Report - cnn-africa.co/

Report Overview

Submitted URL
cnn-africa.co/
IP
81.171.22.5
ASN
#60781 LeaseWeb Netherlands B.V.
Submitted
2022-10-10 18:48:46
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
8

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
cartining-specute.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	833 B	751 B	18.197.36.77
fonts.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	940 B	34 kB	216.58.207.195
retarget2core.com	86164	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	923 B	979 B	35.157.196.4
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321 B	229 B	34.117.237.239
cnn-africa.co	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	492 B	81.171.22.5
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.7 kB	62 kB	34.120.237.76
cdn3reference.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.8 kB	998 kB	143.204.68.18
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	5.8 kB	34.160.144.191
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	329 B	737 B	93.184.220.29
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594 B	127 B	34.214.236.46
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.3 kB	4.9 kB	142.250.74.3
fonts.googleapis.com	8877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.2 kB	37 kB	142.250.74.10
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.6 kB	4.4 kB	23.36.76.226
blode-cpq.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.5 kB	4.4 kB	35.174.150.83
bustygirls4u.com	821036	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	6.2 kB	19 kB	18.196.240.131
www.googletagmanager.com	75	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	380 B	49 kB	142.250.74.168
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	758 B	2.7 kB	18.165.201.17
ocsp.sca1b.amazontrust.com	1015	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	676 B	1.9 kB	18.165.196.178

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-10-10	medium	cnn-africa.co/	Malware
2022-10-10	medium	blode-cpq.com/zcvisitor/24ecf276-48cc-11ed-8730-0aaa9adab76d/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=62c492c0-3b47-11ed-a49b-0a918cbcbb97	Phishing

mnemonic secure dns

Scan Date	Severity	Indicator	Alert
2022-10-10	medium	cnn-africa.co	Sinkholed

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-10-10	medium	cnn-africa.co	Sinkholed

JavaScript (18)

	URL	Size	First Seen	Last Seen
	blode-cpq.com/zcvisitor/24ecf276-48cc-11ed-8730-0aaa9adab76d/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=62c492c0-3b47-11ed-a49b-0a918cbcbb97	747 B	2023-03-08	2023-03-08
Pretty URL blode-cpq.com/zcvisitor/24ecf276-48cc-11ed-8730-0aaa9adab76d/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=62c492c0-3b47-11ed-a49b-0a918cbcbb97 IP 35.174.150.83 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 12:29:24 Last Seen2023-03-08 12:29:24 Times Seen1 Hash f2f644258c24779142b8cd62a99a16e0 4abd089c1e91d39f1cf93a56e849d48f3cc460e4 98afbc3863ce4051275621bf733be2ca2e938fc66a9493d6530e9fe3013ae3d6 Loading...

	bustygirls4u.com/jump?tds_rt=&s1=ps&_tgUrl=aHR0cHM6Ly9idXN0eWdpcmxzNHUuY29tL3Rkcy9hZS90Zy9zL2E0N2NmYzliMjJhNDkwNjY3MTkwNWMyNzA1Yzc3MTYyP19fdD0xNjY1NDI3NzE2NTgxJl9fbD0zNjAw&tds_campaign=b1727pos&tds_oid=24402&id=24402&tds_ao=1&tds_host=bustygirls4u.com&tds_ac_id=s8655tok&dci=366a02f9efed207f7853a589a1fbc795681e2ae4&utm_campaign=497f5345&data2=wo20noktphrs5aljiu058cpo&s3=wo20noktphrs5aljiu058cpo&tds_id=b1727pos_jump_a_1598613018653&utm_source=int&tds_cid=4e11d581826e0974f13fb10677320ad2ac38867f&utm_content=	446 B	2023-03-08	2023-03-08
Pretty URL bustygirls4u.com/jump?tds_rt=&s1=ps&_tgUrl=aHR0cHM6Ly9idXN0eWdpcmxzNHUuY29tL3Rkcy9hZS90Zy9zL2E0N2NmYzliMjJhNDkwNjY3MTkwNWMyNzA1Yzc3MTYyP19fdD0xNjY1NDI3NzE2NTgxJl9fbD0zNjAw&tds_campaign=b1727pos&tds_oid=24402&id=24402&tds_ao=1&tds_host=bustygirls4u.com&tds_ac_id=s8655tok&dci=366a02f9efed207f7853a589a1fbc795681e2ae4&utm_campaign=497f5345&data2=wo20noktphrs5aljiu058cpo&s3=wo20noktphrs5aljiu058cpo&tds_id=b1727pos_jump_a_1598613018653&utm_source=int&tds_cid=4e11d581826e0974f13fb10677320ad2ac38867f&utm_content= IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 12:29:24 Last Seen2023-03-08 12:29:24 Times Seen1 Hash 5b935869a4a6bd82c8b46fba35c394e8 3b97293509e293fdfb165139b8790c81b2517ebc 4df8aa84ba24ff20941252ef12d608630c13ec214013aae621798a7a603f5d4c Loading...

	bustygirls4u.com/jump?tds_rt=&s1=ps&_tgUrl=aHR0cHM6Ly9idXN0eWdpcmxzNHUuY29tL3Rkcy9hZS90Zy9zL2E0N2NmYzliMjJhNDkwNjY3MTkwNWMyNzA1Yzc3MTYyP19fdD0xNjY1NDI3NzE2NTgxJl9fbD0zNjAw&tds_campaign=b1727pos&tds_oid=24402&id=24402&tds_ao=1&tds_host=bustygirls4u.com&tds_ac_id=s8655tok&dci=366a02f9efed207f7853a589a1fbc795681e2ae4&utm_campaign=497f5345&data2=wo20noktphrs5aljiu058cpo&s3=wo20noktphrs5aljiu058cpo&tds_id=b1727pos_jump_a_1598613018653&utm_source=int&tds_cid=4e11d581826e0974f13fb10677320ad2ac38867f&utm_content=	522 B	2023-03-07	2023-04-05
Pretty URL bustygirls4u.com/jump?tds_rt=&s1=ps&_tgUrl=aHR0cHM6Ly9idXN0eWdpcmxzNHUuY29tL3Rkcy9hZS90Zy9zL2E0N2NmYzliMjJhNDkwNjY3MTkwNWMyNzA1Yzc3MTYyP19fdD0xNjY1NDI3NzE2NTgxJl9fbD0zNjAw&tds_campaign=b1727pos&tds_oid=24402&id=24402&tds_ao=1&tds_host=bustygirls4u.com&tds_ac_id=s8655tok&dci=366a02f9efed207f7853a589a1fbc795681e2ae4&utm_campaign=497f5345&data2=wo20noktphrs5aljiu058cpo&s3=wo20noktphrs5aljiu058cpo&tds_id=b1727pos_jump_a_1598613018653&utm_source=int&tds_cid=4e11d581826e0974f13fb10677320ad2ac38867f&utm_content= IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:10:46 Last Seen2023-04-05 01:48:41 Times Seen13 Hash 48e0ad9290ec0a3b6617a0ca76df0c6b 68f9154a03c5c339a330aa52d65bade74dfcbec7 7f3bfd860b6876e4c728d82f8ac7eab9e9150068c90c68aef4faec0f1da901fc Loading...

	bustygirls4u.com/bridge/ao_loader.js	829 B	2023-03-08	2023-03-08
Pretty URL bustygirls4u.com/bridge/ao_loader.js IP 18.196.240.131 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 05:30:48 Last Seen2023-03-08 13:19:30 Times Seen1 Hash a65370c4208192776c11a4768b062718 8d351e27b2cffb94613638290faca09634a5505d 8385e38a43e49c493a01008a3004668f2245dfc4d8e504ad209d3c5a860f4860 Loading...

	bustygirls4u.com/bridge/frodi_data.js	6.6 kB	2023-03-07	2023-12-25
Pretty URL bustygirls4u.com/bridge/frodi_data.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:31:53 Last Seen2023-12-25 02:16:58 Times Seen154 Hash acba46edbe151b3ac5b3a3ad6adb6852 967fc6c8942a27986534f16a8a5ae2f71b0481bf 544d040fe3985f2f3f2f519c6db58110b24d23c8b13e794a988ec90a05b48658 Loading...

	cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js	48 kB	2023-03-07	2024-04-25
Pretty URL cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:31:53 Last Seen2024-04-25 09:12:40 Times Seen45974 Hash 2ca03ad87885ab983541092b87adb299 1a17f60bf776a8c468a185c1e8e985c41a50dc27 8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762 Loading...

	bustygirls4u.com/ufis/main.js?ippContent=null&wpContent=null&pwaContent=null&doc_location=https%3A%2F%2Fbustygirls4u.com%2Fjump%3Ftds_rt%3D%26s1%3Dps%26_tgUrl%3DaHR0cHM6Ly9idXN0eWdpcmxzNHUuY29tL3Rkcy9hZS90Zy9zL2E0N2NmYzliMjJhNDkwNjY3MTkwNWMyNzA1Yzc3MTYyP19fdD0xNjY1NDI3NzE2NTgxJl9fbD0zNjAw%26tds_campaign%3Db1727pos%26tds_oid%3D24402%26id%3D24402%26tds_ao%3D1%26tds_host%3Dbustygirls4u.com%26tds_ac_id%3Ds8655tok%26dci%3D366a02f9efed207f7853a589a1fbc795681e2ae4%26utm_campaign%3D497f5345%26data2%3Dwo20noktphrs5aljiu058cpo%26s3%3Dwo20noktphrs5aljiu058cpo%26tds_id%3Db1727pos_jump_a_1598613018653%26utm_source%3Dint%26tds_cid%3D4e11d581826e0974f13fb10677320ad2ac38867f%26utm_content%3D&uaDataValues={}	199 B	2023-03-08	2024-04-24
Pretty URL bustygirls4u.com/ufis/main.js?ippContent=null&wpContent=null&pwaContent=null&doc_location=https%3A%2F%2Fbustygirls4u.com%2Fjump%3Ftds_rt%3D%26s1%3Dps%26_tgUrl%3DaHR0cHM6Ly9idXN0eWdpcmxzNHUuY29tL3Rkcy9hZS90Zy9zL2E0N2NmYzliMjJhNDkwNjY3MTkwNWMyNzA1Yzc3MTYyP19fdD0xNjY1NDI3NzE2NTgxJl9fbD0zNjAw%26tds_campaign%3Db1727pos%26tds_oid%3D24402%26id%3D24402%26tds_ao%3D1%26tds_host%3Dbustygirls4u.com%26tds_ac_id%3Ds8655tok%26dci%3D366a02f9efed207f7853a589a1fbc795681e2ae4%26utm_campaign%3D497f5345%26data2%3Dwo20noktphrs5aljiu058cpo%26s3%3Dwo20noktphrs5aljiu058cpo%26tds_id%3Db1727pos_jump_a_1598613018653%26utm_source%3Dint%26tds_cid%3D4e11d581826e0974f13fb10677320ad2ac38867f%26utm_content%3D&uaDataValues={} IP 18.196.240.131 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:49:12 Last Seen2024-04-24 09:26:55 Times Seen202 Hash cd4ae55f3af545b5863f65b73a6a7b80 a85fca461d97f90eaf52246b95974eeabba27c20 ae4475effcb2e8533194b150ee30b2472c1cb7498b2c83a764718d962deaa84f Loading...

	bustygirls4u.com/ao.js	4.7 kB	2023-03-08	2023-03-08
Pretty URL bustygirls4u.com/ao.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 05:30:48 Last Seen2023-03-08 13:44:09 Times Seen1 Hash 62560876fc010774d1708e224e387287 9f5e9b136b070f4d544729ce967a0d95ab08b801 711326bd8d3be5a8a92909016efd8e5b2e74e6b116666689f9c7aef11d66f572 Loading...

	retarget2core.com/fp/fp_ec.js	1.2 kB	2023-03-07	2023-03-29
Pretty URL retarget2core.com/fp/fp_ec.js IP 35.157.196.4 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:31:53 Last Seen2023-03-29 23:19:33 Times Seen17 Hash 6faaf5b255433abc88fbe4a547ac7784 c60ab4a050864bbd815922e5abade6d5af4333a6 7eda108904da9c98eeeeab666426197e6738b78dfd103a653897d14366e2cd20 Loading...

	cdn3reference.com/landings/24402/js/20dff8cf5ed8c45d47eca00751d44eb9.js	97 kB	2023-03-07	2024-04-24
Pretty URL cdn3reference.com/landings/24402/js/20dff8cf5ed8c45d47eca00751d44eb9.js IP 143.204.68.18 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:10:46 Last Seen2024-04-24 09:26:55 Times Seen279 Hash 20dff8cf5ed8c45d47eca00751d44eb9 209faa3f1a08dcb3c943fe8b6c344571005ef3b4 aaf2bc75c60776c40df9015d7f99cde0e9adb2f81e859276ed30d7c431d6a720 Loading...

	bustygirls4u.com/integration.js	1.8 kB	2023-03-07	2023-03-10
Pretty URL bustygirls4u.com/integration.js IP 18.196.240.131 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:10:46 Last Seen2023-03-10 18:41:17 Times Seen1 Hash a0b8d8ca7bf4e7e27dad3c6debb2b03e 045a9bd9d4d796aa091853cbe9e08ee999fa380a 3666071e459401713631ae32dc7eca89ff8b877db35023832c3baa813035a9d8 Loading...

	cdn3reference.com/js/dc_img.js?v=8	488 B	2023-03-07	2023-05-14
Pretty URL cdn3reference.com/js/dc_img.js?v=8 IP 143.204.68.18 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:31:53 Last Seen2023-05-14 11:44:44 Times Seen18 Hash 866e1e7da88eb0918114ea04e4379f40 cb9ed6b52f93bead89eb5da6d618c9b58b34a2b5 ac742d62b8d28cb2cc72fa86d6d1769ead306bd34eb3b04e712d9f32a7378c53 Loading...

	unknown	0 B	2023-03-07	2024-04-25
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-25 12:43:38 Times Seen37063037 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	blode-cpq.com/zcredirect?visitid=24ecf276-48cc-11ed-8730-0aaa9adab76d&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false	432 B	2023-03-08	2023-03-08
Pretty URL blode-cpq.com/zcredirect?visitid=24ecf276-48cc-11ed-8730-0aaa9adab76d&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false IP 35.174.150.83 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 12:29:24 Last Seen2023-03-08 12:29:24 Times Seen1 Hash 764edf54cb706c9ed2e54e0a21f0abbf 1d9701a1d7d9c63011662c5dc7e18cdc3e9adcfd 8e5c0e61b1780b140db53e40b89e6933b9ce8dc666534d5e3548ce68ea5d12b9 Loading...

	bustygirls4u.com/bridge/intg.js?v=8	317 B	2023-03-08	2023-03-17
Pretty URL bustygirls4u.com/bridge/intg.js?v=8 IP 18.196.240.131 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 05:30:48 Last Seen2023-03-17 23:34:04 Times Seen1 Hash d9bd6d4fe07232e0fcae03c7e68d4e81 4a7e1c2e8cc35c2ff31c71175095f4b1a2b8c17b 0ad2eb2d6a74f3d18026ab24c088ca7c561a742fd870e44045db9d823ac0a3c6 Loading...

	bustygirls4u.com/jump?tds_rt=&s1=ps&_tgUrl=aHR0cHM6Ly9idXN0eWdpcmxzNHUuY29tL3Rkcy9hZS90Zy9zL2E0N2NmYzliMjJhNDkwNjY3MTkwNWMyNzA1Yzc3MTYyP19fdD0xNjY1NDI3NzE2NTgxJl9fbD0zNjAw&tds_campaign=b1727pos&tds_oid=24402&id=24402&tds_ao=1&tds_host=bustygirls4u.com&tds_ac_id=s8655tok&dci=366a02f9efed207f7853a589a1fbc795681e2ae4&utm_campaign=497f5345&data2=wo20noktphrs5aljiu058cpo&s3=wo20noktphrs5aljiu058cpo&tds_id=b1727pos_jump_a_1598613018653&utm_source=int&tds_cid=4e11d581826e0974f13fb10677320ad2ac38867f&utm_content=	405 B	2023-03-07	2023-04-05
Pretty URL bustygirls4u.com/jump?tds_rt=&s1=ps&_tgUrl=aHR0cHM6Ly9idXN0eWdpcmxzNHUuY29tL3Rkcy9hZS90Zy9zL2E0N2NmYzliMjJhNDkwNjY3MTkwNWMyNzA1Yzc3MTYyP19fdD0xNjY1NDI3NzE2NTgxJl9fbD0zNjAw&tds_campaign=b1727pos&tds_oid=24402&id=24402&tds_ao=1&tds_host=bustygirls4u.com&tds_ac_id=s8655tok&dci=366a02f9efed207f7853a589a1fbc795681e2ae4&utm_campaign=497f5345&data2=wo20noktphrs5aljiu058cpo&s3=wo20noktphrs5aljiu058cpo&tds_id=b1727pos_jump_a_1598613018653&utm_source=int&tds_cid=4e11d581826e0974f13fb10677320ad2ac38867f&utm_content= IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:10:46 Last Seen2023-04-05 01:48:41 Times Seen13 Hash be45a98359190c7f593f94249f7ff883 cfe7d73f5da8d22e196c0f6e766d98a8836fa672 5282055274dc1ebc1563a15afa096712df400e687714122538816184520c7b75 Loading...

	cdn3reference.com/js/webPushMotivationPopupSmall.js?v=8	8.9 kB	2023-03-07	2023-05-14
Pretty URL cdn3reference.com/js/webPushMotivationPopupSmall.js?v=8 IP 143.204.68.18 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:31:53 Last Seen2023-05-14 11:44:44 Times Seen2 Hash c0fafab6f2cbb33a818ba23d30f68842 c016126575618881427fdc86eed31717844f0573 85f09c34c4b7fc07125b5a5c84f6bbd1dde7df7f1ee059701a3660264300342f Loading...

		Size	First Seen	Last Seen
	#1 Eval - ca45c42226c1d974d33ba66f5fbec226	273 B	2023-03-07	2024-04-24
Pretty Observations First Seen2023-03-07 01:31:53 Last Seen2024-04-24 09:26:55 Times Seen299 Hash ca45c42226c1d974d33ba66f5fbec226 acdf858cb51509213a6b58ea26c99788ffa9ba51 8f61ee4a89b9d76a579f5ed446960dc9aba5dad5f67f5676bc5aab5f8fe726b3 Loading...

HTTP Transactions (53)

URL IP Response Size

firefox.settings.services.mozilla.com/v1/

18.165.201.17

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
18.165.201.17:0
ASN
#0

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
bdb8b66c705a7b996496d780f50c00b5
403ae92039fcc933870f51f913f78ccaf9652256
c923ed2539f4ce9f4d43743c402fbb2060a52a4cbedbf14c5f5742ab718073d6

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Content-Length, Retry-After, Backoff
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Mon, 10 Oct 2022 18:08:03 GMT
Expires: Mon, 10 Oct 2022 18:28:17 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 65cbd6c4094454b31bc32d6426b92cf2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: INTHlBhjDhgoLERKz2Bp6qzkUl-orlJsAQKJWAYGTBEAbWRy_Aa0lQ==
Age: 2431

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
03c3cfc567661cca575e54ad505acd08
e73f7955b0c794a9cf8ff77b3ecaf436354521fe
50017e6eb57c5bcaa8dc74af6e3967362ec6b8f177a5bf722dd2d215698c4fa9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "50017E6EB57C5BCAA8DC74AF6E3967362EC6B8F177A5BF722DD2D215698C4FA9"
Last-Modified: Sun, 09 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16081
Expires: Mon, 10 Oct 2022 23:16:35 GMT
Date: Mon, 10 Oct 2022 18:48:34 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3d0ffae9abfdf558a6286013a0201c8b
2dc8ea0000a1b0c0f849611fdd73429bca51bfad
8e19eab9b6d16819f9ef3920971542cbcf5dd18280617e2de1a3827f0c149398

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8E19EAB9B6D16819F9EF3920971542CBCF5DD18280617E2DE1A3827F0C149398"
Last-Modified: Sun, 09 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4330
Expires: Mon, 10 Oct 2022 20:00:44 GMT
Date: Mon, 10 Oct 2022 18:48:34 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: Gp6iBT6f35tCw1TYz9bnLeZmQqTl7yXt8a7DAHFXl3eVRE9ld9+00XJUVyUhJpZYlREznThNjqI=
x-amz-request-id: PPY2N38Q29DFET95
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 10 Oct 2022 18:32:36 GMT
age: 958
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 10 Oct 2022 18:48:35 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

18.165.201.17

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
18.165.201.17:0
ASN
#0

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Pragma, Content-Length, Backoff, Last-Modified, Cache-Control, Content-Type, Retry-After, ETag, Expires, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Mon, 10 Oct 2022 18:41:37 GMT
Expires: Mon, 10 Oct 2022 19:33:10 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 4c3c0be12954d0bfb5e695119bb76338.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: f47U3fFb3FianAhKsLx3YfSnF6kpZMv7o0G9TFyj6MoQldRA9z6GxQ==
Age: 418

cnn-africa.co/

81.171.22.5

302 Found

11 B

URL HTTP/1.1
cnn-africa.co/
IP
81.171.22.5:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
ASCII text, with no line terminators
Size
11 B (11 bytes)
Hash
32682312d17c7cbf18e73594f5570319
60e22121bdd0bc71cdb2bae2a3aa577006b2eae9
e55fb1a1d731153e943b68844af12dcce8bfac917c98ffdea64c80da0607dd47

Detections

Analyzer	Verdict	Alert
fortinet	Malware
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: cnn-africa.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 Found
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 11
date: Mon, 10 Oct 2022 18:48:34 GMT
location: http://blode-cpq.com/zcvisitor/24ecf276-48cc-11ed-8730-0aaa9adab76d/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=62c492c0-3b47-11ed-a49b-0a918cbcbb97
server: nginx
set-cookie: sid=24df8360-48cc-11ed-8d63-15ee8580fb93; path=/; domain=.cnn-africa.co; expires=Sat, 28 Oct 2090 22:02:42 GMT; max-age=2147483647; HttpOnly

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
d545bc725dcd5d6f1dfc10a8b35aeb3a
82d92587953dac8a05d691730b8318719328de6b
9d1e6f1bf4b1c138d9e07e67264cb9ac5090a1c338ff72c87e1758e187cccb24

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4715
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 10 Oct 2022 18:48:35 GMT
Last-Modified: Mon, 10 Oct 2022 17:30:00 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 471

blode-cpq.com/zcvisitor/24ecf276-48cc-11ed-8730-0aaa9adab76d/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=62c492c0-3b47-11ed-a49b-0a918cbcbb97

35.174.150.83

200

996 B

URL HTTP/1.1
blode-cpq.com/zcvisitor/24ecf276-48cc-11ed-8730-0aaa9adab76d/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=62c492c0-3b47-11ed-a49b-0a918cbcbb97
IP
35.174.150.83:0
ASN
#14618 AMAZON-AES

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
996 B (996 bytes)
Hash
3b6e479cc6cbefd7dac25dfd7776e4a0
9b9d43dfef53bbcdf225fe61f017b3f640828850
3b5ac52536bc4388212a71e333fb60b8d4e70197205da99a3c1f2ea8bca97ae4

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /zcvisitor/24ecf276-48cc-11ed-8730-0aaa9adab76d/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=62c492c0-3b47-11ed-a49b-0a918cbcbb97 HTTP/1.1
Host: blode-cpq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 
Date: Mon, 10 Oct 2022 18:48:35 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Server: rZpeChEm

blode-cpq.com/zcredirect?visitid=24ecf276-48cc-11ed-8730-0aaa9adab76d&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false

35.174.150.83

200

994 B

URL HTTP/1.1
blode-cpq.com/zcredirect?visitid=24ecf276-48cc-11ed-8730-0aaa9adab76d&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false
IP
35.174.150.83:0
ASN
#14618 AMAZON-AES

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (454)
Size
994 B (994 bytes)
Hash
fb58b24c6b10a89aa4423f3290c4549e
016ad978737ad24a37ec8863011b1c05535bd7bc
9926a9660b8d7743ec4178a0e03a23efb06ce25d74cb19fe6af11dc3714e13c1

HTTP Headers

GET /zcredirect?visitid=24ecf276-48cc-11ed-8730-0aaa9adab76d&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false HTTP/1.1
Host: blode-cpq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://blode-cpq.com/zcvisitor/24ecf276-48cc-11ed-8730-0aaa9adab76d/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=62c492c0-3b47-11ed-a49b-0a918cbcbb97
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 
Date: Mon, 10 Oct 2022 18:48:35 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
redirected: JS
Server: rZpeChEm

push.services.mozilla.com/

34.214.236.46

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
34.214.236.46:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: iRhJFHkgJksSTvWh76c/rA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: RsRQqwythyiiISJKMXgzNjrYKf8=

blode-cpq.com/favicon.ico

35.174.150.83

404

653 B

URL HTTP/1.1
blode-cpq.com/favicon.ico
IP
35.174.150.83:0
ASN
#14618 AMAZON-AES

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (649), with no line terminators
Size
653 B (653 bytes)
Hash
ba2732b1b2fa2626ffaa15f62f9e7d66
203d4e7fbb1d80449d6e4e1f3ae7a9bf8625debe
879861cb72fe9fbb476dab246021c4c83b4066327de2529e05ec54d3afb0a1c8

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: blode-cpq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://blode-cpq.com/zcredirect?visitid=24ecf276-48cc-11ed-8730-0aaa9adab76d&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false

HTTP/1.1 404 
Date: Mon, 10 Oct 2022 18:48:36 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 653
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Content-Language: en
Server: vEPzdTSp

cartining-specute.com/zp-redirect?target=https%3A%2F%2Fbustygirls4u.com%2Ftds%2Fae%3FtdsId%3Ds8655tok_r%26tds_campaign%3Ds8655tok%26utm_sub%3Dopnfnl%26s1%3Dps%26utm_source%3Dint%26affid%3D497f5345%26subid%3D%26clickid%3Dwo20noktphrs5aljiu058cpo%26subid2%3Dwo20noktphrs5aljiu058cpo&caid=8500be2f-30a7-4684-a7e7-f51ce3b821c4&zpid=24ecf276-48cc-11ed-8730-0aaa9adab76d&cid=wo20noktphrs5aljiu058cpo&rt=R

18.197.36.77

302 Found

0 B

URL HTTP/2
cartining-specute.com/zp-redirect?target=https%3A%2F%2Fbustygirls4u.com%2Ftds%2Fae%3FtdsId%3Ds8655tok_r%26tds_campaign%3Ds8655tok%26utm_sub%3Dopnfnl%26s1%3Dps%26utm_source%3Dint%26affid%3D497f5345%26subid%3D%26clickid%3Dwo20noktphrs5aljiu058cpo%26subid2%3Dwo20noktphrs5aljiu058cpo&caid=8500be2f-30a7-4684-a7e7-f51ce3b821c4&zpid=24ecf276-48cc-11ed-8730-0aaa9adab76d&cid=wo20noktphrs5aljiu058cpo&rt=R
IP
18.197.36.77:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /zp-redirect?target=https%3A%2F%2Fbustygirls4u.com%2Ftds%2Fae%3FtdsId%3Ds8655tok_r%26tds_campaign%3Ds8655tok%26utm_sub%3Dopnfnl%26s1%3Dps%26utm_source%3Dint%26affid%3D497f5345%26subid%3D%26clickid%3Dwo20noktphrs5aljiu058cpo%26subid2%3Dwo20noktphrs5aljiu058cpo&caid=8500be2f-30a7-4684-a7e7-f51ce3b821c4&zpid=24ecf276-48cc-11ed-8730-0aaa9adab76d&cid=wo20noktphrs5aljiu058cpo&rt=R HTTP/1.1
Host: cartining-specute.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://blode-cpq.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
server: nginx
date: Mon, 10 Oct 2022 18:48:36 GMT
content-length: 0
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://bustygirls4u.com/tds/ae?tdsId=s8655tok_r&tds_campaign=s8655tok&utm_sub=opnfnl&s1=ps&utm_source=int&affid=497f5345&subid=&clickid=wo20noktphrs5aljiu058cpo&subid2=wo20noktphrs5aljiu058cpo
pragma: no-cache
set-cookie: cc-v4=LsHtAokpsOtDfQmhO3w%2FFi%2Bm%2BthkSSGnK7Es%2BmT1lQSvbS5WUL0E8rO8Bsql2ailJm%2BDbTS3XMsgxvm3nHV2FznVYe9AbIM6Ss24c%2FwpKJ74ftJ0WhY6FXcewnuWCVfQ2StP26COh4xRubYTFSyM%2Bg%3D%3D; Max-Age=31536000; Expires=Tue, 10-Oct-2023 18:48:35 GMT; Domain=cartining-specute.com; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2

ocsp.sca1b.amazontrust.com/

18.165.196.178

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
18.165.196.178:0
ASN
#0

File type
data
Size
471 B (471 bytes)
Hash
abcc7d9b4cb942532ee29c1d665d2180
c411a1b0cf8fb1f46dc068845d519409066fb57c
8bd367ba225897bf48d44268e2cf1b24d2c5fe5f62bc7a6beaac7a4cbd5bb7ad

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Mon, 10 Oct 2022 18:48:36 GMT
Last-Modified: Mon, 10 Oct 2022 17:40:41 GMT
Server: ECS (dcb/7F60)
X-Cache: Miss from cloudfront
Via: 1.1 90927d233f1a615dc244e8b198aa1f04.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: pbn6GUlt6zTlHvK8b1VEF5vmtg0MnAApHqZ9hsWqOGmz39hGQEXQ-g==
Age: 4075

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f97cde01f1afd5ed30319169445ec773
1cb25a8da62cdf1f9ab1b2b35d03163037691b33
1db2f13247d84bbebf5221ac7429e9367ee92aa1148b4aa879751e1944766406

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1DB2F13247D84BBEBF5221AC7429E9367EE92AA1148B4AA879751E1944766406"
Last-Modified: Mon, 10 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9714
Expires: Mon, 10 Oct 2022 21:30:30 GMT
Date: Mon, 10 Oct 2022 18:48:36 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f97cde01f1afd5ed30319169445ec773
1cb25a8da62cdf1f9ab1b2b35d03163037691b33
1db2f13247d84bbebf5221ac7429e9367ee92aa1148b4aa879751e1944766406

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1DB2F13247D84BBEBF5221AC7429E9367EE92AA1148B4AA879751E1944766406"
Last-Modified: Mon, 10 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9714
Expires: Mon, 10 Oct 2022 21:30:30 GMT
Date: Mon, 10 Oct 2022 18:48:36 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f97cde01f1afd5ed30319169445ec773
1cb25a8da62cdf1f9ab1b2b35d03163037691b33
1db2f13247d84bbebf5221ac7429e9367ee92aa1148b4aa879751e1944766406

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1DB2F13247D84BBEBF5221AC7429E9367EE92AA1148B4AA879751E1944766406"
Last-Modified: Mon, 10 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9714
Expires: Mon, 10 Oct 2022 21:30:30 GMT
Date: Mon, 10 Oct 2022 18:48:36 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb1241bbb-560d-4946-b821-3d3fd848e5c8.jpeg

34.120.237.76

200 OK

5.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb1241bbb-560d-4946-b821-3d3fd848e5c8.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.7 kB (5689 bytes)
Hash
f8b93f2b38b076ed186f3baed866bdd6
47cf653b8a6e172875082b92653c631bfc881105
cada99e3a8cf87992e884e86adb5288f54a109209e88d11a076f9f664b63fed3

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb1241bbb-560d-4946-b821-3d3fd848e5c8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5689
x-amzn-requestid: 26b4078b-a915-46d8-9a8b-12c57c604d85
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zql_ZH0uoAMF15g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6340e9fb-708725bd19ed94a64965f2d6;Sampled=0
x-amzn-remapped-date: Sat, 08 Oct 2022 03:09:47 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: vTerEoCHWE7_FisyrkM1dOr7aDAKENTErY1qvKLuZ0HUzeSfZbhSRg==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Mon, 10 Oct 2022 03:31:55 GMT
age: 55001
etag: "47cf653b8a6e172875082b92653c631bfc881105"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2d3fa05a-2c1d-4a1d-9d91-bc70cb4e4ee5.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.9 kB (6923 bytes)
Hash
a09bd7160451852652bccbcbcdcbd527
f42137372ab3b592977b1b736c1b12fc5ed81bf6
568b1c7cbe260d05919ff7232855441f70bf048c32380d8c0b848aa80a1696c3

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2d3fa05a-2c1d-4a1d-9d91-bc70cb4e4ee5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6923
x-amzn-requestid: 507e5591-c06e-4ee8-b567-a11b6c95024e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZwalRGFcoAMFslw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63433e21-5e5bf5026b2121931e035270;Sampled=0
x-amzn-remapped-date: Sun, 09 Oct 2022 21:33:21 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: EgQIb89afJS1uPY9ZUyDS_E7C_JQT8Scm3EC3K5OZKB2nE7wMx8PIw==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Sun, 09 Oct 2022 22:20:43 GMT
age: 73673
etag: "f42137372ab3b592977b1b736c1b12fc5ed81bf6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6039c6e-5a9f-4a9d-849d-21898de2959c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.2 kB (6185 bytes)
Hash
8d7a8572ad0105c7ff6214fe742f1eec
8e4765e0c609a75e11824ab315ddb990f7a15676
8f7eaf1ad68eb1e1d88d3bb0661439957bf94b16efa3af85e13c2e41b8c985cd

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6039c6e-5a9f-4a9d-849d-21898de2959c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6185
x-amzn-requestid: dd24dc48-d012-47b3-a648-bab7765df57a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zwc6dHmAoAMFUZw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634341dc-50f4bce44b1d9fcd3541ad8e;Sampled=0
x-amzn-remapped-date: Sun, 09 Oct 2022 21:49:16 GMT
x-amz-cf-pop: SEA73-P2, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: GOMImtc0u4IFKsIsb1__QNxcq7mDiTU1QhhBXpmhDIZ1OKFkwnRlyg==
via: 1.1 27fe6f224e0cfa3f3a446471ee256e56.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Sun, 09 Oct 2022 22:24:25 GMT
age: 73451
etag: "8e4765e0c609a75e11824ab315ddb990f7a15676"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe3ade344-507f-44c8-8fe3-b03ac965aee2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.7 kB (7674 bytes)
Hash
ff8cfe3904cca89e3bdfa8186ae382ba
0b9dce744f5facad9a0a136d81cf24e928211856
a6f0925a9666a43d018c05d717310f57b86316290fb4a7cdd309c35842e557a1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe3ade344-507f-44c8-8fe3-b03ac965aee2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7674
x-amzn-requestid: d31d1c0c-02a2-4912-b757-aa166018d5ed
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZtHkZFqeoAMFW0A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6341ec82-73f20af53f27f6f66e2906f2;Sampled=0
x-amzn-remapped-date: Sat, 08 Oct 2022 21:32:50 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: n6IvU7Nkd48yGZUoGRwMEzLkIOBVKLvf8st0hggogDdKSCuzkPsnSQ==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Sun, 09 Oct 2022 21:56:16 GMT
age: 75140
etag: "0b9dce744f5facad9a0a136d81cf24e928211856"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0583d755-2f5b-458f-86f0-774b9909eb6f.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11800 bytes)
Hash
6e9aa9808428e5fd81ac9d61d6f7c708
3a8d76badce50dd98938885082dcb6e30363ae88
d8f7c48a1cbe04af2f7e0455d1ef7af9b63506b9ae343ebf14ece8689bb06bf6

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0583d755-2f5b-458f-86f0-774b9909eb6f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11800
x-amzn-requestid: 94e8e091-1136-41a7-843c-44c4ffe9e688
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZqylGGYwoAMFQIg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6340fe20-60b47aeb3b55af4f755577f4;Sampled=0
x-amzn-remapped-date: Sat, 08 Oct 2022 04:35:44 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: fzfUAL2jahiFgsqMExf1dB_7PFJt9wwO2BDKo3XJHSvk5AeeNP8FQg==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Sun, 09 Oct 2022 21:42:23 GMT
age: 75973
etag: "3a8d76badce50dd98938885082dcb6e30363ae88"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb3c21914-dac1-455d-9533-b584e9bd6225.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10113 bytes)
Hash
cefb9479bc2fe5087f9d2b89ef3cec2b
aa219f193812c6a2d0313316ce13fe74f1d468d0
a806ef995ed2285bd9f0d553df49aa28924e640805e1f50284baad1c0aec06bd

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb3c21914-dac1-455d-9533-b584e9bd6225.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10113
x-amzn-requestid: 7a9800c5-81ed-4a23-bbe0-0041ab682856
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZwalQEPPoAMF3yA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63433e21-5a9bedb10c4f8c2c60ab3769;Sampled=0
x-amzn-remapped-date: Sun, 09 Oct 2022 21:33:21 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: MROeeTPtb6DfMHkig6fHcYuYiv1-udvJVfB1jygcDYLy4LuZmgRE_Q==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 ee8246c5442dace7525c74f6a799bb46.cloudfront.net (CloudFront), 1.1 google
date: Sun, 09 Oct 2022 22:21:32 GMT
age: 73624
etag: "aa219f193812c6a2d0313316ce13fe74f1d468d0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

bustygirls4u.com/bridge/intg.js?v=8

18.196.240.131

200 OK

317 B

URL HTTP/2
bustygirls4u.com/bridge/intg.js?v=8
IP
18.196.240.131:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (316)
Size
317 B (317 bytes)
Hash
d9bd6d4fe07232e0fcae03c7e68d4e81
4a7e1c2e8cc35c2ff31c71175095f4b1a2b8c17b
0ad2eb2d6a74f3d18026ab24c088ca7c561a742fd870e44045db9d823ac0a3c6

HTTP Headers

GET /bridge/intg.js?v=8 HTTP/1.1
Host: bustygirls4u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bustygirls4u.com/jump?tds_rt=&s1=ps&_tgUrl=aHR0cHM6Ly9idXN0eWdpcmxzNHUuY29tL3Rkcy9hZS90Zy9zL2E0N2NmYzliMjJhNDkwNjY3MTkwNWMyNzA1Yzc3MTYyP19fdD0xNjY1NDI3NzE2NTgxJl9fbD0zNjAw&tds_campaign=b1727pos&tds_oid=24402&id=24402&tds_ao=1&tds_host=bustygirls4u.com&tds_ac_id=s8655tok&dci=366a02f9efed207f7853a589a1fbc795681e2ae4&utm_campaign=497f5345&data2=wo20noktphrs5aljiu058cpo&s3=wo20noktphrs5aljiu058cpo&tds_id=b1727pos_jump_a_1598613018653&utm_source=int&tds_cid=4e11d581826e0974f13fb10677320ad2ac38867f&utm_content=
Cookie: dci=366a02f9efed207f7853a589a1fbc795681e2ae4; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 10 Oct 2022 18:48:36 GMT
content-type: application/javascript; charset=UTF-8
content-length: 317
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
x-robots-tag: noindex
accept-ranges: bytes
cache-control: public, max-age=3600
last-modified: Tue, 04 Oct 2022 09:16:37 GMT
etag: W/"13d-183a2486508"
vary: Accept-Encoding
X-Firefox-Spdy: h2

cdn3reference.com/js/dc_img.js?v=8

143.204.68.18

200 OK

795 B

URL HTTP/2
cdn3reference.com/js/dc_img.js?v=8
IP
143.204.68.18:0
ASN
#16509 AMAZON-02

File type
data
Size
795 B (795 bytes)
Hash
efb306c3d16e877dcb4c4a5423225b97
55d4a906bb4981744869aa337312cf90040a2f0e
64183707cfe5643562940bac721ec938d20957c31a2ef59ba52b07ff129f5dae

HTTP Headers

GET /js/dc_img.js?v=8 HTTP/1.1
Host: cdn3reference.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bustygirls4u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript
server: nginx
date: Mon, 10 Oct 2022 18:48:37 GMT
last-modified: Thu, 29 Oct 2020 09:22:15 GMT
content-encoding: gzip
etag: W/"1e8-5b2cbd0d9620d"
x-cache: Miss from cloudfront
via: 1.1 bf8b5b2c3ca89509ca41446ce65cfb98.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR61-P1
x-amz-cf-id: 0U_P2v1ZdiZ9Iem-fmuB5whGNwsNksohqJZY-JK2U4Pz1v2uLB-9kw==
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
b80398e65c98d84250756256d31eed2d
3cc23d1d91745ddd04ee676f51762f37c0bcdbd3
f2cb6fda3fdbd8f04d380e7841875d322353864124bb5b25ce36fb327a2bfded

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 10 Oct 2022 18:48:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

cdn3reference.com/css/webPushMotivationPopupSmall.css?v=2

143.204.68.18

200 OK

1.7 kB

URL HTTP/2
cdn3reference.com/css/webPushMotivationPopupSmall.css?v=2
IP
143.204.68.18:0
ASN
#16509 AMAZON-02

File type
data
Size
1.7 kB (1743 bytes)
Hash
6758c4e6874d2bb35c433015ca95c3d3
9973f95f332d748313f0781fe2cb96ceb1c58fc8
bccd2d54cd3e87740f6d772a28d24f6818b5a4cec5c7fc8f906e0c441ada84fb

HTTP Headers

GET /css/webPushMotivationPopupSmall.css?v=2 HTTP/1.1
Host: cdn3reference.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bustygirls4u.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css
server: nginx
date: Mon, 10 Oct 2022 18:48:36 GMT
last-modified: Wed, 31 Oct 2018 08:29:51 GMT
etag: W/"1340-579821b240313"
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 bf8b5b2c3ca89509ca41446ce65cfb98.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR61-P1
x-amz-cf-id: vFz1mN9Mr2Y4ur35qt109VPI2yWSf8_f1vk63t9_mRaR24k8O1KSQg==
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
b80398e65c98d84250756256d31eed2d
3cc23d1d91745ddd04ee676f51762f37c0bcdbd3
f2cb6fda3fdbd8f04d380e7841875d322353864124bb5b25ce36fb327a2bfded

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 10 Oct 2022 18:48:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.googleapis.com/css?family=Roboto+Slab&display=swap

142.250.74.10

200 OK

14 kB

URL HTTP/2
fonts.googleapis.com/css?family=Roboto+Slab&display=swap
IP
142.250.74.10:0
ASN
#15169 GOOGLE

File type
data
Size
14 kB (14529 bytes)
Hash
eefe704c0e534f4c130516a5bb19edd9
0a1d84d3a704b1ea61090f4d940dfc12119945b5
61f60a4d38068e63a889df6d921ff4b9e3b84dd14e712fc0a5558a304c3d1e5a

HTTP Headers

GET /css?family=Roboto+Slab&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn3reference.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 10 Oct 2022 18:48:37 GMT
date: Mon, 10 Oct 2022 18:48:37 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

bustygirls4u.com/bridge/ao_loader.js

18.196.240.131

200 OK

829 B

URL HTTP/2
bustygirls4u.com/bridge/ao_loader.js
IP
18.196.240.131:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (828)
Size
829 B (829 bytes)
Hash
a65370c4208192776c11a4768b062718
8d351e27b2cffb94613638290faca09634a5505d
8385e38a43e49c493a01008a3004668f2245dfc4d8e504ad209d3c5a860f4860

HTTP Headers

GET /bridge/ao_loader.js HTTP/1.1
Host: bustygirls4u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bustygirls4u.com/jump?tds_rt=&s1=ps&_tgUrl=aHR0cHM6Ly9idXN0eWdpcmxzNHUuY29tL3Rkcy9hZS90Zy9zL2E0N2NmYzliMjJhNDkwNjY3MTkwNWMyNzA1Yzc3MTYyP19fdD0xNjY1NDI3NzE2NTgxJl9fbD0zNjAw&tds_campaign=b1727pos&tds_oid=24402&id=24402&tds_ao=1&tds_host=bustygirls4u.com&tds_ac_id=s8655tok&dci=366a02f9efed207f7853a589a1fbc795681e2ae4&utm_campaign=497f5345&data2=wo20noktphrs5aljiu058cpo&s3=wo20noktphrs5aljiu058cpo&tds_id=b1727pos_jump_a_1598613018653&utm_source=int&tds_cid=4e11d581826e0974f13fb10677320ad2ac38867f&utm_content=
Cookie: dci=366a02f9efed207f7853a589a1fbc795681e2ae4; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 10 Oct 2022 18:48:37 GMT
content-type: application/javascript; charset=UTF-8
content-length: 829
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
x-robots-tag: noindex
accept-ranges: bytes
cache-control: public, max-age=3600
last-modified: Tue, 04 Oct 2022 09:16:37 GMT
etag: W/"33d-183a2486508"
vary: Accept-Encoding
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Roboto:400,500,700,900&display=swap

142.250.74.10

200 OK

4.0 kB

URL HTTP/2
fonts.googleapis.com/css?family=Roboto:400,500,700,900&display=swap
IP
142.250.74.10:0
ASN
#15169 GOOGLE

File type
data
Size
4.0 kB (4025 bytes)
Hash
765f9d003e11f03599cf31be7e7a2570
2487e656acd3148748c3c7d1fa034d4141ed51d5
0b3c1b3545a2a262855bdb92e239a203aacc4a6f4b7bc5123f9f1ba7dac5a4fd

HTTP Headers

GET /css?family=Roboto:400,500,700,900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn3reference.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 10 Oct 2022 18:48:37 GMT
date: Mon, 10 Oct 2022 18:48:37 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
29a32d9388903ec730ac67b6b1f10269
6d54710f2bf0b284533005d8c783f3f15c9920af
cd03b8d5ae307fb1b3d976457c9762a743d5268ddd1f82c1fb5ae2fcd3e3d6d1

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 10 Oct 2022 18:48:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
29a32d9388903ec730ac67b6b1f10269
6d54710f2bf0b284533005d8c783f3f15c9920af
cd03b8d5ae307fb1b3d976457c9762a743d5268ddd1f82c1fb5ae2fcd3e3d6d1

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 10 Oct 2022 18:48:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
29a32d9388903ec730ac67b6b1f10269
6d54710f2bf0b284533005d8c783f3f15c9920af
cd03b8d5ae307fb1b3d976457c9762a743d5268ddd1f82c1fb5ae2fcd3e3d6d1

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 10 Oct 2022 18:48:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
29a32d9388903ec730ac67b6b1f10269
6d54710f2bf0b284533005d8c783f3f15c9920af
cd03b8d5ae307fb1b3d976457c9762a743d5268ddd1f82c1fb5ae2fcd3e3d6d1

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 10 Oct 2022 18:48:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

bustygirls4u.com/tds/ae?tdsId=s8655tok_r&tds_campaign=s8655tok&utm_sub=opnfnl&s1=ps&utm_source=int&affid=497f5345&subid=&clickid=wo20noktphrs5aljiu058cpo&subid2=wo20noktphrs5aljiu058cpo

18.196.240.131

302 Found

14 kB

URL HTTP/2
bustygirls4u.com/tds/ae?tdsId=s8655tok_r&tds_campaign=s8655tok&utm_sub=opnfnl&s1=ps&utm_source=int&affid=497f5345&subid=&clickid=wo20noktphrs5aljiu058cpo&subid2=wo20noktphrs5aljiu058cpo
IP
18.196.240.131:0
ASN
#16509 AMAZON-02

File type
data
Size
14 kB (14318 bytes)
Hash
9fca2eaecceb1c34a4d4d7cdc476fba0
7185765ab8ba797bd3e73dd3f20ad8cc2961613e
5ad68be6101c17e7d8425a3bd4d350b131312d38b884250fdc2ff142751462aa

HTTP Headers

GET /tds/ae?tdsId=s8655tok_r&tds_campaign=s8655tok&utm_sub=opnfnl&s1=ps&utm_source=int&affid=497f5345&subid=&clickid=wo20noktphrs5aljiu058cpo&subid2=wo20noktphrs5aljiu058cpo HTTP/1.1
Host: bustygirls4u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://blode-cpq.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
date: Mon, 10 Oct 2022 18:48:36 GMT
location: https://bustygirls4u.com/jump?tds_rt=&s1=ps&_tgUrl=aHR0cHM6Ly9idXN0eWdpcmxzNHUuY29tL3Rkcy9hZS90Zy9zL2E0N2NmYzliMjJhNDkwNjY3MTkwNWMyNzA1Yzc3MTYyP19fdD0xNjY1NDI3NzE2NTgxJl9fbD0zNjAw&tds_campaign=b1727pos&tds_oid=24402&id=24402&tds_ao=1&tds_host=bustygirls4u.com&tds_ac_id=s8655tok&dci=366a02f9efed207f7853a589a1fbc795681e2ae4&utm_campaign=497f5345&data2=wo20noktphrs5aljiu058cpo&s3=wo20noktphrs5aljiu058cpo&tds_id=b1727pos_jump_a_1598613018653&utm_source=int&tds_cid=4e11d581826e0974f13fb10677320ad2ac38867f&utm_content=
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
accept-ch: UA, Platform, Model, Mobile, Arch
set-cookie: dci=366a02f9efed207f7853a589a1fbc795681e2ae4; Max-Age=31536000; Domain=.bustygirls4u.com; Path=/; Expires=Tue, 10 Oct 2023 18:48:36 GMT; Secure; SameSite=None
dm=fe450dd0d1dadc615429144d33241f42; Max-Age=432000; Path=/; Expires=Sat, 15 Oct 2022 18:48:36 GMT
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.195

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.195:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://bustygirls4u.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 05 Oct 2022 19:34:08 GMT
expires: Thu, 05 Oct 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 429269
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

216.58.207.195

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
216.58.207.195:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://bustygirls4u.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 05 Oct 2022 19:34:08 GMT
expires: Thu, 05 Oct 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 429269
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Assistant

142.250.74.10

200 OK

16 kB

URL HTTP/2
fonts.googleapis.com/css?family=Assistant
IP
142.250.74.10:0
ASN
#15169 GOOGLE

File type
data
Size
16 kB (16315 bytes)
Hash
96b29590d1fe8fd89974a84852c490ac
9e93f7138c4b37e237821986935ba8e201371f8d
1747070a8bc9587e2b8eccca3cae6bf4e946715d9bb5aa9179c546aa4629f017

HTTP Headers

GET /css?family=Assistant HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn3reference.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 10 Oct 2022 18:48:37 GMT
date: Mon, 10 Oct 2022 18:48:37 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.googletagmanager.com/gtm.js?id=GTM-KMSJRW&l=adsLayer

142.250.74.168

200 OK

48 kB

URL HTTP/2
www.googletagmanager.com/gtm.js?id=GTM-KMSJRW&l=adsLayer
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (4073)
Size
48 kB (48522 bytes)
Hash
8b94347ee5b2ebe746d669747b153826
83e5e5f06dee8370ae1ebd2129c17c774d68af51
a89797d084dc7bd08fbea0f95bc9381bb3f2dbbd25f2c4e9b84d4f98aa0d4ab5

HTTP Headers

GET /gtm.js?id=GTM-KMSJRW&l=adsLayer HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bustygirls4u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 10 Oct 2022 18:48:37 GMT
expires: Mon, 10 Oct 2022 18:48:37 GMT
cache-control: private, max-age=900
last-modified: Mon, 10 Oct 2022 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 48522
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

bustygirls4u.com/ufis/main.js?ippContent=null&wpContent=null&pwaContent=null&doc_location=https%3A%2F%2Fbustygirls4u.com%2Fjump%3Ftds_rt%3D%26s1%3Dps%26_tgUrl%3DaHR0cHM6Ly9idXN0eWdpcmxzNHUuY29tL3Rkcy9hZS90Zy9zL2E0N2NmYzliMjJhNDkwNjY3MTkwNWMyNzA1Yzc3MTYyP19fdD0xNjY1NDI3NzE2NTgxJl9fbD0zNjAw%26tds_campaign%3Db1727pos%26tds_oid%3D24402%26id%3D24402%26tds_ao%3D1%26tds_host%3Dbustygirls4u.com%26tds_ac_id%3Ds8655tok%26dci%3D366a02f9efed207f7853a589a1fbc795681e2ae4%26utm_campaign%3D497f5345%26data2%3Dwo20noktphrs5aljiu058cpo%26s3%3Dwo20noktphrs5aljiu058cpo%26tds_id%3Db1727pos_jump_a_1598613018653%26utm_source%3Dint%26tds_cid%3D4e11d581826e0974f13fb10677320ad2ac38867f%26utm_content%3D&uaDataValues={}

18.196.240.131

200 OK

199 B

URL HTTP/2
bustygirls4u.com/ufis/main.js?ippContent=null&wpContent=null&pwaContent=null&doc_location=https%3A%2F%2Fbustygirls4u.com%2Fjump%3Ftds_rt%3D%26s1%3Dps%26_tgUrl%3DaHR0cHM6Ly9idXN0eWdpcmxzNHUuY29tL3Rkcy9hZS90Zy9zL2E0N2NmYzliMjJhNDkwNjY3MTkwNWMyNzA1Yzc3MTYyP19fdD0xNjY1NDI3NzE2NTgxJl9fbD0zNjAw%26tds_campaign%3Db1727pos%26tds_oid%3D24402%26id%3D24402%26tds_ao%3D1%26tds_host%3Dbustygirls4u.com%26tds_ac_id%3Ds8655tok%26dci%3D366a02f9efed207f7853a589a1fbc795681e2ae4%26utm_campaign%3D497f5345%26data2%3Dwo20noktphrs5aljiu058cpo%26s3%3Dwo20noktphrs5aljiu058cpo%26tds_id%3Db1727pos_jump_a_1598613018653%26utm_source%3Dint%26tds_cid%3D4e11d581826e0974f13fb10677320ad2ac38867f%26utm_content%3D&uaDataValues={}
IP
18.196.240.131:0
ASN
#16509 AMAZON-02

File type
ASCII text
Size
199 B (199 bytes)
Hash
cd4ae55f3af545b5863f65b73a6a7b80
a85fca461d97f90eaf52246b95974eeabba27c20
ae4475effcb2e8533194b150ee30b2472c1cb7498b2c83a764718d962deaa84f

HTTP Headers

GET /ufis/main.js?ippContent=null&wpContent=null&pwaContent=null&doc_location=https%3A%2F%2Fbustygirls4u.com%2Fjump%3Ftds_rt%3D%26s1%3Dps%26_tgUrl%3DaHR0cHM6Ly9idXN0eWdpcmxzNHUuY29tL3Rkcy9hZS90Zy9zL2E0N2NmYzliMjJhNDkwNjY3MTkwNWMyNzA1Yzc3MTYyP19fdD0xNjY1NDI3NzE2NTgxJl9fbD0zNjAw%26tds_campaign%3Db1727pos%26tds_oid%3D24402%26id%3D24402%26tds_ao%3D1%26tds_host%3Dbustygirls4u.com%26tds_ac_id%3Ds8655tok%26dci%3D366a02f9efed207f7853a589a1fbc795681e2ae4%26utm_campaign%3D497f5345%26data2%3Dwo20noktphrs5aljiu058cpo%26s3%3Dwo20noktphrs5aljiu058cpo%26tds_id%3Db1727pos_jump_a_1598613018653%26utm_source%3Dint%26tds_cid%3D4e11d581826e0974f13fb10677320ad2ac38867f%26utm_content%3D&uaDataValues={} HTTP/1.1
Host: bustygirls4u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bustygirls4u.com/jump?tds_rt=&s1=ps&_tgUrl=aHR0cHM6Ly9idXN0eWdpcmxzNHUuY29tL3Rkcy9hZS90Zy9zL2E0N2NmYzliMjJhNDkwNjY3MTkwNWMyNzA1Yzc3MTYyP19fdD0xNjY1NDI3NzE2NTgxJl9fbD0zNjAw&tds_campaign=b1727pos&tds_oid=24402&id=24402&tds_ao=1&tds_host=bustygirls4u.com&tds_ac_id=s8655tok&dci=366a02f9efed207f7853a589a1fbc795681e2ae4&utm_campaign=497f5345&data2=wo20noktphrs5aljiu058cpo&s3=wo20noktphrs5aljiu058cpo&tds_id=b1727pos_jump_a_1598613018653&utm_source=int&tds_cid=4e11d581826e0974f13fb10677320ad2ac38867f&utm_content=
Cookie: dci=366a02f9efed207f7853a589a1fbc795681e2ae4; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 10 Oct 2022 18:48:37 GMT
content-type: text/javascript; charset=utf-8
content-length: 199
server: nginx
x-powered-by: Express
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
etag: W/"c7-qF/KRh2X+Q6vUiRrlZdO6ruifCA"
vary: Accept-Encoding
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
29a32d9388903ec730ac67b6b1f10269
6d54710f2bf0b284533005d8c783f3f15c9920af
cd03b8d5ae307fb1b3d976457c9762a743d5268ddd1f82c1fb5ae2fcd3e3d6d1

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 10 Oct 2022 18:48:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

cdn3reference.com/landings/24402/css/1bb237f1d11d96bafc51aee0e34d1311.css

143.204.68.18

200 OK

2.6 kB

URL HTTP/2
cdn3reference.com/landings/24402/css/1bb237f1d11d96bafc51aee0e34d1311.css
IP
143.204.68.18:0
ASN
#16509 AMAZON-02

File type
data
Size
2.6 kB (2592 bytes)
Hash
bd0a6fe81f5d925bf0ee42e152d45e0b
38b1ca02672f490dad60f31be3cd3c78a50b05af
e09e2725175e6dc3aa20a43c98528dbf31dda15d12fda422a709cb5d6276d7fd

HTTP Headers

GET /landings/24402/css/1bb237f1d11d96bafc51aee0e34d1311.css HTTP/1.1
Host: cdn3reference.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bustygirls4u.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css
server: nginx
date: Mon, 10 Oct 2022 18:48:36 GMT
last-modified: Fri, 26 Aug 2022 12:23:03 GMT
content-encoding: gzip
etag: W/"fcb-5e723f9b7d7c0"
x-cache: Miss from cloudfront
via: 1.1 bf8b5b2c3ca89509ca41446ce65cfb98.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR61-P1
x-amz-cf-id: geso45KVJPKd2F0e2zclkPi5_2SzCTr-dVMdpN90eTriX8YjZ_CJMA==
X-Firefox-Spdy: h2

ocsp.sca1b.amazontrust.com/

18.165.196.178

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
18.165.196.178:0
ASN
#0

File type
data
Size
471 B (471 bytes)
Hash
b957807729c2fc668a52dd010c734052
a882952d962af54cbe3fab3ad939b189629595c6
332aaf42befba6b8ff4ca084fff52ba3fdc29c0d5f25cfafa44ef4e228e58888

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Mon, 10 Oct 2022 18:48:37 GMT
Last-Modified: Mon, 10 Oct 2022 18:06:34 GMT
Server: ECS (nyb/1D08)
X-Cache: Miss from cloudfront
Via: 1.1 90927d233f1a615dc244e8b198aa1f04.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: UOMK-OIPrOEa_XLyvn8kAv7AEHWIPqbjVBb1kHYvuxpqaYAmjdQ38g==
Age: 2524

cdn3reference.com/landings/24402/images/1.gif

143.204.68.18

200 OK

990 kB

URL HTTP/2
cdn3reference.com/landings/24402/images/1.gif
IP
143.204.68.18:0
ASN
#16509 AMAZON-02

File type
GIF image data, version 89a, 350 x 350\012- data
Size
990 kB (990217 bytes)
Hash
b6a3143a53b595e8fbdb0b57325eb689
92b4ec51c3d7c4a7153b9f6c71fc773801e681be
0f4d95d70a7c81a640b273cc833c39a15f44c3b6c87c48c7d372926fef736862

HTTP Headers

GET /landings/24402/images/1.gif HTTP/1.1
Host: cdn3reference.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn3reference.com/landings/24402/css/1bb237f1d11d96bafc51aee0e34d1311.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: image/gif
content-length: 990217
server: nginx
date: Mon, 10 Oct 2022 18:48:37 GMT
last-modified: Wed, 04 Dec 2019 08:19:16 GMT
etag: "f1c09-598dc77f00900"
accept-ranges: bytes
cache-control: public, max-age=604800
x-cache: Miss from cloudfront
via: 1.1 bf8b5b2c3ca89509ca41446ce65cfb98.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR61-P1
x-amz-cf-id: EmxiJagXzUJu1uvu7B5vnVmkMsbuk-sBZAK_VUxz7Me5jDxyXerqAA==
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fddaf1070-ebad-430c-b856-6b6704ae51dd.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.5 kB (6533 bytes)
Hash
7b2bd332e22751757c71b82b703f167e
5150043db72276380d5b265760112c05c233b873
18d961e14c5be703efce24f0e94ad4e046ad28b49325fdf22b5445fd24baf58d

