1

                                         
                                         34.239.209.41
HTTP/1.1 200
Content-Type: text/html;charset=UTF-8
                                        
Date: Tue, 04 Oct 2022 03:15:42 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
redirected: JS
Server: DgZjmNUX


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (353)
Size:   792
Md5:    a31835d69c0e8bd7679812f9bbee22c3
Sha1:   e70e46bf0471adcbae7ae3996c0b3c1cb1afa33e
Sha256: 35bc4fe3d09480923b90e14863fae01492b983679b18855d0e871cfab6822789
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: irene-eux.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://irene-eux.com/zcredirect?visitid=d3dbd885-4392-11ed-91c9-12f6f11932a1&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false

                                         
                                         34.239.209.41
HTTP/1.1 404
Content-Type: text/html;charset=utf-8
                                        
Date: Tue, 04 Oct 2022 03:15:42 GMT
Content-Length: 653
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Content-Language: en
Server: tjlhIlLk


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (649), with no line terminators
Size:   653
Md5:    ba2732b1b2fa2626ffaa15f62f9e7d66
Sha1:   203d4e7fbb1d80449d6e4e1f3ae7a9bf8625debe
Sha256: 879861cb72fe9fbb476dab246021c4c83b4066327de2529e05ec54d3afb0a1c8
                                        
                                            GET /zp-redirect?target=https%3A%2F%2Fflirtyhoookup.com%2F%3Futm_source%3DgvC7WyUoREtV%26s1%3D719fbd40-273d-47b8-882f-683d1074b172%26s2%3Dwdb6hnvqe1qusbgj2j6f1n9m&caid=7410aac1-b9a3-4a71-8226-0a525667d56d&zpid=d3dbd885-4392-11ed-91c9-12f6f11932a1&cid=wdb6hnvqe1qusbgj2j6f1n9m&rt=R HTTP/1.1 
Host: cartining-specute.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://irene-eux.com/
Cookie: cc-v4=qGf135a6OADwJybVn6aesDCqWcyuyR%2FN8UiZKpN3Y06Jf81lhc0o%2Fqpd8Lnj4QMJmnmbwEa5ONNxwYewN1Am6s%2FchkpzCWIzbPOo1BfeTLIYawnfjeNv62FiuWmJVGZ1Ayt%2Fv2360rLVx%2FMOAdFHTg%3D%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         18.197.36.77
HTTP/2 302 Found
                                        
server: nginx
date: Tue, 04 Oct 2022 03:15:42 GMT
content-length: 0
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://flirtyhoookup.com/?utm_source=gvC7WyUoREtV&s1=719fbd40-273d-47b8-882f-683d1074b172&s2=wdb6hnvqe1qusbgj2j6f1n9m
pragma: no-cache
set-cookie: cc-v4=OPW4ZTg%2FiKz%2FRDHiTbTjcgjLSXYvATaPUOMG6TJsfZDnu22Ggz2H2BkB3eD25SysUjvtTXGLCBfIvDqgLjNsPimg23mdksZY6w6V799PaXxibKdeKyrm5T%2Bdf4w7aLyPJEMEaJohdgmyu3TuXVmdpQ%3D%3D; Max-Age=31536000; Expires=Wed, 04-Oct-2023 03:15:42 GMT; Domain=cartining-specute.com; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2

                                        
                                            GET /jquery-3.3.1.min.js HTTP/1.1 
Host: code.jquery.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://flirtyhoookup.com
Connection: keep-alive
Referer: https://flirtyhoookup.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         69.16.175.10
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Tue, 04 Oct 2022 03:15:43 GMT
content-encoding: gzip
content-length: 30288
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
accept-ranges: bytes
server: nginx
etag: W/"611feac9-1538f"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1664853343.dop002.sk1.t,1664853343.cds230.sk1.hn,1664853343.cds072.sk1.c
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65451)
Size:   30288
Md5:    d549b312f7a7d228b4ec229a6547dfdc
Sha1:   0766794582ad530ec0f8c2595f741086afffa312
Sha256: f6488b2915e0ceee723f4320492511d46c6ba1860d5975d085e6da8913f55f44
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 04 Oct 2022 03:15:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 04 Oct 2022 03:15:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 04 Oct 2022 03:15:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /s/montserrat/v25/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXo.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://flirtyhoookup.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         172.217.21.163
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 12708
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 29 Sep 2022 06:06:20 GMT
expires: Fri, 29 Sep 2023 06:06:20 GMT
cache-control: public, max-age=31536000
age: 421763
last-modified: Mon, 11 Jul 2022 18:55:59 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 12708, version 1.0\012- data
Size:   12708
Md5:    b4a68b1e743ee317eaaf0bbadd131571
Sha1:   f24f7823d4e3830c7cfa5bcb33733d2897c00f13
Sha256: ddc148b8a0a27b1449fda6033f4a0defac9bd43210117b50d5d7ad1eda09f394
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 04 Oct 2022 03:15:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /media.ext HTTP/1.1 
Host: example.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://flirtyhoookup.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         93.184.216.34
HTTP/2 404 Not Found
content-type: text/html; charset=UTF-8
                                        
accept-ranges: bytes
age: 572210
cache-control: max-age=604800
date: Tue, 04 Oct 2022 03:15:43 GMT
expires: Tue, 11 Oct 2022 03:15:43 GMT
last-modified: Tue, 27 Sep 2022 12:18:53 GMT
server: ECS (nyb/1D25)
vary: Accept-Encoding
x-cache: 404-HIT
content-length: 1256
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   1256
Md5:    84238dfc8092e5d9c0dac8ef93371a07
Sha1:   4a3ce8ee11e091dd7923f4d8c6e5b5e41ec7c047
Sha256: ea8fac7c65fb589b0d53560f5251f74f9e9b243478dcb6b3ea79b5e36449c8d9
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "E8E5212B8D90257F23BDB0D1D643B5E7D7528D964056C3A4A269B5E09F409F2D"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19150
Expires: Tue, 04 Oct 2022 08:34:53 GMT
Date: Tue, 04 Oct 2022 03:15:43 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "E8E5212B8D90257F23BDB0D1D643B5E7D7528D964056C3A4A269B5E09F409F2D"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19150
Expires: Tue, 04 Oct 2022 08:34:53 GMT
Date: Tue, 04 Oct 2022 03:15:43 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "E8E5212B8D90257F23BDB0D1D643B5E7D7528D964056C3A4A269B5E09F409F2D"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19150
Expires: Tue, 04 Oct 2022 08:34:53 GMT
Date: Tue, 04 Oct 2022 03:15:43 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "E8E5212B8D90257F23BDB0D1D643B5E7D7528D964056C3A4A269B5E09F409F2D"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19150
Expires: Tue, 04 Oct 2022 08:34:53 GMT
Date: Tue, 04 Oct 2022 03:15:43 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F180dee10-1cde-4fbe-8a74-62b7b3bdb1e2.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6315
x-amzn-requestid: 6aa75b16-32e4-48a7-9fb0-9e3d5528c2d5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZWSdsHUnIAMFXtw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6338cabd-742d8a436403683e0cd9368f;Sampled=0
x-amzn-remapped-date: Sat, 01 Oct 2022 23:18:21 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 5sAzc5Ewv4g6Wqq6JJiLylG3Jyy_nlWrr5Oteeo6ebEgq7Rvss4XaQ==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 04:42:51 GMT
age: 81172
etag: "58ff0bf8ce7528b303d28bab01a80ad721705569"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6315
Md5:    206fb65e75dbadf119512f71e0b78402
Sha1:   58ff0bf8ce7528b303d28bab01a80ad721705569
Sha256: 56c8d5f3b3060ee54bf81995269b86c070855d8c33bf437161339a45b309703f
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5d0984d7-fe4f-4f96-9f0f-17e0197a5cb6.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5857
x-amzn-requestid: 51f3a938-30f6-418e-970b-439bdfbb7c2b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcpHvHIAIAMF6PQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b5564-6d97d5ff3c3589ee1e900a3b;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:34:28 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: OModa8qHXEimXsJhr1DiYifYbFLgI-yMvAaKZA2SsRyU1N5CWwoVOg==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 01147dcc35d57fc0238a3c1700c13f16.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 22:16:19 GMT
age: 17964
etag: "1d90e98d3666fc8618130eac15972d3a08addf16"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5857
Md5:    78caa2bb8e856110416bc85ed2420d20
Sha1:   1d90e98d3666fc8618130eac15972d3a08addf16
Sha256: 5175905bdbcd0a325ff666148a77503f14d1922d826ad14a9c3d09846d77dff5
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5adb9dd0-c21d-4cd0-8ffd-04efc8b9dc4b.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 16247
x-amzn-requestid: b81ea53b-2591-4c86-b019-d0f1a330c1db
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcpvTHR3oAMF6eQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b5661-43713e23070d4d935033616a;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:38:41 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: s4l1Qez6weaSsAf-StBGbZb2B3YS2d53YC19MWvHVkMjJ53OCVWpOQ==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 21:56:44 GMT
age: 19139
etag: "b5103d52781a6a139cb87fbcd41757d79347bc97"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   16247
Md5:    d0bf28d3c594b68bdaff2db4a30c479a
Sha1:   b5103d52781a6a139cb87fbcd41757d79347bc97
Sha256: c9c0e66132efff0ba7fda3a5ff771a089d36b9566aac0cd3b1ccde3adc67b043
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffdb412b7-1bf6-4a48-b9f1-b171f540e434.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4151
x-amzn-requestid: f709a11e-cbea-4965-8502-94ddbd8768bb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcpvSF3YIAMFdow=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b5661-29bfa31d51e8f60b38136dba;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:38:41 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 7H1QKlOtoBoVz93G5lddxHSGiTjtMnHJCZX5FhwqhNPkspslaDoFQA==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 02d90bf99fd6253b329a53c82f19e224.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 21:57:01 GMT
age: 19122
etag: "c20f1fac9020eb4bd6c84583f73872979639b991"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4151
Md5:    24a4a122273ef9f772852031eb13114a
Sha1:   c20f1fac9020eb4bd6c84583f73872979639b991
Sha256: 8e1ffbed5f156637ed2f22e81d03f6d85eff0c28237c1639ea5f977e92ee7b70
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0bec66cf-b911-4eb8-95d6-27e5f2afb6c7.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8308
x-amzn-requestid: 3348b2e8-915a-492b-8241-89c13a21232c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcqFlFyyoAMFz_A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b56f0-2baf7ac2213c31fc384e8317;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:41:04 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: Y1H21zphqs9mIGVYHojfc-nvW35BS3nq4hunM_JmyT9mC100bXlgWw==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 ee330666adf9f04c8c30094f8ddcd004.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 21:55:46 GMT
age: 19197
etag: "4ac6c5691df804078d5da54233cf4d8e7012f9ca"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8308
Md5:    de29d0d95d22e4e246a90feed644baf0
Sha1:   4ac6c5691df804078d5da54233cf4d8e7012f9ca
Sha256: 8e34ad07e098df14f7001d1ee538479de11afa4c255006cb6e8e2207c0e50a47
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F545190f2-96f3-40f8-bd46-cebe7171aee7.webp HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9917
x-amzn-requestid: 2dff93d9-795d-4885-9b82-610b0d235a82
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcpvTGEnIAMF1zg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b5661-117afa703663ada75627792c;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:38:41 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: p5nOqBojKO6S-c_DxIu8B3p-NK0pzRHkz0DOPeyv7PQt9h0x1jdtoQ==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 1508efc4152aa1778ed4adecb328b374.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 21:55:54 GMT
age: 19189
etag: "22aab05208a01ae5def4d63dc145085630f57bcb"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   10929
Md5:    e8ebf4a5c89b4018c9cf6a3a4e965181
Sha1:   773ab5083b79a86c743a7137ef60e706da786269
Sha256: 146b1dda25a87c420833bfcd56ac90d2e2d21c9e3c7fc5f5480b5716fd870416
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962fb2a2-ad40-48cf-87a7-de082c564a5e.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8534
x-amzn-requestid: 8ae51cd3-697b-47ed-8493-8f83e2bc7469
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcpHuHlXoAMFucg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b5564-165d72034440cf810d42f3bd;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:34:28 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: LPt8LUVoKhXjfz-jZHLmnWD15tQgSLRaxl-Bsl0UU83G7wm3jj7_mg==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 ee330666adf9f04c8c30094f8ddcd004.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 22:37:24 GMT
age: 16706
etag: "2b9f6828a38da81b40dcad033572e48b4c5896db"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8534
Md5:    f2287c489794dab0e9ba923a2057988f
Sha1:   2b9f6828a38da81b40dcad033572e48b4c5896db
Sha256: e853fa2acf2425d14cb9746e8bbd45c8765598d2bb630859086b4668182dbf6c
                                        
                                            GET /?utm_source=gvC7WyUoREtV&s1=719fbd40-273d-47b8-882f-683d1074b172&s2=wdb6hnvqe1qusbgj2j6f1n9m HTTP/1.1 
Host: flirtyhoookup.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://irene-eux.com/
Connection: keep-alive
Cookie: k=SFMyNTY.g3QAAAAEbQAAAARhdW5xdAAAAAFtAAAABTMxNTQ4bQAAAAp3Z1BnYkpPSkRLbQAAAANoaWRtAAAAIm1lVU1zQnBkZlZaT1RFVEFOTHdrT3JFckdNYmZhUWxGS2FtAAAAAmhsZAADbmlsbQAAAAN1bnFtAAAADGRqaGtXb1BZUFFIWQ.iIRhWGZej8PrAYr0aDTLdF1D_-PJ31WtI_1vR3hRKzA
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         104.21.52.165
HTTP/2 200 OK
content-type: text/html; charset=utf-8
                                        
date: Tue, 04 Oct 2022 03:15:43 GMT
vary: Accept-Encoding
cache-control: max-age=0, private, must-revalidate
cross-origin-window-policy: deny
set-cookie: k=SFMyNTY.g3QAAAAHbQAAAARhdW5xdAAAAAFtAAAABTMxNTQ4bQAAAAp3T3hRb05nSkJLbQAAAANoaWRtAAAAJGJNVWFzZ1dyY3lscWhBYmVoeW92UUFHS0VsRXJiRnZnZ3Vla20AAAACaGxkAANuaWxtAAAABXN1Yl8xbQAAACQ3MTlmYmQ0MC0yNzNkLTQ3YjgtODgyZi02ODNkMTA3NGIxNzJtAAAABXN1Yl8ybQAAABh3ZGI2aG52cWUxcXVzYmdqMmo2ZjFuOW1tAAAAB3RyYWNrZXJtAAAAB25vdHJhY2ttAAAAA3VucW0AAAAMV0FoVkRtTE1iWElC.dKm-uCaN1QEkb-wniD9DZAW7K12RyVGP6D0koi4yjG0; path=/; expires=Wed, 04 Oct 2023 03:15:43 GMT; max-age=31536000
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OQ82qmK2ZL%2BiEmEuIKgfouJ8wUzqlVB2NxEn6wudJmuVxR%2BjBKf%2B8IE2Tg2nLh%2FQP7hL8ZAdgplWPCCYxR3nWibkbe35yP6KcJ5blWTdig4yhDGg8wid16m1tsYHR7d9v7VHKw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 754ac131dcc31c06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /css?family=Montserrat&subset=latin-ext HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://flirtyhoookup.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         216.58.211.10
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 04 Oct 2022 03:15:43 GMT
date: Tue, 04 Oct 2022 03:15:43 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---