push-message.club/tds/clickdila?q=[PRICING_MODEL]&a=[DOMAIN]&b=[WEB_PUSH_ID]
104.21.4.13301 Moved Permanently 0 B URL HTTP/1.1 push-message.club/tds/clickdila?q=[PRICING_MODEL]&a=[DOMAIN]&b=[WEB_PUSH_ID]
IP 104.21.4.13:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tds/clickdila?q=[PRICING_MODEL]&a=[DOMAIN]&b=[WEB_PUSH_ID] HTTP/1.1
Host: push-message.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Tue, 14 Mar 2023 09:50:21 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Tue, 14 Mar 2023 10:50:21 GMT
Location: https://push-message.club/tds/clickdila?q=[PRICING_MODEL]&a=[DOMAIN]&b=[WEB_PUSH_ID]
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KifoIfEiR28ngndNMh3%2BHvFt%2BmvMoJ3KfQZGQ2yzbvYtQ20NTeCKSNhpf7boSjg1QjIMLEPTiOU7KeAFgY1QnBBssXM0UwQCByRblFeAI5MjX3cRTQZb%2BkrVneAuyqHjfPtgEQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7a7b9ca8ef63b515-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e7a9cb518d929d10c471394adc89cdfa
d609cb0d94e645141ab1372f19c014c1b00b83af
200db48dd5e87cba8dc962e8981f72def9c12e21d5a417361c4f77425e55597a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "200DB48DD5E87CBA8DC962E8981F72DEF9C12E21D5A417361C4F77425E55597A"
Last-Modified: Sun, 12 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2465
Expires: Tue, 14 Mar 2023 10:31:26 GMT
Date: Tue, 14 Mar 2023 09:50:21 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 234b80a5a27f3d377e322e680413479d
3da8ba535ec19898f5b83ece48cd4038ac2bf557
370104df5dd8f739601a4be42ae41bb92f365dcf585823a3c14733f7c394e926
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "370104DF5DD8F739601A4BE42AE41BB92F365DCF585823A3C14733F7C394E926"
Last-Modified: Sun, 12 Mar 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12091
Expires: Tue, 14 Mar 2023 13:11:52 GMT
Date: Tue, 14 Mar 2023 09:50:21 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 7f03faaba3392caae6dae54467bfdf6d
57ea1f14e8bfbcca8190c706d708c9fda12442c1
02ac551ba61fcbc6b04f244df065948b181a8a258db5c2e197aae66fdfcea8ee
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Backoff, Retry-After, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 14 Mar 2023 09:09:22 GMT
content-type: application/json
age: 2459
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8b1778005daa3ea807573992adbd0452
4cf2aaf44073506371c1e21970a18b9eab00622f
5f74233b9cc53b0ba6149fce51f6b31c2edb892b0a95b48e66b15ee9f59525ad
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5F74233B9CC53B0BA6149FCE51F6B31C2EDB892B0A95B48E66B15EE9F59525AD"
Last-Modified: Sun, 12 Mar 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20846
Expires: Tue, 14 Mar 2023 15:37:47 GMT
Date: Tue, 14 Mar 2023 09:50:21 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash b5ba6334e73496995e3e3a9ecd0eb323
ad80d3b7718c28364e8c2004fb38a13a1747e462
aa5abb52515c6383c014aadb63a86c9f798ad64de53c0218616c1fc6d424d2e2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: +UX1qlrFjxoApwNUGO2kLC4CMjUfJlY3SGMFYDerFNz/8Nzd4UJwLQzVL3eT1ehrv+izwSEOSfw=
x-amz-request-id: V8NV5TN70QM2C2YF
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 14 Mar 2023 09:46:45 GMT
age: 216
last-modified: Sat, 18 Feb 2023 20:28:27 GMT
etag: "b5ba6334e73496995e3e3a9ecd0eb323"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 14 Mar 2023 09:50:21 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, ETag, Backoff, Expires, Alert, Pragma, Cache-Control, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 14 Mar 2023 09:12:32 GMT
age: 2270
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b426c61dbf49129b0554669c6666e025
6b329663868aac72e296a4c594d46b542f7003e7
6349d43a437729d91c0739616283458cbc123bd6d056522f68cd48b89364ea95
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6349D43A437729D91C0739616283458CBC123BD6D056522F68CD48B89364EA95"
Last-Modified: Sun, 12 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20809
Expires: Tue, 14 Mar 2023 15:37:11 GMT
Date: Tue, 14 Mar 2023 09:50:22 GMT
Connection: keep-alive
ocsp.r2m02.amazontrust.com/
143.204.48.16200 OK 471 B URL HTTP/1.1 ocsp.r2m02.amazontrust.com/
IP 143.204.48.16:0
Hash 81d007b72f896be1bd4260b5c184c00b
6c6d649340cfcae968eb1d735b0197b83df95442
681a3859ba7845d1e2413a986aaf326599020aaf1f742d779597fa80fe9a4e80
POST / HTTP/1.1
Host: ocsp.r2m02.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=99244
Date: Tue, 14 Mar 2023 09:50:22 GMT
Etag: "640f240a-1d7"
Expires: Wed, 15 Mar 2023 13:24:26 GMT
Last-Modified: Mon, 13 Mar 2023 13:24:26 GMT
Server: nginx
X-Cache: Miss from cloudfront
Via: 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: u3CVqCnOp4jzjpdgK-T73Fqvk7ma6HG5M2eyq000Q19J_VUrS_c4xw==
push.services.mozilla.com/
52.35.90.146101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.35.90.146:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: ncXUwJzG3dL/YJ8AFph3ww==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: KtxnzoT+gcpINP9u0wsDgzLnCjs=
gomydates.com/bridge/intg.js?v=8
52.59.136.14200 OK 269 B URL HTTP/2 gomydates.com/bridge/intg.js?v=8
IP 52.59.136.14:0
Hash 8c8514ed7eae8968b59692f7897f2857
69e9f6e0625ef8bf0a4099b05f7356587e3e62be
556f2a46047c9b8dedbae5ef8c59dc7ea04ff88e76d7dcda568f1eb2dce03548
Analyzer Verdict Alert fortinet Phishing
GET /bridge/intg.js?v=8 HTTP/1.1
Host: gomydates.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gomydates.com/jump?tds_ac_id=s0624kas&tds_oid=23302&tds_cid=dba7eb98a35102d3021c13d4b2ea6f978444276f&id=23302&subid=clickdila&clickid=%7Bclickid%7D&_tgUrl=aHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzgyMTg2ODA5ZDk5NDg5NDFkM2IwZTNiZTExNzQ3ODM3P19fdD0xNjc4Nzg3NDIyODU3Jl9fbD0zNjAw&tds_host=gomydates.com&affid=9559e5a1&utm_source=intc&subid2=%7Bsubid2%7D&tds_campaign=b0506rie&dci=0a41088ca7ca3712e23fa11b311ca7926e572074&tds_ao=1&s1=ps&tds_id=b0506rie_jump_a_1601039183809
Cookie: dci=0a41088ca7ca3712e23fa11b311ca7926e572074; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 14 Mar 2023 09:50:23 GMT
content-type: application/javascript; charset=UTF-8
content-length: 269
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
x-robots-tag: noindex
accept-ranges: bytes
cache-control: public, max-age=3600
last-modified: Wed, 08 Mar 2023 12:25:14 GMT
etag: W/"10d-186c12ec810"
vary: Accept-Encoding
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash da1c71ebaa9b47c2152bfd09c8906233
6a59f9eb7d15bcb6a23448c2c1b0e3d5fc834c6c
678690297e67d412845e35343d3caca656775876764ec0ca10dd7b2e53f59421
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 14 Mar 2023 09:50:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
gomydates.com/bridge/ao_loader.js
52.59.136.14200 OK 836 B URL HTTP/2 gomydates.com/bridge/ao_loader.js
IP 52.59.136.14:0
File type ASCII text, with very long lines (835)
Hash 05f233960b55dfe40742964902345911
e00af7d954b5032f95c32341794e0f4d73208bff
d5d65364c02602f4fae5c63195607cfff433ac59d4c7d756e4a0a2e6f33ccd19
Analyzer Verdict Alert fortinet Phishing
GET /bridge/ao_loader.js HTTP/1.1
Host: gomydates.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gomydates.com/jump?tds_ac_id=s0624kas&tds_oid=23302&tds_cid=dba7eb98a35102d3021c13d4b2ea6f978444276f&id=23302&subid=clickdila&clickid=%7Bclickid%7D&_tgUrl=aHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzgyMTg2ODA5ZDk5NDg5NDFkM2IwZTNiZTExNzQ3ODM3P19fdD0xNjc4Nzg3NDIyODU3Jl9fbD0zNjAw&tds_host=gomydates.com&affid=9559e5a1&utm_source=intc&subid2=%7Bsubid2%7D&tds_campaign=b0506rie&dci=0a41088ca7ca3712e23fa11b311ca7926e572074&tds_ao=1&s1=ps&tds_id=b0506rie_jump_a_1601039183809
Cookie: dci=0a41088ca7ca3712e23fa11b311ca7926e572074; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 14 Mar 2023 09:50:23 GMT
content-type: application/javascript; charset=UTF-8
content-length: 836
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
x-robots-tag: noindex
accept-ranges: bytes
cache-control: public, max-age=3600
last-modified: Wed, 08 Mar 2023 12:25:14 GMT
etag: W/"344-186c12ec810"
vary: Accept-Encoding
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Lato:400,900,300%27%20rel=%27stylesheet%27%20type=%27text/css%27
142.250.74.106200 OK 859 B URL HTTP/2 fonts.googleapis.com/css?family=Lato:400,900,300%27%20rel=%27stylesheet%27%20type=%27text/css%27
IP 142.250.74.106:0
Hash dd8fbad4cc319741f362006f86762336
7d0f73fac48b0ea574615b2c30287834f9638487
b9a4da4bdc063502ff80eaaf1419c90fea5177a9524c50fab6e1aef99400bd19
GET /css?family=Lato:400,900,300%27%20rel=%27stylesheet%27%20type=%27text/css%27 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gomydates.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 14 Mar 2023 09:50:23 GMT
date: Tue, 14 Mar 2023 09:50:23 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash bd967363f74a8fd54e6a8be3c06d7d9b
0f5808ff6d3c5522799409df1881ec789f3bcf50
60ca12a72c4fdb3cd34db9c77a5b760d0976ba38c459c1c78be32075d26244bd
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 14 Mar 2023 09:50:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 1ab1166f7bff55b1cdb91995994a1bc5
ef8a50c62d70d195fcca8c3a4e2905b97a9b41c5
fc8701a961e1c852a157cdf72915c968d7768b8f4273839bec64d3265147b745
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 14 Mar 2023 09:50:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtm.js?id=GTM-KMSJRW&l=adsLayer
142.250.74.40200 OK 51 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-KMSJRW&l=adsLayer
IP 142.250.74.40:0
File type ASCII text, with very long lines (4073)
Hash 8bb4a15bbdcbaff35517b3755f6cccce
f0c5d15dc42fc497942cf4e435d732936c7a8bdd
824911f61524b08e2eb2df6ebb98767d75082ba6309569c7dc3cd20985ab1905
GET /gtm.js?id=GTM-KMSJRW&l=adsLayer HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gomydates.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 14 Mar 2023 09:50:23 GMT
expires: Tue, 14 Mar 2023 09:50:23 GMT
cache-control: private, max-age=900
last-modified: Tue, 14 Mar 2023 09:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 50942
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash bd967363f74a8fd54e6a8be3c06d7d9b
0f5808ff6d3c5522799409df1881ec789f3bcf50
60ca12a72c4fdb3cd34db9c77a5b760d0976ba38c459c1c78be32075d26244bd
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 14 Mar 2023 09:50:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 1ab1166f7bff55b1cdb91995994a1bc5
ef8a50c62d70d195fcca8c3a4e2905b97a9b41c5
fc8701a961e1c852a157cdf72915c968d7768b8f4273839bec64d3265147b745
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 14 Mar 2023 09:50:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8bd8586a0a52f516ac521f2a3752b049
3cfd233164ae5350f2fb61250641b70e788cf58a
8783e071c3f60fbca2bba5260b55a41f1035e150ffd94a66ff6a102ff2bc6783
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8783E071C3F60FBCA2BBA5260B55A41F1035E150FFD94A66FF6A102FF2BC6783"
Last-Modified: Tue, 14 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14058
Expires: Tue, 14 Mar 2023 13:44:42 GMT
Date: Tue, 14 Mar 2023 09:50:24 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8bd8586a0a52f516ac521f2a3752b049
3cfd233164ae5350f2fb61250641b70e788cf58a
8783e071c3f60fbca2bba5260b55a41f1035e150ffd94a66ff6a102ff2bc6783
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8783E071C3F60FBCA2BBA5260B55A41F1035E150FFD94A66FF6A102FF2BC6783"
Last-Modified: Tue, 14 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14058
Expires: Tue, 14 Mar 2023 13:44:42 GMT
Date: Tue, 14 Mar 2023 09:50:24 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8bd8586a0a52f516ac521f2a3752b049
3cfd233164ae5350f2fb61250641b70e788cf58a
8783e071c3f60fbca2bba5260b55a41f1035e150ffd94a66ff6a102ff2bc6783
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8783E071C3F60FBCA2BBA5260B55A41F1035E150FFD94A66FF6A102FF2BC6783"
Last-Modified: Tue, 14 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14058
Expires: Tue, 14 Mar 2023 13:44:42 GMT
Date: Tue, 14 Mar 2023 09:50:24 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F87df4bcd-c6cd-4a0c-a9f5-dffb7f36d2e4.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F87df4bcd-c6cd-4a0c-a9f5-dffb7f36d2e4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash be71491cee9b47dc3ffb23b4fdff25b3
79c7d22c8df6d305f46c5779ccb9f25169d4d111
e785896e5840fb901ddd0118bef3ccad6b59a96d8eef0e8ccd9c95a3c261ba45
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F87df4bcd-c6cd-4a0c-a9f5-dffb7f36d2e4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8487
x-amzn-requestid: 92381f1a-0140-47e9-a971-594a7de36c3c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BkEcBGizoAMFgOA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640b1ab3-1a54b65a5d7083e62dcb85ab;Sampled=0
x-amzn-remapped-date: Fri, 10 Mar 2023 11:55:31 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: w_13YsBBteASlPvTrgLhnI-QiuUjEcR9q-bADLbCRl6B-uwcPS3TQA==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 c5c7edc18be1805f007e0576da02e554.cloudfront.net (CloudFront), 1.1 google
date: Mon, 13 Mar 2023 22:59:58 GMT
age: 39026
etag: "79c7d22c8df6d305f46c5779ccb9f25169d4d111"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc20f2b31-8a32-4e66-bba7-e76e1c14f5ce.jpeg
34.120.237.76200 OK 8.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc20f2b31-8a32-4e66-bba7-e76e1c14f5ce.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash dd8a4e29260d209803408596cb286f8f
20f6796c0c7064542cc8eefe138076d16d66e8d8
54a328e054b23ddbf531b69a7c5bb817704c0dd98bc7625c9571df19df982a17
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc20f2b31-8a32-4e66-bba7-e76e1c14f5ce.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8091
x-amzn-requestid: 7e6e055a-de20-4f2f-8f76-2fe57747ed08
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BvSgDFEMoAMFXIg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640f9799-1e932e3a10bd39d630310c65;Sampled=0
x-amzn-remapped-date: Mon, 13 Mar 2023 21:37:29 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: 8PtI7M0lBQx0BzzkLgbxlRJU-tGNlPtAI-lv-8TLbh7XKMbMOAAw9Q==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 ea699166e6ec77aa410ff505b0a8ce18.cloudfront.net (CloudFront), 1.1 google
date: Mon, 13 Mar 2023 21:48:49 GMT
age: 43295
etag: "20f6796c0c7064542cc8eefe138076d16d66e8d8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F26521ff6-85cb-4f66-a570-c1c161a5b9f5.jpeg
34.120.237.76200 OK 9.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F26521ff6-85cb-4f66-a570-c1c161a5b9f5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 93e1b34f4dbbd7b8215af242107281df
91fd7a5a7a2e805cb355705e2fb1e0b91401db0b
e1bd756029248ccd01f1ac240a4a07a2f15e15d6624a6a660a9126767dd6056a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F26521ff6-85cb-4f66-a570-c1c161a5b9f5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9203
x-amzn-requestid: 53d1e94f-178f-449d-820e-20db4c52d766
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BvSgFE7foAMFdcA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640f9799-23789aa8567f8c661bea3fb4;Sampled=0
x-amzn-remapped-date: Mon, 13 Mar 2023 21:37:29 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: xSuHAVm51P01HQ6m14PMrGXKy79d1G6Q7rb0BKFox1Tk5SCcsF0v0w==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 1d000d0dfe9d69b4983f619fdc5499d6.cloudfront.net (CloudFront), 1.1 google
date: Mon, 13 Mar 2023 22:05:15 GMT
age: 42309
etag: "91fd7a5a7a2e805cb355705e2fb1e0b91401db0b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F96e84919-82a6-462c-89aa-5dfd62b065b1.jpeg
34.120.237.76200 OK 6.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F96e84919-82a6-462c-89aa-5dfd62b065b1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 60ae6be476f64653385ee775c2ba5460
4ebff6ea6c7104f16db08ac1e13af5c4d9ecab71
c3a75d6b8f755e734ecc6fcfb5229cb47f7a4d9a6bcdbae6693da0e94b03cafc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F96e84919-82a6-462c-89aa-5dfd62b065b1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6598
x-amzn-requestid: 0b194caa-137d-4f93-8a7b-26cb05bfa3a2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BvSpAEHZIAMFedA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640f97d2-2e4dd06a76e1184a2b39188f;Sampled=0
x-amzn-remapped-date: Mon, 13 Mar 2023 21:38:26 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: 1aOuS98SlIgqTJys-TCvzgzDhFobCcNpP9C_-QSI1Y_IwA1x13KpUA==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 548adcda884eed02304ba5d6a1d7f514.cloudfront.net (CloudFront), 1.1 google
date: Mon, 13 Mar 2023 21:48:49 GMT
etag: "4ebff6ea6c7104f16db08ac1e13af5c4d9ecab71"
content-type: image/jpeg
age: 43295
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F07347a5f-4c35-4f53-a77d-4ca5883b42b1.jpeg
34.120.237.76200 OK 8.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F07347a5f-4c35-4f53-a77d-4ca5883b42b1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d7576ea71a52cc84be114c4ca5c1a101
ba18fe39a596c12cafa2aaaa16c65061a4ecb55f
6d1171e21c14d5827c495ab63d2fd14f573aad8cfdfa45b81e646052cb8d819d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F07347a5f-4c35-4f53-a77d-4ca5883b42b1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8798
x-amzn-requestid: a76ce81a-fe2c-4fb5-89f5-8a466ee83256
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BvSwnG0sIAMFmFQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640f9803-2af4e3026224b91f556feec3;Sampled=0
x-amzn-remapped-date: Mon, 13 Mar 2023 21:39:15 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: UkD87MvAJrPqVef87nqeb9gRC5i1lsKB4A7qeYBFrK0QQnDFe3a-Vw==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 6af3b573d8970d5db2a4d03354335b84.cloudfront.net (CloudFront), 1.1 google
date: Mon, 13 Mar 2023 21:48:59 GMT
age: 43285
etag: "ba18fe39a596c12cafa2aaaa16c65061a4ecb55f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd84fda2e-81f7-4336-adf1-ea7c9e499a73.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd84fda2e-81f7-4336-adf1-ea7c9e499a73.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2fe07d17b76df5f6a86937338665de2c
d32dfeb309fcbbd04e13057ef3bcca577e9abf46
7b12520ec1d30e17e43edb9cb050c2492743907909faa4f2f5696288228d3054
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd84fda2e-81f7-4336-adf1-ea7c9e499a73.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11519
x-amzn-requestid: cb8f2b42-356c-417a-9562-10dc60b6d38e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BvSwdHReoAMFnHw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640f9802-356031197266d0f57441f22b;Sampled=0
x-amzn-remapped-date: Mon, 13 Mar 2023 21:39:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: 3_7QybUMHflcIawKkhWCoYG-cf8XmYfk539A1O3ShngfMdL2IjxBYg==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 ae06b19943a6bad1c1b12b79f7339498.cloudfront.net (CloudFront), 1.1 google
date: Mon, 13 Mar 2023 22:04:18 GMT
age: 42366
etag: "d32dfeb309fcbbd04e13057ef3bcca577e9abf46"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.r2m01.amazontrust.com/
143.204.48.16200 OK 471 B URL HTTP/1.1 ocsp.r2m01.amazontrust.com/
IP 143.204.48.16:0
Hash 00bac1e99d6afc232980224728e6c9ac
a5abfb065ba007511773460894f47ed659a21e4c
390dc8b5481797975a5f37c30dc1ac6117f4772e1f6bf7f26a223687110df743
POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Tue, 14 Mar 2023 09:50:24 GMT
Last-Modified: Tue, 14 Mar 2023 08:39:16 GMT
Server: ECAcc (bsa/EA9D)
X-Cache: Miss from cloudfront
Via: 1.1 a9120cc3ff449047c990e82a4d5566ba.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: uKFly-QuCb1AtuZfl0L3RtMGT0kCF78fIZaGT8t3ZAwMKHEN4Zc_0g==
Age: 4269
cdn3reference.com/landings/23302/images/bg-web2.jpg
54.230.111.111200 OK 134 kB URL HTTP/2 cdn3reference.com/landings/23302/images/bg-web2.jpg
IP 54.230.111.111:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 1813x809, components 3\012- data
Size 134 kB (134448 bytes)
Hash ef1a29775d4ead3628064718b908a24d
bdd05dca0cd677973768797fef9bf486a63b8929
650dc0654bd6a95350f544d863fc2a8cf6ac1010a9075b476febee2d861dc77b
GET /landings/23302/images/bg-web2.jpg HTTP/1.1
Host: cdn3reference.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn3reference.com/landings/23302/css/62785c7b6ca9a16c41ce1f973cf812b4.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
content-length: 134448
server: nginx
date: Tue, 14 Mar 2023 09:50:24 GMT
last-modified: Tue, 02 Apr 2019 14:25:38 GMT
etag: "20d30-5858ce9347c80"
accept-ranges: bytes
cache-control: public, max-age=604800
x-cache: Miss from cloudfront
via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: VoeO8UC0q23lqJcrZxyqAT8azsmWphC-DhSBFLyBN_SsUVMxHXUafA==
X-Firefox-Spdy: h2
retarget2core.com/43fbb6270523e1760fa5f0d2579dea07/ac3fc68831981c704535980c826941a5?tds_cid=dba7eb98a35102d3021c13d4b2ea6f978444276f&dci=0a41088ca7ca3712e23fa11b311ca7926e572074&j_type=open&jump=23302&jump_name=
52.28.217.131200 OK 0 B URL HTTP/2 retarget2core.com/43fbb6270523e1760fa5f0d2579dea07/ac3fc68831981c704535980c826941a5?tds_cid=dba7eb98a35102d3021c13d4b2ea6f978444276f&dci=0a41088ca7ca3712e23fa11b311ca7926e572074&j_type=open&jump=23302&jump_name=
IP 52.28.217.131:0
GET /43fbb6270523e1760fa5f0d2579dea07/ac3fc68831981c704535980c826941a5?tds_cid=dba7eb98a35102d3021c13d4b2ea6f978444276f&dci=0a41088ca7ca3712e23fa11b311ca7926e572074&j_type=open&jump=23302&jump_name= HTTP/1.1
Host: retarget2core.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gomydates.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 14 Mar 2023 09:50:24 GMT
content-type: image/gif
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform, Sec-CH-UA-Wow64, Sec-CH-UA
set-cookie: dci=ea1d6f035d6edaf15f2dd699c60f4957ab2c6f2e; Max-Age=31536000; Domain=.retarget2core.com; Path=/; Expires=Wed, 13 Mar 2024 09:50:24 GMT; Secure; SameSite=None
X-Firefox-Spdy: h2
gomydates.com/ufis/main.js?ippContent=null&wpContent=null&pwaContent=null&doc_location=https%3A%2F%2Fgomydates.com%2Fjump%3Ftds_ac_id%3Ds0624kas%26tds_oid%3D23302%26tds_cid%3Ddba7eb98a35102d3021c13d4b2ea6f978444276f%26id%3D23302%26subid%3Dclickdila%26clickid%3D%257Bclickid%257D%26_tgUrl%3DaHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzgyMTg2ODA5ZDk5NDg5NDFkM2IwZTNiZTExNzQ3ODM3P19fdD0xNjc4Nzg3NDIyODU3Jl9fbD0zNjAw%26tds_host%3Dgomydates.com%26affid%3D9559e5a1%26utm_source%3Dintc%26subid2%3D%257Bsubid2%257D%26tds_campaign%3Db0506rie%26dci%3D0a41088ca7ca3712e23fa11b311ca7926e572074%26tds_ao%3D1%26s1%3Dps%26tds_id%3Db0506rie_jump_a_1601039183809&uaDataValues={}
52.59.136.14200 OK 0 B URL HTTP/2 gomydates.com/ufis/main.js?ippContent=null&wpContent=null&pwaContent=null&doc_location=https%3A%2F%2Fgomydates.com%2Fjump%3Ftds_ac_id%3Ds0624kas%26tds_oid%3D23302%26tds_cid%3Ddba7eb98a35102d3021c13d4b2ea6f978444276f%26id%3D23302%26subid%3Dclickdila%26clickid%3D%257Bclickid%257D%26_tgUrl%3DaHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzgyMTg2ODA5ZDk5NDg5NDFkM2IwZTNiZTExNzQ3ODM3P19fdD0xNjc4Nzg3NDIyODU3Jl9fbD0zNjAw%26tds_host%3Dgomydates.com%26affid%3D9559e5a1%26utm_source%3Dintc%26subid2%3D%257Bsubid2%257D%26tds_campaign%3Db0506rie%26dci%3D0a41088ca7ca3712e23fa11b311ca7926e572074%26tds_ao%3D1%26s1%3Dps%26tds_id%3Db0506rie_jump_a_1601039183809&uaDataValues={}
IP 52.59.136.14:0
GET /ufis/main.js?ippContent=null&wpContent=null&pwaContent=null&doc_location=https%3A%2F%2Fgomydates.com%2Fjump%3Ftds_ac_id%3Ds0624kas%26tds_oid%3D23302%26tds_cid%3Ddba7eb98a35102d3021c13d4b2ea6f978444276f%26id%3D23302%26subid%3Dclickdila%26clickid%3D%257Bclickid%257D%26_tgUrl%3DaHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzgyMTg2ODA5ZDk5NDg5NDFkM2IwZTNiZTExNzQ3ODM3P19fdD0xNjc4Nzg3NDIyODU3Jl9fbD0zNjAw%26tds_host%3Dgomydates.com%26affid%3D9559e5a1%26utm_source%3Dintc%26subid2%3D%257Bsubid2%257D%26tds_campaign%3Db0506rie%26dci%3D0a41088ca7ca3712e23fa11b311ca7926e572074%26tds_ao%3D1%26s1%3Dps%26tds_id%3Db0506rie_jump_a_1601039183809&uaDataValues={} HTTP/1.1
Host: gomydates.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gomydates.com/jump?tds_ac_id=s0624kas&tds_oid=23302&tds_cid=dba7eb98a35102d3021c13d4b2ea6f978444276f&id=23302&subid=clickdila&clickid=%7Bclickid%7D&_tgUrl=aHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzgyMTg2ODA5ZDk5NDg5NDFkM2IwZTNiZTExNzQ3ODM3P19fdD0xNjc4Nzg3NDIyODU3Jl9fbD0zNjAw&tds_host=gomydates.com&affid=9559e5a1&utm_source=intc&subid2=%7Bsubid2%7D&tds_campaign=b0506rie&dci=0a41088ca7ca3712e23fa11b311ca7926e572074&tds_ao=1&s1=ps&tds_id=b0506rie_jump_a_1601039183809
Cookie: dci=0a41088ca7ca3712e23fa11b311ca7926e572074; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 14 Mar 2023 09:50:23 GMT
content-type: text/javascript; charset=utf-8
server: nginx
x-powered-by: Express
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
etag: W/"7535a-I3w+HscI7H/JEfdKctBN5FP7yS4"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
gomydates.com/tds/ae?tdsId=s0624kas_r&tds_campaign=s0624kas&utm_sub=opnfnl&s1=ps&utm_source=intc&affid=9559e5a1&subid=clickdila&clickid={clickid}&subid2={subid2}
52.59.136.14302 Found 0 B URL HTTP/2 gomydates.com/tds/ae?tdsId=s0624kas_r&tds_campaign=s0624kas&utm_sub=opnfnl&s1=ps&utm_source=intc&affid=9559e5a1&subid=clickdila&clickid={clickid}&subid2={subid2}
IP 52.59.136.14:0
GET /tds/ae?tdsId=s0624kas_r&tds_campaign=s0624kas&utm_sub=opnfnl&s1=ps&utm_source=intc&affid=9559e5a1&subid=clickdila&clickid={clickid}&subid2={subid2} HTTP/1.1
Host: gomydates.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
date: Tue, 14 Mar 2023 09:50:22 GMT
location: https://gomydates.com/jump?tds_ac_id=s0624kas&tds_oid=23302&tds_cid=dba7eb98a35102d3021c13d4b2ea6f978444276f&id=23302&subid=clickdila&clickid=%7Bclickid%7D&_tgUrl=aHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzgyMTg2ODA5ZDk5NDg5NDFkM2IwZTNiZTExNzQ3ODM3P19fdD0xNjc4Nzg3NDIyODU3Jl9fbD0zNjAw&tds_host=gomydates.com&affid=9559e5a1&utm_source=intc&subid2=%7Bsubid2%7D&tds_campaign=b0506rie&dci=0a41088ca7ca3712e23fa11b311ca7926e572074&tds_ao=1&s1=ps&tds_id=b0506rie_jump_a_1601039183809
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform, Sec-CH-UA-Wow64, Sec-CH-UA
set-cookie: dci=0a41088ca7ca3712e23fa11b311ca7926e572074; Max-Age=31536000; Domain=.gomydates.com; Path=/; Expires=Wed, 13 Mar 2024 09:50:22 GMT; Secure; SameSite=None
dm=fe450dd0d1dadc615429144d33241f42; Max-Age=432000; Path=/; Expires=Sun, 19 Mar 2023 09:50:22 GMT
X-Firefox-Spdy: h2
gomydates.com/jump?tds_ac_id=s0624kas&tds_oid=23302&tds_cid=dba7eb98a35102d3021c13d4b2ea6f978444276f&id=23302&subid=clickdila&clickid=%7Bclickid%7D&_tgUrl=aHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzgyMTg2ODA5ZDk5NDg5NDFkM2IwZTNiZTExNzQ3ODM3P19fdD0xNjc4Nzg3NDIyODU3Jl9fbD0zNjAw&tds_host=gomydates.com&affid=9559e5a1&utm_source=intc&subid2=%7Bsubid2%7D&tds_campaign=b0506rie&dci=0a41088ca7ca3712e23fa11b311ca7926e572074&tds_ao=1&s1=ps&tds_id=b0506rie_jump_a_1601039183809
52.59.136.14200 OK 0 B URL HTTP/2 gomydates.com/jump?tds_ac_id=s0624kas&tds_oid=23302&tds_cid=dba7eb98a35102d3021c13d4b2ea6f978444276f&id=23302&subid=clickdila&clickid=%7Bclickid%7D&_tgUrl=aHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzgyMTg2ODA5ZDk5NDg5NDFkM2IwZTNiZTExNzQ3ODM3P19fdD0xNjc4Nzg3NDIyODU3Jl9fbD0zNjAw&tds_host=gomydates.com&affid=9559e5a1&utm_source=intc&subid2=%7Bsubid2%7D&tds_campaign=b0506rie&dci=0a41088ca7ca3712e23fa11b311ca7926e572074&tds_ao=1&s1=ps&tds_id=b0506rie_jump_a_1601039183809
IP 52.59.136.14:0
GET /jump?tds_ac_id=s0624kas&tds_oid=23302&tds_cid=dba7eb98a35102d3021c13d4b2ea6f978444276f&id=23302&subid=clickdila&clickid=%7Bclickid%7D&_tgUrl=aHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzgyMTg2ODA5ZDk5NDg5NDFkM2IwZTNiZTExNzQ3ODM3P19fdD0xNjc4Nzg3NDIyODU3Jl9fbD0zNjAw&tds_host=gomydates.com&affid=9559e5a1&utm_source=intc&subid2=%7Bsubid2%7D&tds_campaign=b0506rie&dci=0a41088ca7ca3712e23fa11b311ca7926e572074&tds_ao=1&s1=ps&tds_id=b0506rie_jump_a_1601039183809 HTTP/1.1
Host: gomydates.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: dci=0a41088ca7ca3712e23fa11b311ca7926e572074; dm=fe450dd0d1dadc615429144d33241f42
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers
HTTP/2 200 OK
date: Tue, 14 Mar 2023 09:50:23 GMT
content-type: text/html; charset=UTF-8
server: nginx
content-encoding: br
X-Firefox-Spdy: h2
cdn3reference.com/landings/23302/css/62785c7b6ca9a16c41ce1f973cf812b4.css
54.230.111.111200 OK 0 B URL HTTP/2 cdn3reference.com/landings/23302/css/62785c7b6ca9a16c41ce1f973cf812b4.css
IP 54.230.111.111:0
GET /landings/23302/css/62785c7b6ca9a16c41ce1f973cf812b4.css HTTP/1.1
Host: cdn3reference.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gomydates.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css
server: nginx
date: Tue, 14 Mar 2023 09:50:23 GMT
last-modified: Tue, 02 Apr 2019 15:21:31 GMT
content-encoding: gzip
etag: W/"5c1-5858db10f34c0"
x-cache: Miss from cloudfront
via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: WaX3HQtbo0gQ6o4OlGOmpRjo2ZI-yg13kqqhu6WtBKghIO810zg31w==
X-Firefox-Spdy: h2
cdn3reference.com/js/dc_img.js?v=8
54.230.111.111200 OK 0 B URL HTTP/2 cdn3reference.com/js/dc_img.js?v=8
IP 54.230.111.111:0
GET /js/dc_img.js?v=8 HTTP/1.1
Host: cdn3reference.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gomydates.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
server: nginx
date: Tue, 14 Mar 2023 09:50:23 GMT
last-modified: Thu, 29 Oct 2020 09:19:39 GMT
etag: W/"1e8-5b2cbc78da216"
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: TKU58nfZR24ytzXeW5I_cDoyGDoLlkCc1b9MbKm8m9R7ALT2O9kejg==
X-Firefox-Spdy: h2
gomydates.com/ao.js
52.59.136.14200 OK 0 B IP 52.59.136.14:0
Analyzer Verdict Alert fortinet Phishing
GET /ao.js HTTP/1.1
Host: gomydates.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gomydates.com/jump?tds_ac_id=s0624kas&tds_oid=23302&tds_cid=dba7eb98a35102d3021c13d4b2ea6f978444276f&id=23302&subid=clickdila&clickid=%7Bclickid%7D&_tgUrl=aHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzgyMTg2ODA5ZDk5NDg5NDFkM2IwZTNiZTExNzQ3ODM3P19fdD0xNjc4Nzg3NDIyODU3Jl9fbD0zNjAw&tds_host=gomydates.com&affid=9559e5a1&utm_source=intc&subid2=%7Bsubid2%7D&tds_campaign=b0506rie&dci=0a41088ca7ca3712e23fa11b311ca7926e572074&tds_ao=1&s1=ps&tds_id=b0506rie_jump_a_1601039183809
Cookie: dci=0a41088ca7ca3712e23fa11b311ca7926e572074; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 14 Mar 2023 09:50:23 GMT
content-type: application/javascript; charset=UTF-8
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
x-robots-tag: noindex
accept-ranges: bytes
cache-control: public, max-age=3600
last-modified: Wed, 08 Mar 2023 12:25:14 GMT
etag: W/"1509-186c12ec810"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
cdn3reference.com/images/jump-favicon.ico
54.230.111.111200 OK 0 B URL HTTP/2 cdn3reference.com/images/jump-favicon.ico
IP 54.230.111.111:0
GET /images/jump-favicon.ico HTTP/1.1
Host: cdn3reference.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gomydates.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/vnd.microsoft.icon
server: nginx
date: Tue, 14 Mar 2023 09:50:24 GMT
last-modified: Fri, 05 Dec 2014 08:28:50 GMT
cache-control: public, max-age=604800
content-encoding: gzip
etag: W/"47e-50973ddc33480"
x-cache: Miss from cloudfront
via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: yFHBaIgmA9U30q-mMLG6ejGXMWjQ9UzU6uZs9Bem0si3PAEc88hl6A==
X-Firefox-Spdy: h2
push-message.club/tds/clickdila?q=[PRICING_MODEL]&a=[DOMAIN]&b=[WEB_PUSH_ID]
104.21.4.13302 Found 0 B URL HTTP/2 push-message.club/tds/clickdila?q=[PRICING_MODEL]&a=[DOMAIN]&b=[WEB_PUSH_ID]
IP 104.21.4.13:0
GET /tds/clickdila?q=[PRICING_MODEL]&a=[DOMAIN]&b=[WEB_PUSH_ID] HTTP/1.1
Host: push-message.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
date: Tue, 14 Mar 2023 09:50:21 GMT
content-type: text/html; charset=UTF-8
location: https://gomydates.com/tds/ae?tdsId=s0624kas_r&tds_campaign=s0624kas&utm_sub=opnfnl&s1=ps&utm_source=intc&affid=9559e5a1&subid=clickdila&clickid={clickid}&subid2={subid2}
access-control-allow-origin: *
set-cookie: 97018ac3a9e579c4271061c41360bbc5=0; expires=Wed, 15-Mar-2023 09:50:21 GMT; Max-Age=86400; path=/; secure; HttpOnly; SameSite=None
cache-control: max-age=172800, private, must-revalidate
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0HFRdoXTAlrlW1UosUSSqDXJruPsd93GJ42ZS3EmBLrK2WhbGPZAaMuSOLx4b0CyUy76oKZOH1Py1PBsrGA0buuPuubw1iq1mxp%2B5Gtq9dmxj8BmqiqYQVDiM0bMqpZcbwPbdw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7a7b9caadd06b51b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
gomydates.com/integration.js
52.59.136.14200 OK 0 B URL HTTP/2 gomydates.com/integration.js
IP 52.59.136.14:0
Analyzer Verdict Alert fortinet Phishing
GET /integration.js HTTP/1.1
Host: gomydates.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gomydates.com/jump?tds_ac_id=s0624kas&tds_oid=23302&tds_cid=dba7eb98a35102d3021c13d4b2ea6f978444276f&id=23302&subid=clickdila&clickid=%7Bclickid%7D&_tgUrl=aHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzgyMTg2ODA5ZDk5NDg5NDFkM2IwZTNiZTExNzQ3ODM3P19fdD0xNjc4Nzg3NDIyODU3Jl9fbD0zNjAw&tds_host=gomydates.com&affid=9559e5a1&utm_source=intc&subid2=%7Bsubid2%7D&tds_campaign=b0506rie&dci=0a41088ca7ca3712e23fa11b311ca7926e572074&tds_ao=1&s1=ps&tds_id=b0506rie_jump_a_1601039183809
Cookie: dci=0a41088ca7ca3712e23fa11b311ca7926e572074; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 14 Mar 2023 09:50:23 GMT
content-type: text/javascript; charset=utf-8
server: nginx
x-powered-by: Express
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
etag: W/"710-H5zl18zQTxcN9XgfklJuy0Vv5xg"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
retarget2core.com/fp/fp_ec.js
52.28.217.131200 OK 0 B URL HTTP/2 retarget2core.com/fp/fp_ec.js
IP 52.28.217.131:0
GET /fp/fp_ec.js HTTP/1.1
Host: retarget2core.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gomydates.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 14 Mar 2023 09:50:24 GMT
content-type: application/javascript; charset=UTF-8
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
x-robots-tag: noindex
accept-ranges: bytes
cache-control: public, max-age=3600
last-modified: Wed, 08 Mar 2023 12:25:14 GMT
etag: W/"4bd-186c12ec810"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
gomydates.com/bridge/frodi_data.js
52.59.136.14200 OK 0 B URL HTTP/2 gomydates.com/bridge/frodi_data.js
IP 52.59.136.14:0
Analyzer Verdict Alert fortinet Phishing
GET /bridge/frodi_data.js HTTP/1.1
Host: gomydates.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gomydates.com/jump?tds_ac_id=s0624kas&tds_oid=23302&tds_cid=dba7eb98a35102d3021c13d4b2ea6f978444276f&id=23302&subid=clickdila&clickid=%7Bclickid%7D&_tgUrl=aHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzgyMTg2ODA5ZDk5NDg5NDFkM2IwZTNiZTExNzQ3ODM3P19fdD0xNjc4Nzg3NDIyODU3Jl9fbD0zNjAw&tds_host=gomydates.com&affid=9559e5a1&utm_source=intc&subid2=%7Bsubid2%7D&tds_campaign=b0506rie&dci=0a41088ca7ca3712e23fa11b311ca7926e572074&tds_ao=1&s1=ps&tds_id=b0506rie_jump_a_1601039183809
Cookie: dci=0a41088ca7ca3712e23fa11b311ca7926e572074; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 14 Mar 2023 09:50:23 GMT
content-type: application/javascript; charset=UTF-8
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
x-robots-tag: noindex
accept-ranges: bytes
cache-control: public, max-age=3600
last-modified: Wed, 08 Mar 2023 12:25:14 GMT
etag: W/"19f8-186c12ec810"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
gomydates.com/bridge/crypto-4.1.1.js
52.59.136.14200 OK 0 B URL HTTP/2 gomydates.com/bridge/crypto-4.1.1.js
IP 52.59.136.14:0
Analyzer Verdict Alert fortinet Phishing
GET /bridge/crypto-4.1.1.js HTTP/1.1
Host: gomydates.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gomydates.com/jump?tds_ac_id=s0624kas&tds_oid=23302&tds_cid=dba7eb98a35102d3021c13d4b2ea6f978444276f&id=23302&subid=clickdila&clickid=%7Bclickid%7D&_tgUrl=aHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzgyMTg2ODA5ZDk5NDg5NDFkM2IwZTNiZTExNzQ3ODM3P19fdD0xNjc4Nzg3NDIyODU3Jl9fbD0zNjAw&tds_host=gomydates.com&affid=9559e5a1&utm_source=intc&subid2=%7Bsubid2%7D&tds_campaign=b0506rie&dci=0a41088ca7ca3712e23fa11b311ca7926e572074&tds_ao=1&s1=ps&tds_id=b0506rie_jump_a_1601039183809
Cookie: dci=0a41088ca7ca3712e23fa11b311ca7926e572074; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 14 Mar 2023 09:50:23 GMT
content-type: application/javascript; charset=UTF-8
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
x-robots-tag: noindex
accept-ranges: bytes
cache-control: public, max-age=3600
last-modified: Wed, 08 Mar 2023 12:25:14 GMT
etag: W/"bde2-186c12ec810"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2