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fddaf1070-ebad-430c-b856-6b6704ae51dd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-length: 6533
x-amzn-requestid: 56d11966-2442-410b-9c4f-eed2a3bf0d5d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZwatMEpwoAMF1aA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63433e54-50740bf0455199093d849abe;Sampled=0
x-amzn-remapped-date: Sun, 09 Oct 2022 21:34:12 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: gYWm6_s9RdAyVM0zQZ3HiCF75D8P61GGdPqURw3PNkzg11xjRPms9Q==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Sun, 09 Oct 2022 22:19:15 GMT
age: 73768
etag: "5150043db72276380d5b265760112c05c233b873"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

cdn3reference.com/js/webPushMotivationPopupSmall.js?v=8

143.204.68.18

200 OK

0 B

URL HTTP/2
cdn3reference.com/js/webPushMotivationPopupSmall.js?v=8
IP
143.204.68.18:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /js/webPushMotivationPopupSmall.js?v=8 HTTP/1.1
Host: cdn3reference.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bustygirls4u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript
server: nginx
date: Mon, 10 Oct 2022 18:48:37 GMT
last-modified: Wed, 31 Oct 2018 08:29:51 GMT
etag: W/"22c1-579821b2406fb"
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 bf8b5b2c3ca89509ca41446ce65cfb98.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR61-P1
x-amz-cf-id: Q_FIUNJIVeCGko6Gi6zWDY9fBc62rGpfGvG6pSG4ZDQJ8sEa_AZp9A==
X-Firefox-Spdy: h2

cdn3reference.com/images/jump-favicon.ico

143.204.68.18

200 OK

0 B

URL HTTP/2
cdn3reference.com/images/jump-favicon.ico
IP
143.204.68.18:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /images/jump-favicon.ico HTTP/1.1
Host: cdn3reference.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bustygirls4u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: image/vnd.microsoft.icon
server: nginx
date: Mon, 10 Oct 2022 18:48:37 GMT
last-modified: Fri, 05 Dec 2014 08:28:50 GMT
cache-control: public, max-age=604800
content-encoding: gzip
etag: W/"47e-50973ddc33480"
x-cache: Miss from cloudfront
via: 1.1 bf8b5b2c3ca89509ca41446ce65cfb98.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR61-P1
x-amz-cf-id: r9zQ7JzwiM_cPB5ikxhemb4EbRxASXWcX-7dJfHFc9oRrdzu4ARIew==
X-Firefox-Spdy: h2

bustygirls4u.com/tds/interlayer?handler=FrodiData

18.196.240.131

200 OK

0 B

URL HTTP/2
bustygirls4u.com/tds/interlayer?handler=FrodiData
IP
18.196.240.131:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

POST /tds/interlayer?handler=FrodiData HTTP/1.1
Host: bustygirls4u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json; charset=utf-8
Content-Length: 1614
Origin: https://bustygirls4u.com
Connection: keep-alive
Referer: https://bustygirls4u.com/jump?tds_rt=&s1=ps&_tgUrl=aHR0cHM6Ly9idXN0eWdpcmxzNHUuY29tL3Rkcy9hZS90Zy9zL2E0N2NmYzliMjJhNDkwNjY3MTkwNWMyNzA1Yzc3MTYyP19fdD0xNjY1NDI3NzE2NTgxJl9fbD0zNjAw&tds_campaign=b1727pos&tds_oid=24402&id=24402&tds_ao=1&tds_host=bustygirls4u.com&tds_ac_id=s8655tok&dci=366a02f9efed207f7853a589a1fbc795681e2ae4&utm_campaign=497f5345&data2=wo20noktphrs5aljiu058cpo&s3=wo20noktphrs5aljiu058cpo&tds_id=b1727pos_jump_a_1598613018653&utm_source=int&tds_cid=4e11d581826e0974f13fb10677320ad2ac38867f&utm_content=
Cookie: dci=366a02f9efed207f7853a589a1fbc795681e2ae4; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 10 Oct 2022 18:48:37 GMT
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
accept-ch: UA, Platform, Model, Mobile, Arch
X-Firefox-Spdy: h2

retarget2core.com/fp/fp_ec.js

35.157.196.4

200 OK

0 B

URL HTTP/2
retarget2core.com/fp/fp_ec.js
IP
35.157.196.4:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /fp/fp_ec.js HTTP/1.1
Host: retarget2core.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bustygirls4u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 10 Oct 2022 18:48:37 GMT
content-type: application/javascript; charset=UTF-8
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
x-robots-tag: noindex
accept-ranges: bytes
cache-control: public, max-age=3600
last-modified: Tue, 04 Oct 2022 09:16:37 GMT
etag: W/"4bd-183a2486508"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

retarget2core.com/43fbb6270523e1760fa5f0d2579dea07/ac3fc68831981c704535980c826941a5?tds_cid=4e11d581826e0974f13fb10677320ad2ac38867f&dci=366a02f9efed207f7853a589a1fbc795681e2ae4&j_type=open&jump=24402&jump_name=

35.157.196.4

200 OK

0 B

URL HTTP/2
retarget2core.com/43fbb6270523e1760fa5f0d2579dea07/ac3fc68831981c704535980c826941a5?tds_cid=4e11d581826e0974f13fb10677320ad2ac38867f&dci=366a02f9efed207f7853a589a1fbc795681e2ae4&j_type=open&jump=24402&jump_name=
IP
35.157.196.4:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /43fbb6270523e1760fa5f0d2579dea07/ac3fc68831981c704535980c826941a5?tds_cid=4e11d581826e0974f13fb10677320ad2ac38867f&dci=366a02f9efed207f7853a589a1fbc795681e2ae4&j_type=open&jump=24402&jump_name= HTTP/1.1
Host: retarget2core.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bustygirls4u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Mon, 10 Oct 2022 18:48:37 GMT
content-type: image/gif
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
accept-ch: UA, Platform, Model, Mobile, Arch
set-cookie: dci=bc6ce7f4ecf9cf598a76471dca6c41aa1e3c28b7; Max-Age=31536000; Domain=.retarget2core.com; Path=/; Expires=Tue, 10 Oct 2023 18:48:37 GMT; Secure; SameSite=None
X-Firefox-Spdy: h2

bustygirls4u.com/integration.js

18.196.240.131

200 OK

0 B

URL HTTP/2
bustygirls4u.com/integration.js
IP
18.196.240.131:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /integration.js HTTP/1.1
Host: bustygirls4u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bustygirls4u.com/jump?tds_rt=&s1=ps&_tgUrl=aHR0cHM6Ly9idXN0eWdpcmxzNHUuY29tL3Rkcy9hZS90Zy9zL2E0N2NmYzliMjJhNDkwNjY3MTkwNWMyNzA1Yzc3MTYyP19fdD0xNjY1NDI3NzE2NTgxJl9fbD0zNjAw&tds_campaign=b1727pos&tds_oid=24402&id=24402&tds_ao=1&tds_host=bustygirls4u.com&tds_ac_id=s8655tok&dci=366a02f9efed207f7853a589a1fbc795681e2ae4&utm_campaign=497f5345&data2=wo20noktphrs5aljiu058cpo&s3=wo20noktphrs5aljiu058cpo&tds_id=b1727pos_jump_a_1598613018653&utm_source=int&tds_cid=4e11d581826e0974f13fb10677320ad2ac38867f&utm_content=
Cookie: dci=366a02f9efed207f7853a589a1fbc795681e2ae4; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 10 Oct 2022 18:48:37 GMT
content-type: text/javascript; charset=utf-8
server: nginx
x-powered-by: Express
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
etag: W/"715-BFqb2dTXlqoJGFPL6eCO6Zn6OAo"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

cdn3reference.com/landings/24402/js/20dff8cf5ed8c45d47eca00751d44eb9.js

143.204.68.18

200 OK

0 B

URL HTTP/2
cdn3reference.com/landings/24402/js/20dff8cf5ed8c45d47eca00751d44eb9.js
IP
143.204.68.18:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /landings/24402/js/20dff8cf5ed8c45d47eca00751d44eb9.js HTTP/1.1
Host: cdn3reference.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bustygirls4u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript
server: nginx
date: Mon, 10 Oct 2022 18:48:37 GMT
last-modified: Fri, 26 Aug 2022 12:23:03 GMT
etag: W/"17b45-5e723f9b7d7c0"
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 bf8b5b2c3ca89509ca41446ce65cfb98.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR61-P1
x-amz-cf-id: jsPs1gx93K3hZ7GJnp5YnlzGubMcAfVU64YVvzQeVTimr_M_egNL0A==
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (18)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations