Report - metahv.xyz/worker/direct?zid=8

Report Overview

Submitted URL
metahv.xyz/worker/direct?zid=8
IP
104.21.3.235
ASN
#13335 CLOUDFLARENET
Submitted
2023-01-16 20:59:28
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
my.rtmark.net	9054	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	422 B	678 B	139.45.195.8
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	341 B	737 B	93.184.220.29
waisheph.com	74994	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.2 kB	2.5 kB	139.45.197.245
singelstodate.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	563 B	1.1 kB	68.66.228.109
www.googletagmanager.com	75	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	385 B	44 kB	142.250.74.168
tfosrv.com	65142	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	410 B	391 B	216.18.168.29
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	52.35.3.113
ocsp.sca1b.amazontrust.com	1015	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	350 B	944 B	54.230.245.100
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	57 kB	34.120.237.76
bam.nr-data.net	630	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	795 B	219 B	162.247.241.14
main.exoclick.com	33599	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.3 kB	1.3 kB	95.211.229.247
ocsp.sectigo.com	487	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	680 B	3.0 kB	104.18.32.68
js-agent.newrelic.com	378	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	375 B	9.3 kB	151.101.66.137
metahv.xyz	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	459 B	610 B	172.67.131.83
www.remembergirl.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	462 B	630 B	104.21.47.45
ocsp.godaddy.com	698	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	340 B	2.3 kB	192.124.249.36
e1.o.lencr.org	6159	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	676 B	1.5 kB	23.36.77.32
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.4 kB	8.9 kB	95.101.11.115
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	35.241.9.150
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	391 B	34.117.237.239
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	686 B	20 kB	216.58.211.3
tsyndicate.com	13042	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	904 B	1.3 kB	136.243.81.150
ads.traffichunt.com	68632	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	428 B	755 B	52.4.38.218

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-01-16	medium	www.remembergirl.com/ALL-C/index-no.htm?rdk=rk3	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (14)

	URL	Size	First Seen	Last Seen
	metahv.xyz/worker/app.js	1.4 kB	2023-03-13	2023-03-13
Pretty URL metahv.xyz/worker/app.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 01:02:43 Last Seen2023-03-13 01:02:50 Times Seen1 Hash 78ff7b9b0b29d26672ec8cb269645657 fa1f9e6c616852fae3ab66b8f5ee35e330ae78fb 57cd3b52dacf2481957e8ff0c636fc3b622f727e3ed7393090acdaee1d8a805d Loading...

	www.remembergirl.com/ALL-C/Javascript/main.7d815901029a10bbd862c4f5e3ada540.js	656 B	2023-03-07	2024-04-20
Pretty URL www.remembergirl.com/ALL-C/Javascript/main.7d815901029a10bbd862c4f5e3ada540.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:18:44 Last Seen2024-04-20 09:18:37 Times Seen869 Hash a61d704122db565646eb89e6f96e2f2b 03730a50625daef938a880ae4bb90a2c79def1e5 7d38f99686fefc6855ad62b4827d3724d08c4e77744638b5a9ab2ca1609e71db Loading...

	js-agent.newrelic.com/nr-768.min.js	23 kB	2023-03-07	2023-05-05
Pretty URL js-agent.newrelic.com/nr-768.min.js IP 151.101.66.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:18:44 Last Seen2023-05-05 23:40:16 Times Seen57 Hash b4b84a4b4f36d13ffaa93c062b2d3e17 ca58f5f83b5e8e57ecea55fa31dcba3a376776c6 d7c3f2fd93cfda0e0d1c97653f365b33676a10d53bfffa631e8d626d9d635c0c Loading...

	www.remembergirl.com/ALL-C/Javascript/error.1c4710d4434f595f8a835f40daa776b8.js	439 B	2023-03-07	2024-04-20
Pretty URL www.remembergirl.com/ALL-C/Javascript/error.1c4710d4434f595f8a835f40daa776b8.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:18:44 Last Seen2024-04-20 09:18:37 Times Seen926 Hash 214043f54f832678850fca8c5e01f3a6 30a66237b506392e073971e55aff32b53367354c b4460c164ed593fcd7f1abc940c60890bccdf25cb31761e68cef2370f4ea6416 Loading...

	www.remembergirl.com/ALL-C/Javascript/jquery.695b55bf947b588e5fad6be1acfdc1f6.js	96 kB	2023-03-07	2024-04-20
Pretty URL www.remembergirl.com/ALL-C/Javascript/jquery.695b55bf947b588e5fad6be1acfdc1f6.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:18:44 Last Seen2024-04-20 09:18:37 Times Seen1331 Hash 60710551d19f77e6496b01207365a0e4 837fcb824626afc559093c2c835f8fa064b72010 cb28bc8f8098b56206d0af5cda644951777e8d8fbc053c8ee3b88eca2bca4e3a Loading...

	waisheph.com/4/4673754/?var=ahvp_1_8	13 kB	2023-03-13	2023-03-13
Pretty URL waisheph.com/4/4673754/?var=ahvp_1_8 IP 139.45.197.245 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 01:02:43 Last Seen2023-03-13 01:02:50 Times Seen1 Hash fd209c022c453caf0e81e3c83ff8031e 78d69b928bfdc06172004b03c0bf66f8e5b50ce0 abf83c4182e511f7ac6a2fb10f7577c4131ee8f99cfa0c9e9d3c4c6bf398fdcc Loading...

	www.remembergirl.com/ALL-C/index-no.htm?rdk=rk3	282 B	2023-03-07	2024-04-20
Pretty URL www.remembergirl.com/ALL-C/index-no.htm?rdk=rk3 IP 104.21.47.45 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:18:44 Last Seen2024-04-20 09:18:37 Times Seen667 Hash fc6d88580399436c7982d85867b5626d 1a534fca040fd9ea27cc378bfdaa842c4351f02a 4215d621eefa5c805c853b12b4f6bd69a8ed583130f372507a64128ff05d7785 Loading...

	www.remembergirl.com/ALL-C/index-no.htm?rdk=rk3	334 B	2023-03-07	2024-04-20
Pretty URL www.remembergirl.com/ALL-C/index-no.htm?rdk=rk3 IP 104.21.47.45 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:18:44 Last Seen2024-04-20 09:18:37 Times Seen665 Hash 27d31884a6866c7c46de6993ef6c4252 cf66cd1517520a7aa49e821c289024c501555b7d 23715e820b1d021e8ddae0e8de03bb79b9ab5d701e7898c30b83db3ce4c14e97 Loading...

	www.remembergirl.com/ALL-C/index-no.htm?rdk=rk3	25 B	2023-03-07	2024-04-20
Pretty URL www.remembergirl.com/ALL-C/index-no.htm?rdk=rk3 IP 104.21.47.45 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:18:44 Last Seen2024-04-20 09:18:37 Times Seen667 Hash 527c16542dff022aade0b1d236538c2a 80050264540010ac514ee5e03d30f1b7dad020ca 4e64345f573a3e2a800ab5b7cd892c22f87a2090e26bb91e8dffc0ad8ddedb34 Loading...

	www.googletagmanager.com/gtm.js?id=GTM-TMR4NP	122 kB	2023-03-13	2023-03-13
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-TMR4NP IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 01:02:50 Last Seen2023-03-13 01:02:50 Times Seen1 Hash a45782f1fab45e70af729bb8f2eb7b02 2dee6ed4f22cccc11612c4e207766059002a78b7 e9b39c8673c700cac66f59d69777ac8180b2c8bb8e2da35527189c0be42882e7 Loading...

	metahv.xyz/worker/direct?zid=8	108 B	2023-03-13	2023-03-13
Pretty URL metahv.xyz/worker/direct?zid=8 IP 172.67.131.83 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 01:02:43 Last Seen2023-03-13 01:02:50 Times Seen1 Hash 7d6d9a4f917d54d00eaa00d7d2712dd6 f0b62076d3db4b722c748cda2818b465e7d4986e fcbda84529d1d37cf91088637898b29b6842895d9b9363eed815362df7778735 Loading...

	waisheph.com/4/4673754/?var=ahvp_1_8	7.6 kB	2023-03-13	2023-03-13
Pretty URL waisheph.com/4/4673754/?var=ahvp_1_8 IP 139.45.197.245 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 01:02:50 Last Seen2023-03-13 01:02:50 Times Seen1 Hash e1c5987e98bdef1a7c3abb0f4d62b4f8 f80fb7e225bb6a02abc3d899669d938b669fc91c 71a6b9507fd4909b04110b93acf6e6584c605728e02f03caa8c64bfa0b203da3 Loading...

	www.remembergirl.com/ALL-C/index-no.htm?rdk=rk3	3.3 kB	2023-03-07	2024-04-20
Pretty URL www.remembergirl.com/ALL-C/index-no.htm?rdk=rk3 IP 104.21.47.45 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:18:44 Last Seen2024-04-20 09:18:37 Times Seen675 Hash 395e7a55cb02d8c58aeaa6854639bfcd 95f166c5bab7ddca8714505091d238ac5e675775 bf5f5dbb24973305dddf3514ebad216607114d15bf0682d3e9e2eece25745dd9 Loading...

	www.remembergirl.com/ALL-C/index-no.htm?rdk=rk3	19 B	2023-03-07	2024-04-20
Pretty URL www.remembergirl.com/ALL-C/index-no.htm?rdk=rk3 IP 104.21.47.45 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11:37 Last Seen2024-04-20 16:31:35 Times Seen1057 Hash 8c224cde3b7d658749aeb97930395f6a 8c967cf6f32bcc87a44a1dbee74fc8b75f3d1a9b 76b420fe98146a6f6647792a8cf2bbc4ead5c4a33cc7bfdf1403abc7787c9edf Loading...

HTTP Transactions (46)

URL IP Response Size

e1.o.lencr.org/

23.36.77.32

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
1af1bb59989200399b322517f4408a42
d2e9d19d5996160fba2f8187c273a9cd0f135bf4
acfbf912e19f1848e6a1cf8d31af1c1786357f5400da955cafc2350baa1ca905

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "ACFBF912E19F1848E6A1CF8D31AF1C1786357F5400DA955CAFC2350BAA1CA905"
Last-Modified: Mon, 16 Jan 2023 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5245
Expires: Mon, 16 Jan 2023 22:26:42 GMT
Date: Mon, 16 Jan 2023 20:59:17 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
2258cd6b877a3aca8f4c84074e65ac4b
4e46c70941f8e497e8afc8d078644e7f81761a1c
faac4e0d123f2112b58953c104ea746cd53047fc1ada0ef5d669feecf78ddfff

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FAAC4E0D123F2112B58953C104EA746CD53047FC1ADA0EF5D669FEECF78DDFFF"
Last-Modified: Sat, 14 Jan 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15194
Expires: Tue, 17 Jan 2023 01:12:31 GMT
Date: Mon, 16 Jan 2023 20:59:17 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
405f8f149ccdf0005ca0d890c96a9cb4
64de3200cef76133dfad901d6709697d6842405e
3a10790c397a419450ac2c90b941fd20bc49af1dbaeb34678836306de8febfce

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3A10790C397A419450AC2C90B941FD20BC49AF1DBAEB34678836306DE8FEBFCE"
Last-Modified: Mon, 16 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12156
Expires: Tue, 17 Jan 2023 00:21:53 GMT
Date: Mon, 16 Jan 2023 20:59:17 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Content-Type, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 16 Jan 2023 20:49:11 GMT
content-type: application/json
age: 606
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d6e2abd68203014e8e24d4a9e20e980a
5edbbb1a36083d5077b90b82e7aa10049e90c5d6
88cf8dae194a5e92a8c36a4c54ae71a609eaaed6e99d3986b3834c40d2fceeaa

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "88CF8DAE194A5E92A8C36A4C54AE71A609EAAED6E99D3986B3834C40D2FCEEAA"
Last-Modified: Sun, 15 Jan 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13038
Expires: Tue, 17 Jan 2023 00:36:35 GMT
Date: Mon, 16 Jan 2023 20:59:17 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: 2WJta41UrWK8YR2YFiW1bcDp9L1JQ5fbjcroJZEhb4iG6DenPlrbru0DSPaxG3ex+LJiAz64c3c=
x-amz-request-id: MAE54ZW26THR6NQR
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 16 Jan 2023 20:55:58 GMT
age: 199
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

e1.o.lencr.org/

23.36.77.32

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
1af1bb59989200399b322517f4408a42
d2e9d19d5996160fba2f8187c273a9cd0f135bf4
acfbf912e19f1848e6a1cf8d31af1c1786357f5400da955cafc2350baa1ca905

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "ACFBF912E19F1848E6A1CF8D31AF1C1786357F5400DA955CAFC2350BAA1CA905"
Last-Modified: Mon, 16 Jan 2023 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5245
Expires: Mon, 16 Jan 2023 22:26:42 GMT
Date: Mon, 16 Jan 2023 20:59:17 GMT
Connection: keep-alive

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 16 Jan 2023 20:59:17 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c8e56d6d733226b1130ad284b3b59452
40a28d6c4ca3dbb49eaff0d0bdaa3347719eb2fd
fbe41024ba1dec7b152f77b9f39fc55dec8a3181104f4839991aeca759de38e4

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FBE41024BA1DEC7B152F77B9F39FC55DEC8A3181104F4839991AECA759DE38E4"
Last-Modified: Sat, 14 Jan 2023 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14432
Expires: Tue, 17 Jan 2023 00:59:50 GMT
Date: Mon, 16 Jan 2023 20:59:18 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Expires, Pragma, Content-Type, Backoff, Last-Modified, Cache-Control, ETag
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 16 Jan 2023 20:33:46 GMT
age: 1532
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
9df851d78eeaa83559a9da74bdb9adbd
558c6b67e03c39943c67acbf8a6a29af17279cb6
51f69d2eed4e988eacfb6ae5b1cba0192a9463443dfde39d2f4455b687752b7c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "51F69D2EED4E988EACFB6AE5B1CBA0192A9463443DFDE39D2F4455B687752B7C"
Last-Modified: Sat, 14 Jan 2023 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16326
Expires: Tue, 17 Jan 2023 01:31:24 GMT
Date: Mon, 16 Jan 2023 20:59:18 GMT
Connection: keep-alive

my.rtmark.net/img.gif?f=merge&userId=23684523213f42fbbc130765ef439a18

139.45.195.8

200 OK

43 B

URL HTTP/2
my.rtmark.net/img.gif?f=merge&userId=23684523213f42fbbc130765ef439a18
IP
139.45.195.8:0
ASN
#9002 RETN Limited

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

HTTP Headers

GET /img.gif?f=merge&userId=23684523213f42fbbc130765ef439a18 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://waisheph.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 16 Jan 2023 20:59:18 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=23684523213f42fbbc130765ef439a18; expires=Tue, 16 Jan 2024 20:59:18 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
d03545e1fc5a8876441094039811aac5
99fcc840f3516298625c528e9b408132f7fcbb9c
166fa7c7bb716b2cd02a47884ee00df31030dfb4b2a6fdae7b59b19f87739123

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2090
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 16 Jan 2023 20:59:18 GMT
Last-Modified: Mon, 16 Jan 2023 20:24:28 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471

waisheph.com/?z=4673754&syncedCookie=true&rhd=false

139.45.197.245

302 Found

0 B

URL HTTP/2
waisheph.com/?z=4673754&syncedCookie=true&rhd=false
IP
139.45.197.245:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /?z=4673754&syncedCookie=true&rhd=false HTTP/1.1
Host: waisheph.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 531
Origin: https://waisheph.com
Connection: keep-alive
Referer: https://waisheph.com/afu.php?zoneid=4673754&var=4673754&rid=X9ByeUB6lykvSb0mSmFbHw%3D%3D&rhd=false
Cookie: OAID=23684523213f42fbbc130765ef439a18; oaidts=1673902758
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 302 Found
server: nginx
date: Mon, 16 Jan 2023 20:59:18 GMT
content-length: 0
location: https://singelstodate.com/base.php?c=1058&key=6046ada67344cc50dff3048e759749f3&zoneid=4673754&cost=0.000450&subid=638957081369776285&banner=16100373&rdk=rk3
x-trace-id: 9f4f3ca4c0066a4d5e0f502b2ed7b4e5
link: <https://singelstodate.com>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
referrer-policy: no-referrer
access-control-allow-origin: https://waisheph.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=23684523213f42fbbc130765ef439a18; expires=Tue, 16 Jan 2024 20:59:18 GMT; path=/; secure; SameSite=None
oaidts=1673902758; expires=Tue, 16 Jan 2024 20:59:18 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Mon, 23 Jan 2023 20:59:18 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

ocsp.sectigo.com/

104.18.32.68

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
be8a410c29e3d5c50420a9e2619cbde7
225e887338cf61ade2efb0ef203d8fd45832e639
577056bfc43089c57eb79645d47fd212d5c5e7dc80c0b83364c5ebda26ac527c

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 16 Jan 2023 20:59:18 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 16 Jan 2023 02:07:08 GMT
Expires: Mon, 23 Jan 2023 02:07:07 GMT
Etag: "225e887338cf61ade2efb0ef203d8fd45832e639"
Cache-Control: max-age=536268,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 78a9c62fccfbb4f4-OSL

push.services.mozilla.com/

52.35.3.113

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.35.3.113:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: n23iZxgzMluVAxK8QU2W1g==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: T8Tls5b4pKaquFOtWCJ/05eAE6I=

singelstodate.com/base.php?c=1058&key=6046ada67344cc50dff3048e759749f3&zoneid=4673754&cost=0.000450&subid=638957081369776285&banner=16100373&rdk=rk3

68.66.228.109

302 Found

0 B

URL HTTP/2
singelstodate.com/base.php?c=1058&key=6046ada67344cc50dff3048e759749f3&zoneid=4673754&cost=0.000450&subid=638957081369776285&banner=16100373&rdk=rk3
IP
68.66.228.109:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /base.php?c=1058&key=6046ada67344cc50dff3048e759749f3&zoneid=4673754&cost=0.000450&subid=638957081369776285&banner=16100373&rdk=rk3 HTTP/1.1
Host: singelstodate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
set-cookie: PHPSESSID=ba0f6e798699fcaa25ade47ff28dbf9b; path=/; secure
cpvlabclick=OGhzajFlbDBfMTA1OF8zOTU0XzcxNjVfMTA2MTE2MzcxXzg%3D; expires=Wed, 15-Feb-2023 20:59:18 GMT; Max-Age=2592000; secure; SameSite=None
cpvlablevel=1; expires=Wed, 15-Feb-2023 20:59:18 GMT; Max-Age=2592000; secure; SameSite=None
cpvlabclicks=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; secure; SameSite=None
location: https://www.remembergirl.com/ALL-C/index-no.htm?rdk=rk3
content-type: text/html; charset=UTF-8
content-length: 0
date: Mon, 16 Jan 2023 20:59:18 GMT
server: LiteSpeed
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

20 kB

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
20 kB (19601 bytes)
Hash
af4dd71af176ef1f7784c624f89c5925
83ecc49bb670d8ad59fbbe05473eaae13f10bb4e
9a153c24cf6a27a2fc70e1054ee0ba3b15749bc68a60050dc1e2e25e10737970

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 16 Jan 2023 20:59:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googletagmanager.com/gtm.js?id=GTM-TMR4NP

142.250.74.168

200 OK

43 kB

URL HTTP/2
www.googletagmanager.com/gtm.js?id=GTM-TMR4NP
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (14188)
Size
43 kB (43215 bytes)
Hash
e7f4a1736979af44a2d277e8f854d9a8
e765c8c765c071d86f3c4d4225a01ef1bdab39d8
6ece9049f70a2102327d5599c389e06746bd5337c9530d550aac208e3f391193

HTTP Headers

GET /gtm.js?id=GTM-TMR4NP HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.remembergirl.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 16 Jan 2023 20:59:19 GMT
expires: Mon, 16 Jan 2023 20:59:19 GMT
cache-control: private, max-age=900
last-modified: Mon, 16 Jan 2023 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43215
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
6f4934ef37f04950c15313f2cdc6902d
3ed5b8439867115a06edaf046472ee8d271c33ea
3fb58a81be10df91f59e3f6ceed7d607f77409087515cf675ff0d098c482c574

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 16 Jan 2023 20:59:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

js-agent.newrelic.com/nr-768.min.js

151.101.66.137

200 OK

8.6 kB

URL HTTP/2
js-agent.newrelic.com/nr-768.min.js
IP
151.101.66.137:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (22625), with no line terminators
Size
8.6 kB (8634 bytes)
Hash
f609b011c4024aa0568283a441571094
994180dd4c0201a5d4c016a05617d344e3a30db3
e89e8dbcfbf23828890914f8ba633693f3ac5582770e16fde88bfc1baddea9aa

HTTP Headers

GET /nr-768.min.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.remembergirl.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: zLC++/GmokYCoSbs0Uz/VtHGpN56i4oZ7IzU3ct9OBPNjNlaz1MvEqRBpsKru2KeXUk1GDgNl6s=
x-amz-request-id: FQ9S44WQM5QVNKJ1
last-modified: Wed, 28 Feb 2018 23:33:43 GMT
etag: "b4b84a4b4f36d13ffaa93c062b2d3e17"
x-amz-version-id: null
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Mon, 16 Jan 2023 20:59:19 GMT
via: 1.1 varnish
x-served-by: cache-bma1633-BMA
x-cache: HIT
x-cache-hits: 16
x-timer: S1673902759.449418,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 8634
X-Firefox-Spdy: h2

ocsp.sectigo.com/

104.18.32.68

200 OK

1.6 kB

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.6 kB (1582 bytes)
Hash
6948afca252aba3c3fbd28a8e3d45d7b
4da3aafba4f1825934d8228b7c8a223ce28c832d
1929ed0ca634fbd5fe04634ff242a122ba0d94c7d97463e3a98a0a7b468ade98

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 16 Jan 2023 20:59:19 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Mon, 16 Jan 2023 19:46:41 GMT
Expires: Mon, 23 Jan 2023 19:46:40 GMT
Etag: "a3a84afa52fc94b3d4e256bc52546f314f0ed13b"
Cache-Control: max-age=599840,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 78a9c636eea1b4f4-OSL

tsyndicate.com/api/v1/retargeting/set/e61f38d1-37ba-4a3d-9474-c0d9e0d9ea70?gtmcb=1403999113

136.243.81.150

200 OK

35 B

URL HTTP/2
tsyndicate.com/api/v1/retargeting/set/e61f38d1-37ba-4a3d-9474-c0d9e0d9ea70?gtmcb=1403999113
IP
136.243.81.150:0
ASN
#24940 Hetzner Online GmbH

File type
GIF image data, version 89a, 1 x 1\012- data
Size
35 B (35 bytes)
Hash
c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

HTTP Headers

GET /api/v1/retargeting/set/e61f38d1-37ba-4a3d-9474-c0d9e0d9ea70?gtmcb=1403999113 HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.remembergirl.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 16 Jan 2023 20:59:19 GMT
content-type: text/plain; charset=utf-8
content-length: 35
pragma: no-cache
expires: 0
vary: *
x-api-version: 1
x-request-id: 17c26716f10541f0
set-cookie: ts_rt_e61f38d1-37ba-4a3d-9474-c0d9e0d9ea70=AM_QaTNGTI8YNGDMyMEwRowZAQE=; expires=Tue, 16 Jan 2024 20:59:19 GMT; path=/; HttpOnly; secure; SameSite=None
cache-control: no-cache, no-store, no-transform, must-revalidate, no-transform
x-robots-tag: none, noindex, nofollow
report-to: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
X-Firefox-Spdy: h2

tsyndicate.com/api/v1/retargeting/set/06eb0705-463f-4b96-836b-64bf3cfa8631?gtmcb=1147680014

136.243.81.150

200 OK

35 B

URL HTTP/2
tsyndicate.com/api/v1/retargeting/set/06eb0705-463f-4b96-836b-64bf3cfa8631?gtmcb=1147680014
IP
136.243.81.150:0
ASN
#24940 Hetzner Online GmbH

File type
GIF image data, version 89a, 1 x 1\012- data
Size
35 B (35 bytes)
Hash
c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

HTTP Headers

GET /api/v1/retargeting/set/06eb0705-463f-4b96-836b-64bf3cfa8631?gtmcb=1147680014 HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.remembergirl.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 16 Jan 2023 20:59:19 GMT
content-type: text/plain; charset=utf-8
content-length: 35
pragma: no-cache
expires: 0
vary: *
x-api-version: 1
x-request-id: 83f3a3fa8101169b
set-cookie: ts_rt_06eb0705-463f-4b96-836b-64bf3cfa8631=AM_QaTNGTI8YMWjcsIEDBoyEAQE=; expires=Tue, 16 Jan 2024 20:59:19 GMT; path=/; HttpOnly; secure; SameSite=None
cache-control: no-cache, no-store, no-transform, must-revalidate, no-transform
x-robots-tag: none, noindex, nofollow
report-to: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
X-Firefox-Spdy: h2

ocsp.sca1b.amazontrust.com/

54.230.245.100

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
54.230.245.100:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
0fea5c7e13b413b3a8ab04ef2f6b32bf
c61a5cdafc2f931063bba9e2f80a69765bc63518
c8bda26c6914b83daf11e70e11ff3719c028dc5c9f94e4c067b5671ebece1fd2

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Mon, 16 Jan 2023 20:59:19 GMT
Last-Modified: Mon, 16 Jan 2023 20:09:51 GMT
Server: ECS (nyb/1D10)
X-Cache: Miss from cloudfront
Via: 1.1 8ac66e1d6983a0f44cf391b1ec3b1cce.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: pDdTsnNlGKBycupQ1V_zny7H-tGUX_Ww_ZN1jcdfFs588Vpk59yNtg==
Age: 2968

ocsp.godaddy.com/

192.124.249.36

200 OK

1.8 kB

URL HTTP/1.1
ocsp.godaddy.com/
IP
192.124.249.36:0
ASN
#30148 SUCURI-SEC

File type
data
Size
1.8 kB (1777 bytes)
Hash
ec8415578cfb801c6d16f5a85b1d0dae
dd60db33425fce8886dcb45a6badd3dbb90843f3
9f76a9272685e021c5e353da5d099aa8706edc6db13cb155bbe7d3165a431ff1

HTTP Headers

POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Mon, 16 Jan 2023 20:59:19 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19036
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sun, 15 Jan 2023 23:29:17 GMT
Expires: Mon, 16 Jan 2023 23:29:17 GMT
ETag: "dd60db33425fce8886dcb45a6badd3dbb90843f3"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
6b6a65d2536cc8f99e68793ae265b595
f65e75f8419bd83e26f49def7fa2604db5f77b4d
94b31f7663e4917e8e97079202ef9fa340766f1ebfc2601360618d947f7dabc9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94B31F7663E4917E8E97079202EF9FA340766F1EBFC2601360618D947F7DABC9"
Last-Modified: Sun, 15 Jan 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8691
Expires: Mon, 16 Jan 2023 23:24:10 GMT
Date: Mon, 16 Jan 2023 20:59:19 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
6b6a65d2536cc8f99e68793ae265b595
f65e75f8419bd83e26f49def7fa2604db5f77b4d
94b31f7663e4917e8e97079202ef9fa340766f1ebfc2601360618d947f7dabc9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94B31F7663E4917E8E97079202EF9FA340766F1EBFC2601360618D947F7DABC9"
Last-Modified: Sun, 15 Jan 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8691
Expires: Mon, 16 Jan 2023 23:24:10 GMT
Date: Mon, 16 Jan 2023 20:59:19 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
6b6a65d2536cc8f99e68793ae265b595
f65e75f8419bd83e26f49def7fa2604db5f77b4d
94b31f7663e4917e8e97079202ef9fa340766f1ebfc2601360618d947f7dabc9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94B31F7663E4917E8E97079202EF9FA340766F1EBFC2601360618D947F7DABC9"
Last-Modified: Sun, 15 Jan 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16219
Expires: Tue, 17 Jan 2023 01:29:38 GMT
Date: Mon, 16 Jan 2023 20:59:19 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
6b6a65d2536cc8f99e68793ae265b595
f65e75f8419bd83e26f49def7fa2604db5f77b4d
94b31f7663e4917e8e97079202ef9fa340766f1ebfc2601360618d947f7dabc9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94B31F7663E4917E8E97079202EF9FA340766F1EBFC2601360618D947F7DABC9"
Last-Modified: Sun, 15 Jan 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16219
Expires: Tue, 17 Jan 2023 01:29:38 GMT
Date: Mon, 16 Jan 2023 20:59:19 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
6b6a65d2536cc8f99e68793ae265b595
f65e75f8419bd83e26f49def7fa2604db5f77b4d
94b31f7663e4917e8e97079202ef9fa340766f1ebfc2601360618d947f7dabc9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94B31F7663E4917E8E97079202EF9FA340766F1EBFC2601360618D947F7DABC9"
Last-Modified: Sun, 15 Jan 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16219
Expires: Tue, 17 Jan 2023 01:29:38 GMT
Date: Mon, 16 Jan 2023 20:59:19 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3456fd70-5207-41e6-abed-adbc381fd7a4.jpeg

34.120.237.76

200 OK

9.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3456fd70-5207-41e6-abed-adbc381fd7a4.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.8 kB (9801 bytes)
Hash
74ac30be02dee9dcfeee79a7dc54edff
1368d81de22ea2e4054a3e1a8f01ef337c63e35b
8abc2f276906dfb9ce75c2526d2c2cfa6aea6dbe13f4046de1040cd611cbbc1f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3456fd70-5207-41e6-abed-adbc381fd7a4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9801
x-amzn-requestid: 39d84a20-55f7-4b7c-abc4-9ac1ff100da9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eqSkoGCZoAMF1zA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c0caea-4f7a1cf676335cc83018dc51;Sampled=0
x-amzn-remapped-date: Fri, 13 Jan 2023 03:07:22 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: n-uzZFYeVcR7YP4lVhGVKFmINHUwd3kNcJIAJiRJW5maf_MqufqU8g==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Mon, 16 Jan 2023 05:42:23 GMT
age: 55016
etag: "1368d81de22ea2e4054a3e1a8f01ef337c63e35b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

bam.nr-data.net/1/bcc61c6f3d?a=6702766&pl=1673902758419&v=768.2acc9fa&to=clwKRhdcCFhVR0k3W19SEEAEHEtzdWFG&ap=10&be=692&fe=264&dc=141&f=%5B%5D&perf=%7B%22timing%22:%7B%22of%22:1673902758419,%22n%22:0,%22dl%22:679,%22di%22:827,%22ds%22:831,%22de%22:836,%22dc%22:955,%22l%22:955,%22le%22:956,%22f%22:525,%22dn%22:526,%22dne%22:527,%22c%22:527,%22ce%22:544,%22s%22:531,%22rq%22:544,%22rp%22:675,%22rpe%22:794%7D,%22navigation%22:%7B%7D%7D&jsonp=NREUM.setToken

162.247.241.14

403 Forbidden

2 B

URL HTTP/1.1
bam.nr-data.net/1/bcc61c6f3d?a=6702766&pl=1673902758419&v=768.2acc9fa&to=clwKRhdcCFhVR0k3W19SEEAEHEtzdWFG&ap=10&be=692&fe=264&dc=141&f=%5B%5D&perf=%7B%22timing%22:%7B%22of%22:1673902758419,%22n%22:0,%22dl%22:679,%22di%22:827,%22ds%22:831,%22de%22:836,%22dc%22:955,%22l%22:955,%22le%22:956,%22f%22:525,%22dn%22:526,%22dne%22:527,%22c%22:527,%22ce%22:544,%22s%22:531,%22rq%22:544,%22rp%22:675,%22rpe%22:794%7D,%22navigation%22:%7B%7D%7D&jsonp=NREUM.setToken
IP
162.247.241.14:0
ASN
#23467 NEWRELIC-AS-1

File type
JSON data\012- , ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

HTTP Headers

GET /1/bcc61c6f3d?a=6702766&pl=1673902758419&v=768.2acc9fa&to=clwKRhdcCFhVR0k3W19SEEAEHEtzdWFG&ap=10&be=692&fe=264&dc=141&f=%5B%5D&perf=%7B%22timing%22:%7B%22of%22:1673902758419,%22n%22:0,%22dl%22:679,%22di%22:827,%22ds%22:831,%22de%22:836,%22dc%22:955,%22l%22:955,%22le%22:956,%22f%22:525,%22dn%22:526,%22dne%22:527,%22c%22:527,%22ce%22:544,%22s%22:531,%22rq%22:544,%22rp%22:675,%22rpe%22:794%7D,%22navigation%22:%7B%7D%7D&jsonp=NREUM.setToken HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.remembergirl.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 403 Forbidden
Date: Mon, 16 Jan 2023 20:59:19 GMT
Content-Type: text/plain;charset=UTF-8
Content-Length: 2
Connection: keep-alive
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78a9c6395bf4fab4-OSL

34.120.237.76

200 OK

8.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa81e129b-3fb3-4b30-a6fc-04ac1926b5c8.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.0 kB (7986 bytes)
Hash
0c1d929710bbf5d3a500cff064fa28e5
f76fade4eba5e5740d1261a2bce7776719ee477f
bb0b45ede28406534c236881abe011a1b8162a1bcb4cbe61320c613fec5d0010

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa81e129b-3fb3-4b30-a6fc-04ac1926b5c8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7986
x-amzn-requestid: 366be46e-97f4-4bdc-8341-5bf87438ad86
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ezbPvEezoAMF6ng=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c47264-7eef208b3ec703b82d792537;Sampled=0
x-amzn-remapped-date: Sun, 15 Jan 2023 21:38:44 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: _cMoPRYYqsc6B6TWFkmrfDMCleAW2jWn5FXGmjay279Bf3tppH60hQ==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Sun, 15 Jan 2023 22:04:21 GMT
age: 82498
etag: "f76fade4eba5e5740d1261a2bce7776719ee477f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa2fb3ba8-a85e-42ba-b607-87ced36844b2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.8 kB (5766 bytes)
Hash
542f87ebb35e170451b610e4b700bcb1
2259cdebacc4c9f07aad838eec494863d4273ad1
85001f2cf33f3fc98d4cdcc7aef38611e34aea3a791d8acb0a5946c4619398eb

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa2fb3ba8-a85e-42ba-b607-87ced36844b2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5766
x-amzn-requestid: b6a8d7ee-ff35-4720-8d2e-ba2b8db6edfc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ezbP4GDQIAMFTSQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c47265-6022a62f69d8f938458d18a0;Sampled=0
x-amzn-remapped-date: Sun, 15 Jan 2023 21:38:45 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: YcIDYSEtEIIfGauNxD9V1tuSCAPDq9OaaAATRTOC3Sjlb-72IA0ScQ==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 15 Jan 2023 22:06:50 GMT
age: 82349
etag: "2259cdebacc4c9f07aad838eec494863d4273ad1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd986c41-5e27-40cc-8622-aeddbd283d0c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.3 kB (6273 bytes)
Hash
a7917592de9f2ddbe7d3a7fa7f3d4d62
866b04ce93a30369d7cb0a6d2155a8b10292507f
da58e1798bf0fcbfe771420a66bbf671cc84e0ca429e076fdc70bb8d73cddb18

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd986c41-5e27-40cc-8622-aeddbd283d0c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6273
x-amzn-requestid: f5d21802-91ea-44cc-aeb2-8ec9af07e1a2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ezbOyFwNIAMFZsA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c4725e-3028350e72b2ee7b6ae44f2c;Sampled=0
x-amzn-remapped-date: Sun, 15 Jan 2023 21:38:38 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 8ggqVFvybykQ-MJzU9H_L6JS9YqmLGsuaMJ34Qy7o6yoMOJOmvYsMA==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Sun, 15 Jan 2023 21:53:09 GMT
age: 83170
etag: "866b04ce93a30369d7cb0a6d2155a8b10292507f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6d821e79-af3a-4b67-a79e-90cdf9701001.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (11285 bytes)
Hash
91a664271b9042ab5a34c1259df6ab93
7ce177939ceed31dbe137996cace3f71eaab3cf4
08b872b4c8dc8d4b5e26d7c5e7985c144dcf45623737e6daf7813b2add8ab013

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6d821e79-af3a-4b67-a79e-90cdf9701001.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11285
x-amzn-requestid: 46c0b124-5916-4067-99af-2fa9812dfb2d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ev-1zHc4oAMFV6Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c311be-3ffbee9348f4351459ed0099;Sampled=0
x-amzn-remapped-date: Sat, 14 Jan 2023 20:34:06 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 8FcfGYx-mcEZzF4IoADT5iGnf0vTk2cACE4nseVdonXHBXOSno9vQw==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Mon, 16 Jan 2023 04:42:49 GMT
age: 58590
etag: "7ce177939ceed31dbe137996cace3f71eaab3cf4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcdba5086-6c46-4cc7-9087-e85f89cbe947.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
data
Size
9.4 kB (9420 bytes)
Hash
6d5b11784dcd0f03b9b6be8c69701287
19bd37e0eeec66b27ebcccf11ff42c5157b44f68
fb6ce8ae710dba1341369c7e68f382843f2744d91eb460e59a0290fe661f4311

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcdba5086-6c46-4cc7-9087-e85f89cbe947.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9176
x-amzn-requestid: 1d5746ff-7de6-4a54-87d2-d15330d1bb58
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: etlL8HiPoAMFrIg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c21be5-044d012445cf23c01cb07a89;Sampled=0
x-amzn-remapped-date: Sat, 14 Jan 2023 03:05:09 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: pfjURj_jUMCbuxIL46hNNw6BeY4YX4TDo-9Ch6R5y3CuWTyt1r3ttw==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Mon, 16 Jan 2023 03:52:01 GMT
age: 61638
etag: "10c0a66add63c868ff332022f588e65f4ac1ec15"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

main.exoclick.com/tag.php?goal=33d8e6a4225d77ae914dff110feef000&gtmcb=289221271

95.211.229.247

200 OK

20 B

URL HTTP/1.1
main.exoclick.com/tag.php?goal=33d8e6a4225d77ae914dff110feef000&gtmcb=289221271
IP
95.211.229.247:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
data
Size
20 B (20 bytes)
Hash
a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf

HTTP Headers

GET /tag.php?goal=33d8e6a4225d77ae914dff110feef000&gtmcb=289221271 HTTP/1.1
Host: main.exoclick.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.remembergirl.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 16 Jan 2023 20:59:19 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: goals=a%3A1%3A%7Bi%3A80305%3Ba%3A1%3A%7Bs%3A4%3A%22date%22%3Bs%3A10%3A%222023-01-16%22%3B%7D%7D; expires=Tue, 16 Jan 2024 20:59:19 GMT; path=/; domain=.exoclick.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip

main.exoclick.com/tag.php?goal=68831a8833a4917ff6b2c530dc3a4c1f&gtmcb=1562918055

95.211.229.247

200 OK

20 B

URL HTTP/1.1
main.exoclick.com/tag.php?goal=68831a8833a4917ff6b2c530dc3a4c1f&gtmcb=1562918055
IP
95.211.229.247:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
data
Size
20 B (20 bytes)
Hash
a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf

HTTP Headers

GET /tag.php?goal=68831a8833a4917ff6b2c530dc3a4c1f&gtmcb=1562918055 HTTP/1.1
Host: main.exoclick.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.remembergirl.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 16 Jan 2023 20:59:19 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: goals=a%3A1%3A%7Bi%3A71475%3Ba%3A1%3A%7Bs%3A4%3A%22date%22%3Bs%3A10%3A%222023-01-16%22%3B%7D%7D; expires=Tue, 16 Jan 2024 20:59:19 GMT; path=/; domain=.exoclick.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip

main.exoclick.com/tag.php?goal=5ca8b60d120434a1134c010ca6272da6&gtmcb=1497539891

95.211.229.247

200 OK

20 B

URL HTTP/1.1
main.exoclick.com/tag.php?goal=5ca8b60d120434a1134c010ca6272da6&gtmcb=1497539891
IP
95.211.229.247:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
data
Size
20 B (20 bytes)
Hash
a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf

HTTP Headers

GET /tag.php?goal=5ca8b60d120434a1134c010ca6272da6&gtmcb=1497539891 HTTP/1.1
Host: main.exoclick.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.remembergirl.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 16 Jan 2023 20:59:19 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: goals=a%3A1%3A%7Bi%3A83337%3Ba%3A1%3A%7Bs%3A4%3A%22date%22%3Bs%3A10%3A%222023-01-16%22%3B%7D%7D; expires=Tue, 16 Jan 2024 20:59:19 GMT; path=/; domain=.exoclick.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip

ads.traffichunt.com/adv_ret/?adv_pixel_id=861&nid=3&gtmcb=116040465

52.4.38.218

200 OK

0 B

URL HTTP/2
ads.traffichunt.com/adv_ret/?adv_pixel_id=861&nid=3&gtmcb=116040465
IP
52.4.38.218:0
ASN
#14618 AMAZON-AES

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /adv_ret/?adv_pixel_id=861&nid=3&gtmcb=116040465 HTTP/1.1
Host: ads.traffichunt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.remembergirl.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 16 Jan 2023 20:59:19 GMT
server: nginx
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
set-cookie: new_adx_profile_guid=0406b2e2-be72-4b69-878f-f630ed051431;Max-Age=7776000;Path=/;SameSite=None; Secure
new_3.adx_rt_0=861;Max-Age=7776000;Path=/;SameSite=None; Secure
new_3.adx_daily_rt_0=861;Max-Age=10840;Path=/;SameSite=None; Secure
new_3.adx_rt_0=861;Max-Age=7776000;Path=/;SameSite=None; Secure
3.adx_daily_rt_0=861; Max-Age=10840; Expires=Mon, 16 Jan 2023 23:59:59 GMT; Path=/
adx_profile_guid=0406b2e2-be72-4b69-878f-f630ed051431; Max-Age=7776000; Expires=Sun, 16 Apr 2023 20:59:19 GMT; Path=/
3.adx_rt_0=861; Max-Age=7776000; Expires=Sun, 16 Apr 2023 20:59:19 GMT; Path=/
X-Firefox-Spdy: h2

metahv.xyz/worker/direct?zid=8

172.67.131.83

200 OK

0 B

URL HTTP/2
metahv.xyz/worker/direct?zid=8
IP
172.67.131.83:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /worker/direct?zid=8 HTTP/1.1
Host: metahv.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
date: Mon, 16 Jan 2023 20:59:17 GMT
content-type: text/html; charset=utf-8
x-powered-by: Express
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gobPcdIvk0rqbGd%2FKnnD0a6WQzM0Xh5NDxW02A%2F1YF2TApYdpwvezeQ%2F3fBJOY%2BC0m4n%2BAgavQXi0%2FqEBWcycwzuM5YAyiZEMGsO6%2FkL2x9x3nYGloBiPEfIoJaz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78a9c62abf351c02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

waisheph.com/4/4673754/?var=ahvp_1_8

139.45.197.245

200 OK

0 B

URL HTTP/2
waisheph.com/4/4673754/?var=ahvp_1_8
IP
139.45.197.245:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /4/4673754/?var=ahvp_1_8 HTTP/1.1
Host: waisheph.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://metahv.xyz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 16 Jan 2023 20:59:18 GMT
content-type: text/html; charset=utf8
x-trace-id: 4d7a9e49fe699cdc880055ed7b6652bc
link: <https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch"
access-control-allow-credentials: true
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=23684523213f42fbbc130765ef439a18; expires=Tue, 16 Jan 2024 20:59:18 GMT; path=/; secure; SameSite=None
oaidts=1673902758; expires=Tue, 16 Jan 2024 20:59:18 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin: *, *
access-control-allow-methods: GET, POST, OPTIONS, POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Accept, Content-Type, Content-Length, Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

www.remembergirl.com/ALL-C/index-no.htm?rdk=rk3

104.21.47.45

200 OK

0 B

URL HTTP/2
www.remembergirl.com/ALL-C/index-no.htm?rdk=rk3
IP
104.21.47.45:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /ALL-C/index-no.htm?rdk=rk3 HTTP/1.1
Host: www.remembergirl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 16 Jan 2023 20:59:19 GMT
content-type: text/html
last-modified: Thu, 30 Jun 2022 09:09:18 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AjmV%2B2720Eyf33AsTt9GAfP2i6VDUXbbv%2FMYY07U5UAW2WWdyx8f4NADATTAQ468CXuy3N%2FWhDRzMD9aKVGbEY1tjnw74N6aPn6P0Unoml8ttrIJ61HsltSlbtZUqWOJu1PjfrKjyg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78a9c6338e13b4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

tfosrv.com/retargeting.js?id=981&gtmcb=1130155141

216.18.168.29

200 OK

0 B

URL HTTP/1.1
tfosrv.com/retargeting.js?id=981&gtmcb=1130155141
IP
216.18.168.29:0
ASN
#29789 REFLECTED

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /retargeting.js?id=981&gtmcb=1130155141 HTTP/1.1
Host: tfosrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.remembergirl.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
server: nginx
date: Mon, 16 Jan 2023 20:59:19 GMT
content-type: text/javascript
transfer-encoding: chunked
vary: Accept-Encoding
cache-control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
expires: 0
p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
content-encoding: gzip
x-request-id: 63C5BAA7-D812A81D01BB3027-202EBA5D

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (14)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML