Report - push-message.club/tds/clickdila?q=[PRICING_MODEL]&a=[DOMAIN]&b=[WEB_PUSH

Report Overview

Submitted URL
push-message.club/tds/clickdila?q=[PRICING_MODEL]&a=[DOMAIN]&b=[WEB_PUSH_ID]
IP
104.21.4.13
ASN
#13335 CLOUDFLARENET
Submitted
2023-03-14 09:50:32
Access
public
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
12

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-24T18:17:07Z	606 B	127 B	52.35.90.146
gomydates.com	unknown	2022-02-03T19:56:34Z	2023-03-16T00:38:24Z	8.7 kB	5.6 kB	52.59.136.14
www.googletagmanager.com	75	2013-05-22T04:07:37Z	2023-03-25T05:22:40Z	389 B	52 kB	142.250.74.40
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-25T05:09:02Z	2.4 kB	6.2 kB	23.36.76.226
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-24T18:14:23Z	782 B	2.4 kB	35.241.9.150
fonts.googleapis.com	8877	2013-06-10T22:14:26Z	2023-03-25T00:27:50Z	443 B	1.5 kB	142.250.74.106
ocsp.r2m01.amazontrust.com	unknown	2022-10-12T22:43:53Z	2023-03-25T05:09:20Z	350 B	946 B	143.204.48.16
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-24T16:33:49Z	3.2 kB	59 kB	34.120.237.76
cdn3reference.com	unknown	2022-03-18T04:16:13Z	2023-03-25T05:42:21Z	1.7 kB	136 kB	54.230.111.111
retarget2core.com	86164	2021-10-14T09:26:59Z	2023-03-25T05:42:22Z	941 B	1.1 kB	52.28.217.131
push-message.club	unknown	2021-12-21T16:05:11Z	2023-03-24T05:11:54Z	912 B	1.7 kB	104.21.4.13
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-24T18:20:20Z	413 B	5.9 kB	34.160.144.191
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-25T05:09:25Z	333 B	391 B	34.117.237.239
ocsp.r2m02.amazontrust.com	unknown	2022-10-12T16:01:39Z	2023-03-25T05:09:20Z	350 B	983 B	143.204.48.16
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-25T05:09:34Z	1.7 kB	3.5 kB	142.250.74.131

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-03-14	medium	gomydates.com/bridge/intg.js?v=8	Phishing
2023-03-14	medium	gomydates.com/bridge/ao_loader.js	Phishing
2023-03-14	medium	gomydates.com/ao.js	Phishing
2023-03-14	medium	gomydates.com/integration.js	Phishing
2023-03-14	medium	gomydates.com/bridge/frodi_data.js	Phishing
2023-03-14	medium	gomydates.com/bridge/crypto-4.1.1.js	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (12)

	URL	Size	First Seen	Last Seen
	retarget2core.com/fp/fp_ec.js	1.2 kB	2023-03-07	2023-03-29
Pretty URL retarget2core.com/fp/fp_ec.js IP 52.28.217.131 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:31:53 Last Seen2023-03-29 23:19:33 Times Seen17 Hash 6faaf5b255433abc88fbe4a547ac7784 c60ab4a050864bbd815922e5abade6d5af4333a6 7eda108904da9c98eeeeab666426197e6738b78dfd103a653897d14366e2cd20 Loading...

	gomydates.com/bridge/frodi_data.js	6.6 kB	2023-03-07	2023-12-25
Pretty URL gomydates.com/bridge/frodi_data.js IP 52.59.136.14 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:31:53 Last Seen2023-12-25 02:16:58 Times Seen154 Hash acba46edbe151b3ac5b3a3ad6adb6852 967fc6c8942a27986534f16a8a5ae2f71b0481bf 544d040fe3985f2f3f2f519c6db58110b24d23c8b13e794a988ec90a05b48658 Loading...

	gomydates.com/ao.js	5.4 kB	2023-03-10	2023-05-17
Pretty URL gomydates.com/ao.js IP 52.59.136.14 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 04:04:36 Last Seen2023-05-17 01:24:41 Times Seen176 Hash 0ece60cdd2796a56efdcb4ec7eb5f016 7c60bef96fb576bf665d522fc89a4c73e800bfc7 eeb4a4fab3f875c16469a1e65c04835d8134e06f8cb97ca723103e5c695cb374 Loading...

	gomydates.com/jump?tds_ac_id=s0624kas&tds_oid=23302&tds_cid=dba7eb98a35102d3021c13d4b2ea6f978444276f&id=23302&subid=clickdila&clickid=%7Bclickid%7D&_tgUrl=aHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzgyMTg2ODA5ZDk5NDg5NDFkM2IwZTNiZTExNzQ3ODM3P19fdD0xNjc4Nzg3NDIyODU3Jl9fbD0zNjAw&tds_host=gomydates.com&affid=9559e5a1&utm_source=intc&subid2=%7Bsubid2%7D&tds_campaign=b0506rie&dci=0a41088ca7ca3712e23fa11b311ca7926e572074&tds_ao=1&s1=ps&tds_id=b0506rie_jump_a_1601039183809	446 B	2023-03-26	2023-03-26
Pretty URL gomydates.com/jump?tds_ac_id=s0624kas&tds_oid=23302&tds_cid=dba7eb98a35102d3021c13d4b2ea6f978444276f&id=23302&subid=clickdila&clickid=%7Bclickid%7D&_tgUrl=aHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzgyMTg2ODA5ZDk5NDg5NDFkM2IwZTNiZTExNzQ3ODM3P19fdD0xNjc4Nzg3NDIyODU3Jl9fbD0zNjAw&tds_host=gomydates.com&affid=9559e5a1&utm_source=intc&subid2=%7Bsubid2%7D&tds_campaign=b0506rie&dci=0a41088ca7ca3712e23fa11b311ca7926e572074&tds_ao=1&s1=ps&tds_id=b0506rie_jump_a_1601039183809 IP 52.59.136.14 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 05:49:30 Last Seen2023-03-26 05:49:30 Times Seen1 Hash ef73eea132d65efab8a59c71ae3bfaec d86c5d1f485b78b273489c8438e289ad83ce096c 1eed5157288dd520cc8e32ae93085cd726b34ca3d0cf0154bdd2c74f167e768e Loading...

	gomydates.com/jump?tds_ac_id=s0624kas&tds_oid=23302&tds_cid=dba7eb98a35102d3021c13d4b2ea6f978444276f&id=23302&subid=clickdila&clickid=%7Bclickid%7D&_tgUrl=aHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzgyMTg2ODA5ZDk5NDg5NDFkM2IwZTNiZTExNzQ3ODM3P19fdD0xNjc4Nzg3NDIyODU3Jl9fbD0zNjAw&tds_host=gomydates.com&affid=9559e5a1&utm_source=intc&subid2=%7Bsubid2%7D&tds_campaign=b0506rie&dci=0a41088ca7ca3712e23fa11b311ca7926e572074&tds_ao=1&s1=ps&tds_id=b0506rie_jump_a_1601039183809	477 B	2023-03-07	2023-03-26
Pretty URL gomydates.com/jump?tds_ac_id=s0624kas&tds_oid=23302&tds_cid=dba7eb98a35102d3021c13d4b2ea6f978444276f&id=23302&subid=clickdila&clickid=%7Bclickid%7D&_tgUrl=aHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzgyMTg2ODA5ZDk5NDg5NDFkM2IwZTNiZTExNzQ3ODM3P19fdD0xNjc4Nzg3NDIyODU3Jl9fbD0zNjAw&tds_host=gomydates.com&affid=9559e5a1&utm_source=intc&subid2=%7Bsubid2%7D&tds_campaign=b0506rie&dci=0a41088ca7ca3712e23fa11b311ca7926e572074&tds_ao=1&s1=ps&tds_id=b0506rie_jump_a_1601039183809 IP 52.59.136.14 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:08:50 Last Seen2023-03-26 05:49:30 Times Seen3 Hash c74ff215c2fc7d225eefef477e999834 91132a96971a35163036d8c38bc31984dc1a14b2 f85068533c72e63b3bc55c0513611cb561a726db60a52280788968e88cb2049f Loading...

	unknown	0 B	2023-03-07	2024-04-26
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-26 23:54:52 Times Seen37105568 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	cdn3reference.com/js/dc_img.js?v=8	488 B	2023-03-07	2023-05-14
Pretty URL cdn3reference.com/js/dc_img.js?v=8 IP 54.230.111.111 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:31:53 Last Seen2023-05-14 11:44:44 Times Seen18 Hash 866e1e7da88eb0918114ea04e4379f40 cb9ed6b52f93bead89eb5da6d618c9b58b34a2b5 ac742d62b8d28cb2cc72fa86d6d1769ead306bd34eb3b04e712d9f32a7378c53 Loading...

	gomydates.com/bridge/crypto-4.1.1.js	49 kB	2023-03-09	2023-12-25
Pretty URL gomydates.com/bridge/crypto-4.1.1.js IP 52.59.136.14 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 11:39:21 Last Seen2023-12-25 02:16:58 Times Seen235 Hash 5da9e1942bbec006bf77d6c7f631a758 e64e1cded10ebafd61fb51eba33b171bae133e03 eab5bd35e8ce36b0d7416bc35f8627b364d8574d8dd1247d791e2e7a6c2692b2 Loading...

	gomydates.com/bridge/intg.js?v=8	269 B	2023-03-09	2023-03-29
Pretty URL gomydates.com/bridge/intg.js?v=8 IP 52.59.136.14 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 11:39:21 Last Seen2023-03-29 23:19:33 Times Seen17 Hash 8c8514ed7eae8968b59692f7897f2857 69e9f6e0625ef8bf0a4099b05f7356587e3e62be 556f2a46047c9b8dedbae5ef8c59dc7ea04ff88e76d7dcda568f1eb2dce03548 Loading...

	gomydates.com/bridge/ao_loader.js	836 B	2023-03-10	2023-12-25
Pretty URL gomydates.com/bridge/ao_loader.js IP 52.59.136.14 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 04:28:15 Last Seen2023-12-25 02:16:58 Times Seen156 Hash 05f233960b55dfe40742964902345911 e00af7d954b5032f95c32341794e0f4d73208bff d5d65364c02602f4fae5c63195607cfff433ac59d4c7d756e4a0a2e6f33ccd19 Loading...

	gomydates.com/integration.js	1.8 kB	2023-03-09	2023-04-20
Pretty URL gomydates.com/integration.js IP 52.59.136.14 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 13:05:29 Last Seen2023-04-20 15:26:48 Times Seen3 Hash 66bcd26b503929ed229726950515bcc8 1f9ce5d7ccd04f170df5781f92526ecb456fe718 ca597032bdecfc8a35f08bf596abce285d3ff6acf8b7b2f02682a1c1b25d163f Loading...

		Size	First Seen	Last Seen
	#1 Eval - ca45c42226c1d974d33ba66f5fbec226	273 B	2023-03-07	2024-04-24
Pretty Observations First Seen2023-03-07 01:31:53 Last Seen2024-04-24 09:26:55 Times Seen299 Hash ca45c42226c1d974d33ba66f5fbec226 acdf858cb51509213a6b58ea26c99788ffa9ba51 8f61ee4a89b9d76a579f5ed446960dc9aba5dad5f67f5676bc5aab5f8fe726b3 Loading...

HTTP Transactions (44)

URL IP Response Size

push-message.club/tds/clickdila?q=[PRICING_MODEL]&a=[DOMAIN]&b=[WEB_PUSH_ID]

104.21.4.13

301 Moved Permanently

0 B

URL HTTP/1.1
push-message.club/tds/clickdila?q=[PRICING_MODEL]&a=[DOMAIN]&b=[WEB_PUSH_ID]
IP
104.21.4.13:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /tds/clickdila?q=[PRICING_MODEL]&a=[DOMAIN]&b=[WEB_PUSH_ID] HTTP/1.1
Host: push-message.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Date: Tue, 14 Mar 2023 09:50:21 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Tue, 14 Mar 2023 10:50:21 GMT
Location: https://push-message.club/tds/clickdila?q=[PRICING_MODEL]&a=[DOMAIN]&b=[WEB_PUSH_ID]
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KifoIfEiR28ngndNMh3%2BHvFt%2BmvMoJ3KfQZGQ2yzbvYtQ20NTeCKSNhpf7boSjg1QjIMLEPTiOU7KeAFgY1QnBBssXM0UwQCByRblFeAI5MjX3cRTQZb%2BkrVneAuyqHjfPtgEQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7a7b9ca8ef63b515-OSL
alt-svc: h2=":443"; ma=60

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e7a9cb518d929d10c471394adc89cdfa
d609cb0d94e645141ab1372f19c014c1b00b83af
200db48dd5e87cba8dc962e8981f72def9c12e21d5a417361c4f77425e55597a

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "200DB48DD5E87CBA8DC962E8981F72DEF9C12E21D5A417361C4F77425E55597A"
Last-Modified: Sun, 12 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2465
Expires: Tue, 14 Mar 2023 10:31:26 GMT
Date: Tue, 14 Mar 2023 09:50:21 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
234b80a5a27f3d377e322e680413479d
3da8ba535ec19898f5b83ece48cd4038ac2bf557
370104df5dd8f739601a4be42ae41bb92f365dcf585823a3c14733f7c394e926

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "370104DF5DD8F739601A4BE42AE41BB92F365DCF585823A3C14733F7C394E926"
Last-Modified: Sun, 12 Mar 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12091
Expires: Tue, 14 Mar 2023 13:11:52 GMT
Date: Tue, 14 Mar 2023 09:50:21 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
7f03faaba3392caae6dae54467bfdf6d
57ea1f14e8bfbcca8190c706d708c9fda12442c1
02ac551ba61fcbc6b04f244df065948b181a8a258db5c2e197aae66fdfcea8ee

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Backoff, Retry-After, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 14 Mar 2023 09:09:22 GMT
content-type: application/json
age: 2459
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8b1778005daa3ea807573992adbd0452
4cf2aaf44073506371c1e21970a18b9eab00622f
5f74233b9cc53b0ba6149fce51f6b31c2edb892b0a95b48e66b15ee9f59525ad

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5F74233B9CC53B0BA6149FCE51F6B31C2EDB892B0A95B48E66B15EE9F59525AD"
Last-Modified: Sun, 12 Mar 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20846
Expires: Tue, 14 Mar 2023 15:37:47 GMT
Date: Tue, 14 Mar 2023 09:50:21 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
b5ba6334e73496995e3e3a9ecd0eb323
ad80d3b7718c28364e8c2004fb38a13a1747e462
aa5abb52515c6383c014aadb63a86c9f798ad64de53c0218616c1fc6d424d2e2

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: +UX1qlrFjxoApwNUGO2kLC4CMjUfJlY3SGMFYDerFNz/8Nzd4UJwLQzVL3eT1ehrv+izwSEOSfw=
x-amz-request-id: V8NV5TN70QM2C2YF
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 14 Mar 2023 09:46:45 GMT
age: 216
last-modified: Sat, 18 Feb 2023 20:28:27 GMT
etag: "b5ba6334e73496995e3e3a9ecd0eb323"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 14 Mar 2023 09:50:21 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, ETag, Backoff, Expires, Alert, Pragma, Cache-Control, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 14 Mar 2023 09:12:32 GMT
age: 2270
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b426c61dbf49129b0554669c6666e025
6b329663868aac72e296a4c594d46b542f7003e7
6349d43a437729d91c0739616283458cbc123bd6d056522f68cd48b89364ea95

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6349D43A437729D91C0739616283458CBC123BD6D056522F68CD48B89364EA95"
Last-Modified: Sun, 12 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20809
Expires: Tue, 14 Mar 2023 15:37:11 GMT
Date: Tue, 14 Mar 2023 09:50:22 GMT
Connection: keep-alive

ocsp.r2m02.amazontrust.com/

143.204.48.16

200 OK

471 B

URL HTTP/1.1
ocsp.r2m02.amazontrust.com/
IP
143.204.48.16:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
81d007b72f896be1bd4260b5c184c00b
6c6d649340cfcae968eb1d735b0197b83df95442
681a3859ba7845d1e2413a986aaf326599020aaf1f742d779597fa80fe9a4e80

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m02.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=99244
Date: Tue, 14 Mar 2023 09:50:22 GMT
Etag: "640f240a-1d7"
Expires: Wed, 15 Mar 2023 13:24:26 GMT
Last-Modified: Mon, 13 Mar 2023 13:24:26 GMT
Server: nginx
X-Cache: Miss from cloudfront
Via: 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: u3CVqCnOp4jzjpdgK-T73Fqvk7ma6HG5M2eyq000Q19J_VUrS_c4xw==

push.services.mozilla.com/

52.35.90.146

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.35.90.146:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: ncXUwJzG3dL/YJ8AFph3ww==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: KtxnzoT+gcpINP9u0wsDgzLnCjs=

gomydates.com/bridge/intg.js?v=8

52.59.136.14

200 OK

269 B

URL HTTP/2
gomydates.com/bridge/intg.js?v=8
IP
52.59.136.14:0
ASN
#16509 AMAZON-02

File type
ASCII text
Size
269 B (269 bytes)
Hash
8c8514ed7eae8968b59692f7897f2857
69e9f6e0625ef8bf0a4099b05f7356587e3e62be
556f2a46047c9b8dedbae5ef8c59dc7ea04ff88e76d7dcda568f1eb2dce03548

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /bridge/intg.js?v=8 HTTP/1.1
Host: gomydates.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gomydates.com/jump?tds_ac_id=s0624kas&tds_oid=23302&tds_cid=dba7eb98a35102d3021c13d4b2ea6f978444276f&id=23302&subid=clickdila&clickid=%7Bclickid%7D&_tgUrl=aHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzgyMTg2ODA5ZDk5NDg5NDFkM2IwZTNiZTExNzQ3ODM3P19fdD0xNjc4Nzg3NDIyODU3Jl9fbD0zNjAw&tds_host=gomydates.com&affid=9559e5a1&utm_source=intc&subid2=%7Bsubid2%7D&tds_campaign=b0506rie&dci=0a41088ca7ca3712e23fa11b311ca7926e572074&tds_ao=1&s1=ps&tds_id=b0506rie_jump_a_1601039183809
Cookie: dci=0a41088ca7ca3712e23fa11b311ca7926e572074; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 14 Mar 2023 09:50:23 GMT
content-type: application/javascript; charset=UTF-8
content-length: 269
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
x-robots-tag: noindex
accept-ranges: bytes
cache-control: public, max-age=3600
last-modified: Wed, 08 Mar 2023 12:25:14 GMT
etag: W/"10d-186c12ec810"
vary: Accept-Encoding
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
da1c71ebaa9b47c2152bfd09c8906233
6a59f9eb7d15bcb6a23448c2c1b0e3d5fc834c6c
678690297e67d412845e35343d3caca656775876764ec0ca10dd7b2e53f59421

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 14 Mar 2023 09:50:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

gomydates.com/bridge/ao_loader.js

52.59.136.14

200 OK

836 B

URL HTTP/2
gomydates.com/bridge/ao_loader.js
IP
52.59.136.14:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (835)
Size
836 B (836 bytes)
Hash
05f233960b55dfe40742964902345911
e00af7d954b5032f95c32341794e0f4d73208bff
d5d65364c02602f4fae5c63195607cfff433ac59d4c7d756e4a0a2e6f33ccd19

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /bridge/ao_loader.js HTTP/1.1
Host: gomydates.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gomydates.com/jump?tds_ac_id=s0624kas&tds_oid=23302&tds_cid=dba7eb98a35102d3021c13d4b2ea6f978444276f&id=23302&subid=clickdila&clickid=%7Bclickid%7D&_tgUrl=aHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzgyMTg2ODA5ZDk5NDg5NDFkM2IwZTNiZTExNzQ3ODM3P19fdD0xNjc4Nzg3NDIyODU3Jl9fbD0zNjAw&tds_host=gomydates.com&affid=9559e5a1&utm_source=intc&subid2=%7Bsubid2%7D&tds_campaign=b0506rie&dci=0a41088ca7ca3712e23fa11b311ca7926e572074&tds_ao=1&s1=ps&tds_id=b0506rie_jump_a_1601039183809
Cookie: dci=0a41088ca7ca3712e23fa11b311ca7926e572074; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 14 Mar 2023 09:50:23 GMT
content-type: application/javascript; charset=UTF-8
content-length: 836
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
x-robots-tag: noindex
accept-ranges: bytes
cache-control: public, max-age=3600
last-modified: Wed, 08 Mar 2023 12:25:14 GMT
etag: W/"344-186c12ec810"
vary: Accept-Encoding
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Lato:400,900,300%27%20rel=%27stylesheet%27%20type=%27text/css%27

142.250.74.106

200 OK

859 B

URL HTTP/2
fonts.googleapis.com/css?family=Lato:400,900,300%27%20rel=%27stylesheet%27%20type=%27text/css%27
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type
data
Size
859 B (859 bytes)
Hash
dd8fbad4cc319741f362006f86762336
7d0f73fac48b0ea574615b2c30287834f9638487
b9a4da4bdc063502ff80eaaf1419c90fea5177a9524c50fab6e1aef99400bd19

HTTP Headers

GET /css?family=Lato:400,900,300%27%20rel=%27stylesheet%27%20type=%27text/css%27 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gomydates.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 14 Mar 2023 09:50:23 GMT
date: Tue, 14 Mar 2023 09:50:23 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
bd967363f74a8fd54e6a8be3c06d7d9b
0f5808ff6d3c5522799409df1881ec789f3bcf50
60ca12a72c4fdb3cd34db9c77a5b760d0976ba38c459c1c78be32075d26244bd

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 14 Mar 2023 09:50:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
1ab1166f7bff55b1cdb91995994a1bc5
ef8a50c62d70d195fcca8c3a4e2905b97a9b41c5
fc8701a961e1c852a157cdf72915c968d7768b8f4273839bec64d3265147b745

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 14 Mar 2023 09:50:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googletagmanager.com/gtm.js?id=GTM-KMSJRW&l=adsLayer

142.250.74.40

200 OK

51 kB

URL HTTP/2
www.googletagmanager.com/gtm.js?id=GTM-KMSJRW&l=adsLayer
IP
142.250.74.40:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (4073)
Size
51 kB (50942 bytes)
Hash
8bb4a15bbdcbaff35517b3755f6cccce
f0c5d15dc42fc497942cf4e435d732936c7a8bdd
824911f61524b08e2eb2df6ebb98767d75082ba6309569c7dc3cd20985ab1905

HTTP Headers

GET /gtm.js?id=GTM-KMSJRW&l=adsLayer HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gomydates.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 14 Mar 2023 09:50:23 GMT
expires: Tue, 14 Mar 2023 09:50:23 GMT
cache-control: private, max-age=900
last-modified: Tue, 14 Mar 2023 09:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 50942
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
bd967363f74a8fd54e6a8be3c06d7d9b
0f5808ff6d3c5522799409df1881ec789f3bcf50
60ca12a72c4fdb3cd34db9c77a5b760d0976ba38c459c1c78be32075d26244bd

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 14 Mar 2023 09:50:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
1ab1166f7bff55b1cdb91995994a1bc5
ef8a50c62d70d195fcca8c3a4e2905b97a9b41c5
fc8701a961e1c852a157cdf72915c968d7768b8f4273839bec64d3265147b745

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 14 Mar 2023 09:50:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8bd8586a0a52f516ac521f2a3752b049
3cfd233164ae5350f2fb61250641b70e788cf58a
8783e071c3f60fbca2bba5260b55a41f1035e150ffd94a66ff6a102ff2bc6783

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8783E071C3F60FBCA2BBA5260B55A41F1035E150FFD94A66FF6A102FF2BC6783"
Last-Modified: Tue, 14 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14058
Expires: Tue, 14 Mar 2023 13:44:42 GMT
Date: Tue, 14 Mar 2023 09:50:24 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8bd8586a0a52f516ac521f2a3752b049
3cfd233164ae5350f2fb61250641b70e788cf58a
8783e071c3f60fbca2bba5260b55a41f1035e150ffd94a66ff6a102ff2bc6783

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8783E071C3F60FBCA2BBA5260B55A41F1035E150FFD94A66FF6A102FF2BC6783"
Last-Modified: Tue, 14 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14058
Expires: Tue, 14 Mar 2023 13:44:42 GMT
Date: Tue, 14 Mar 2023 09:50:24 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8bd8586a0a52f516ac521f2a3752b049
3cfd233164ae5350f2fb61250641b70e788cf58a
8783e071c3f60fbca2bba5260b55a41f1035e150ffd94a66ff6a102ff2bc6783

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8783E071C3F60FBCA2BBA5260B55A41F1035E150FFD94A66FF6A102FF2BC6783"
Last-Modified: Tue, 14 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14058
Expires: Tue, 14 Mar 2023 13:44:42 GMT
Date: Tue, 14 Mar 2023 09:50:24 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F87df4bcd-c6cd-4a0c-a9f5-dffb7f36d2e4.jpeg

34.120.237.76

200 OK

8.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F87df4bcd-c6cd-4a0c-a9f5-dffb7f36d2e4.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.5 kB (8487 bytes)
Hash
be71491cee9b47dc3ffb23b4fdff25b3
79c7d22c8df6d305f46c5779ccb9f25169d4d111
e785896e5840fb901ddd0118bef3ccad6b59a96d8eef0e8ccd9c95a3c261ba45

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F87df4bcd-c6cd-4a0c-a9f5-dffb7f36d2e4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8487
x-amzn-requestid: 92381f1a-0140-47e9-a971-594a7de36c3c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BkEcBGizoAMFgOA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640b1ab3-1a54b65a5d7083e62dcb85ab;Sampled=0
x-amzn-remapped-date: Fri, 10 Mar 2023 11:55:31 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: w_13YsBBteASlPvTrgLhnI-QiuUjEcR9q-bADLbCRl6B-uwcPS3TQA==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 c5c7edc18be1805f007e0576da02e554.cloudfront.net (CloudFront), 1.1 google
date: Mon, 13 Mar 2023 22:59:58 GMT
age: 39026
etag: "79c7d22c8df6d305f46c5779ccb9f25169d4d111"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc20f2b31-8a32-4e66-bba7-e76e1c14f5ce.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.1 kB (8091 bytes)
Hash
dd8a4e29260d209803408596cb286f8f
20f6796c0c7064542cc8eefe138076d16d66e8d8
54a328e054b23ddbf531b69a7c5bb817704c0dd98bc7625c9571df19df982a17

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc20f2b31-8a32-4e66-bba7-e76e1c14f5ce.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8091
x-amzn-requestid: 7e6e055a-de20-4f2f-8f76-2fe57747ed08
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BvSgDFEMoAMFXIg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640f9799-1e932e3a10bd39d630310c65;Sampled=0
x-amzn-remapped-date: Mon, 13 Mar 2023 21:37:29 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: 8PtI7M0lBQx0BzzkLgbxlRJU-tGNlPtAI-lv-8TLbh7XKMbMOAAw9Q==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 ea699166e6ec77aa410ff505b0a8ce18.cloudfront.net (CloudFront), 1.1 google
date: Mon, 13 Mar 2023 21:48:49 GMT
age: 43295
etag: "20f6796c0c7064542cc8eefe138076d16d66e8d8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F26521ff6-85cb-4f66-a570-c1c161a5b9f5.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.2 kB (9203 bytes)
Hash
93e1b34f4dbbd7b8215af242107281df
91fd7a5a7a2e805cb355705e2fb1e0b91401db0b
e1bd756029248ccd01f1ac240a4a07a2f15e15d6624a6a660a9126767dd6056a

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F26521ff6-85cb-4f66-a570-c1c161a5b9f5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9203
x-amzn-requestid: 53d1e94f-178f-449d-820e-20db4c52d766
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BvSgFE7foAMFdcA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640f9799-23789aa8567f8c661bea3fb4;Sampled=0
x-amzn-remapped-date: Mon, 13 Mar 2023 21:37:29 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: xSuHAVm51P01HQ6m14PMrGXKy79d1G6Q7rb0BKFox1Tk5SCcsF0v0w==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 1d000d0dfe9d69b4983f619fdc5499d6.cloudfront.net (CloudFront), 1.1 google
date: Mon, 13 Mar 2023 22:05:15 GMT
age: 42309
etag: "91fd7a5a7a2e805cb355705e2fb1e0b91401db0b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F96e84919-82a6-462c-89aa-5dfd62b065b1.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.6 kB (6598 bytes)
Hash
60ae6be476f64653385ee775c2ba5460
4ebff6ea6c7104f16db08ac1e13af5c4d9ecab71
c3a75d6b8f755e734ecc6fcfb5229cb47f7a4d9a6bcdbae6693da0e94b03cafc

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F96e84919-82a6-462c-89aa-5dfd62b065b1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6598
x-amzn-requestid: 0b194caa-137d-4f93-8a7b-26cb05bfa3a2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BvSpAEHZIAMFedA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640f97d2-2e4dd06a76e1184a2b39188f;Sampled=0
x-amzn-remapped-date: Mon, 13 Mar 2023 21:38:26 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: 1aOuS98SlIgqTJys-TCvzgzDhFobCcNpP9C_-QSI1Y_IwA1x13KpUA==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 548adcda884eed02304ba5d6a1d7f514.cloudfront.net (CloudFront), 1.1 google
date: Mon, 13 Mar 2023 21:48:49 GMT
etag: "4ebff6ea6c7104f16db08ac1e13af5c4d9ecab71"
content-type: image/jpeg
age: 43295
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F07347a5f-4c35-4f53-a77d-4ca5883b42b1.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.8 kB (8798 bytes)
Hash
d7576ea71a52cc84be114c4ca5c1a101
ba18fe39a596c12cafa2aaaa16c65061a4ecb55f
6d1171e21c14d5827c495ab63d2fd14f573aad8cfdfa45b81e646052cb8d819d

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F07347a5f-4c35-4f53-a77d-4ca5883b42b1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8798
x-amzn-requestid: a76ce81a-fe2c-4fb5-89f5-8a466ee83256
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BvSwnG0sIAMFmFQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640f9803-2af4e3026224b91f556feec3;Sampled=0
x-amzn-remapped-date: Mon, 13 Mar 2023 21:39:15 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: UkD87MvAJrPqVef87nqeb9gRC5i1lsKB4A7qeYBFrK0QQnDFe3a-Vw==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 6af3b573d8970d5db2a4d03354335b84.cloudfront.net (CloudFront), 1.1 google
date: Mon, 13 Mar 2023 21:48:59 GMT
age: 43285
etag: "ba18fe39a596c12cafa2aaaa16c65061a4ecb55f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd84fda2e-81f7-4336-adf1-ea7c9e499a73.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11519 bytes)
Hash
2fe07d17b76df5f6a86937338665de2c
d32dfeb309fcbbd04e13057ef3bcca577e9abf46
7b12520ec1d30e17e43edb9cb050c2492743907909faa4f2f5696288228d3054

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd84fda2e-81f7-4336-adf1-ea7c9e499a73.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11519
x-amzn-requestid: cb8f2b42-356c-417a-9562-10dc60b6d38e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BvSwdHReoAMFnHw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640f9802-356031197266d0f57441f22b;Sampled=0
x-amzn-remapped-date: Mon, 13 Mar 2023 21:39:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: 3_7QybUMHflcIawKkhWCoYG-cf8XmYfk539A1O3ShngfMdL2IjxBYg==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 ae06b19943a6bad1c1b12b79f7339498.cloudfront.net (CloudFront), 1.1 google
date: Mon, 13 Mar 2023 22:04:18 GMT
age: 42366
etag: "d32dfeb309fcbbd04e13057ef3bcca577e9abf46"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.r2m01.amazontrust.com/

143.204.48.16

200 OK

471 B

URL HTTP/1.1
ocsp.r2m01.amazontrust.com/
IP
143.204.48.16:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
00bac1e99d6afc232980224728e6c9ac
a5abfb065ba007511773460894f47ed659a21e4c
390dc8b5481797975a5f37c30dc1ac6117f4772e1f6bf7f26a223687110df743

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Tue, 14 Mar 2023 09:50:24 GMT
Last-Modified: Tue, 14 Mar 2023 08:39:16 GMT
Server: ECAcc (bsa/EA9D)
X-Cache: Miss from cloudfront
Via: 1.1 a9120cc3ff449047c990e82a4d5566ba.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: uKFly-QuCb1AtuZfl0L3RtMGT0kCF78fIZaGT8t3ZAwMKHEN4Zc_0g==
Age: 4269

cdn3reference.com/landings/23302/images/bg-web2.jpg

54.230.111.111

200 OK

134 kB

URL HTTP/2
cdn3reference.com/landings/23302/images/bg-web2.jpg
IP
54.230.111.111:0
ASN
#16509 AMAZON-02

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 1813x809, components 3\012- data
Size
134 kB (134448 bytes)
Hash
ef1a29775d4ead3628064718b908a24d
bdd05dca0cd677973768797fef9bf486a63b8929
650dc0654bd6a95350f544d863fc2a8cf6ac1010a9075b476febee2d861dc77b

HTTP Headers

GET /landings/23302/images/bg-web2.jpg HTTP/1.1
Host: cdn3reference.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn3reference.com/landings/23302/css/62785c7b6ca9a16c41ce1f973cf812b4.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
content-length: 134448
server: nginx
date: Tue, 14 Mar 2023 09:50:24 GMT
last-modified: Tue, 02 Apr 2019 14:25:38 GMT
etag: "20d30-5858ce9347c80"
accept-ranges: bytes
cache-control: public, max-age=604800
x-cache: Miss from cloudfront
via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: VoeO8UC0q23lqJcrZxyqAT8azsmWphC-DhSBFLyBN_SsUVMxHXUafA==
X-Firefox-Spdy: h2

retarget2core.com/43fbb6270523e1760fa5f0d2579dea07/ac3fc68831981c704535980c826941a5?tds_cid=dba7eb98a35102d3021c13d4b2ea6f978444276f&dci=0a41088ca7ca3712e23fa11b311ca7926e572074&j_type=open&jump=23302&jump_name=

52.28.217.131

200 OK

0 B

URL HTTP/2
retarget2core.com/43fbb6270523e1760fa5f0d2579dea07/ac3fc68831981c704535980c826941a5?tds_cid=dba7eb98a35102d3021c13d4b2ea6f978444276f&dci=0a41088ca7ca3712e23fa11b311ca7926e572074&j_type=open&jump=23302&jump_name=
IP
52.28.217.131:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /43fbb6270523e1760fa5f0d2579dea07/ac3fc68831981c704535980c826941a5?tds_cid=dba7eb98a35102d3021c13d4b2ea6f978444276f&dci=0a41088ca7ca3712e23fa11b311ca7926e572074&j_type=open&jump=23302&jump_name= HTTP/1.1
Host: retarget2core.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gomydates.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Tue, 14 Mar 2023 09:50:24 GMT
content-type: image/gif
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform, Sec-CH-UA-Wow64, Sec-CH-UA
set-cookie: dci=ea1d6f035d6edaf15f2dd699c60f4957ab2c6f2e; Max-Age=31536000; Domain=.retarget2core.com; Path=/; Expires=Wed, 13 Mar 2024 09:50:24 GMT; Secure; SameSite=None
X-Firefox-Spdy: h2

gomydates.com/ufis/main.js?ippContent=null&wpContent=null&pwaContent=null&doc_location=https%3A%2F%2Fgomydates.com%2Fjump%3Ftds_ac_id%3Ds0624kas%26tds_oid%3D23302%26tds_cid%3Ddba7eb98a35102d3021c13d4b2ea6f978444276f%26id%3D23302%26subid%3Dclickdila%26clickid%3D%257Bclickid%257D%26_tgUrl%3DaHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzgyMTg2ODA5ZDk5NDg5NDFkM2IwZTNiZTExNzQ3ODM3P19fdD0xNjc4Nzg3NDIyODU3Jl9fbD0zNjAw%26tds_host%3Dgomydates.com%26affid%3D9559e5a1%26utm_source%3Dintc%26subid2%3D%257Bsubid2%257D%26tds_campaign%3Db0506rie%26dci%3D0a41088ca7ca3712e23fa11b311ca7926e572074%26tds_ao%3D1%26s1%3Dps%26tds_id%3Db0506rie_jump_a_1601039183809&uaDataValues={}

52.59.136.14

200 OK

0 B

URL HTTP/2
gomydates.com/ufis/main.js?ippContent=null&wpContent=null&pwaContent=null&doc_location=https%3A%2F%2Fgomydates.com%2Fjump%3Ftds_ac_id%3Ds0624kas%26tds_oid%3D23302%26tds_cid%3Ddba7eb98a35102d3021c13d4b2ea6f978444276f%26id%3D23302%26subid%3Dclickdila%26clickid%3D%257Bclickid%257D%26_tgUrl%3DaHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzgyMTg2ODA5ZDk5NDg5NDFkM2IwZTNiZTExNzQ3ODM3P19fdD0xNjc4Nzg3NDIyODU3Jl9fbD0zNjAw%26tds_host%3Dgomydates.com%26affid%3D9559e5a1%26utm_source%3Dintc%26subid2%3D%257Bsubid2%257D%26tds_campaign%3Db0506rie%26dci%3D0a41088ca7ca3712e23fa11b311ca7926e572074%26tds_ao%3D1%26s1%3Dps%26tds_id%3Db0506rie_jump_a_1601039183809&uaDataValues={}
IP
52.59.136.14:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /ufis/main.js?ippContent=null&wpContent=null&pwaContent=null&doc_location=https%3A%2F%2Fgomydates.com%2Fjump%3Ftds_ac_id%3Ds0624kas%26tds_oid%3D23302%26tds_cid%3Ddba7eb98a35102d3021c13d4b2ea6f978444276f%26id%3D23302%26subid%3Dclickdila%26clickid%3D%257Bclickid%257D%26_tgUrl%3DaHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzgyMTg2ODA5ZDk5NDg5NDFkM2IwZTNiZTExNzQ3ODM3P19fdD0xNjc4Nzg3NDIyODU3Jl9fbD0zNjAw%26tds_host%3Dgomydates.com%26affid%3D9559e5a1%26utm_source%3Dintc%26subid2%3D%257Bsubid2%257D%26tds_campaign%3Db0506rie%26dci%3D0a41088ca7ca3712e23fa11b311ca7926e572074%26tds_ao%3D1%26s1%3Dps%26tds_id%3Db0506rie_jump_a_1601039183809&uaDataValues={} HTTP/1.1
Host: gomydates.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gomydates.com/jump?tds_ac_id=s0624kas&tds_oid=23302&tds_cid=dba7eb98a35102d3021c13d4b2ea6f978444276f&id=23302&subid=clickdila&clickid=%7Bclickid%7D&_tgUrl=aHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzgyMTg2ODA5ZDk5NDg5NDFkM2IwZTNiZTExNzQ3ODM3P19fdD0xNjc4Nzg3NDIyODU3Jl9fbD0zNjAw&tds_host=gomydates.com&affid=9559e5a1&utm_source=intc&subid2=%7Bsubid2%7D&tds_campaign=b0506rie&dci=0a41088ca7ca3712e23fa11b311ca7926e572074&tds_ao=1&s1=ps&tds_id=b0506rie_jump_a_1601039183809
Cookie: dci=0a41088ca7ca3712e23fa11b311ca7926e572074; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 14 Mar 2023 09:50:23 GMT
content-type: text/javascript; charset=utf-8
server: nginx
x-powered-by: Express
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
etag: W/"7535a-I3w+HscI7H/JEfdKctBN5FP7yS4"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

gomydates.com/tds/ae?tdsId=s0624kas_r&tds_campaign=s0624kas&utm_sub=opnfnl&s1=ps&utm_source=intc&affid=9559e5a1&subid=clickdila&clickid={clickid}&subid2={subid2}

52.59.136.14

302 Found

0 B

URL HTTP/2
gomydates.com/tds/ae?tdsId=s0624kas_r&tds_campaign=s0624kas&utm_sub=opnfnl&s1=ps&utm_source=intc&affid=9559e5a1&subid=clickdila&clickid={clickid}&subid2={subid2}
IP
52.59.136.14:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /tds/ae?tdsId=s0624kas_r&tds_campaign=s0624kas&utm_sub=opnfnl&s1=ps&utm_source=intc&affid=9559e5a1&subid=clickdila&clickid={clickid}&subid2={subid2} HTTP/1.1
Host: gomydates.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 302 Found
date: Tue, 14 Mar 2023 09:50:22 GMT
location: https://gomydates.com/jump?tds_ac_id=s0624kas&tds_oid=23302&tds_cid=dba7eb98a35102d3021c13d4b2ea6f978444276f&id=23302&subid=clickdila&clickid=%7Bclickid%7D&_tgUrl=aHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzgyMTg2ODA5ZDk5NDg5NDFkM2IwZTNiZTExNzQ3ODM3P19fdD0xNjc4Nzg3NDIyODU3Jl9fbD0zNjAw&tds_host=gomydates.com&affid=9559e5a1&utm_source=intc&subid2=%7Bsubid2%7D&tds_campaign=b0506rie&dci=0a41088ca7ca3712e23fa11b311ca7926e572074&tds_ao=1&s1=ps&tds_id=b0506rie_jump_a_1601039183809
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform, Sec-CH-UA-Wow64, Sec-CH-UA
set-cookie: dci=0a41088ca7ca3712e23fa11b311ca7926e572074; Max-Age=31536000; Domain=.gomydates.com; Path=/; Expires=Wed, 13 Mar 2024 09:50:22 GMT; Secure; SameSite=None
dm=fe450dd0d1dadc615429144d33241f42; Max-Age=432000; Path=/; Expires=Sun, 19 Mar 2023 09:50:22 GMT
X-Firefox-Spdy: h2

gomydates.com/jump?tds_ac_id=s0624kas&tds_oid=23302&tds_cid=dba7eb98a35102d3021c13d4b2ea6f978444276f&id=23302&subid=clickdila&clickid=%7Bclickid%7D&_tgUrl=aHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzgyMTg2ODA5ZDk5NDg5NDFkM2IwZTNiZTExNzQ3ODM3P19fdD0xNjc4Nzg3NDIyODU3Jl9fbD0zNjAw&tds_host=gomydates.com&affid=9559e5a1&utm_source=intc&subid2=%7Bsubid2%7D&tds_campaign=b0506rie&dci=0a41088ca7ca3712e23fa11b311ca7926e572074&tds_ao=1&s1=ps&tds_id=b0506rie_jump_a_1601039183809

52.59.136.14

200 OK

0 B

URL HTTP/2
gomydates.com/jump?tds_ac_id=s0624kas&tds_oid=23302&tds_cid=dba7eb98a35102d3021c13d4b2ea6f978444276f&id=23302&subid=clickdila&clickid=%7Bclickid%7D&_tgUrl=aHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzgyMTg2ODA5ZDk5NDg5NDFkM2IwZTNiZTExNzQ3ODM3P19fdD0xNjc4Nzg3NDIyODU3Jl9fbD0zNjAw&tds_host=gomydates.com&affid=9559e5a1&utm_source=intc&subid2=%7Bsubid2%7D&tds_campaign=b0506rie&dci=0a41088ca7ca3712e23fa11b311ca7926e572074&tds_ao=1&s1=ps&tds_id=b0506rie_jump_a_1601039183809
IP
52.59.136.14:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /jump?tds_ac_id=s0624kas&tds_oid=23302&tds_cid=dba7eb98a35102d3021c13d4b2ea6f978444276f&id=23302&subid=clickdila&clickid=%7Bclickid%7D&_tgUrl=aHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzgyMTg2ODA5ZDk5NDg5NDFkM2IwZTNiZTExNzQ3ODM3P19fdD0xNjc4Nzg3NDIyODU3Jl9fbD0zNjAw&tds_host=gomydates.com&affid=9559e5a1&utm_source=intc&subid2=%7Bsubid2%7D&tds_campaign=b0506rie&dci=0a41088ca7ca3712e23fa11b311ca7926e572074&tds_ao=1&s1=ps&tds_id=b0506rie_jump_a_1601039183809 HTTP/1.1
Host: gomydates.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: dci=0a41088ca7ca3712e23fa11b311ca7926e572074; dm=fe450dd0d1dadc615429144d33241f42
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers

HTTP/2 200 OK
date: Tue, 14 Mar 2023 09:50:23 GMT
content-type: text/html; charset=UTF-8
server: nginx
content-encoding: br
X-Firefox-Spdy: h2

cdn3reference.com/landings/23302/css/62785c7b6ca9a16c41ce1f973cf812b4.css

54.230.111.111

200 OK

0 B

URL HTTP/2
cdn3reference.com/landings/23302/css/62785c7b6ca9a16c41ce1f973cf812b4.css
IP
54.230.111.111:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /landings/23302/css/62785c7b6ca9a16c41ce1f973cf812b4.css HTTP/1.1
Host: cdn3reference.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gomydates.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css
server: nginx
date: Tue, 14 Mar 2023 09:50:23 GMT
last-modified: Tue, 02 Apr 2019 15:21:31 GMT
content-encoding: gzip
etag: W/"5c1-5858db10f34c0"
x-cache: Miss from cloudfront
via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: WaX3HQtbo0gQ6o4OlGOmpRjo2ZI-yg13kqqhu6WtBKghIO810zg31w==
X-Firefox-Spdy: h2

cdn3reference.com/js/dc_img.js?v=8

54.230.111.111

200 OK

0 B

URL HTTP/2
cdn3reference.com/js/dc_img.js?v=8
IP
54.230.111.111:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /js/dc_img.js?v=8 HTTP/1.1
Host: cdn3reference.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gomydates.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript
server: nginx
date: Tue, 14 Mar 2023 09:50:23 GMT
last-modified: Thu, 29 Oct 2020 09:19:39 GMT
etag: W/"1e8-5b2cbc78da216"
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: TKU58nfZR24ytzXeW5I_cDoyGDoLlkCc1b9MbKm8m9R7ALT2O9kejg==
X-Firefox-Spdy: h2

gomydates.com/ao.js

52.59.136.14

200 OK

0 B

URL HTTP/2
gomydates.com/ao.js
IP
52.59.136.14:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /ao.js HTTP/1.1
Host: gomydates.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gomydates.com/jump?tds_ac_id=s0624kas&tds_oid=23302&tds_cid=dba7eb98a35102d3021c13d4b2ea6f978444276f&id=23302&subid=clickdila&clickid=%7Bclickid%7D&_tgUrl=aHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzgyMTg2ODA5ZDk5NDg5NDFkM2IwZTNiZTExNzQ3ODM3P19fdD0xNjc4Nzg3NDIyODU3Jl9fbD0zNjAw&tds_host=gomydates.com&affid=9559e5a1&utm_source=intc&subid2=%7Bsubid2%7D&tds_campaign=b0506rie&dci=0a41088ca7ca3712e23fa11b311ca7926e572074&tds_ao=1&s1=ps&tds_id=b0506rie_jump_a_1601039183809
Cookie: dci=0a41088ca7ca3712e23fa11b311ca7926e572074; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 14 Mar 2023 09:50:23 GMT
content-type: application/javascript; charset=UTF-8
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
x-robots-tag: noindex
accept-ranges: bytes
cache-control: public, max-age=3600
last-modified: Wed, 08 Mar 2023 12:25:14 GMT
etag: W/"1509-186c12ec810"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

cdn3reference.com/images/jump-favicon.ico

54.230.111.111

200 OK

0 B

URL HTTP/2
cdn3reference.com/images/jump-favicon.ico
IP
54.230.111.111:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /images/jump-favicon.ico HTTP/1.1
Host: cdn3reference.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gomydates.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: image/vnd.microsoft.icon
server: nginx
date: Tue, 14 Mar 2023 09:50:24 GMT
last-modified: Fri, 05 Dec 2014 08:28:50 GMT
cache-control: public, max-age=604800
content-encoding: gzip
etag: W/"47e-50973ddc33480"
x-cache: Miss from cloudfront
via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: yFHBaIgmA9U30q-mMLG6ejGXMWjQ9UzU6uZs9Bem0si3PAEc88hl6A==
X-Firefox-Spdy: h2

push-message.club/tds/clickdila?q=[PRICING_MODEL]&a=[DOMAIN]&b=[WEB_PUSH_ID]

104.21.4.13

302 Found

0 B

URL HTTP/2
push-message.club/tds/clickdila?q=[PRICING_MODEL]&a=[DOMAIN]&b=[WEB_PUSH_ID]
IP
104.21.4.13:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /tds/clickdila?q=[PRICING_MODEL]&a=[DOMAIN]&b=[WEB_PUSH_ID] HTTP/1.1
Host: push-message.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 302 Found
date: Tue, 14 Mar 2023 09:50:21 GMT
content-type: text/html; charset=UTF-8
location: https://gomydates.com/tds/ae?tdsId=s0624kas_r&tds_campaign=s0624kas&utm_sub=opnfnl&s1=ps&utm_source=intc&affid=9559e5a1&subid=clickdila&clickid={clickid}&subid2={subid2}
access-control-allow-origin: *
set-cookie: 97018ac3a9e579c4271061c41360bbc5=0; expires=Wed, 15-Mar-2023 09:50:21 GMT; Max-Age=86400; path=/; secure; HttpOnly; SameSite=None
cache-control: max-age=172800, private, must-revalidate
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0HFRdoXTAlrlW1UosUSSqDXJruPsd93GJ42ZS3EmBLrK2WhbGPZAaMuSOLx4b0CyUy76oKZOH1Py1PBsrGA0buuPuubw1iq1mxp%2B5Gtq9dmxj8BmqiqYQVDiM0bMqpZcbwPbdw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7a7b9caadd06b51b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

gomydates.com/integration.js

52.59.136.14

200 OK

0 B

URL HTTP/2
gomydates.com/integration.js
IP
52.59.136.14:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /integration.js HTTP/1.1
Host: gomydates.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gomydates.com/jump?tds_ac_id=s0624kas&tds_oid=23302&tds_cid=dba7eb98a35102d3021c13d4b2ea6f978444276f&id=23302&subid=clickdila&clickid=%7Bclickid%7D&_tgUrl=aHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzgyMTg2ODA5ZDk5NDg5NDFkM2IwZTNiZTExNzQ3ODM3P19fdD0xNjc4Nzg3NDIyODU3Jl9fbD0zNjAw&tds_host=gomydates.com&affid=9559e5a1&utm_source=intc&subid2=%7Bsubid2%7D&tds_campaign=b0506rie&dci=0a41088ca7ca3712e23fa11b311ca7926e572074&tds_ao=1&s1=ps&tds_id=b0506rie_jump_a_1601039183809
Cookie: dci=0a41088ca7ca3712e23fa11b311ca7926e572074; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 14 Mar 2023 09:50:23 GMT
content-type: text/javascript; charset=utf-8
server: nginx
x-powered-by: Express
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
etag: W/"710-H5zl18zQTxcN9XgfklJuy0Vv5xg"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

retarget2core.com/fp/fp_ec.js

52.28.217.131

200 OK

0 B

URL HTTP/2
retarget2core.com/fp/fp_ec.js
IP
52.28.217.131:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /fp/fp_ec.js HTTP/1.1
Host: retarget2core.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gomydates.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Tue, 14 Mar 2023 09:50:24 GMT
content-type: application/javascript; charset=UTF-8
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
x-robots-tag: noindex
accept-ranges: bytes
cache-control: public, max-age=3600
last-modified: Wed, 08 Mar 2023 12:25:14 GMT
etag: W/"4bd-186c12ec810"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

gomydates.com/bridge/frodi_data.js

52.59.136.14

200 OK

0 B

URL HTTP/2
gomydates.com/bridge/frodi_data.js
IP
52.59.136.14:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /bridge/frodi_data.js HTTP/1.1
Host: gomydates.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gomydates.com/jump?tds_ac_id=s0624kas&tds_oid=23302&tds_cid=dba7eb98a35102d3021c13d4b2ea6f978444276f&id=23302&subid=clickdila&clickid=%7Bclickid%7D&_tgUrl=aHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzgyMTg2ODA5ZDk5NDg5NDFkM2IwZTNiZTExNzQ3ODM3P19fdD0xNjc4Nzg3NDIyODU3Jl9fbD0zNjAw&tds_host=gomydates.com&affid=9559e5a1&utm_source=intc&subid2=%7Bsubid2%7D&tds_campaign=b0506rie&dci=0a41088ca7ca3712e23fa11b311ca7926e572074&tds_ao=1&s1=ps&tds_id=b0506rie_jump_a_1601039183809
Cookie: dci=0a41088ca7ca3712e23fa11b311ca7926e572074; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 14 Mar 2023 09:50:23 GMT
content-type: application/javascript; charset=UTF-8
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
x-robots-tag: noindex
accept-ranges: bytes
cache-control: public, max-age=3600
last-modified: Wed, 08 Mar 2023 12:25:14 GMT
etag: W/"19f8-186c12ec810"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

gomydates.com/bridge/crypto-4.1.1.js

52.59.136.14

200 OK

0 B

URL HTTP/2
gomydates.com/bridge/crypto-4.1.1.js
IP
52.59.136.14:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /bridge/crypto-4.1.1.js HTTP/1.1
Host: gomydates.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gomydates.com/jump?tds_ac_id=s0624kas&tds_oid=23302&tds_cid=dba7eb98a35102d3021c13d4b2ea6f978444276f&id=23302&subid=clickdila&clickid=%7Bclickid%7D&_tgUrl=aHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzgyMTg2ODA5ZDk5NDg5NDFkM2IwZTNiZTExNzQ3ODM3P19fdD0xNjc4Nzg3NDIyODU3Jl9fbD0zNjAw&tds_host=gomydates.com&affid=9559e5a1&utm_source=intc&subid2=%7Bsubid2%7D&tds_campaign=b0506rie&dci=0a41088ca7ca3712e23fa11b311ca7926e572074&tds_ao=1&s1=ps&tds_id=b0506rie_jump_a_1601039183809
Cookie: dci=0a41088ca7ca3712e23fa11b311ca7926e572074; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 14 Mar 2023 09:50:23 GMT
content-type: application/javascript; charset=UTF-8
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
x-robots-tag: noindex
accept-ranges: bytes
cache-control: public, max-age=3600
last-modified: Wed, 08 Mar 2023 12:25:14 GMT
etag: W/"bde2-186c12ec810"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (12)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL