Report - 2.262da.ft.wy5532.com/

Report Overview

Submitted URL
2.262da.ft.wy5532.com/
IP
37.48.65.154
ASN
#60781 LeaseWeb Netherlands B.V.
Submitted
2022-12-10 04:48:11
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
10

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	341 B	796 B	93.184.220.29
ciar-kep.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.6 kB	4.5 kB	3.208.247.235
cdn3reference.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.7 kB	995 kB	54.230.111.104
www.googletagmanager.com	75	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	392 B	51 kB	142.250.74.40
retarget2core.com	86164	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	365 B	495 B	18.184.95.183
2.262da.ft.wy5532.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.5 kB	1.5 kB	37.48.65.154
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.4 kB	6.2 kB	23.36.77.32
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	44.242.3.166
ocsp.sca1b.amazontrust.com	1015	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	700 B	1.9 kB	143.204.42.165
bustygirls4u.com	821036	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	5.6 kB	9.7 kB	52.28.216.158
fonts.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.5 kB	47 kB	142.250.74.35
fonts.googleapis.com	8877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	407 B	746 B	142.250.74.106
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	35.241.9.150
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	391 B	34.117.237.239
cartining-specute.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	844 B	749 B	18.197.36.77
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.8 kB	75 kB	34.120.237.76
cdnjs.cloudflare.com	235	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	399 B	15 kB	104.17.25.14
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.1 kB	4.2 kB	142.250.74.131

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-12-10	medium	2.262da.ft.wy5532.com/	Malware
2022-12-10	medium	ciar-kep.com/zcvisitor/d31ea1b3-7845-11ed-ae81-124bbf17a16b/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=62c492c0-3b47-11ed-a49b-0a918cbcbb97	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-12-10	medium	ciar-kep.com	Sinkholed
2022-12-10	medium	ciar-kep.com	Sinkholed
2022-12-10	medium	ciar-kep.com	Sinkholed

JavaScript (17)

	URL	Size	First Seen	Last Seen
	unknown	0 B	2023-03-07	2024-04-19
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-19 07:17:02 Times Seen36954073 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	2.262da.ft.wy5532.com/	378 B	2023-03-09	2023-03-09
Pretty URL 2.262da.ft.wy5532.com/ IP 37.48.65.154 ASN #60781 LeaseWeb Netherlands B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:58:44 Last Seen2023-03-09 00:58:44 Times Seen1 Hash 44b09963a54e62b517caf75bf7334553 3293b89b634f44de9b10d4dc186f06823137dec4 9630d4ff5970fa4face99aebf4a1d64a01e0d244dd093506b233a78904123c29 Loading...

	bustygirls4u.com/bridge/intg.js?v=8	317 B	2023-03-08	2023-03-17
Pretty URL bustygirls4u.com/bridge/intg.js?v=8 IP 52.28.216.158 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 05:30:48 Last Seen2023-03-17 23:34:04 Times Seen1 Hash d9bd6d4fe07232e0fcae03c7e68d4e81 4a7e1c2e8cc35c2ff31c71175095f4b1a2b8c17b 0ad2eb2d6a74f3d18026ab24c088ca7c561a742fd870e44045db9d823ac0a3c6 Loading...

	cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js	48 kB	2023-03-07	2024-04-18
Pretty URL cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:31:53 Last Seen2024-04-18 20:57:53 Times Seen45943 Hash 2ca03ad87885ab983541092b87adb299 1a17f60bf776a8c468a185c1e8e985c41a50dc27 8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762 Loading...

	bustygirls4u.com/jump?tds_oid=24402&s1=ps&tds_id=b1727pos_jump_a_1598613018653&dci=96db7949be403d44cbfd9d1bb4c5fe78c3bf1071&tds_host=bustygirls4u.com&s3=w13ukboepmq4qk2limcmaq5g&utm_content=&utm_source=int&data2=w13ukboepmq4qk2limcmaq5g&id=24402&tds_cid=7246990faa9362caf81abafdb866ac3c618a19b4&tds_campaign=b1727pos&_tgUrl=aHR0cHM6Ly9idXN0eWdpcmxzNHUuY29tL3Rkcy9hZS90Zy9zL2U4M2JhZmNlZjdmMDhlMTRkYjI1ZjU3YzAzMjQyYmI5P19fdD0xNjcwNjQ3NjgzMjQ4Jl9fbD0zNjAw&tds_ac_id=s8655tok&tds_ao=1&utm_campaign=497f5345&tds_rt=	446 B	2023-03-09	2023-03-09
Pretty URL bustygirls4u.com/jump?tds_oid=24402&s1=ps&tds_id=b1727pos_jump_a_1598613018653&dci=96db7949be403d44cbfd9d1bb4c5fe78c3bf1071&tds_host=bustygirls4u.com&s3=w13ukboepmq4qk2limcmaq5g&utm_content=&utm_source=int&data2=w13ukboepmq4qk2limcmaq5g&id=24402&tds_cid=7246990faa9362caf81abafdb866ac3c618a19b4&tds_campaign=b1727pos&_tgUrl=aHR0cHM6Ly9idXN0eWdpcmxzNHUuY29tL3Rkcy9hZS90Zy9zL2U4M2JhZmNlZjdmMDhlMTRkYjI1ZjU3YzAzMjQyYmI5P19fdD0xNjcwNjQ3NjgzMjQ4Jl9fbD0zNjAw&tds_ac_id=s8655tok&tds_ao=1&utm_campaign=497f5345&tds_rt= IP 52.28.216.158 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:58:44 Last Seen2023-03-09 00:58:44 Times Seen1 Hash 3ebdc8551aaad3a98d9d1bfbb72f3d84 4a29bc27aef61ae1e470772ff6218022f8e3b30e ab33e5da8bbd420c9fea6f81eebd27652df7365950d96ca865745720d666f221 Loading...

	ciar-kep.com/zcredirect?visitid=d31ea1b3-7845-11ed-ae81-124bbf17a16b&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false	432 B	2023-03-09	2023-03-09
Pretty URL ciar-kep.com/zcredirect?visitid=d31ea1b3-7845-11ed-ae81-124bbf17a16b&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false IP 3.208.247.235 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:58:44 Last Seen2023-03-09 00:58:44 Times Seen1 Hash e125c6edbe2a0a3c1aeedcab9377580a da485b5454eee819fca5872159003296fe9e9249 0fb6073c9694fa85f7dea031911df601ac891fd6a4f89a0bf510eaaf7d17f560 Loading...

	bustygirls4u.com/bridge/ao_loader.js	836 B	2023-03-08	2023-03-17
Pretty URL bustygirls4u.com/bridge/ao_loader.js IP 52.28.216.158 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:00:33 Last Seen2023-03-17 23:34:04 Times Seen1 Hash 9c129816fdafb5e9525563ba64018bd7 79dfb5a385a3583a597716ac4b1e1649e9b9994d 43d06cd88d872d0f1ab73eda7cf55805382dfd0d56bb90aad3398c72a5bb4acf Loading...

	cdn3reference.com/landings/24402/js/20dff8cf5ed8c45d47eca00751d44eb9.js	97 kB	2023-03-07	2024-04-17
Pretty URL cdn3reference.com/landings/24402/js/20dff8cf5ed8c45d47eca00751d44eb9.js IP 54.230.111.104 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:10:46 Last Seen2024-04-17 13:34:23 Times Seen273 Hash 20dff8cf5ed8c45d47eca00751d44eb9 209faa3f1a08dcb3c943fe8b6c344571005ef3b4 aaf2bc75c60776c40df9015d7f99cde0e9adb2f81e859276ed30d7c431d6a720 Loading...

	retarget2core.com/fp/fp_ec.js	1.2 kB	2023-03-07	2023-03-29
Pretty URL retarget2core.com/fp/fp_ec.js IP 18.184.95.183 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:31:53 Last Seen2023-03-29 23:19:33 Times Seen17 Hash 6faaf5b255433abc88fbe4a547ac7784 c60ab4a050864bbd815922e5abade6d5af4333a6 7eda108904da9c98eeeeab666426197e6738b78dfd103a653897d14366e2cd20 Loading...

	bustygirls4u.com/bridge/frodi_data.js	6.6 kB	2023-03-07	2023-12-25
Pretty URL bustygirls4u.com/bridge/frodi_data.js IP 52.28.216.158 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:31:53 Last Seen2023-12-25 02:16:58 Times Seen154 Hash acba46edbe151b3ac5b3a3ad6adb6852 967fc6c8942a27986534f16a8a5ae2f71b0481bf 544d040fe3985f2f3f2f519c6db58110b24d23c8b13e794a988ec90a05b48658 Loading...

	bustygirls4u.com/integration.js	1.8 kB	2023-03-08	2023-07-23
Pretty URL bustygirls4u.com/integration.js IP 52.28.216.158 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:00:33 Last Seen2023-07-23 01:54:31 Times Seen13 Hash 92fb7fe418ecbb0fd2216117202ba3f4 29a40665f48cdbeb93418f129beb5204b4f842ca fcf0beb000c0392cbbb45e40156c0ff5ce33ee2072bc2dd376e3acc0e89eda0c Loading...

	bustygirls4u.com/ufis/main.js?ippContent=null&wpContent=null&pwaContent=null&doc_location=https%3A%2F%2Fbustygirls4u.com%2Fjump%3Ftds_oid%3D24402%26s1%3Dps%26tds_id%3Db1727pos_jump_a_1598613018653%26dci%3D96db7949be403d44cbfd9d1bb4c5fe78c3bf1071%26tds_host%3Dbustygirls4u.com%26s3%3Dw13ukboepmq4qk2limcmaq5g%26utm_content%3D%26utm_source%3Dint%26data2%3Dw13ukboepmq4qk2limcmaq5g%26id%3D24402%26tds_cid%3D7246990faa9362caf81abafdb866ac3c618a19b4%26tds_campaign%3Db1727pos%26_tgUrl%3DaHR0cHM6Ly9idXN0eWdpcmxzNHUuY29tL3Rkcy9hZS90Zy9zL2U4M2JhZmNlZjdmMDhlMTRkYjI1ZjU3YzAzMjQyYmI5P19fdD0xNjcwNjQ3NjgzMjQ4Jl9fbD0zNjAw%26tds_ac_id%3Ds8655tok%26tds_ao%3D1%26utm_campaign%3D497f5345%26tds_rt%3D&uaDataValues={}	199 B	2023-03-08	2024-03-14
Pretty URL bustygirls4u.com/ufis/main.js?ippContent=null&wpContent=null&pwaContent=null&doc_location=https%3A%2F%2Fbustygirls4u.com%2Fjump%3Ftds_oid%3D24402%26s1%3Dps%26tds_id%3Db1727pos_jump_a_1598613018653%26dci%3D96db7949be403d44cbfd9d1bb4c5fe78c3bf1071%26tds_host%3Dbustygirls4u.com%26s3%3Dw13ukboepmq4qk2limcmaq5g%26utm_content%3D%26utm_source%3Dint%26data2%3Dw13ukboepmq4qk2limcmaq5g%26id%3D24402%26tds_cid%3D7246990faa9362caf81abafdb866ac3c618a19b4%26tds_campaign%3Db1727pos%26_tgUrl%3DaHR0cHM6Ly9idXN0eWdpcmxzNHUuY29tL3Rkcy9hZS90Zy9zL2U4M2JhZmNlZjdmMDhlMTRkYjI1ZjU3YzAzMjQyYmI5P19fdD0xNjcwNjQ3NjgzMjQ4Jl9fbD0zNjAw%26tds_ac_id%3Ds8655tok%26tds_ao%3D1%26utm_campaign%3D497f5345%26tds_rt%3D&uaDataValues={} IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:49:12 Last Seen2024-03-14 20:03:32 Times Seen201 Hash cd4ae55f3af545b5863f65b73a6a7b80 a85fca461d97f90eaf52246b95974eeabba27c20 ae4475effcb2e8533194b150ee30b2472c1cb7498b2c83a764718d962deaa84f Loading...

	cdn3reference.com/js/dc_img.js?v=8	488 B	2023-03-07	2023-05-14
Pretty URL cdn3reference.com/js/dc_img.js?v=8 IP 54.230.111.104 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:31:53 Last Seen2023-05-14 11:44:44 Times Seen18 Hash 866e1e7da88eb0918114ea04e4379f40 cb9ed6b52f93bead89eb5da6d618c9b58b34a2b5 ac742d62b8d28cb2cc72fa86d6d1769ead306bd34eb3b04e712d9f32a7378c53 Loading...

	ciar-kep.com/zcvisitor/d31ea1b3-7845-11ed-ae81-124bbf17a16b/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=62c492c0-3b47-11ed-a49b-0a918cbcbb97	848 B	2023-03-09	2023-03-09
Pretty URL ciar-kep.com/zcvisitor/d31ea1b3-7845-11ed-ae81-124bbf17a16b/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=62c492c0-3b47-11ed-a49b-0a918cbcbb97 IP 3.208.247.235 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:58:44 Last Seen2023-03-09 00:58:44 Times Seen1 Hash 95dbbc3af9d30a8f3b7dd14277a91b5d 2e5aec69d047097703cf2ea75a221b863857eb2d ef335795fc4434fbed728d2e7739e57ba8c2e4575dbc92589ad37a52bc666abb Loading...

	bustygirls4u.com/jump?tds_oid=24402&s1=ps&tds_id=b1727pos_jump_a_1598613018653&dci=96db7949be403d44cbfd9d1bb4c5fe78c3bf1071&tds_host=bustygirls4u.com&s3=w13ukboepmq4qk2limcmaq5g&utm_content=&utm_source=int&data2=w13ukboepmq4qk2limcmaq5g&id=24402&tds_cid=7246990faa9362caf81abafdb866ac3c618a19b4&tds_campaign=b1727pos&_tgUrl=aHR0cHM6Ly9idXN0eWdpcmxzNHUuY29tL3Rkcy9hZS90Zy9zL2U4M2JhZmNlZjdmMDhlMTRkYjI1ZjU3YzAzMjQyYmI5P19fdD0xNjcwNjQ3NjgzMjQ4Jl9fbD0zNjAw&tds_ac_id=s8655tok&tds_ao=1&utm_campaign=497f5345&tds_rt=	522 B	2023-03-07	2023-04-05
Pretty URL bustygirls4u.com/jump?tds_oid=24402&s1=ps&tds_id=b1727pos_jump_a_1598613018653&dci=96db7949be403d44cbfd9d1bb4c5fe78c3bf1071&tds_host=bustygirls4u.com&s3=w13ukboepmq4qk2limcmaq5g&utm_content=&utm_source=int&data2=w13ukboepmq4qk2limcmaq5g&id=24402&tds_cid=7246990faa9362caf81abafdb866ac3c618a19b4&tds_campaign=b1727pos&_tgUrl=aHR0cHM6Ly9idXN0eWdpcmxzNHUuY29tL3Rkcy9hZS90Zy9zL2U4M2JhZmNlZjdmMDhlMTRkYjI1ZjU3YzAzMjQyYmI5P19fdD0xNjcwNjQ3NjgzMjQ4Jl9fbD0zNjAw&tds_ac_id=s8655tok&tds_ao=1&utm_campaign=497f5345&tds_rt= IP 52.28.216.158 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:10:46 Last Seen2023-04-05 01:48:41 Times Seen13 Hash 48e0ad9290ec0a3b6617a0ca76df0c6b 68f9154a03c5c339a330aa52d65bade74dfcbec7 7f3bfd860b6876e4c728d82f8ac7eab9e9150068c90c68aef4faec0f1da901fc Loading...

	bustygirls4u.com/jump?tds_oid=24402&s1=ps&tds_id=b1727pos_jump_a_1598613018653&dci=96db7949be403d44cbfd9d1bb4c5fe78c3bf1071&tds_host=bustygirls4u.com&s3=w13ukboepmq4qk2limcmaq5g&utm_content=&utm_source=int&data2=w13ukboepmq4qk2limcmaq5g&id=24402&tds_cid=7246990faa9362caf81abafdb866ac3c618a19b4&tds_campaign=b1727pos&_tgUrl=aHR0cHM6Ly9idXN0eWdpcmxzNHUuY29tL3Rkcy9hZS90Zy9zL2U4M2JhZmNlZjdmMDhlMTRkYjI1ZjU3YzAzMjQyYmI5P19fdD0xNjcwNjQ3NjgzMjQ4Jl9fbD0zNjAw&tds_ac_id=s8655tok&tds_ao=1&utm_campaign=497f5345&tds_rt=	405 B	2023-03-07	2023-04-05
Pretty URL bustygirls4u.com/jump?tds_oid=24402&s1=ps&tds_id=b1727pos_jump_a_1598613018653&dci=96db7949be403d44cbfd9d1bb4c5fe78c3bf1071&tds_host=bustygirls4u.com&s3=w13ukboepmq4qk2limcmaq5g&utm_content=&utm_source=int&data2=w13ukboepmq4qk2limcmaq5g&id=24402&tds_cid=7246990faa9362caf81abafdb866ac3c618a19b4&tds_campaign=b1727pos&_tgUrl=aHR0cHM6Ly9idXN0eWdpcmxzNHUuY29tL3Rkcy9hZS90Zy9zL2U4M2JhZmNlZjdmMDhlMTRkYjI1ZjU3YzAzMjQyYmI5P19fdD0xNjcwNjQ3NjgzMjQ4Jl9fbD0zNjAw&tds_ac_id=s8655tok&tds_ao=1&utm_campaign=497f5345&tds_rt= IP 52.28.216.158 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:10:46 Last Seen2023-04-05 01:48:41 Times Seen13 Hash be45a98359190c7f593f94249f7ff883 cfe7d73f5da8d22e196c0f6e766d98a8836fa672 5282055274dc1ebc1563a15afa096712df400e687714122538816184520c7b75 Loading...

		Size	First Seen	Last Seen
	#1 Eval - ca45c42226c1d974d33ba66f5fbec226	273 B	2023-03-07	2024-04-17
Pretty Observations First Seen2023-03-07 01:31:53 Last Seen2024-04-17 13:34:23 Times Seen296 Hash ca45c42226c1d974d33ba66f5fbec226 acdf858cb51509213a6b58ea26c99788ffa9ba51 8f61ee4a89b9d76a579f5ed446960dc9aba5dad5f67f5676bc5aab5f8fe726b3 Loading...

HTTP Transactions (52)

URL IP Response Size

2.262da.ft.wy5532.com/

37.48.65.154

200 OK

482 B

URL HTTP/1.1
2.262da.ft.wy5532.com/
IP
37.48.65.154:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (482), with no line terminators
Size
482 B (482 bytes)
Hash
d316873ef218914c1acf42926d79643e
24dd25f8baab85307e645a65b01566c0f2a168fa
a6779e3fd2e653a7fb444433adaaf6c2815ed19c2f4f90da8f48fe6e118a5ba9

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET / HTTP/1.1
Host: 2.262da.ft.wy5532.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: sid=4eb953c2-7839-11ed-ada2-c18107b743e7
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 482
content-type: text/html; charset=utf-8
date: Sat, 10 Dec 2022 04:48:00 GMT
server: nginx

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7181eff9c60e83eb0004ece591e47dca
0fd8cd0c9d10b0547938982e57d2c43e2d98679f
89c5c0e2d6890798644174a8e31976aec03a1b3deb03812afbb520e5ed68f522

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "89C5C0E2D6890798644174A8E31976AEC03A1B3DEB03812AFBB520E5ED68F522"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2644
Expires: Sat, 10 Dec 2022 05:32:04 GMT
Date: Sat, 10 Dec 2022 04:48:00 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
388f6fea5bafa378266622b72311a6ee
447f102dc12172ce1ba44c5e94e1d7bb49d43372
a597afb4d4f7f3c82f0f2857322226fc69dc92e099bfd0605f7a0cd562be9d21

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A597AFB4D4F7F3C82F0F2857322226FC69DC92E099BFD0605F7A0CD562BE9D21"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11231
Expires: Sat, 10 Dec 2022 07:55:11 GMT
Date: Sat, 10 Dec 2022 04:48:00 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
4ee537977be9c03702f8ffe0025bf1fe
21637881c4aa34c4add703f8bff4eff573159f45
4819229fd8f502a0c68c80bd7409e104c1b4d1a98ca8a6cd9deba629b1511aea

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4819229FD8F502A0C68C80BD7409E104C1B4D1A98CA8A6CD9DEBA629B1511AEA"
Last-Modified: Thu, 08 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4586
Expires: Sat, 10 Dec 2022 06:04:26 GMT
Date: Sat, 10 Dec 2022 04:48:00 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
bf0c602d32b3c14606f22a86183b5e3c
6eabd8d83475eba731968abe1a05a8bfd272f160
6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Content-Length, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 10 Dec 2022 04:33:19 GMT
content-type: application/json
age: 881
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: LegdcSM7lph307LCROmTxq1np2GKMM67lusfvzcbWuDYr6tyqS4QQV4+/UtzBkXHoquot36va54=
x-amz-request-id: 125A5ZRDKHWF6TV8
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 10 Dec 2022 03:50:31 GMT
age: 3449
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 04:48:00 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

2.262da.ft.wy5532.com/favicon.ico

37.48.65.154

429 Too Many Requests

17 B

URL HTTP/1.1
2.262da.ft.wy5532.com/favicon.ico
IP
37.48.65.154:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
ASCII text, with no line terminators
Size
17 B (17 bytes)
Hash
eeb13468b73d93fa8bcbe3ebae6df720
1f55c90d5ce61c6447e923443d496b137be35c63
802600d124464157037a2519acb3cff90b97670fd04809ea902fbb95497a12ca

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 2.262da.ft.wy5532.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://2.262da.ft.wy5532.com/
Cookie: sid=4eb953c2-7839-11ed-ada2-c18107b743e7

HTTP/1.1 429 Too Many Requests
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 17
date: Sat, 10 Dec 2022 04:48:00 GMT
server: nginx

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Cache-Control, Backoff, Content-Length, Content-Type, Last-Modified, ETag, Expires, Retry-After, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 10 Dec 2022 04:07:55 GMT
age: 2406
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
e6be4d2155028ffff5d01ab6e7edf6da
07172071b5cf43c4cd7d7930b4ad8518ec1e32e9
4d8a5fa2362fd0910babd6d128d850d4460829468eb23d34ee5ee6eaa42d5a38

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 930
Cache-Control: max-age=102864
Content-Type: application/ocsp-response
Date: Sat, 10 Dec 2022 04:48:01 GMT
Etag: "6392faaf-1d7"
Expires: Sun, 11 Dec 2022 09:22:25 GMT
Last-Modified: Fri, 09 Dec 2022 09:06:55 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

44.242.3.166

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
44.242.3.166:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 5WSH5lC1uFoRuE200J+l1A==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: I3cITxhNcTcNylFU28NoEQubbVE=

2.262da.ft.wy5532.com/?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY3MDY1NDg4MCwiaWF0IjoxNjcwNjQ3NjgwLCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIyc25sYWRsdmo4MjRnOWl2aTQwZWxkaTkiLCJuYmYiOjE2NzA2NDc2ODAsInRzIjoxNjcwNjQ3NjgwNDA4ODQyfQ.aL3oUHXI-XECDtz10qL5qrzZXNGOGNAXmQjnh1QmuXg&sid=4eb953c2-7839-11ed-ada2-c18107b743e7

37.48.65.154

302 Found

11 B

URL HTTP/1.1
2.262da.ft.wy5532.com/?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY3MDY1NDg4MCwiaWF0IjoxNjcwNjQ3NjgwLCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIyc25sYWRsdmo4MjRnOWl2aTQwZWxkaTkiLCJuYmYiOjE2NzA2NDc2ODAsInRzIjoxNjcwNjQ3NjgwNDA4ODQyfQ.aL3oUHXI-XECDtz10qL5qrzZXNGOGNAXmQjnh1QmuXg&sid=4eb953c2-7839-11ed-ada2-c18107b743e7
IP
37.48.65.154:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
ASCII text, with no line terminators
Size
11 B (11 bytes)
Hash
32682312d17c7cbf18e73594f5570319
60e22121bdd0bc71cdb2bae2a3aa577006b2eae9
e55fb1a1d731153e943b68844af12dcce8bfac917c98ffdea64c80da0607dd47

HTTP Headers

GET /?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY3MDY1NDg4MCwiaWF0IjoxNjcwNjQ3NjgwLCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIyc25sYWRsdmo4MjRnOWl2aTQwZWxkaTkiLCJuYmYiOjE2NzA2NDc2ODAsInRzIjoxNjcwNjQ3NjgwNDA4ODQyfQ.aL3oUHXI-XECDtz10qL5qrzZXNGOGNAXmQjnh1QmuXg&sid=4eb953c2-7839-11ed-ada2-c18107b743e7 HTTP/1.1
Host: 2.262da.ft.wy5532.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://2.262da.ft.wy5532.com/
Cookie: sid=4eb953c2-7839-11ed-ada2-c18107b743e7
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 Found
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 11
date: Sat, 10 Dec 2022 04:48:01 GMT
location: http://ciar-kep.com/zcvisitor/d31ea1b3-7845-11ed-ae81-124bbf17a16b/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=62c492c0-3b47-11ed-a49b-0a918cbcbb97
server: nginx
set-cookie: sid=4eb953c2-7839-11ed-ada2-c18107b743e7; path=/; domain=.wy5532.com; expires=Thu, 28 Dec 2090 08:02:08 GMT; max-age=2147483647; HttpOnly

ciar-kep.com/zcvisitor/d31ea1b3-7845-11ed-ae81-124bbf17a16b/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=62c492c0-3b47-11ed-a49b-0a918cbcbb97

3.208.247.235

200

1.1 kB

URL HTTP/1.1
ciar-kep.com/zcvisitor/d31ea1b3-7845-11ed-ae81-124bbf17a16b/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=62c492c0-3b47-11ed-a49b-0a918cbcbb97
IP
3.208.247.235:0
ASN
#14618 AMAZON-AES

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
1.1 kB (1096 bytes)
Hash
4088af07bd0f6bb251629ab75ed87de7
a94027ca1a824bd0104fc218b542d0959453bbee
c31d6e0e7713f39ebe9e0281036c16078a4339e7211453349dc27cc7343f765d

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /zcvisitor/d31ea1b3-7845-11ed-ae81-124bbf17a16b/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=62c492c0-3b47-11ed-a49b-0a918cbcbb97 HTTP/1.1
Host: ciar-kep.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://2.262da.ft.wy5532.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 
Date: Sat, 10 Dec 2022 04:48:02 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Server: bogYIeqz

ciar-kep.com/zcredirect?visitid=d31ea1b3-7845-11ed-ae81-124bbf17a16b&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false

3.208.247.235

200

994 B

URL HTTP/1.1
ciar-kep.com/zcredirect?visitid=d31ea1b3-7845-11ed-ae81-124bbf17a16b&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false
IP
3.208.247.235:0
ASN
#14618 AMAZON-AES

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (454)
Size
994 B (994 bytes)
Hash
4028b7c93fe835c43c554a60c4d4a92d
508e4a8f817f6c8f36b5065634cb1af777df593c
1616c6755abc2a6d9ca21323996826d07b0867047ffd82086ccb310db17f1f97

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /zcredirect?visitid=d31ea1b3-7845-11ed-ae81-124bbf17a16b&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false HTTP/1.1
Host: ciar-kep.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ciar-kep.com/zcvisitor/d31ea1b3-7845-11ed-ae81-124bbf17a16b/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=62c492c0-3b47-11ed-a49b-0a918cbcbb97
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 
Date: Sat, 10 Dec 2022 04:48:02 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
redirected: JS
Server: bogYIeqz

ciar-kep.com/favicon.ico

3.208.247.235

404

653 B

URL HTTP/1.1
ciar-kep.com/favicon.ico
IP
3.208.247.235:0
ASN
#14618 AMAZON-AES

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (649), with no line terminators
Size
653 B (653 bytes)
Hash
ba2732b1b2fa2626ffaa15f62f9e7d66
203d4e7fbb1d80449d6e4e1f3ae7a9bf8625debe
879861cb72fe9fbb476dab246021c4c83b4066327de2529e05ec54d3afb0a1c8

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: ciar-kep.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ciar-kep.com/zcredirect?visitid=d31ea1b3-7845-11ed-ae81-124bbf17a16b&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false

HTTP/1.1 404 
Date: Sat, 10 Dec 2022 04:48:02 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 653
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Content-Language: en
Server: jfCZieKd

cartining-specute.com/zp-redirect?target=https%3A%2F%2Fbustygirls4u.com%2Ftds%2Fae%3FtdsId%3Ds8655tok_r%26tds_campaign%3Ds8655tok%26utm_sub%3Dopnfnl%26s1%3Dps%26utm_source%3Dint%26affid%3D497f5345%26subid%3D%26clickid%3Dw13ukboepmq4qk2limcmaq5g%26subid2%3Dw13ukboepmq4qk2limcmaq5g&caid=8500be2f-30a7-4684-a7e7-f51ce3b821c4&zpid=d31ea1b3-7845-11ed-ae81-124bbf17a16b&cid=w13ukboepmq4qk2limcmaq5g&rt=R

18.197.36.77

302 Found

0 B

URL HTTP/2
cartining-specute.com/zp-redirect?target=https%3A%2F%2Fbustygirls4u.com%2Ftds%2Fae%3FtdsId%3Ds8655tok_r%26tds_campaign%3Ds8655tok%26utm_sub%3Dopnfnl%26s1%3Dps%26utm_source%3Dint%26affid%3D497f5345%26subid%3D%26clickid%3Dw13ukboepmq4qk2limcmaq5g%26subid2%3Dw13ukboepmq4qk2limcmaq5g&caid=8500be2f-30a7-4684-a7e7-f51ce3b821c4&zpid=d31ea1b3-7845-11ed-ae81-124bbf17a16b&cid=w13ukboepmq4qk2limcmaq5g&rt=R
IP
18.197.36.77:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /zp-redirect?target=https%3A%2F%2Fbustygirls4u.com%2Ftds%2Fae%3FtdsId%3Ds8655tok_r%26tds_campaign%3Ds8655tok%26utm_sub%3Dopnfnl%26s1%3Dps%26utm_source%3Dint%26affid%3D497f5345%26subid%3D%26clickid%3Dw13ukboepmq4qk2limcmaq5g%26subid2%3Dw13ukboepmq4qk2limcmaq5g&caid=8500be2f-30a7-4684-a7e7-f51ce3b821c4&zpid=d31ea1b3-7845-11ed-ae81-124bbf17a16b&cid=w13ukboepmq4qk2limcmaq5g&rt=R HTTP/1.1
Host: cartining-specute.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ciar-kep.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
server: nginx
date: Sat, 10 Dec 2022 04:48:02 GMT
content-length: 0
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://bustygirls4u.com/tds/ae?tdsId=s8655tok_r&tds_campaign=s8655tok&utm_sub=opnfnl&s1=ps&utm_source=int&affid=497f5345&subid=&clickid=w13ukboepmq4qk2limcmaq5g&subid2=w13ukboepmq4qk2limcmaq5g
pragma: no-cache
set-cookie: cc-v4=HEW2vyv%2BftoKNVUK02w9j5wzsi6OxQc%2FanCpsvU%2BSvv4aFwZxp7zDJ9yAo4384w%2ByY6Ny5Hw81x64AizfftejuVSE9siBtMxNbLaAgUfui5dxZQZEvFK5rQq7%2F9iGDkJQHFsLuQ%2BwBg67TDtcbFn8Q%3D%3D; Max-Age=31536000; Expires=Sun, 10-Dec-2023 04:48:02 GMT; Domain=cartining-specute.com; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4736
Expires: Sat, 10 Dec 2022 06:06:58 GMT
Date: Sat, 10 Dec 2022 04:48:02 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4736
Expires: Sat, 10 Dec 2022 06:06:58 GMT
Date: Sat, 10 Dec 2022 04:48:02 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4736
Expires: Sat, 10 Dec 2022 06:06:58 GMT
Date: Sat, 10 Dec 2022 04:48:02 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4736
Expires: Sat, 10 Dec 2022 06:06:58 GMT
Date: Sat, 10 Dec 2022 04:48:02 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8732123d-ded0-4486-9019-0d87264f6c0e.webp

34.120.237.76

200 OK

13 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8732123d-ded0-4486-9019-0d87264f6c0e.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
13 kB (12743 bytes)
Hash
0df452512aae4c4c1f4a2cd263b16dfd
68bac75574641febc463bd0819392dae2da15811
e0a9301c5be849e116f1d98b819c2eb91f73e74d836f3e099f2cd266e8f0bb36

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8732123d-ded0-4486-9019-0d87264f6c0e.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12743
x-amzn-requestid: 6ed8a5f4-45cd-45bd-9820-df450f612c34
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c5eK4E_-IAMFf3Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6393aa45-31d928fc430577b463a68bd0;Sampled=0
x-amzn-remapped-date: Fri, 09 Dec 2022 21:36:05 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: YTqJN92gTy04q3obEXe4P1gmG2h9b2IQjjSkkUXyqnfFOL67uobN4Q==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 21:58:18 GMT
age: 24584
etag: "68bac75574641febc463bd0819392dae2da15811"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4acdd84d-55dd-4e5d-bcf3-ab9d63566335.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.5 kB (7535 bytes)
Hash
a81548132f6f176f60e4fc278114ff84
3f330d6c27242cc3d65b975ab4a1c39b08fb69de
82095572be60a13b933293fa38a956e366a854becc5532dfccbf5893366ab702

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4acdd84d-55dd-4e5d-bcf3-ab9d63566335.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7535
x-amzn-requestid: 9c904976-42b9-40c9-aefa-201f0f84358f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c5eMUHw7IAMFSng=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6393aa4e-3a601e621f9f31c7509f4e52;Sampled=0
x-amzn-remapped-date: Fri, 09 Dec 2022 21:36:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: nXI46ZBJB6-LoLmfPuwmnQV9lamFDrpOdrgRXopTz7fGgwDYYGmT9A==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 21:53:07 GMT
age: 24895
etag: "3f330d6c27242cc3d65b975ab4a1c39b08fb69de"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.6 kB (7557 bytes)
Hash
5de5d319f43d9c9c641419d96655541f
cde4c7fa0145d3645af17e34c83c63c08f76a076
fdb114eb142f035c7a54195d16af51b5b423642c312f4bccc0f407d8fcc245aa

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7557
x-amzn-requestid: 09204b5e-8af5-4d4b-8186-628443866e0f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ctlz5EISoAMFdWw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638ee9b2-357cd4f921c592e1319098dd;Sampled=0
x-amzn-remapped-date: Tue, 06 Dec 2022 07:05:22 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 3KZwQ5HqXa_-tUyDHA5m-65OprogFpFgbbKpEJ65k-Yy3lwoCg8M5w==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 07:13:15 GMT
age: 77687
etag: "cde4c7fa0145d3645af17e34c83c63c08f76a076"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F34fa3dbc-1a29-4161-8687-d9c7b1b04f14.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.6 kB (9592 bytes)
Hash
386207bd6fea7388d5df993a32147431
d513b937a9be6e95bfe0fcea0f3f0cb7e611c0de
40fa6a8207008d1fceb11fc9fb37c458e1ed2deac83a2fb5fcac80d9b7ca32fa

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F34fa3dbc-1a29-4161-8687-d9c7b1b04f14.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9592
x-amzn-requestid: 1a8dca24-1776-4407-84d4-33fb975e49cf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c3fOXFSxoAMF-EQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6392df28-5ab03a853cf9c5ca57f4391f;Sampled=0
x-amzn-remapped-date: Fri, 09 Dec 2022 07:09:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: FW-CGlMPjenlq0gPVxsJzPU5muMwgH_nzzNoQItyyQPOBEJdOFLdsw==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 07:34:25 GMT
age: 76417
etag: "d513b937a9be6e95bfe0fcea0f3f0cb7e611c0de"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F32378252-8233-4d6b-b3d2-720e3ac2d0bd.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.0 kB (3963 bytes)
Hash
a2b4c44cc196e1f4263a895ef54e6650
c5cea524045b3394c1dfe5e5fcac4637416f8587
e31f4b95811c01b2f2f181e11b7a8e1b4c57c3c7fc067c304e8dacc6fb176442

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F32378252-8233-4d6b-b3d2-720e3ac2d0bd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 3963
x-amzn-requestid: f067a6cf-758c-4c35-be64-3970b690ea7c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c5e7VHdnoAMF0Tg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6393ab7b-485a18b738763b2029f6c653;Sampled=0
x-amzn-remapped-date: Fri, 09 Dec 2022 21:41:15 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: s34c1vAKHso9NwDfhOn5053VIDeRGdwNscoMDkkfcNx95irwIB9Hrg==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 559326ad73233233a9e52cb9e8601ede.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 21:54:23 GMT
age: 24819
etag: "c5cea524045b3394c1dfe5e5fcac4637416f8587"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

17 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5b7c7b21-97cc-48a2-a70c-c5a6cc643732.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
17 kB (17370 bytes)
Hash
54daaab012d7327bc46324026fff6cf5
20f3487c7d7ecbc3309751e768f4e720ea8572a2
c65a762ef8520b85e73dcff7d93d4ca6b5093360c45f408245630607f559e42f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5b7c7b21-97cc-48a2-a70c-c5a6cc643732.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 17370
x-amzn-requestid: 9d40f44c-a43d-4776-9bcf-2234cc941088
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c5eNkEWiIAMFbyQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6393aa56-1752d4c9022602137b933701;Sampled=0
x-amzn-remapped-date: Fri, 09 Dec 2022 21:36:22 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: mRfN-Bfdj-NJ92a_1wiOTFVzrVpalKvH2CZv8M1dPDtPVPfluRR6zg==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 22:26:31 GMT
etag: "20f3487c7d7ecbc3309751e768f4e720ea8572a2"
content-type: image/jpeg
age: 22891
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.sca1b.amazontrust.com/

143.204.42.165

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
143.204.42.165:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
f7a1488b066a836806d5af67408e53c1
69da882e4acec3d397283edadf9fd8e895e20235
a32b60c068e04fbfb007269019a57efb30dcf5d722f2efbb9fabd96725568798

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: 'max-age=158059'
Date: Sat, 10 Dec 2022 04:48:02 GMT
Etag: "6393e43d-1d7"
Server: ECS (dcb/7F7F)
X-Cache: Miss from cloudfront
Via: 1.1 185768229530368be94556dcab1c486a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: gXGdjZZXJ1KQ3Chwl3HmY8XGs_gvJx7XTfghDk55eHvpabijey21-g==

bustygirls4u.com/bridge/intg.js?v=8

52.28.216.158

200 OK

317 B

URL HTTP/2
bustygirls4u.com/bridge/intg.js?v=8
IP
52.28.216.158:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (316)
Size
317 B (317 bytes)
Hash
d9bd6d4fe07232e0fcae03c7e68d4e81
4a7e1c2e8cc35c2ff31c71175095f4b1a2b8c17b
0ad2eb2d6a74f3d18026ab24c088ca7c561a742fd870e44045db9d823ac0a3c6

HTTP Headers

GET /bridge/intg.js?v=8 HTTP/1.1
Host: bustygirls4u.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bustygirls4u.com/jump?tds_oid=24402&s1=ps&tds_id=b1727pos_jump_a_1598613018653&dci=96db7949be403d44cbfd9d1bb4c5fe78c3bf1071&tds_host=bustygirls4u.com&s3=w13ukboepmq4qk2limcmaq5g&utm_content=&utm_source=int&data2=w13ukboepmq4qk2limcmaq5g&id=24402&tds_cid=7246990faa9362caf81abafdb866ac3c618a19b4&tds_campaign=b1727pos&_tgUrl=aHR0cHM6Ly9idXN0eWdpcmxzNHUuY29tL3Rkcy9hZS90Zy9zL2U4M2JhZmNlZjdmMDhlMTRkYjI1ZjU3YzAzMjQyYmI5P19fdD0xNjcwNjQ3NjgzMjQ4Jl9fbD0zNjAw&tds_ac_id=s8655tok&tds_ao=1&utm_campaign=497f5345&tds_rt=
Cookie: dci=96db7949be403d44cbfd9d1bb4c5fe78c3bf1071; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 10 Dec 2022 04:48:03 GMT
content-type: application/javascript; charset=UTF-8
content-length: 317
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
x-robots-tag: noindex
accept-ranges: bytes
cache-control: public, max-age=3600
last-modified: Tue, 06 Dec 2022 23:13:59 GMT
etag: W/"13d-184e9b7aad8"
vary: Accept-Encoding
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js

104.17.25.14

200 OK

14 kB

URL HTTP/2
cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
IP
104.17.25.14:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (48316), with no line terminators
Size
14 kB (13972 bytes)
Hash
2e46e3b0807c19e0ee85603dd4ba3f72
cb55679976d9a5d9933f291218b8ff0f95ebdc17
87a3f839cfc8bca3368a7dec7c5ff14e5f613928e899b601292b5a1f1bd5dc05

HTTP Headers

GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bustygirls4u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 10 Dec 2022 04:48:03 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61182885-3694"
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 2028045
expires: Thu, 30 Nov 2023 04:48:03 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ATA7zGSqM95HZYbmPqr1e%2BKsqwyfxHnX1sq285SGDNAc8iaGBOTcFkuZCFqvVr3w3oTjg39mmdf4l9T7%2FseMOvEASYWPu0a43j9nGPcgUVpUrJkKAM%2BfWaQmtNkJzOSG9zXewuUN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 777358972806b500-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

bustygirls4u.com/bridge/ao_loader.js

52.28.216.158

200 OK

836 B

URL HTTP/2
bustygirls4u.com/bridge/ao_loader.js
IP
52.28.216.158:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (835)
Size
836 B (836 bytes)
Hash
9c129816fdafb5e9525563ba64018bd7
79dfb5a385a3583a597716ac4b1e1649e9b9994d
43d06cd88d872d0f1ab73eda7cf55805382dfd0d56bb90aad3398c72a5bb4acf

HTTP Headers

GET /bridge/ao_loader.js HTTP/1.1
Host: bustygirls4u.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bustygirls4u.com/jump?tds_oid=24402&s1=ps&tds_id=b1727pos_jump_a_1598613018653&dci=96db7949be403d44cbfd9d1bb4c5fe78c3bf1071&tds_host=bustygirls4u.com&s3=w13ukboepmq4qk2limcmaq5g&utm_content=&utm_source=int&data2=w13ukboepmq4qk2limcmaq5g&id=24402&tds_cid=7246990faa9362caf81abafdb866ac3c618a19b4&tds_campaign=b1727pos&_tgUrl=aHR0cHM6Ly9idXN0eWdpcmxzNHUuY29tL3Rkcy9hZS90Zy9zL2U4M2JhZmNlZjdmMDhlMTRkYjI1ZjU3YzAzMjQyYmI5P19fdD0xNjcwNjQ3NjgzMjQ4Jl9fbD0zNjAw&tds_ac_id=s8655tok&tds_ao=1&utm_campaign=497f5345&tds_rt=
Cookie: dci=96db7949be403d44cbfd9d1bb4c5fe78c3bf1071; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 10 Dec 2022 04:48:03 GMT
content-type: application/javascript; charset=UTF-8
content-length: 836
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
x-robots-tag: noindex
accept-ranges: bytes
cache-control: public, max-age=3600
last-modified: Tue, 06 Dec 2022 23:13:59 GMT
etag: W/"344-184e9b7aad8"
vary: Accept-Encoding
X-Firefox-Spdy: h2

bustygirls4u.com/bridge/frodi_data.js

52.28.216.158

200 OK

3.1 kB

URL HTTP/2
bustygirls4u.com/bridge/frodi_data.js
IP
52.28.216.158:0
ASN
#16509 AMAZON-02

File type
data
Size
3.1 kB (3051 bytes)
Hash
ea74db2a70ed2acf3888effeff513779
3c402b8b2911ba56b63878f2876a283ccbabc954
5b4335befeea360b276807f301f96d724fe5e78bf20e71b7e0295507beba42d5

HTTP Headers

GET /bridge/frodi_data.js HTTP/1.1
Host: bustygirls4u.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bustygirls4u.com/jump?tds_oid=24402&s1=ps&tds_id=b1727pos_jump_a_1598613018653&dci=96db7949be403d44cbfd9d1bb4c5fe78c3bf1071&tds_host=bustygirls4u.com&s3=w13ukboepmq4qk2limcmaq5g&utm_content=&utm_source=int&data2=w13ukboepmq4qk2limcmaq5g&id=24402&tds_cid=7246990faa9362caf81abafdb866ac3c618a19b4&tds_campaign=b1727pos&_tgUrl=aHR0cHM6Ly9idXN0eWdpcmxzNHUuY29tL3Rkcy9hZS90Zy9zL2U4M2JhZmNlZjdmMDhlMTRkYjI1ZjU3YzAzMjQyYmI5P19fdD0xNjcwNjQ3NjgzMjQ4Jl9fbD0zNjAw&tds_ac_id=s8655tok&tds_ao=1&utm_campaign=497f5345&tds_rt=
Cookie: dci=96db7949be403d44cbfd9d1bb4c5fe78c3bf1071; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 10 Dec 2022 04:48:03 GMT
content-type: application/javascript; charset=UTF-8
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
x-robots-tag: noindex
accept-ranges: bytes
cache-control: public, max-age=3600
last-modified: Tue, 06 Dec 2022 23:13:59 GMT
etag: W/"19f8-184e9b7aad8"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

cdn3reference.com/landings/24402/css/1bb237f1d11d96bafc51aee0e34d1311.css

54.230.111.104

200 OK

1.9 kB

URL HTTP/2
cdn3reference.com/landings/24402/css/1bb237f1d11d96bafc51aee0e34d1311.css
IP
54.230.111.104:0
ASN
#16509 AMAZON-02

File type
data
Size
1.9 kB (1900 bytes)
Hash
17aa67776c7833009a25436a04324da2
e1d83e9eeff509b42eb7f6314217fb32f9b77196
034115ac8fd5e6b6e3de3b26158c1b8e5731d0b3157f8143514c0c9bfb29583a

HTTP Headers

GET /landings/24402/css/1bb237f1d11d96bafc51aee0e34d1311.css HTTP/1.1
Host: cdn3reference.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bustygirls4u.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css
server: nginx
date: Sat, 10 Dec 2022 04:48:03 GMT
last-modified: Fri, 26 Aug 2022 12:23:03 GMT
content-encoding: gzip
etag: W/"fcb-5e723f9b7d7c0"
x-cache: Miss from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 4AIl2LOBl0avZaUkw2PM3usIuHMrr8B2AVnigKpb4UqBjI3SvPEOfQ==
X-Firefox-Spdy: h2

cdn3reference.com/js/dc_img.js?v=8

54.230.111.104

200 OK

796 B

URL HTTP/2
cdn3reference.com/js/dc_img.js?v=8
IP
54.230.111.104:0
ASN
#16509 AMAZON-02

File type
data
Size
796 B (796 bytes)
Hash
baebd8e60b4970cf6d73fa6e59741f5f
910650145054f10616cca422324fce341baafc03
468a48ea0ae6f8295c948139453f3e850f73023cb7953598c71d0bd55bf46df4

HTTP Headers

GET /js/dc_img.js?v=8 HTTP/1.1
Host: cdn3reference.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bustygirls4u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript
server: nginx
date: Sat, 10 Dec 2022 04:48:03 GMT
last-modified: Thu, 29 Oct 2020 09:22:15 GMT
etag: W/"1e8-5b2cbd0d9620d"
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Otss-9cZ_ox36H4t220aiRXJdOADC4f6Y7xFmQdss4aDdWv9m4lwuw==
X-Firefox-Spdy: h2

bustygirls4u.com/integration.js

52.28.216.158

200 OK

1.9 kB

URL HTTP/2
bustygirls4u.com/integration.js
IP
52.28.216.158:0
ASN
#16509 AMAZON-02

File type
data
Size
1.9 kB (1932 bytes)
Hash
09a6ab37ef2f7bb36d5a50ec54d57879
a65bcbc3a6ef1a664e2fba497904a7c23e731e61
f75bb9ca289ef272b0079b4350a93821baa97ceb99a7f31bd842bbacc9f2b97c

HTTP Headers

GET /integration.js HTTP/1.1
Host: bustygirls4u.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bustygirls4u.com/jump?tds_oid=24402&s1=ps&tds_id=b1727pos_jump_a_1598613018653&dci=96db7949be403d44cbfd9d1bb4c5fe78c3bf1071&tds_host=bustygirls4u.com&s3=w13ukboepmq4qk2limcmaq5g&utm_content=&utm_source=int&data2=w13ukboepmq4qk2limcmaq5g&id=24402&tds_cid=7246990faa9362caf81abafdb866ac3c618a19b4&tds_campaign=b1727pos&_tgUrl=aHR0cHM6Ly9idXN0eWdpcmxzNHUuY29tL3Rkcy9hZS90Zy9zL2U4M2JhZmNlZjdmMDhlMTRkYjI1ZjU3YzAzMjQyYmI5P19fdD0xNjcwNjQ3NjgzMjQ4Jl9fbD0zNjAw&tds_ac_id=s8655tok&tds_ao=1&utm_campaign=497f5345&tds_rt=
Cookie: dci=96db7949be403d44cbfd9d1bb4c5fe78c3bf1071; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 10 Dec 2022 04:48:03 GMT
content-type: text/javascript; charset=utf-8
server: nginx
x-powered-by: Express
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
etag: W/"713-KaQGZfSM2+uTQY8Sm+tSBLT4Qso"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
f7aef7109978f8c1c53298563756a403
d610bb812b080710945dd47f9cccd794af9fe2f7
6366bc97e3f9ac9a6e8a294da60f2d961d2106180fd8ffaae97bc82ea399edb9

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 10 Dec 2022 04:48:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
e4f546e102d986faf1029509d599b730
cc045a705fd6758b7b575fde5dfb79facc9c3546
ef492301b2b30e5076f7dffa07973e65e9a200ba9ef4d3568a527d3f973f3349

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 10 Dec 2022 04:48:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

bustygirls4u.com/tds/ae?tdsId=s8655tok_r&tds_campaign=s8655tok&utm_sub=opnfnl&s1=ps&utm_source=int&affid=497f5345&subid=&clickid=w13ukboepmq4qk2limcmaq5g&subid2=w13ukboepmq4qk2limcmaq5g

52.28.216.158

302 Found

472 B

URL HTTP/2
bustygirls4u.com/tds/ae?tdsId=s8655tok_r&tds_campaign=s8655tok&utm_sub=opnfnl&s1=ps&utm_source=int&affid=497f5345&subid=&clickid=w13ukboepmq4qk2limcmaq5g&subid2=w13ukboepmq4qk2limcmaq5g
IP
52.28.216.158:0
ASN
#16509 AMAZON-02

File type
data
Size
472 B (472 bytes)
Hash
e4f546e102d986faf1029509d599b730
cc045a705fd6758b7b575fde5dfb79facc9c3546
ef492301b2b30e5076f7dffa07973e65e9a200ba9ef4d3568a527d3f973f3349

HTTP Headers

GET /tds/ae?tdsId=s8655tok_r&tds_campaign=s8655tok&utm_sub=opnfnl&s1=ps&utm_source=int&affid=497f5345&subid=&clickid=w13ukboepmq4qk2limcmaq5g&subid2=w13ukboepmq4qk2limcmaq5g HTTP/1.1
Host: bustygirls4u.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ciar-kep.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
date: Sat, 10 Dec 2022 04:48:03 GMT
location: https://bustygirls4u.com/jump?tds_oid=24402&s1=ps&tds_id=b1727pos_jump_a_1598613018653&dci=96db7949be403d44cbfd9d1bb4c5fe78c3bf1071&tds_host=bustygirls4u.com&s3=w13ukboepmq4qk2limcmaq5g&utm_content=&utm_source=int&data2=w13ukboepmq4qk2limcmaq5g&id=24402&tds_cid=7246990faa9362caf81abafdb866ac3c618a19b4&tds_campaign=b1727pos&_tgUrl=aHR0cHM6Ly9idXN0eWdpcmxzNHUuY29tL3Rkcy9hZS90Zy9zL2U4M2JhZmNlZjdmMDhlMTRkYjI1ZjU3YzAzMjQyYmI5P19fdD0xNjcwNjQ3NjgzMjQ4Jl9fbD0zNjAw&tds_ac_id=s8655tok&tds_ao=1&utm_campaign=497f5345&tds_rt=
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
accept-ch: UA, Platform, Model, Mobile, Arch
set-cookie: dci=96db7949be403d44cbfd9d1bb4c5fe78c3bf1071; Max-Age=31536000; Domain=.bustygirls4u.com; Path=/; Expires=Sun, 10 Dec 2023 04:48:03 GMT; Secure; SameSite=None
dm=fe450dd0d1dadc615429144d33241f42; Max-Age=432000; Path=/; Expires=Thu, 15 Dec 2022 04:48:03 GMT
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
e4f546e102d986faf1029509d599b730
cc045a705fd6758b7b575fde5dfb79facc9c3546
ef492301b2b30e5076f7dffa07973e65e9a200ba9ef4d3568a527d3f973f3349

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 10 Dec 2022 04:48:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/robotoslab/v24/BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjojISmb2Rj.woff2

142.250.74.35

200 OK

13 kB

URL HTTP/2
fonts.gstatic.com/s/robotoslab/v24/BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjojISmb2Rj.woff2
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 12608, version 1.0\012- data
Size
13 kB (12608 bytes)
Hash
b2d90c9a5d17242bc107ee6fb2bb0c65
d14417ba18f48c28d74c6788837a59f4b7967427
e3b93a1b0941a116dcb0ed0b5c3ea062cdcad365207c405b231094eb485d95fc

HTTP Headers

GET /s/robotoslab/v24/BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjojISmb2Rj.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://bustygirls4u.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 12608
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 04 Dec 2022 01:51:28 GMT
expires: Mon, 04 Dec 2023 01:51:28 GMT
cache-control: public, max-age=31536000
age: 528996
last-modified: Mon, 11 Jul 2022 19:15:08 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
e4f546e102d986faf1029509d599b730
cc045a705fd6758b7b575fde5dfb79facc9c3546
ef492301b2b30e5076f7dffa07973e65e9a200ba9ef4d3568a527d3f973f3349

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 10 Dec 2022 04:48:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

142.250.74.35

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://bustygirls4u.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 07 Dec 2022 19:33:54 GMT
expires: Thu, 07 Dec 2023 19:33:54 GMT
cache-control: public, max-age=31536000
age: 206050
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.googletagmanager.com/gtm.js?id=GTM-KMSJRW&l=adsLayer

142.250.74.40

200 OK

50 kB

URL HTTP/2
www.googletagmanager.com/gtm.js?id=GTM-KMSJRW&l=adsLayer
IP
142.250.74.40:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (4073)
Size
50 kB (49854 bytes)
Hash
45a7dd88da010f51f6a4a0c1f027eb8b
9e17d63a04780560ad433f3319b630befec32533
8b444025434d756bd2c8268d00bd0f789c89f247f298da42f3fd173b65bdc630

HTTP Headers

GET /gtm.js?id=GTM-KMSJRW&l=adsLayer HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bustygirls4u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 10 Dec 2022 04:48:04 GMT
expires: Sat, 10 Dec 2022 04:48:04 GMT
cache-control: private, max-age=900
last-modified: Sat, 10 Dec 2022 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 49854
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

142.250.74.35

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://bustygirls4u.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 09 Dec 2022 13:33:13 GMT
expires: Sat, 09 Dec 2023 13:33:13 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
age: 54891
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
e4f546e102d986faf1029509d599b730
cc045a705fd6758b7b575fde5dfb79facc9c3546
ef492301b2b30e5076f7dffa07973e65e9a200ba9ef4d3568a527d3f973f3349

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 10 Dec 2022 04:48:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
f7aef7109978f8c1c53298563756a403
d610bb812b080710945dd47f9cccd794af9fe2f7
6366bc97e3f9ac9a6e8a294da60f2d961d2106180fd8ffaae97bc82ea399edb9

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 10 Dec 2022 04:48:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

cdn3reference.com/landings/24402/images/1.gif

54.230.111.104

200 OK

990 kB

URL HTTP/2
cdn3reference.com/landings/24402/images/1.gif
IP
54.230.111.104:0
ASN
#16509 AMAZON-02

File type
GIF image data, version 89a, 350 x 350\012- data
Size
990 kB (990217 bytes)
Hash
b6a3143a53b595e8fbdb0b57325eb689
92b4ec51c3d7c4a7153b9f6c71fc773801e681be
0f4d95d70a7c81a640b273cc833c39a15f44c3b6c87c48c7d372926fef736862

HTTP Headers

GET /landings/24402/images/1.gif HTTP/1.1
Host: cdn3reference.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn3reference.com/landings/24402/css/1bb237f1d11d96bafc51aee0e34d1311.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: image/gif
content-length: 990217
server: nginx
last-modified: Wed, 04 Dec 2019 08:19:16 GMT
accept-ranges: bytes
date: Sat, 10 Dec 2022 04:48:04 GMT
cache-control: public, max-age=604800
etag: "f1c09-598dc77f00900"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 18NGU_4WQ3G4BvMH8NjuR06RIjH6PSAeFWBo-eBiRncLwiAOfKG28w==
X-Firefox-Spdy: h2

ocsp.sca1b.amazontrust.com/

143.204.42.165

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
143.204.42.165:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
b1f9aa9f1030aa318b0573312c4d3096
b4db7b18885eeedd2addb84f46e139405f3a7fe5
85b83bfbfdad799d9a9b76086af7b87515f2322c5e7c78aa8b81dc0b7abfd47d

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=143315
Date: Sat, 10 Dec 2022 04:48:04 GMT
Etag: "63939c57-1d7"
Expires: Sun, 11 Dec 2022 20:36:39 GMT
Last-Modified: Fri, 09 Dec 2022 20:36:39 GMT
Server: nginx
X-Cache: Miss from cloudfront
Via: 1.1 185768229530368be94556dcab1c486a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: m-q9eFP9C1rm2zZC1-UiDshF9zh7UFKw4_pMrUpFad-2HBq4T4n7Vw==

34.120.237.76

200 OK

9.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3aa5c262-0114-433f-bea5-d75296b8bcd2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.2 kB (9209 bytes)
Hash
4ccbd106eb57e1a4f6d60408118fe2dd
cc916150425f00b44ede3ec473e3e248afabaf8d
740c62dfdd20f2fb7270ea602825ba7eaad99c4fe5ab8d726072909c6b73c87f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3aa5c262-0114-433f-bea5-d75296b8bcd2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-length: 9209
x-amzn-requestid: a740ddf7-5325-4ac1-a694-aaa3d4345fe4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c5eNUGIroAMFdlQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6393aa55-08856c7b0757108a5c6811c9;Sampled=0
x-amzn-remapped-date: Fri, 09 Dec 2022 21:36:21 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 1MetqwAsoOgTEJAPG8IneF4rj2579sLBLD_gw-745LeAncWCHW6J2Q==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 22:04:54 GMT
age: 24195
etag: "cc916150425f00b44ede3ec473e3e248afabaf8d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

retarget2core.com/fp/fp_ec.js

18.184.95.183

200 OK

0 B

URL HTTP/2
retarget2core.com/fp/fp_ec.js
IP
18.184.95.183:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /fp/fp_ec.js HTTP/1.1
Host: retarget2core.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bustygirls4u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 10 Dec 2022 04:48:04 GMT
content-type: application/javascript; charset=UTF-8
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
x-robots-tag: noindex
accept-ranges: bytes
cache-control: public, max-age=3600
last-modified: Tue, 06 Dec 2022 23:13:59 GMT
etag: W/"4bd-184e9b7aad8"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

bustygirls4u.com/jump?tds_oid=24402&s1=ps&tds_id=b1727pos_jump_a_1598613018653&dci=96db7949be403d44cbfd9d1bb4c5fe78c3bf1071&tds_host=bustygirls4u.com&s3=w13ukboepmq4qk2limcmaq5g&utm_content=&utm_source=int&data2=w13ukboepmq4qk2limcmaq5g&id=24402&tds_cid=7246990faa9362caf81abafdb866ac3c618a19b4&tds_campaign=b1727pos&_tgUrl=aHR0cHM6Ly9idXN0eWdpcmxzNHUuY29tL3Rkcy9hZS90Zy9zL2U4M2JhZmNlZjdmMDhlMTRkYjI1ZjU3YzAzMjQyYmI5P19fdD0xNjcwNjQ3NjgzMjQ4Jl9fbD0zNjAw&tds_ac_id=s8655tok&tds_ao=1&utm_campaign=497f5345&tds_rt=

52.28.216.158

200 OK

0 B

URL HTTP/2
bustygirls4u.com/jump?tds_oid=24402&s1=ps&tds_id=b1727pos_jump_a_1598613018653&dci=96db7949be403d44cbfd9d1bb4c5fe78c3bf1071&tds_host=bustygirls4u.com&s3=w13ukboepmq4qk2limcmaq5g&utm_content=&utm_source=int&data2=w13ukboepmq4qk2limcmaq5g&id=24402&tds_cid=7246990faa9362caf81abafdb866ac3c618a19b4&tds_campaign=b1727pos&_tgUrl=aHR0cHM6Ly9idXN0eWdpcmxzNHUuY29tL3Rkcy9hZS90Zy9zL2U4M2JhZmNlZjdmMDhlMTRkYjI1ZjU3YzAzMjQyYmI5P19fdD0xNjcwNjQ3NjgzMjQ4Jl9fbD0zNjAw&tds_ac_id=s8655tok&tds_ao=1&utm_campaign=497f5345&tds_rt=
IP
52.28.216.158:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /jump?tds_oid=24402&s1=ps&tds_id=b1727pos_jump_a_1598613018653&dci=96db7949be403d44cbfd9d1bb4c5fe78c3bf1071&tds_host=bustygirls4u.com&s3=w13ukboepmq4qk2limcmaq5g&utm_content=&utm_source=int&data2=w13ukboepmq4qk2limcmaq5g&id=24402&tds_cid=7246990faa9362caf81abafdb866ac3c618a19b4&tds_campaign=b1727pos&_tgUrl=aHR0cHM6Ly9idXN0eWdpcmxzNHUuY29tL3Rkcy9hZS90Zy9zL2U4M2JhZmNlZjdmMDhlMTRkYjI1ZjU3YzAzMjQyYmI5P19fdD0xNjcwNjQ3NjgzMjQ4Jl9fbD0zNjAw&tds_ac_id=s8655tok&tds_ao=1&utm_campaign=497f5345&tds_rt= HTTP/1.1
Host: bustygirls4u.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ciar-kep.com/
Connection: keep-alive
Cookie: dci=96db7949be403d44cbfd9d1bb4c5fe78c3bf1071; dm=fe450dd0d1dadc615429144d33241f42
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 10 Dec 2022 04:48:03 GMT
content-type: text/html; charset=UTF-8
server: nginx
content-encoding: br
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Roboto+Slab&display=swap

142.250.74.106

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css?family=Roboto+Slab&display=swap
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css?family=Roboto+Slab&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn3reference.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 10 Dec 2022 04:48:04 GMT
date: Sat, 10 Dec 2022 04:48:04 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

cdn3reference.com/landings/24402/js/20dff8cf5ed8c45d47eca00751d44eb9.js

54.230.111.104

200 OK

0 B

URL HTTP/2
cdn3reference.com/landings/24402/js/20dff8cf5ed8c45d47eca00751d44eb9.js
IP
54.230.111.104:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /landings/24402/js/20dff8cf5ed8c45d47eca00751d44eb9.js HTTP/1.1
Host: cdn3reference.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bustygirls4u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript
server: nginx
date: Sat, 10 Dec 2022 04:48:03 GMT
last-modified: Fri, 26 Aug 2022 12:23:03 GMT
content-encoding: gzip
etag: W/"17b45-5e723f9b7d7c0"
x-cache: Miss from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: HLmhduVWNGghcGHJ-LEZP574bP_Xr0zAQXP1WyJtZiTsBD5-SBblDA==
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (17)

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP