Report - www.saveday-inc.net/optin2widllds

Report Overview

Submitted URL
www.saveday-inc.net/optin2widllds
IP
104.16.12.194
ASN
#13335 CLOUDFLARENET
Submitted
2022-09-07 13:25:03
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
40

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	758 B	2.7 kB	143.204.55.27
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594 B	127 B	52.36.24.174
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.6 kB	51 kB	34.120.237.76
static.cloudflareinsights.com	1294	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	451 B	393 B	104.18.47.230
www.googletagmanager.com	75	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	373 B	57 kB	142.250.74.72
fonts.googleapis.com	8877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	679 B	746 B	142.250.74.10
prospectrmktg.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	468 B	141 B	199.103.4.90
use.fontawesome.com	942	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	781 B	1.7 kB	104.21.63.54
js-agent.newrelic.com	378	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	363 B	15 kB	151.101.86.137
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.6 kB	4.4 kB	23.36.77.32
www.saveday-inc.net	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	14 kB	216 kB	104.16.14.194
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.3 kB	7.0 kB	142.250.74.3
stats.g.doubleclick.net	96	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	600 B	711 B	142.251.1.156
www.facebook.com	99	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	622 B	499 B	31.13.72.36
www.google.no	25607	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	755 B	757 B	142.250.74.3
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	5.8 kB	143.204.55.110
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321 B	229 B	34.117.237.239
csp-reporting.cloudflare.com	8787	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	19 kB	102 kB	104.18.21.157
app.clickfunnels.com	34727	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.6 kB	24 kB	104.16.13.194

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-09-07	medium	saveday-inc.net	Sinkholed
2022-09-07	medium	saveday-inc.net	Sinkholed
2022-09-07	medium	saveday-inc.net	Sinkholed
2022-09-07	medium	saveday-inc.net	Sinkholed
2022-09-07	medium	saveday-inc.net	Sinkholed
2022-09-07	medium	saveday-inc.net	Sinkholed
2022-09-07	medium	saveday-inc.net	Sinkholed
2022-09-07	medium	saveday-inc.net	Sinkholed
2022-09-07	medium	saveday-inc.net	Sinkholed
2022-09-07	medium	saveday-inc.net	Sinkholed
2022-09-07	medium	saveday-inc.net	Sinkholed
2022-09-07	medium	saveday-inc.net	Sinkholed
2022-09-07	medium	saveday-inc.net	Sinkholed
2022-09-07	medium	saveday-inc.net	Sinkholed
2022-09-07	medium	saveday-inc.net	Sinkholed
2022-09-07	medium	saveday-inc.net	Sinkholed
2022-09-07	medium	saveday-inc.net	Sinkholed
2022-09-07	medium	saveday-inc.net	Sinkholed
2022-09-07	medium	saveday-inc.net	Sinkholed
2022-09-07	medium	saveday-inc.net	Sinkholed

Files detected

URL
app.clickfunnels.com/userevents/?funnel_id=eThENnR4Zmk0a0FISk4weWlPVCtYQT09LS1qSTVRUk9LZTMvZGlCM2FBaXozT1hRPT0%3D--2df597deecf7a425802bd0e5ecd1ce6489e1b6da&page_id=bnJGR3d4YkRYRFdIM3ZzV2lYbCt5QT09LS16Y0xaMHVRaldFN21aL0tJcExMNjJ3PT0%3D--f69358841eaa48b41796588213093f23443e94b9&funnel_step_id=bmx6T2NwQWN5Y3BBUGJKRG9xTWRmZz09LS00ZEJjRHBDTlpwZm5IL0o3Z1dySDdnPT0%3D--59786c96d79346d129f68009f96dd021e7f5294a&user_id=aFpPcDVVUHlMeFJlM2hRQ2lpa1VQUT09LS1vbWRub1ZCbjlONHZxUG5QeExtbUl3PT0%3D--9a3311e5bcd523b6cbc509fe3878988b1767476c&account_id=VzB0SUFYd0xhTVhpTmVsSUdsSkZydz09LS1NMmNvNGRXVVRSbkV3ckcra1BRRmxnPT0%3D--c221cb55afa42b5bc58c04268236493bfa97577b&page_code=NTIwOTg4ODA%3D&mode_id=1&time_zone=Pacific%20Time%20(US%20%26%20Canada)&app_domain=app.clickfunnels.com&aff_sub2=&aff_sub3=&aff_sub=&affiliate_id=&cf_affiliate_id=&content=&medium=&name=&source=&term=&client_width=1268&type=Userevents::PageviewsCreatedSummary&nonce=fed4fa0c-87de-49a4-ac60-343555ea21a0&url=https%3A%2F%2Fwww.saveday-inc.net%2Foptin1638821352637
IP
104.16.13.194
ASN
#13335 CLOUDFLARENET

File type
gzip compressed data, max compression\012- data
Size
20 kB (20006 bytes)
Hash
56f5d7f608e25d64207135f045f988cb
901eb59372ae330ae85e1384da93479b21ae1082
1910daea79e5a9d04829a91e432dfa56f45a80a3e14a8cf667fec73af9fd3d29

Detections

Analyzer	Verdict	Alert
VirusTotal	0/56

URL
csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=_jrDKRGYNj3eAH.cId3Krg_UumhphTYyJ9Zw8MCVPho-1662557093-0-Aer_qGbuX_YmRKjiEjl3XmQk3iVpSHk20J7T8BDPohXc54fIqAiNlcF-e0P3qbg2XcyZSNs9Qi-QLeyW_UzgWgvjUt4nwIQPf5OXsInb5Ynp
IP
104.18.21.157
ASN
#13335 CLOUDFLARENET

File type
gzip compressed data, max compression\012- data
Size
16 kB (15687 bytes)
Hash
4738d969770682feba80f04bf171d65b
be0e0ceb91bf5ed0c64b0f3f2cc2c99c6d4cd6b7
1daca97cf9e8078299f94c50346e45fead45bf908ca97ded912f26986c1c4e9a

Detections

Analyzer	Verdict	Alert
VirusTotal	0/0

URL
csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=_jrDKRGYNj3eAH.cId3Krg_UumhphTYyJ9Zw8MCVPho-1662557093-0-Aer_qGbuX_YmRKjiEjl3XmQk3iVpSHk20J7T8BDPohXc54fIqAiNlcF-e0P3qbg2XcyZSNs9Qi-QLeyW_UzgWgvjUt4nwIQPf5OXsInb5Ynp
IP
104.18.21.157
ASN
#13335 CLOUDFLARENET

File type
gzip compressed data, max compression\012- data
Size
1.0 kB (1040 bytes)
Hash
84dbed7651e04849a644bee8acaf8b73
dca1cf16c8b806cc2fc15409edecca8e4e47a2c3
ee7a4e15ee9f15294ff13f4303d1b6667bdbc06846c5e7852505e9a5358d4034

Detections

Analyzer	Verdict	Alert
VirusTotal	0/0

JavaScript (32)

	URL	Size	First Seen	Last Seen
	www.google.com/pagead/conversion_async.js	42 kB	2023-03-07	2023-03-17
Pretty URL www.google.com/pagead/conversion_async.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:23:19 Last Seen2023-03-17 12:30:23 Times Seen1 Hash 70049e468e315dbffce0c07753fca6f9 6c1cb5e25675de7746ed7dbb4d103aba9faabea0 94cc0d6d41e4b4bcde2f4f3d6292224215a698f20ffe7915c04cb55146537266 Loading...

	www.saveday-inc.net/assets/pushcrew.js	637 B	2023-03-07	2024-03-20
Pretty URL www.saveday-inc.net/assets/pushcrew.js IP 104.16.13.194 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:29:18 Last Seen2024-03-20 16:33:23 Times Seen1405 Hash 0a67c27615e7d2202f261dcc0a82d744 0fa0a8ca56efded583bd4201821015a63c623d44 f7464960133d530dfa52ce0ab9a5c33f0a709a946ad16298b000a7560738f422 Loading...

	www.saveday-inc.net/optin1638821352637	482 B	2023-03-07	2023-05-21
Pretty URL www.saveday-inc.net/optin1638821352637 IP 104.16.13.194 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:29:18 Last Seen2023-05-21 15:22:25 Times Seen3 Hash c834733e07e2bd76b740e06fb1836fc7 c77b7616cc5c556f2771b2804b014484a2d602ae d7680193207c28b45149ce6a123286f2608ecfb6ed4305fe2562a60dcca302fe Loading...

	www.saveday-inc.net/optin1638821352637	395 B	2023-03-07	2024-03-20
Pretty URL www.saveday-inc.net/optin1638821352637 IP 104.16.13.194 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:29:18 Last Seen2024-03-20 16:33:23 Times Seen1083 Hash b2c93212afb38693d023d97f822acd42 a971c75819436a7c7d9c3b388b8be10f1286fdcb dbde09f9e5cc2ecdeffe30752eac8756ca637e0c524bdbd5b1c7e5704aae004f Loading...

	www.saveday-inc.net/optin1638821352637	104 B	2023-03-07	2024-03-20
Pretty URL www.saveday-inc.net/optin1638821352637 IP 104.16.13.194 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:29:18 Last Seen2024-03-20 16:33:23 Times Seen1184 Hash 00b5ba65cbf82b44301e01048b806055 3be24afc94edb8de2099ccafa2bfcdbfbef301cd 699e1188e23d8be696d8ca3b45d7eba8c1c97f6ce4e9da4051cce63907ea8442 Loading...

	www.saveday-inc.net/optin1638821352637	1.2 kB	2023-03-07	2024-03-13
Pretty URL www.saveday-inc.net/optin1638821352637 IP 104.16.13.194 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:29:18 Last Seen2024-03-13 20:33:05 Times Seen718 Hash f53804c0abbd5d0ead0a41ca2dd89599 39d28f2df6171e4847aafb50cff964da0b33aef0 1dfb574d71b367cdf50909a035c1865d63381accb868b60d395d6ad71c426821 Loading...

	www.google-analytics.com/analytics.js	50 kB	2023-03-07	2024-04-13
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-04-13 18:55:10 Times Seen838 Hash d40531c5e99a6f84e42535859476fe35 a901817d77b2fe5259c298c91bc65c54d7f8a1a9 a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210 Loading...

	www.saveday-inc.net/assets/lander.js	2.3 MB	2023-03-07	2023-03-17
Pretty URL www.saveday-inc.net/assets/lander.js IP 104.16.13.194 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:09 Last Seen2023-03-17 12:27:39 Times Seen1 Hash 55bfc8a713b8bec8d24b6400e8b67cc6 0b52f076ef067091cb0f78672c4a3409969e5ede 5824467254c4dff6cbb9de37d441170f9243287bba4380e206297e2f2c0ef7cd Loading...

	static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194	14 kB	2023-03-07	2024-04-18
Pretty URL static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194 IP 104.18.47.230 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:06 Last Seen2024-04-18 05:57:45 Times Seen1616 Hash 19514b1be5ee33b45d32c1fcd4c67ec2 bdeab77b43cafcc638df9d7c26f1aa7f46bf1fd5 fd0a1ac929c11b08e819fe4b0a18c5574012c44f09de8987c6be99a0f055a505 Loading...

	www.saveday-inc.net/optin1638821352637	130 B	2023-03-07	2023-05-21
Pretty URL www.saveday-inc.net/optin1638821352637 IP 104.16.13.194 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:29:18 Last Seen2023-05-21 15:22:25 Times Seen3 Hash faaff1e64bbf42c5e6adcca1657c510c 3757a7b56286db2e66d699867cd4c7362162c1e0 0af4a7f940c989a6d0e4bcd55409d930727177d3655efe6b2751a8e83e2adbfe Loading...

	connect.facebook.net/signals/config/1954455964797727?v=2.9.79&r=stable	300 kB	2023-03-07	2023-03-07
Pretty URL connect.facebook.net/signals/config/1954455964797727?v=2.9.79&r=stable IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:29:18 Last Seen2023-03-07 13:22:23 Times Seen1 Hash ba9eee1aabe12377c3dd66ff5dca73ac 33e0edd850116163e8bb41033e305a051a52b961 b6d519571a9b6ca92a2ce4d562e50c4a4d73f655e86b331689de5ea6f59f0fd6 Loading...

	js-agent.newrelic.com/nr-1216.min.js	39 kB	2023-03-07	2023-12-02
Pretty URL js-agent.newrelic.com/nr-1216.min.js IP 151.101.86.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:59 Last Seen2023-12-02 09:02:29 Times Seen204 Hash 9f533d8cd24b2c5e3b4dc886ecbd43e8 4aaad79f222fbcf885679bb30ac0cb6c14ec06eb 6f973e7d75a7e6f6e59708f19631c8890034db5debb4d04f189deb53c114e708 Loading...

	www.saveday-inc.net/vendor.js	18 kB	2023-03-07	2024-03-20
Pretty URL www.saveday-inc.net/vendor.js IP 104.16.13.194 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:29:18 Last Seen2024-03-20 16:33:23 Times Seen1309 Hash bf2a8a168c0be1544c34f363c276586e 581e49c9b7bdd06dab54c00931f4256b223e620e 7422e50efbaea439fda7ef3b0eb54ee1a9fe73ea2f919d78a33bf6fb9e3e059d Loading...

	www.googletagmanager.com/gtag/js?id=AW-842761054	116 kB	2023-03-07	2023-03-07
Pretty URL www.googletagmanager.com/gtag/js?id=AW-842761054 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:22:23 Last Seen2023-03-07 13:22:23 Times Seen1 Hash 2edc6600005e3c8e7aa6fadfdbe04dcb e6c034f6b4130281a26e50180f120b5ec221c95c 45724f36fd9d29d59de6b9cf5505d55f3450af359c2dd16e60b6ddf436e37eb7 Loading...

	www.saveday-inc.net/optin1638821352637	3 B	2023-03-07	2024-04-16
Pretty URL www.saveday-inc.net/optin1638821352637 IP 104.16.13.194 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:22 Last Seen2024-04-16 22:03:45 Times Seen1136 Hash f67be96ce768fb5b40aecf0438f97886 d27fecd03a022cc6f670ca42ef1b99d5f5bcc74c 3441b5696d6abf2bd959d18bcb31dde8239a6ad8185bfa659af60bc764c238a8 Loading...

	www.saveday-inc.net/optin1638821352637	10 kB	2023-03-07	2023-03-17
Pretty URL www.saveday-inc.net/optin1638821352637 IP 104.16.13.194 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:29:18 Last Seen2023-03-17 12:27:39 Times Seen1 Hash 61abdb73cf60f39fa1f99dbd202754ac 8d0f53cfd61600543702b775cccfdb6cff316a83 42f0f6e0965f466635a6785e94642889e31ade69c5d6c892182d03c91abd6082 Loading...

	www.saveday-inc.net/optin1638821352637	1.0 kB	2023-03-07	2024-03-20
Pretty URL www.saveday-inc.net/optin1638821352637 IP 104.16.13.194 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:29:18 Last Seen2024-03-20 16:33:23 Times Seen1073 Hash 7e04d8a0aac6ab1ec08163bd215a5711 f425cd8bab39529985cf2a9cf866a877b4fca17a 4e3d5220213c311337410362a4654f5ea226e71707a85229385cec6d871cc05a Loading...

	www.saveday-inc.net/optin1638821352637	247 B	2023-03-07	2023-03-07
Pretty URL www.saveday-inc.net/optin1638821352637 IP 104.16.13.194 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:29:18 Last Seen2023-03-07 13:22:23 Times Seen1 Hash bb67153cd740c7fece5570dac3d53b70 5aa76305cbd5ba001accf244db3573c62133e1de bee1c5036828dd5c93940c46b9812f8f762409e7407ef8cfe358167fe44758b2 Loading...

	www.saveday-inc.net/optin1638821352637	341 B	2023-03-07	2023-05-21
Pretty URL www.saveday-inc.net/optin1638821352637 IP 104.16.13.194 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:29:18 Last Seen2023-05-21 15:22:25 Times Seen3 Hash 0898cf9b054fb4f43f62525e4f641caa eca3f76140b40e5c5ca2fbc2bc42ac4c1cb6b211 5b36bfb50c269265a116c6df8284845763939bbf6d3abdf6967edfd772804a09 Loading...

	www.saveday-inc.net/optin1638821352637	271 B	2023-03-07	2024-03-20
Pretty URL www.saveday-inc.net/optin1638821352637 IP 104.16.13.194 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:29:18 Last Seen2024-03-20 16:33:23 Times Seen1079 Hash c0d8faa83b4d63e92f56614251d001d4 4377d94b43b83ca010c78aa4c482d86ca19a9593 1d35b00811c224b9c83537f23634d9e7b07f75841c3d99e6ded3c759571f45a7 Loading...

	app.clickfunnels.com/mailcheck.min.js	2.7 kB	2023-03-07	2024-03-13
Pretty URL app.clickfunnels.com/mailcheck.min.js IP 104.16.13.194 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:29:18 Last Seen2024-03-13 20:33:05 Times Seen1044 Hash 199756d42d03ff6741642748ea00028d b5c4f6fd1b0e5d1bac97870b3885d08ccb7d2ac1 e0189e16cf01f8149342c9f2de872cfa73571f2a145a830f18b16154bf1d2982 Loading...

	bam.nr-data.net/1/NRJS-fc902efb332119fff33?a=367981416&v=1216.487a282&to=dFZWTENWVQ9QExdNRlJLSFlWXEpMRQBfXUYYSU1aXVBKC1AF&rst=4942&ck=1&ref=https://www.saveday-inc.net/optin1638821352637&ap=508&be=618&fe=4688&dc=1285&perf=%7B%22timing%22:%7B%22of%22:1662557085927,%22n%22:0,%22f%22:400,%22dn%22:406,%22dne%22:406,%22c%22:406,%22s%22:410,%22ce%22:430,%22rq%22:430,%22rp%22:582,%22rpe%22:584,%22dl%22:598,%22di%22:1258,%22ds%22:1284,%22de%22:1389,%22dc%22:4687,%22l%22:4687,%22le%22:4801%7D,%22navigation%22:%7B%7D%7D&fcp=1001&jsonp=NREUM.setToken	49 B	2023-03-07	2024-03-22
Pretty URL bam.nr-data.net/1/NRJS-fc902efb332119fff33?a=367981416&v=1216.487a282&to=dFZWTENWVQ9QExdNRlJLSFlWXEpMRQBfXUYYSU1aXVBKC1AF&rst=4942&ck=1&ref=https://www.saveday-inc.net/optin1638821352637&ap=508&be=618&fe=4688&dc=1285&perf=%7B%22timing%22:%7B%22of%22:1662557085927,%22n%22:0,%22f%22:400,%22dn%22:406,%22dne%22:406,%22c%22:406,%22s%22:410,%22ce%22:430,%22rq%22:430,%22rp%22:582,%22rpe%22:584,%22dl%22:598,%22di%22:1258,%22ds%22:1284,%22de%22:1389,%22dc%22:4687,%22l%22:4687,%22le%22:4801%7D,%22navigation%22:%7B%7D%7D&fcp=1001&jsonp=NREUM.setToken IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:54 Last Seen2024-03-22 06:11:42 Times Seen2776 Hash ada33e5b8877e743ff658bf4bfa1867c 5a78662243dac43c0ee48bcb7e05a536b84c2e38 dac715f087720dd7ff7067f5d2ec1988851fa93140ae8a9cbfaa15659dd7fd82 Loading...

	www.saveday-inc.net/optin1638821352637	101 B	2023-03-07	2024-03-20
Pretty URL www.saveday-inc.net/optin1638821352637 IP 104.16.13.194 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:29:18 Last Seen2024-03-20 16:33:23 Times Seen1072 Hash 58d9451139b4d777d43d7c3e074a944a 58dbf64854e67993dd579ecc78d1a32fea9266ed 85f043b5d0590f154a02cf29f549340485f0e6dd78c70ab8746555092fc9d493 Loading...

	unknown	0 B	2023-03-07	2024-04-18
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-18 10:03:28 Times Seen36934628 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	www.saveday-inc.net/optin1638821352637	594 B	2023-03-07	2023-03-07
Pretty URL www.saveday-inc.net/optin1638821352637 IP 104.16.13.194 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:29:18 Last Seen2023-03-07 13:22:23 Times Seen1 Hash ada7715cd3e500e96a95316268664a7b 1aa9197838adacf991f2a88186b8b43d3dd7bc6b 180721da5182d2815f66c6b0a310eefe1ecdda94c4a678b638157cebc3a61c61 Loading...

	www.saveday-inc.net/optin1638821352637	1.6 kB	2023-03-07	2024-03-20
Pretty URL www.saveday-inc.net/optin1638821352637 IP 104.16.13.194 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:29:18 Last Seen2024-03-20 16:33:23 Times Seen1072 Hash 9695240da93eaffb74ee6d46ae6ea5da f545f6cec4b5da6fb0a50a17ee0bc878030c5047 88533b116813899d4cf0751961b7568763677a97033cfb35180d523e2cf2cfd1 Loading...

	connect.facebook.net/en_US/fbevents.js	103 kB	2023-03-07	2023-08-11
Pretty URL connect.facebook.net/en_US/fbevents.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:12:31 Last Seen2023-08-11 03:38:40 Times Seen44 Hash 026f52d67397fda8ff7ddb28ee932f39 44a56e64bfdba3ceff45066d88f3b8f3db2c9ca3 5ae95e748ad12444cd760e245c02264cea3e8deb41fabd95f1e0784b81f72783 Loading...

	googleads.g.doubleclick.net/pagead/viewthroughconversion/842761054/?random=1662557087658&cv=9&fst=1662557087658&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8v0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.saveday-inc.net%2Foptin1638821352637&tiba=SaveDay&auid=2088749376.1662557087&hn=www.google.com&async=1&rfmt=3&fmt=4	2.3 kB	2023-03-07	2023-03-07
Pretty URL googleads.g.doubleclick.net/pagead/viewthroughconversion/842761054/?random=1662557087658&cv=9&fst=1662557087658&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8v0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.saveday-inc.net%2Foptin1638821352637&tiba=SaveDay&auid=2088749376.1662557087&hn=www.google.com&async=1&rfmt=3&fmt=4 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:22:23 Last Seen2023-03-07 13:22:23 Times Seen1 Hash 08c0dd3f93726f6401ab717f3dc27523 494e5f4646ebedb68393b32a2755da2c2e6227c3 5ca075f9a3f1c10a7f44ab9f4654afc4652279a120dd087d1e409de1706c6835 Loading...

	www.saveday-inc.net/optin1638821352637	280 B	2023-03-07	2023-03-07
Pretty URL www.saveday-inc.net/optin1638821352637 IP 104.16.13.194 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:22:23 Last Seen2023-03-07 13:22:23 Times Seen1 Hash a4ce238dda501a792ca364f1e90a8f60 ad19266c82a405446e091442a6e700e8868b91ef ce8f3dc3b6c382163511756940cc2d9d190a71f4e257fa74d9986355bca9a082 Loading...

	www.saveday-inc.net/assets/userevents/application.js	4.9 kB	2023-03-07	2023-03-17
Pretty URL www.saveday-inc.net/assets/userevents/application.js IP 104.16.13.194 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:29:18 Last Seen2023-03-17 12:27:39 Times Seen1 Hash 8c7a2fbb2ccf04e864c50ff46ff6975d 1f9e9ece9dd37561093248324faa202260eb616c 004e3565fa58bd4ff0cbf31deb5451508a5ec7d46c4480f9bfa23326f187a158 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 8ecd378e4eb7ea5dcef71300632bd86f	119 B	2023-03-07	2023-03-07
Pretty Observations First Seen2023-03-07 01:29:18 Last Seen2023-03-07 13:22:23 Times Seen1 Hash 8ecd378e4eb7ea5dcef71300632bd86f 7bc0eb03718e4795c62bec5737785a2841c92b70 a2f901be3de4422661b5ce7f5e37d51d3c65a2297d1dd2c0130aa3605ab6ceed Loading...

	#2 Eval - 2aa74ac3a264c3e10ae463a262aaf72c	20 kB	2023-03-07	2024-03-20
Pretty Observations First Seen2023-03-07 01:29:18 Last Seen2024-03-20 16:33:23 Times Seen1092 Hash 2aa74ac3a264c3e10ae463a262aaf72c c5ff579cf0cc2ba1d98711b366ec148152abbaf5 9c1ea695852f01d2fc6027d572b126b740a9c4634540fb0d39ea3656377eef77 Loading...

HTTP Transactions (89)

URL IP Response Size

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b9adda4796e3cda8d92753c46964621c
5f1eba1f6085b23dea088a91fe6f8947172f9f62
a0577a8fcfa81b3f86d99566eb4429655b93a238ffd1a3752bc9aae3d969deea

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A0577A8FCFA81B3F86D99566EB4429655B93A238FFD1A3752BC9AAE3D969DEEA"
Last-Modified: Tue, 06 Sep 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2999
Expires: Wed, 07 Sep 2022 14:14:51 GMT
Date: Wed, 07 Sep 2022 13:24:52 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

143.204.55.27

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.27:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
99b7d23c1748d0526782b9ff9ea45f09
eadd801a3ba2aa00632c6fb52e1f9125bd6d5b4f
48f81668f76955320480b484138aebdad5d03c471036b4449c737aca1ecab08e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Content-Length, Backoff, Retry-After, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 07 Sep 2022 13:04:41 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 095562e8748e634f880ee3c4ada2b6d0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: VecgpEQ3pSb0pCIZhq7vSRPW9SNehVHKTBq8gHKXWk_mHRDDZx042A==
Age: 1211

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain

143.204.55.110

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP
143.204.55.110:0
ASN
#16509 AMAZON-02

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Wed, 07 Sep 2022 03:46:35 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 9dd61138197a68f8d69f12574aab6930.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: PIckmIt8VqHPG05JrdMu-8p86mxA16A5TRHu0FsS5O0DDi-k12hRPA==
age: 34698
X-Firefox-Spdy: h2

www.saveday-inc.net/optin2widllds

104.16.14.194

302 Found

492 B

URL HTTP/1.1
www.saveday-inc.net/optin2widllds
IP
104.16.14.194:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (477)
Size
492 B (492 bytes)
Hash
cafc0a2e782e1a7f8855f809a3835a5d
2057be0107fe88006d08752a7959861b59cdb8fd
1f4d945639b26abb863c3e3e8b4f158bcec7f9af951c0260e5a61d2b8490806d

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /optin2widllds HTTP/1.1
Host: www.saveday-inc.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 Found
Date: Wed, 07 Sep 2022 13:24:52 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://www.saveday-inc.net/optin1638821352637
CF-Ray: 746fc464af83b4fa-OSL
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Vary: Accept-Encoding
CF-Cache-Status: MISS
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
Status: 302 Found
X-Frame-Options: ALLOWALL
X-Powered-By: Phusion Passenger Enterprise 6.0.7
X-Rack-Cache: miss
X-Request-Id: 3a5b7ab70e8427ab506a26c5dd997f76
X-Runtime: 0.117161
Set-Cookie: __cf_bm=XVvge4LSmUAB6yesiJ_pe29hb89ngGyzlxQzUzKQpBw-1662557092-0-AaHPw4AKHROm2ttlUFYMqyDS0L61giYDwMpy6u6td/KYaNVk1zH8HayVKyB/sHbNOAJiz0wGD6fq9WKU68XiGc/FY/t3qXewiGZFVMN9hQ2d; path=/; expires=Wed, 07-Sep-22 13:54:52 GMT; domain=.www.saveday-inc.net; HttpOnly; SameSite=None
Server: cloudflare
alt-svc: h2=":443"; ma=60

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Wed, 07 Sep 2022 13:24:52 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

www.saveday-inc.net/hosted/images/14/3fecf0667511e7a4522fc393ea60c4/vmc-logo.png

104.16.13.194

200 OK

11 kB

URL HTTP/2
www.saveday-inc.net/hosted/images/14/3fecf0667511e7a4522fc393ea60c4/vmc-logo.png
IP
104.16.13.194:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 395 x 115, 8-bit colormap, non-interlaced\012- data
Size
11 kB (11042 bytes)
Hash
a8319ced5fa45dbf94a312e1ad9e9d8e
d88a08d5a2a5c6ee3775b6cc16960b2ae69c4cc8
e6bbcf641c1e1950dda2d905d5d209d7426fcfe31f9dccd067e97fb4a9a16000

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /hosted/images/14/3fecf0667511e7a4522fc393ea60c4/vmc-logo.png HTTP/1.1
Host: www.saveday-inc.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.saveday-inc.net/optin1638821352637
Cookie: __cf_bm=SJitCKiXrGXcKUmes8G0MEb1Ed8eTEEkmARz7nevfy8-1662557093-0-AT48X99IWscCwTGT2PRigHlgGk5haccVMj0ic1/DLtJw3f06iFOU25blbrc9G58KA8AH79OstgrvT7v0vOgHaHUK+CKx16O9sTYNYAIFFVih
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 07 Sep 2022 13:24:53 GMT
content-type: image/png
content-length: 11042
cf-ray: 746fc468994bb509-OSL
accept-ranges: bytes
cache-control: max-age=31536000
etag: "a8319ced5fa45dbf94a312e1ad9e9d8e"
last-modified: Tue, 11 Jul 2017 20:11:13 GMT
cf-cache-status: MISS
x-amz-cf-pop: OSL50-C1
vary: Accept-Encoding
server: cloudflare
X-Firefox-Spdy: h2

www.saveday-inc.net/hosted/images/18/ae751067fe11e7b1f597f4a4384b61/bizlendr.png

104.16.13.194

200 OK

20 kB

URL HTTP/2
www.saveday-inc.net/hosted/images/18/ae751067fe11e7b1f597f4a4384b61/bizlendr.png
IP
104.16.13.194:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 500 x 128, 8-bit colormap, non-interlaced\012- data
Size
20 kB (20025 bytes)
Hash
0b0d99a146d61334abaad568d18e5b01
f893dd595bd067ea1ed1879aa5792bf2d32337e5
8af8af276e195c7ff5e83a813e8f4542ceb059b0548ad094a92799882d25a5fa

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /hosted/images/18/ae751067fe11e7b1f597f4a4384b61/bizlendr.png HTTP/1.1
Host: www.saveday-inc.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.saveday-inc.net/optin1638821352637
Cookie: __cf_bm=SJitCKiXrGXcKUmes8G0MEb1Ed8eTEEkmARz7nevfy8-1662557093-0-AT48X99IWscCwTGT2PRigHlgGk5haccVMj0ic1/DLtJw3f06iFOU25blbrc9G58KA8AH79OstgrvT7v0vOgHaHUK+CKx16O9sTYNYAIFFVih
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 07 Sep 2022 13:24:53 GMT
content-type: image/png
content-length: 20025
cf-ray: 746fc468a952b509-OSL
accept-ranges: bytes
cache-control: max-age=31536000
etag: "0b0d99a146d61334abaad568d18e5b01"
last-modified: Thu, 13 Jul 2017 19:04:33 GMT
cf-cache-status: MISS
x-amz-cf-pop: OSL50-C1
vary: Accept-Encoding
server: cloudflare
X-Firefox-Spdy: h2

www.saveday-inc.net/hosted/images/5b/c23330667511e78cd7b3b12e64f51a/sbf-logo-2015.png

104.16.13.194

200 OK

4.3 kB

URL HTTP/2
www.saveday-inc.net/hosted/images/5b/c23330667511e78cd7b3b12e64f51a/sbf-logo-2015.png
IP
104.16.13.194:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 800 x 120, 8-bit colormap, non-interlaced\012- data
Size
4.3 kB (4297 bytes)
Hash
723958dfc7b2d6fb4956404751e621b8
d1af418aa8263d6054c7b1fa2b814d03eedfcd07
580fca02db8385d70d615d73437dc607f508b61a4eae2fcb7c47f79509bed09f

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /hosted/images/5b/c23330667511e78cd7b3b12e64f51a/sbf-logo-2015.png HTTP/1.1
Host: www.saveday-inc.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.saveday-inc.net/optin1638821352637
Cookie: __cf_bm=SJitCKiXrGXcKUmes8G0MEb1Ed8eTEEkmARz7nevfy8-1662557093-0-AT48X99IWscCwTGT2PRigHlgGk5haccVMj0ic1/DLtJw3f06iFOU25blbrc9G58KA8AH79OstgrvT7v0vOgHaHUK+CKx16O9sTYNYAIFFVih
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 07 Sep 2022 13:24:53 GMT
content-type: image/png
content-length: 4297
cf-ray: 746fc468994db509-OSL
accept-ranges: bytes
cache-control: max-age=31536000
etag: "723958dfc7b2d6fb4956404751e621b8"
last-modified: Tue, 11 Jul 2017 20:13:13 GMT
cf-cache-status: MISS
x-amz-cf-pop: OSL50-C1
vary: Accept-Encoding
server: cloudflare
X-Firefox-Spdy: h2

www.saveday-inc.net/hosted/images/4e/ef52f098b111e7b71b9976c38ffff7/whatever2.png

104.16.13.194

200 OK

26 kB

URL HTTP/2
www.saveday-inc.net/hosted/images/4e/ef52f098b111e7b71b9976c38ffff7/whatever2.png
IP
104.16.13.194:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 405 x 872, 8-bit colormap, non-interlaced\012- data
Size
26 kB (25914 bytes)
Hash
538af34ea4ab473bd579d5d061172388
cdbbbbca4a5f72b942d9ccb74621dc33d17b5a0d
f98f0c220ec61ba7d68c78c464d929e56344c7f567df374d48e6e7ef7644b66a

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /hosted/images/4e/ef52f098b111e7b71b9976c38ffff7/whatever2.png HTTP/1.1
Host: www.saveday-inc.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.saveday-inc.net/optin1638821352637
Cookie: __cf_bm=SJitCKiXrGXcKUmes8G0MEb1Ed8eTEEkmARz7nevfy8-1662557093-0-AT48X99IWscCwTGT2PRigHlgGk5haccVMj0ic1/DLtJw3f06iFOU25blbrc9G58KA8AH79OstgrvT7v0vOgHaHUK+CKx16O9sTYNYAIFFVih
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 07 Sep 2022 13:24:53 GMT
content-type: image/png
content-length: 25914
cf-ray: 746fc4689949b509-OSL
accept-ranges: bytes
cache-control: max-age=31536000
etag: "538af34ea4ab473bd579d5d061172388"
last-modified: Wed, 13 Sep 2017 18:28:21 GMT
cf-cache-status: MISS
x-amz-cf-pop: OSL50-C1
vary: Accept-Encoding
server: cloudflare
X-Firefox-Spdy: h2

www.saveday-inc.net/hosted/images/de/0e695067fe11e792f73f20b3520f1e/logo.png

104.16.13.194

200 OK

2.5 kB

URL HTTP/2
www.saveday-inc.net/hosted/images/de/0e695067fe11e792f73f20b3520f1e/logo.png
IP
104.16.13.194:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 378 x 88, 8-bit colormap, non-interlaced\012- data
Size
2.5 kB (2492 bytes)
Hash
05bfa1b2ab184dc7ea68a0265d3ff73e
6fb3612c62d80e52d8b2ecd853c600a2c4ab5a85
ad2ee6410ab30d6711b25ae0bf436a87f42e87b7caf69690d1335ad70ad3177d

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /hosted/images/de/0e695067fe11e792f73f20b3520f1e/logo.png HTTP/1.1
Host: www.saveday-inc.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.saveday-inc.net/optin1638821352637
Cookie: __cf_bm=SJitCKiXrGXcKUmes8G0MEb1Ed8eTEEkmARz7nevfy8-1662557093-0-AT48X99IWscCwTGT2PRigHlgGk5haccVMj0ic1/DLtJw3f06iFOU25blbrc9G58KA8AH79OstgrvT7v0vOgHaHUK+CKx16O9sTYNYAIFFVih
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 07 Sep 2022 13:24:53 GMT
content-type: image/png
content-length: 2492
cf-ray: 746fc468a95db509-OSL
accept-ranges: bytes
cache-control: max-age=31536000
etag: "05bfa1b2ab184dc7ea68a0265d3ff73e"
last-modified: Thu, 13 Jul 2017 19:10:04 GMT
cf-cache-status: MISS
x-amz-cf-pop: OSL50-C1
vary: Accept-Encoding
server: cloudflare
X-Firefox-Spdy: h2

www.saveday-inc.net/hosted/images/13/8bb6408e8411e7b85fdf1b4f68b035/try8001.png

104.16.13.194

200 OK

29 kB

URL HTTP/2
www.saveday-inc.net/hosted/images/13/8bb6408e8411e7b85fdf1b4f68b035/try8001.png
IP
104.16.13.194:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 1008 x 727, 8-bit colormap, non-interlaced\012- data
Size
29 kB (28863 bytes)
Hash
359b179cc2c42c8c056f487c793001ec
05b7a018d1c4e0e7713113078eabdaab6224f612
fb77000c1f1905aae5c49facba6eb39b98b1e64e3220f919ee8b14c3a9a75726

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /hosted/images/13/8bb6408e8411e7b85fdf1b4f68b035/try8001.png HTTP/1.1
Host: www.saveday-inc.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.saveday-inc.net/optin1638821352637
Cookie: __cf_bm=SJitCKiXrGXcKUmes8G0MEb1Ed8eTEEkmARz7nevfy8-1662557093-0-AT48X99IWscCwTGT2PRigHlgGk5haccVMj0ic1/DLtJw3f06iFOU25blbrc9G58KA8AH79OstgrvT7v0vOgHaHUK+CKx16O9sTYNYAIFFVih
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 07 Sep 2022 13:24:53 GMT
content-type: image/png
content-length: 28863
cf-ray: 746fc4689947b509-OSL
accept-ranges: bytes
cache-control: max-age=31536000
etag: "359b179cc2c42c8c056f487c793001ec"
last-modified: Thu, 31 Aug 2017 19:39:28 GMT
cf-cache-status: MISS
x-amz-cf-pop: OSL50-C1
vary: Accept-Encoding
server: cloudflare
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c0498832f97967e1fbaa64eba7c65094
2dcaaa99759c7b3279d75f4f934bf05a1c4ca8e7
63621ee746f1a80c3c6167ca190e5008e3e79db0bc8f0e5cb0e5dccc11ceb822

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Sep 2022 13:24:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.saveday-inc.net/hosted/images/17/ebf2f067ff11e7ad5ebb6414c806b3/logo-_1_.png

104.16.13.194

200 OK

19 kB

URL HTTP/2
www.saveday-inc.net/hosted/images/17/ebf2f067ff11e7ad5ebb6414c806b3/logo-_1_.png
IP
104.16.13.194:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 2850 x 468, 8-bit colormap, non-interlaced\012- data
Size
19 kB (19131 bytes)
Hash
0fbdcd0f6b039c13b6ed66be70fc0314
36b7bc5d12241223cbef098fe38e43147c2a967d
c972c2a7d41b2b76280b7a407864155f8b6958d243e8694b65450b021a0f0477

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /hosted/images/17/ebf2f067ff11e7ad5ebb6414c806b3/logo-_1_.png HTTP/1.1
Host: www.saveday-inc.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.saveday-inc.net/optin1638821352637
Cookie: __cf_bm=SJitCKiXrGXcKUmes8G0MEb1Ed8eTEEkmARz7nevfy8-1662557093-0-AT48X99IWscCwTGT2PRigHlgGk5haccVMj0ic1/DLtJw3f06iFOU25blbrc9G58KA8AH79OstgrvT7v0vOgHaHUK+CKx16O9sTYNYAIFFVih
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 07 Sep 2022 13:24:53 GMT
content-type: image/png
content-length: 19131
cf-ray: 746fc468a95eb509-OSL
accept-ranges: bytes
cache-control: max-age=31536000
etag: "0fbdcd0f6b039c13b6ed66be70fc0314"
last-modified: Thu, 13 Jul 2017 19:11:44 GMT
cf-cache-status: MISS
x-amz-cf-pop: OSL50-C1
vary: Accept-Encoding
server: cloudflare
X-Firefox-Spdy: h2

www.saveday-inc.net/hosted/images/e3/5898c0668411e7acaccf8145dd3756/ev.png

104.16.13.194

200 OK

6.7 kB

URL HTTP/2
www.saveday-inc.net/hosted/images/e3/5898c0668411e7acaccf8145dd3756/ev.png
IP
104.16.13.194:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 400 x 90, 8-bit colormap, non-interlaced\012- data
Size
6.7 kB (6681 bytes)
Hash
f68b926f96eb6f38c9f7ce0a971ba829
b8dd228cc203a00d134bccc02dd75e7405aa6caa
d95d481199724f2d02fd35875e38da134650283fed9732139c13ddd029439343

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /hosted/images/e3/5898c0668411e7acaccf8145dd3756/ev.png HTTP/1.1
Host: www.saveday-inc.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.saveday-inc.net/optin1638821352637
Cookie: __cf_bm=SJitCKiXrGXcKUmes8G0MEb1Ed8eTEEkmARz7nevfy8-1662557093-0-AT48X99IWscCwTGT2PRigHlgGk5haccVMj0ic1/DLtJw3f06iFOU25blbrc9G58KA8AH79OstgrvT7v0vOgHaHUK+CKx16O9sTYNYAIFFVih
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 07 Sep 2022 13:24:53 GMT
content-type: image/png
content-length: 6681
cf-ray: 746fc468a951b509-OSL
accept-ranges: bytes
cache-control: max-age=31536000
etag: "f68b926f96eb6f38c9f7ce0a971ba829"
last-modified: Tue, 11 Jul 2017 22:04:22 GMT
cf-cache-status: MISS
x-amz-cf-pop: OSL50-C1
vary: Accept-Encoding
server: cloudflare
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c0498832f97967e1fbaa64eba7c65094
2dcaaa99759c7b3279d75f4f934bf05a1c4ca8e7
63621ee746f1a80c3c6167ca190e5008e3e79db0bc8f0e5cb0e5dccc11ceb822

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Sep 2022 13:24:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

143.204.55.27

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
143.204.55.27:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, ETag, Backoff, Last-Modified, Pragma, Cache-Control, Expires, Content-Type, Content-Length, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Wed, 07 Sep 2022 12:38:18 GMT
Expires: Wed, 07 Sep 2022 12:58:45 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 f46f7100ad6fc83a021f62212f945830.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: ELLDRPIUknVgmp6swW4ayYJ3l-ZTWko3DVYdRijS45kmzQcKwQXNcw==
Age: 2795

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
62c739a1335c5cf0fd4e783db6cdf14b
4f4a2acf32a7b7d8d86f7d0b037cdd16d59704ff
de1d42a2f47b8a7f1fed1880f1b485f63a5e07ede87fee3194cabeab056cf6f9

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Sep 2022 13:24:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googletagmanager.com/gtm.js?id=GTM-P958L4W

142.250.74.72

200 OK

56 kB

URL HTTP/2
www.googletagmanager.com/gtm.js?id=GTM-P958L4W
IP
142.250.74.72:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (5176)
Size
56 kB (56480 bytes)
Hash
f6fc53d37cd4ef8dc215c2ab8d00a56c
aca68e2576df6a8c7c2c7282293598f3ae0f2196
b54880d829c5e935726ef2b557867461965bb08780bc377c956ec2a6eaacea51

HTTP Headers

GET /gtm.js?id=GTM-P958L4W HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.saveday-inc.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 07 Sep 2022 13:24:53 GMT
expires: Wed, 07 Sep 2022 13:24:53 GMT
cache-control: private, max-age=900
last-modified: Wed, 07 Sep 2022 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 56480
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.saveday-inc.net/hosted/images/ab/5dfff0471a11e7855f5dca53cab33b/cloudstrip-hero_2x.png

104.16.13.194

200 OK

73 kB

URL HTTP/2
www.saveday-inc.net/hosted/images/ab/5dfff0471a11e7855f5dca53cab33b/cloudstrip-hero_2x.png
IP
104.16.13.194:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 2672 x 586, 8-bit colormap, non-interlaced\012- data
Size
73 kB (72836 bytes)
Hash
dbd17d87cba35875b87a1d0333e07214
b5ccaf88d53022b112e9e060e53ce611d6e8834b
149cc0e62e4f5a30b5625466d0427f3260aa7d7320b214c91056d8b40fff6f39

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /hosted/images/ab/5dfff0471a11e7855f5dca53cab33b/cloudstrip-hero_2x.png HTTP/1.1
Host: www.saveday-inc.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.saveday-inc.net/optin1638821352637
Cookie: __cf_bm=SJitCKiXrGXcKUmes8G0MEb1Ed8eTEEkmARz7nevfy8-1662557093-0-AT48X99IWscCwTGT2PRigHlgGk5haccVMj0ic1/DLtJw3f06iFOU25blbrc9G58KA8AH79OstgrvT7v0vOgHaHUK+CKx16O9sTYNYAIFFVih
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 07 Sep 2022 13:24:53 GMT
content-type: image/png
content-length: 72836
cf-ray: 746fc46a4c35b509-OSL
accept-ranges: bytes
cache-control: max-age=31536000
etag: "dbd17d87cba35875b87a1d0333e07214"
last-modified: Thu, 01 Jun 2017 22:36:04 GMT
cf-cache-status: MISS
x-amz-cf-pop: OSL50-C1
vary: Accept-Encoding
server: cloudflare
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
62c739a1335c5cf0fd4e783db6cdf14b
4f4a2acf32a7b7d8d86f7d0b037cdd16d59704ff
de1d42a2f47b8a7f1fed1880f1b485f63a5e07ede87fee3194cabeab056cf6f9

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Sep 2022 13:24:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=_jrDKRGYNj3eAH.cId3Krg_UumhphTYyJ9Zw8MCVPho-1662557093-0-Aer_qGbuX_YmRKjiEjl3XmQk3iVpSHk20J7T8BDPohXc54fIqAiNlcF-e0P3qbg2XcyZSNs9Qi-QLeyW_UzgWgvjUt4nwIQPf5OXsInb5Ynp

104.18.21.157

200 OK

471 B

URL HTTP/2
csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=_jrDKRGYNj3eAH.cId3Krg_UumhphTYyJ9Zw8MCVPho-1662557093-0-Aer_qGbuX_YmRKjiEjl3XmQk3iVpSHk20J7T8BDPohXc54fIqAiNlcF-e0P3qbg2XcyZSNs9Qi-QLeyW_UzgWgvjUt4nwIQPf5OXsInb5Ynp
IP
104.18.21.157:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
a81b0f5b5d11bf95fc176833b2f6e808
5b194aa5a8bf3a6b0d117ccfd0f487f6db0587b5
8f6ae83f2b85db7174bbbc6553e2921617b5c8a401315e76082682949a0bd9cc

HTTP Headers

POST /cdn-cgi/script_monitor/report?m=_jrDKRGYNj3eAH.cId3Krg_UumhphTYyJ9Zw8MCVPho-1662557093-0-Aer_qGbuX_YmRKjiEjl3XmQk3iVpSHk20J7T8BDPohXc54fIqAiNlcF-e0P3qbg2XcyZSNs9Qi-QLeyW_UzgWgvjUt4nwIQPf5OXsInb5Ynp HTTP/1.1
Host: csp-reporting.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/csp-report
Content-Length: 553
Origin: https://www.saveday-inc.net
Connection: keep-alive
Sec-Fetch-Dest: report
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Wed, 07 Sep 2022 13:24:53 GMT
server: cloudflare
cf-ray: 746fc4692a080b69-OSL
x-frame-options: DENY
x-content-type-options: nosniff
X-Firefox-Spdy: h2

www.saveday-inc.net/hosted/images/ab/88d21326a04b7b856568fb725e7bda/fa-logo1.png

104.16.13.194

200 OK

10 kB

URL HTTP/2
www.saveday-inc.net/hosted/images/ab/88d21326a04b7b856568fb725e7bda/fa-logo1.png
IP
104.16.13.194:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 253 x 50, 8-bit/color RGBA, non-interlaced\012- data
Size
10 kB (10077 bytes)
Hash
77b1a9149d16b03a46a6c04e8c7a5aae
c1d4deb42b6eef43914d9f44a45f720a427ca18f
1bee03fe6a3e710b9fb29e414ec7f38a941dc5f9082826479cb8bf62a753f50b

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /hosted/images/ab/88d21326a04b7b856568fb725e7bda/fa-logo1.png HTTP/1.1
Host: www.saveday-inc.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.saveday-inc.net/optin1638821352637
Cookie: __cf_bm=SJitCKiXrGXcKUmes8G0MEb1Ed8eTEEkmARz7nevfy8-1662557093-0-AT48X99IWscCwTGT2PRigHlgGk5haccVMj0ic1/DLtJw3f06iFOU25blbrc9G58KA8AH79OstgrvT7v0vOgHaHUK+CKx16O9sTYNYAIFFVih
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 07 Sep 2022 13:24:53 GMT
content-type: image/png
content-length: 10077
cf-ray: 746fc4689944b509-OSL
accept-ranges: bytes
cache-control: max-age=31536000
etag: "77b1a9149d16b03a46a6c04e8c7a5aae"
last-modified: Tue, 23 Nov 2021 21:15:27 GMT
cf-cache-status: MISS
x-amz-cf-pop: OSL50-C1
vary: Accept-Encoding
server: cloudflare
X-Firefox-Spdy: h2

104.18.21.157

200 OK

46 kB

URL HTTP/2
csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=_jrDKRGYNj3eAH.cId3Krg_UumhphTYyJ9Zw8MCVPho-1662557093-0-Aer_qGbuX_YmRKjiEjl3XmQk3iVpSHk20J7T8BDPohXc54fIqAiNlcF-e0P3qbg2XcyZSNs9Qi-QLeyW_UzgWgvjUt4nwIQPf5OXsInb5Ynp
IP
104.18.21.157:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
46 kB (45930 bytes)
Hash
4ca84bc5f3c3f14d0acfdfb8a0c9f280
fa95a098c5c86cdb0e6a51e2af3363508d01e5dc
f5361a8043e14a9de34cda4852a870bcaf47049dd385c52f56c5feb9394edf5d

HTTP Headers

POST /cdn-cgi/script_monitor/report?m=_jrDKRGYNj3eAH.cId3Krg_UumhphTYyJ9Zw8MCVPho-1662557093-0-Aer_qGbuX_YmRKjiEjl3XmQk3iVpSHk20J7T8BDPohXc54fIqAiNlcF-e0P3qbg2XcyZSNs9Qi-QLeyW_UzgWgvjUt4nwIQPf5OXsInb5Ynp HTTP/1.1
Host: csp-reporting.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/csp-report
Content-Length: 495
Origin: https://www.saveday-inc.net
Connection: keep-alive
Sec-Fetch-Dest: report
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Wed, 07 Sep 2022 13:24:53 GMT
server: cloudflare
cf-ray: 746fc46c6db80b69-OSL
x-frame-options: DENY
x-content-type-options: nosniff
X-Firefox-Spdy: h2

push.services.mozilla.com/

52.36.24.174

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.36.24.174:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: FNnK+8bu1JoltpvVnCDpSw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 22RKNwLsADLmMVKO4CNBPezJdKs=

104.18.21.157

200 OK

471 B

URL HTTP/2
csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=_jrDKRGYNj3eAH.cId3Krg_UumhphTYyJ9Zw8MCVPho-1662557093-0-Aer_qGbuX_YmRKjiEjl3XmQk3iVpSHk20J7T8BDPohXc54fIqAiNlcF-e0P3qbg2XcyZSNs9Qi-QLeyW_UzgWgvjUt4nwIQPf5OXsInb5Ynp
IP
104.18.21.157:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
0b218225171cae57237cd71ae6f3347b
821f6cda5bf110fad5777736e92a27db636d488c
1372a445d0f8e9b0b2b3abb6762ca5ec3867bb42928aa2f7ed84a47f660f3c59

HTTP Headers

POST /cdn-cgi/script_monitor/report?m=_jrDKRGYNj3eAH.cId3Krg_UumhphTYyJ9Zw8MCVPho-1662557093-0-Aer_qGbuX_YmRKjiEjl3XmQk3iVpSHk20J7T8BDPohXc54fIqAiNlcF-e0P3qbg2XcyZSNs9Qi-QLeyW_UzgWgvjUt4nwIQPf5OXsInb5Ynp HTTP/1.1
Host: csp-reporting.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/csp-report
Content-Length: 556
Origin: https://www.saveday-inc.net
Connection: keep-alive
Sec-Fetch-Dest: report
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Wed, 07 Sep 2022 13:24:53 GMT
server: cloudflare
cf-ray: 746fc46c7dc20b69-OSL
x-frame-options: DENY
x-content-type-options: nosniff
X-Firefox-Spdy: h2

app.clickfunnels.com/userevents/?funnel_id=eThENnR4Zmk0a0FISk4weWlPVCtYQT09LS1qSTVRUk9LZTMvZGlCM2FBaXozT1hRPT0%3D--2df597deecf7a425802bd0e5ecd1ce6489e1b6da&page_id=bnJGR3d4YkRYRFdIM3ZzV2lYbCt5QT09LS16Y0xaMHVRaldFN21aL0tJcExMNjJ3PT0%3D--f69358841eaa48b41796588213093f23443e94b9&funnel_step_id=bmx6T2NwQWN5Y3BBUGJKRG9xTWRmZz09LS00ZEJjRHBDTlpwZm5IL0o3Z1dySDdnPT0%3D--59786c96d79346d129f68009f96dd021e7f5294a&user_id=aFpPcDVVUHlMeFJlM2hRQ2lpa1VQUT09LS1vbWRub1ZCbjlONHZxUG5QeExtbUl3PT0%3D--9a3311e5bcd523b6cbc509fe3878988b1767476c&account_id=VzB0SUFYd0xhTVhpTmVsSUdsSkZydz09LS1NMmNvNGRXVVRSbkV3ckcra1BRRmxnPT0%3D--c221cb55afa42b5bc58c04268236493bfa97577b&page_code=NTIwOTg4ODA%3D&mode_id=1&time_zone=Pacific%20Time%20(US%20%26%20Canada)&app_domain=app.clickfunnels.com&aff_sub2=&aff_sub3=&aff_sub=&affiliate_id=&cf_affiliate_id=&content=&medium=&name=&source=&term=&client_width=1268&type=Userevents::PageviewsCreatedSummary&nonce=fed4fa0c-87de-49a4-ac60-343555ea21a0&url=https%3A%2F%2Fwww.saveday-inc.net%2Foptin1638821352637

104.16.13.194

202 Accepted

20 kB

URL HTTP/2
app.clickfunnels.com/userevents/?funnel_id=eThENnR4Zmk0a0FISk4weWlPVCtYQT09LS1qSTVRUk9LZTMvZGlCM2FBaXozT1hRPT0%3D--2df597deecf7a425802bd0e5ecd1ce6489e1b6da&page_id=bnJGR3d4YkRYRFdIM3ZzV2lYbCt5QT09LS16Y0xaMHVRaldFN21aL0tJcExMNjJ3PT0%3D--f69358841eaa48b41796588213093f23443e94b9&funnel_step_id=bmx6T2NwQWN5Y3BBUGJKRG9xTWRmZz09LS00ZEJjRHBDTlpwZm5IL0o3Z1dySDdnPT0%3D--59786c96d79346d129f68009f96dd021e7f5294a&user_id=aFpPcDVVUHlMeFJlM2hRQ2lpa1VQUT09LS1vbWRub1ZCbjlONHZxUG5QeExtbUl3PT0%3D--9a3311e5bcd523b6cbc509fe3878988b1767476c&account_id=VzB0SUFYd0xhTVhpTmVsSUdsSkZydz09LS1NMmNvNGRXVVRSbkV3ckcra1BRRmxnPT0%3D--c221cb55afa42b5bc58c04268236493bfa97577b&page_code=NTIwOTg4ODA%3D&mode_id=1&time_zone=Pacific%20Time%20(US%20%26%20Canada)&app_domain=app.clickfunnels.com&aff_sub2=&aff_sub3=&aff_sub=&affiliate_id=&cf_affiliate_id=&content=&medium=&name=&source=&term=&client_width=1268&type=Userevents::PageviewsCreatedSummary&nonce=fed4fa0c-87de-49a4-ac60-343555ea21a0&url=https%3A%2F%2Fwww.saveday-inc.net%2Foptin1638821352637
IP
104.16.13.194:0
ASN
#13335 CLOUDFLARENET

File type
gzip compressed data, max compression\012- data
Size
20 kB (20006 bytes)
Hash
56f5d7f608e25d64207135f045f988cb
901eb59372ae330ae85e1384da93479b21ae1082
1910daea79e5a9d04829a91e432dfa56f45a80a3e14a8cf667fec73af9fd3d29

HTTP Headers

GET /userevents/?funnel_id=eThENnR4Zmk0a0FISk4weWlPVCtYQT09LS1qSTVRUk9LZTMvZGlCM2FBaXozT1hRPT0%3D--2df597deecf7a425802bd0e5ecd1ce6489e1b6da&page_id=bnJGR3d4YkRYRFdIM3ZzV2lYbCt5QT09LS16Y0xaMHVRaldFN21aL0tJcExMNjJ3PT0%3D--f69358841eaa48b41796588213093f23443e94b9&funnel_step_id=bmx6T2NwQWN5Y3BBUGJKRG9xTWRmZz09LS00ZEJjRHBDTlpwZm5IL0o3Z1dySDdnPT0%3D--59786c96d79346d129f68009f96dd021e7f5294a&user_id=aFpPcDVVUHlMeFJlM2hRQ2lpa1VQUT09LS1vbWRub1ZCbjlONHZxUG5QeExtbUl3PT0%3D--9a3311e5bcd523b6cbc509fe3878988b1767476c&account_id=VzB0SUFYd0xhTVhpTmVsSUdsSkZydz09LS1NMmNvNGRXVVRSbkV3ckcra1BRRmxnPT0%3D--c221cb55afa42b5bc58c04268236493bfa97577b&page_code=NTIwOTg4ODA%3D&mode_id=1&time_zone=Pacific%20Time%20(US%20%26%20Canada)&app_domain=app.clickfunnels.com&aff_sub2=&aff_sub3=&aff_sub=&affiliate_id=&cf_affiliate_id=&content=&medium=&name=&source=&term=&client_width=1268&type=Userevents::PageviewsCreatedSummary&nonce=fed4fa0c-87de-49a4-ac60-343555ea21a0&url=https%3A%2F%2Fwww.saveday-inc.net%2Foptin1638821352637 HTTP/1.1
Host: app.clickfunnels.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.saveday-inc.net
Connection: keep-alive
Referer: https://www.saveday-inc.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 202 Accepted
date: Wed, 07 Sep 2022 13:24:54 GMT
content-type: text/html
cf-ray: 746fc46c8a23b51e-OSL
access-control-allow-origin: *
cache-control: no-cache, no-store
strict-transport-security: max-age=0
vary: Accept-Encoding
cf-cache-status: BYPASS
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
access-control-request-method: *
pragma: no-cache
status: 202 Accepted
x-frame-options: ALLOWALL
x-powered-by: Phusion Passenger Enterprise 6.0.7
x-rack-cache: miss
x-request-id: 3cb6651a03a55fbc4aa32370c6f6d7e6
x-runtime: 0.030410
set-cookie: __cf_bm=FbtA1PTxQPaJq1_.V_Zt_N14LjFmXVB54nHyeW9dpro-1662557094-0-AUiDGO7ZaCnTD5Vs0154FI0QrnJPYgQCJaL/8cQO1/7rPq/4BIHnZvHgCZ3eC+I/1AgHW/8saFq39A0Zc3Ol4iN8FYo3/iBOnSaLIc8DzyB3; path=/; expires=Wed, 07-Sep-22 13:54:54 GMT; domain=.clickfunnels.com; HttpOnly; Secure; SameSite=None
server: cloudflare
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
21d1b5be072df45253749eeb3290be82
4ac9978797c085289b9fcc2fe9a57b619e1c78c9
9ea779e1ad86a4a7c403b574908e2dc60d079b366ab1cf439b34c73c9a9c64c9

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Sep 2022 13:24:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

104.18.21.157

200 OK

27 kB

URL HTTP/2
csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=_jrDKRGYNj3eAH.cId3Krg_UumhphTYyJ9Zw8MCVPho-1662557093-0-Aer_qGbuX_YmRKjiEjl3XmQk3iVpSHk20J7T8BDPohXc54fIqAiNlcF-e0P3qbg2XcyZSNs9Qi-QLeyW_UzgWgvjUt4nwIQPf5OXsInb5Ynp
IP
104.18.21.157:0
ASN
#13335 CLOUDFLARENET

File type
gzip compressed data, from Unix\012- data
Size
27 kB (26737 bytes)
Hash
8e7e24fb3539746aa8b869558f589615
d8086d86bbd5cfacc3b6a5ef14aa917830e137dd
7304497ee417a664bdea67d7307ca36a36013556b927c3ea5bca6c04b66236ef

HTTP Headers

POST /cdn-cgi/script_monitor/report?m=_jrDKRGYNj3eAH.cId3Krg_UumhphTYyJ9Zw8MCVPho-1662557093-0-Aer_qGbuX_YmRKjiEjl3XmQk3iVpSHk20J7T8BDPohXc54fIqAiNlcF-e0P3qbg2XcyZSNs9Qi-QLeyW_UzgWgvjUt4nwIQPf5OXsInb5Ynp HTTP/1.1
Host: csp-reporting.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/csp-report
Content-Length: 548
Origin: https://www.saveday-inc.net
Connection: keep-alive
Sec-Fetch-Dest: report
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Wed, 07 Sep 2022 13:24:53 GMT
server: cloudflare
cf-ray: 746fc46c7dcb0b69-OSL
x-frame-options: DENY
x-content-type-options: nosniff
X-Firefox-Spdy: h2

104.18.21.157

200 OK

16 kB

URL HTTP/2
csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=_jrDKRGYNj3eAH.cId3Krg_UumhphTYyJ9Zw8MCVPho-1662557093-0-Aer_qGbuX_YmRKjiEjl3XmQk3iVpSHk20J7T8BDPohXc54fIqAiNlcF-e0P3qbg2XcyZSNs9Qi-QLeyW_UzgWgvjUt4nwIQPf5OXsInb5Ynp
IP
104.18.21.157:0
ASN
#13335 CLOUDFLARENET

File type
gzip compressed data, max compression\012- data
Size
16 kB (15687 bytes)
Hash
4738d969770682feba80f04bf171d65b
be0e0ceb91bf5ed0c64b0f3f2cc2c99c6d4cd6b7
1daca97cf9e8078299f94c50346e45fead45bf908ca97ded912f26986c1c4e9a

HTTP Headers

POST /cdn-cgi/script_monitor/report?m=_jrDKRGYNj3eAH.cId3Krg_UumhphTYyJ9Zw8MCVPho-1662557093-0-Aer_qGbuX_YmRKjiEjl3XmQk3iVpSHk20J7T8BDPohXc54fIqAiNlcF-e0P3qbg2XcyZSNs9Qi-QLeyW_UzgWgvjUt4nwIQPf5OXsInb5Ynp HTTP/1.1
Host: csp-reporting.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/csp-report
Content-Length: 565
Origin: https://www.saveday-inc.net
Connection: keep-alive
Sec-Fetch-Dest: report
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Wed, 07 Sep 2022 13:24:53 GMT
server: cloudflare
cf-ray: 746fc46d6ed70b69-OSL
x-frame-options: DENY
x-content-type-options: nosniff
X-Firefox-Spdy: h2

104.18.21.157

200 OK

471 B

URL HTTP/2
csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=_jrDKRGYNj3eAH.cId3Krg_UumhphTYyJ9Zw8MCVPho-1662557093-0-Aer_qGbuX_YmRKjiEjl3XmQk3iVpSHk20J7T8BDPohXc54fIqAiNlcF-e0P3qbg2XcyZSNs9Qi-QLeyW_UzgWgvjUt4nwIQPf5OXsInb5Ynp
IP
104.18.21.157:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
0b218225171cae57237cd71ae6f3347b
821f6cda5bf110fad5777736e92a27db636d488c
1372a445d0f8e9b0b2b3abb6762ca5ec3867bb42928aa2f7ed84a47f660f3c59

HTTP Headers

POST /cdn-cgi/script_monitor/report?m=_jrDKRGYNj3eAH.cId3Krg_UumhphTYyJ9Zw8MCVPho-1662557093-0-Aer_qGbuX_YmRKjiEjl3XmQk3iVpSHk20J7T8BDPohXc54fIqAiNlcF-e0P3qbg2XcyZSNs9Qi-QLeyW_UzgWgvjUt4nwIQPf5OXsInb5Ynp HTTP/1.1
Host: csp-reporting.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/csp-report
Content-Length: 494
Origin: https://www.saveday-inc.net
Connection: keep-alive
Sec-Fetch-Dest: report
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Wed, 07 Sep 2022 13:24:53 GMT
server: cloudflare
cf-ray: 746fc46abbb00b69-OSL
x-frame-options: DENY
x-content-type-options: nosniff
X-Firefox-Spdy: h2

104.18.21.157

200 OK

472 B

URL HTTP/2
csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=_jrDKRGYNj3eAH.cId3Krg_UumhphTYyJ9Zw8MCVPho-1662557093-0-Aer_qGbuX_YmRKjiEjl3XmQk3iVpSHk20J7T8BDPohXc54fIqAiNlcF-e0P3qbg2XcyZSNs9Qi-QLeyW_UzgWgvjUt4nwIQPf5OXsInb5Ynp
IP
104.18.21.157:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
8fc7316fab55e89a81536e926eab6f83
7fcab743b176312e76999b39a1b2a3b97dbeb10f
8178b9805611209f5c47dce32da555117870a90648e026d08cc691a4103169a7

HTTP Headers

POST /cdn-cgi/script_monitor/report?m=_jrDKRGYNj3eAH.cId3Krg_UumhphTYyJ9Zw8MCVPho-1662557093-0-Aer_qGbuX_YmRKjiEjl3XmQk3iVpSHk20J7T8BDPohXc54fIqAiNlcF-e0P3qbg2XcyZSNs9Qi-QLeyW_UzgWgvjUt4nwIQPf5OXsInb5Ynp HTTP/1.1
Host: csp-reporting.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/csp-report
Content-Length: 1005
Origin: https://www.saveday-inc.net
Connection: keep-alive
Sec-Fetch-Dest: report
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Wed, 07 Sep 2022 13:24:54 GMT
server: cloudflare
cf-ray: 746fc46f38ef0b69-OSL
x-frame-options: DENY
x-content-type-options: nosniff
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
10585eccdd73117e0bc71ecaf1cd02cb
7bda7ff7308cac8c8824a5a558097a15a2325f5e
6303f8b80751e64006c77524615f10709b136b0606695feb0f51b964e0c2163d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Sep 2022 13:24:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

104.18.21.157

200 OK

471 B

URL HTTP/2
csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=_jrDKRGYNj3eAH.cId3Krg_UumhphTYyJ9Zw8MCVPho-1662557093-0-Aer_qGbuX_YmRKjiEjl3XmQk3iVpSHk20J7T8BDPohXc54fIqAiNlcF-e0P3qbg2XcyZSNs9Qi-QLeyW_UzgWgvjUt4nwIQPf5OXsInb5Ynp
IP
104.18.21.157:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
c1437437047f21dec9a10a2ea619f302
2312d50c7870f3fee0f3b837ce466eac9f60d23a
81e03c89f4b0a326ef9784b89eff6bba41bc940a4d7b54957ad1964d01db3a79

HTTP Headers

POST /cdn-cgi/script_monitor/report?m=_jrDKRGYNj3eAH.cId3Krg_UumhphTYyJ9Zw8MCVPho-1662557093-0-Aer_qGbuX_YmRKjiEjl3XmQk3iVpSHk20J7T8BDPohXc54fIqAiNlcF-e0P3qbg2XcyZSNs9Qi-QLeyW_UzgWgvjUt4nwIQPf5OXsInb5Ynp HTTP/1.1
Host: csp-reporting.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/csp-report
Content-Length: 555
Origin: https://www.saveday-inc.net
Connection: keep-alive
Sec-Fetch-Dest: report
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Wed, 07 Sep 2022 13:24:53 GMT
server: cloudflare
cf-ray: 746fc46c6daa0b69-OSL
x-frame-options: DENY
x-content-type-options: nosniff
X-Firefox-Spdy: h2

104.18.21.157

200 OK

1.0 kB

URL HTTP/2
csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=_jrDKRGYNj3eAH.cId3Krg_UumhphTYyJ9Zw8MCVPho-1662557093-0-Aer_qGbuX_YmRKjiEjl3XmQk3iVpSHk20J7T8BDPohXc54fIqAiNlcF-e0P3qbg2XcyZSNs9Qi-QLeyW_UzgWgvjUt4nwIQPf5OXsInb5Ynp
IP
104.18.21.157:0
ASN
#13335 CLOUDFLARENET

File type
gzip compressed data, max compression\012- data
Size
1.0 kB (1040 bytes)
Hash
84dbed7651e04849a644bee8acaf8b73
dca1cf16c8b806cc2fc15409edecca8e4e47a2c3
ee7a4e15ee9f15294ff13f4303d1b6667bdbc06846c5e7852505e9a5358d4034

HTTP Headers

POST /cdn-cgi/script_monitor/report?m=_jrDKRGYNj3eAH.cId3Krg_UumhphTYyJ9Zw8MCVPho-1662557093-0-Aer_qGbuX_YmRKjiEjl3XmQk3iVpSHk20J7T8BDPohXc54fIqAiNlcF-e0P3qbg2XcyZSNs9Qi-QLeyW_UzgWgvjUt4nwIQPf5OXsInb5Ynp HTTP/1.1
Host: csp-reporting.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/csp-report
Content-Length: 1599
Origin: https://www.saveday-inc.net
Connection: keep-alive
Sec-Fetch-Dest: report
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Wed, 07 Sep 2022 13:24:53 GMT
server: cloudflare
cf-ray: 746fc46d0e6f0b69-OSL
x-frame-options: DENY
x-content-type-options: nosniff
X-Firefox-Spdy: h2

stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-106500592-1&cid=1017554000.1662557088&jid=546057091&gjid=1037327531&_gid=1355425120.1662557088&_u=YGBAgAABAAAAAE~&z=1643704168

142.251.1.156

200 OK

1 B

URL HTTP/2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-106500592-1&cid=1017554000.1662557088&jid=546057091&gjid=1037327531&_gid=1355425120.1662557088&_u=YGBAgAABAAAAAE~&z=1643704168
IP
142.251.1.156:0
ASN
#15169 GOOGLE

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

HTTP Headers

POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-106500592-1&cid=1017554000.1662557088&jid=546057091&gjid=1037327531&_gid=1355425120.1662557088&_u=YGBAgAABAAAAAE~&z=1643704168 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://www.saveday-inc.net
Connection: keep-alive
Referer: https://www.saveday-inc.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: https://www.saveday-inc.net
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Wed, 07 Sep 2022 13:24:54 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
10585eccdd73117e0bc71ecaf1cd02cb
7bda7ff7308cac8c8824a5a558097a15a2325f5e
6303f8b80751e64006c77524615f10709b136b0606695feb0f51b964e0c2163d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Sep 2022 13:24:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
c1437437047f21dec9a10a2ea619f302
2312d50c7870f3fee0f3b837ce466eac9f60d23a
81e03c89f4b0a326ef9784b89eff6bba41bc940a4d7b54957ad1964d01db3a79

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Sep 2022 13:24:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.facebook.com/tr/?id=1954455964797727&ev=PageView&dl=https%3A%2F%2Fwww.saveday-inc.net%2Foptin1638821352637&rl=&if=false&ts=1662557087964&sw=1280&sh=1024&v=2.9.79&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1662557087963.1758884844&it=1662557087664&coo=false&rqm=GET

31.13.72.36

200 OK

44 B

URL HTTP/2
www.facebook.com/tr/?id=1954455964797727&ev=PageView&dl=https%3A%2F%2Fwww.saveday-inc.net%2Foptin1638821352637&rl=&if=false&ts=1662557087964&sw=1280&sh=1024&v=2.9.79&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1662557087963.1758884844&it=1662557087664&coo=false&rqm=GET
IP
31.13.72.36:0
ASN
#32934 FACEBOOK

File type
GIF image data, version 89a, 1 x 1\012- data
Size
44 B (44 bytes)
Hash
b798f4ce7359fd815df4bdf76503b295
f8cc6addf1707ad236ad9970b0a48f9733d07da5
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

HTTP Headers

GET /tr/?id=1954455964797727&ev=PageView&dl=https%3A%2F%2Fwww.saveday-inc.net%2Foptin1638821352637&rl=&if=false&ts=1662557087964&sw=1280&sh=1024&v=2.9.79&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1662557087963.1758884844&it=1662557087664&coo=false&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.saveday-inc.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: image/gif
date: Wed, 07 Sep 2022 13:24:54 GMT
expires: Wed, 07 Sep 2022 13:24:54 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
cache-control: no-cache, must-revalidate, max-age=0
set-cookie: 
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 44
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
f53ebd30fa3351f320ca2c8764734ff1
9205e35b1cef1602414af2350ba6205f4129234c
d486cc21bbc47eac5718644e1b280d12a5a4bc92ec97a0e88f184bf6422cb6f0

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Sep 2022 13:24:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.no/pagead/1p-user-list/842761054/?random=1662557087658&cv=9&fst=1662555600000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8v0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.saveday-inc.net%2Foptin1638821352637&tiba=SaveDay&async=1&fmt=3&is_vtc=1&random=3976226663&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

142.250.74.3

200 OK

42 B

URL HTTP/2
www.google.no/pagead/1p-user-list/842761054/?random=1662557087658&cv=9&fst=1662555600000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8v0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.saveday-inc.net%2Foptin1638821352637&tiba=SaveDay&async=1&fmt=3&is_vtc=1&random=3976226663&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/842761054/?random=1662557087658&cv=9&fst=1662555600000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8v0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.saveday-inc.net%2Foptin1638821352637&tiba=SaveDay&async=1&fmt=3&is_vtc=1&random=3976226663&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.saveday-inc.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 07 Sep 2022 13:24:54 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
f53ebd30fa3351f320ca2c8764734ff1
9205e35b1cef1602414af2350ba6205f4129234c
d486cc21bbc47eac5718644e1b280d12a5a4bc92ec97a0e88f184bf6422cb6f0

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Sep 2022 13:24:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

104.18.21.157

200 OK

44 B

URL HTTP/2
csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=_jrDKRGYNj3eAH.cId3Krg_UumhphTYyJ9Zw8MCVPho-1662557093-0-Aer_qGbuX_YmRKjiEjl3XmQk3iVpSHk20J7T8BDPohXc54fIqAiNlcF-e0P3qbg2XcyZSNs9Qi-QLeyW_UzgWgvjUt4nwIQPf5OXsInb5Ynp
IP
104.18.21.157:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 89a, 1 x 1\012- data
Size
44 B (44 bytes)
Hash
b798f4ce7359fd815df4bdf76503b295
f8cc6addf1707ad236ad9970b0a48f9733d07da5
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

HTTP Headers

POST /cdn-cgi/script_monitor/report?m=_jrDKRGYNj3eAH.cId3Krg_UumhphTYyJ9Zw8MCVPho-1662557093-0-Aer_qGbuX_YmRKjiEjl3XmQk3iVpSHk20J7T8BDPohXc54fIqAiNlcF-e0P3qbg2XcyZSNs9Qi-QLeyW_UzgWgvjUt4nwIQPf5OXsInb5Ynp HTTP/1.1
Host: csp-reporting.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/csp-report
Content-Length: 588
Origin: https://www.saveday-inc.net
Connection: keep-alive
Sec-Fetch-Dest: report
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Wed, 07 Sep 2022 13:24:53 GMT
server: cloudflare
cf-ray: 746fc46c6db00b69-OSL
x-frame-options: DENY
x-content-type-options: nosniff
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
bc70b1691dd339e8120b92ba393ffb69
99118be3645b3182ccdc5f9da149a97c220a3929
da94f53f998808b2b187d6c265722e95e4cdce9f0a4b23ff0bf6c96d2cdf2bd8

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3624
Expires: Wed, 07 Sep 2022 14:25:19 GMT
Date: Wed, 07 Sep 2022 13:24:55 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
bc70b1691dd339e8120b92ba393ffb69
99118be3645b3182ccdc5f9da149a97c220a3929
da94f53f998808b2b187d6c265722e95e4cdce9f0a4b23ff0bf6c96d2cdf2bd8

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3624
Expires: Wed, 07 Sep 2022 14:25:19 GMT
Date: Wed, 07 Sep 2022 13:24:55 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
bc70b1691dd339e8120b92ba393ffb69
99118be3645b3182ccdc5f9da149a97c220a3929
da94f53f998808b2b187d6c265722e95e4cdce9f0a4b23ff0bf6c96d2cdf2bd8

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3624
Expires: Wed, 07 Sep 2022 14:25:19 GMT
Date: Wed, 07 Sep 2022 13:24:55 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
bc70b1691dd339e8120b92ba393ffb69
99118be3645b3182ccdc5f9da149a97c220a3929
da94f53f998808b2b187d6c265722e95e4cdce9f0a4b23ff0bf6c96d2cdf2bd8

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3624
Expires: Wed, 07 Sep 2022 14:25:19 GMT
Date: Wed, 07 Sep 2022 13:24:55 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1b220c7c-ed68-4f56-82a7-5748d044635a.jpeg

34.120.237.76

200 OK

8.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1b220c7c-ed68-4f56-82a7-5748d044635a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.5 kB (8462 bytes)
Hash
70c964498818242b742575cfa1769b67
cde85fbe83c9e29618edf4e05002bd623e3ab965
bdb0e76fe216f742789ba5a77645c640fe0c7f207707181e618fa31d4cf58605

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1b220c7c-ed68-4f56-82a7-5748d044635a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8462
x-amzn-requestid: d75d69c1-87be-47e2-8684-3c9a25edee2f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YDqYpFL-IAMFukQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6317bdd0-1c6d025672cc490734bb54e4;Sampled=0
x-amzn-remapped-date: Tue, 06 Sep 2022 21:38:24 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: yzw88Z7aubNEll7UXkvaIWbftL95Y0UDTMnOEh_uhKqWgNycBA9Adw==
via: 1.1 0bb842bd5868b86440983b936bb0adee.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Sep 2022 21:41:22 GMT
age: 56613
etag: "cde85fbe83c9e29618edf4e05002bd623e3ab965"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe3ef55d7-b6c2-4550-aff3-c9052f7d4816.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.2 kB (6214 bytes)
Hash
f922505178de0cea92eedcfda85a9f67
50f1459de01174e594e03e7df4dfaa8eb1798672
981cd58768d6ad841673add855ddcc7106fbc85de05db9a1bd2d6bc8928b4c2c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe3ef55d7-b6c2-4550-aff3-c9052f7d4816.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6214
x-amzn-requestid: 46a44af0-e547-49e8-bc39-f6c49d94e375
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Xj_0HFKbIAMFRbg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630b134d-0297c83c305422fa51b86dcf;Sampled=0
x-amzn-remapped-date: Sun, 28 Aug 2022 07:03:41 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: _ZKcuRO8Z6wBMdm79iDZj5uRYk4YYpYJqOoG8hZqY81O0R7hfbe5bQ==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Sep 2022 05:10:03 GMT
age: 29692
etag: "50f1459de01174e594e03e7df4dfaa8eb1798672"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc0766520-2dbc-4f52-b0e2-1a908af4cd29.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11778 bytes)
Hash
1462b0c8fff091f29c7c5145031c08aa
55154c3878e9650f463805c3829f03a1603f14c1
62f913a6498b21da33451e7cf0e37c5fdef565324bcd35d93cb536527394a3d5

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc0766520-2dbc-4f52-b0e2-1a908af4cd29.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11778
x-amzn-requestid: 2956f23c-8907-48de-b82a-73da9ae1d75e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YDqYVHnLoAMFo5w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6317bdce-5d76bbe82dc2823407fe67f3;Sampled=0
x-amzn-remapped-date: Tue, 06 Sep 2022 21:38:22 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 6tTqfG7yRrMw0cMwiQFlu9XuRzxlK7uzTXL-cAMFmrrDrKL9Rd3zqA==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Sep 2022 21:41:20 GMT
age: 56615
etag: "55154c3878e9650f463805c3829f03a1603f14c1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

104.18.21.157

200 OK

4.8 kB

URL HTTP/2
csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=_jrDKRGYNj3eAH.cId3Krg_UumhphTYyJ9Zw8MCVPho-1662557093-0-Aer_qGbuX_YmRKjiEjl3XmQk3iVpSHk20J7T8BDPohXc54fIqAiNlcF-e0P3qbg2XcyZSNs9Qi-QLeyW_UzgWgvjUt4nwIQPf5OXsInb5Ynp
IP
104.18.21.157:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.8 kB (4805 bytes)
Hash
4f29d8aaae2d67c27c58001e7553dea7
5200b601017ce86614783b76fd2a775c1c48d4e9
6b55c4d692cf584e0319b07251d9845749fe8954062dab66e003dd2706451504

HTTP Headers

POST /cdn-cgi/script_monitor/report?m=_jrDKRGYNj3eAH.cId3Krg_UumhphTYyJ9Zw8MCVPho-1662557093-0-Aer_qGbuX_YmRKjiEjl3XmQk3iVpSHk20J7T8BDPohXc54fIqAiNlcF-e0P3qbg2XcyZSNs9Qi-QLeyW_UzgWgvjUt4nwIQPf5OXsInb5Ynp HTTP/1.1
Host: csp-reporting.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/csp-report
Content-Length: 556
Origin: https://www.saveday-inc.net
Connection: keep-alive
Sec-Fetch-Dest: report
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Wed, 07 Sep 2022 13:24:53 GMT
server: cloudflare
cf-ray: 746fc46c6dad0b69-OSL
x-frame-options: DENY
x-content-type-options: nosniff
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe12fd665-3bdf-498a-98f0-c69e29204995.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.9 kB (6919 bytes)
Hash
78bacb8692b8f5a5b5b628335778adc0
9cf78c7901f15b194592efb0db560af569e9470f
871fe5479807b985202b776b60378918e89e04d7da9b9a546a0ce72857a01b90

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe12fd665-3bdf-498a-98f0-c69e29204995.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6919
x-amzn-requestid: a1211a4e-4467-40ef-956b-6f16c2f5e322
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YDqY4EgPoAMFW5g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6317bdd2-0de380ca078cc4ba584ab2ad;Sampled=0
x-amzn-remapped-date: Tue, 06 Sep 2022 21:38:26 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: HVrWkw2U_gO-W8SLzenCLKlOlpDqXu_RH0VDHnNinY1riORljfkqdA==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 12a392bc3a7281f8d5d4591bfadc41fc.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Sep 2022 21:41:23 GMT
age: 56612
etag: "9cf78c7901f15b194592efb0db560af569e9470f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

13 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8510bf06-7808-4fda-a5d9-b75fc73021c9.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
13 kB (12661 bytes)
Hash
79f4356c488498012cc7fc03be21e3df
dd9cd9b711d7112efa85eff8a798346dbd7d5f5f
ebd84bf1db6b39b92be1020c7ea5c32eaa23dfb347ec83941d5bc56e80855ebc

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8510bf06-7808-4fda-a5d9-b75fc73021c9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12661
x-amzn-requestid: 71ef9e09-ccf1-4930-865d-665ece4bf3a6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X3hXnFnXIAMFqKQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6312e296-627daf7c7ad3e23a60b183cd;Sampled=0
x-amzn-remapped-date: Sat, 03 Sep 2022 05:13:58 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: xwunW741LulZXvM0har5nqrcCiyYoUwvhCWiPsEvs5P2VKSe476_Cw==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 1481cc55c02c3a782ad420b6bac2cb32.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Sep 2022 22:38:56 GMT
etag: "dd9cd9b711d7112efa85eff8a798346dbd7d5f5f"
content-type: image/jpeg
age: 53159
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

www.saveday-inc.net/assets/pushcrew.js

104.16.13.194

200 OK

2.2 kB

URL HTTP/2
www.saveday-inc.net/assets/pushcrew.js
IP
104.16.13.194:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (637), with no line terminators
Size
2.2 kB (2193 bytes)
Hash
ee19c929c3b08f48541fc4d408a045ff
5abdd08c402379a622c4549544a344893ca3fccf
094b583ffc5309bfa460fcd10b8a74756654e5eaa7912c7d8700b71dbbd7cbaa

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /assets/pushcrew.js HTTP/1.1
Host: www.saveday-inc.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.saveday-inc.net/optin1638821352637
Cookie: __cf_bm=SJitCKiXrGXcKUmes8G0MEb1Ed8eTEEkmARz7nevfy8-1662557093-0-AT48X99IWscCwTGT2PRigHlgGk5haccVMj0ic1/DLtJw3f06iFOU25blbrc9G58KA8AH79OstgrvT7v0vOgHaHUK+CKx16O9sTYNYAIFFVih
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 07 Sep 2022 13:24:53 GMT
content-type: application/x-javascript
cf-ray: 746fc468b981b509-OSL
access-control-allow-origin: *
age: 881
cache-control: public, max-age=1200
etag: W/"630e9cfb-27d"
expires: Wed, 07 Sep 2022 13:44:53 GMT
last-modified: Tue, 30 Aug 2022 23:27:55 GMT
strict-transport-security: max-age=0
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

js-agent.newrelic.com/nr-1216.min.js

151.101.86.137

200 OK

14 kB

URL HTTP/2
js-agent.newrelic.com/nr-1216.min.js
IP
151.101.86.137:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (32022)
Size
14 kB (14391 bytes)
Hash
b7c09cc097b2847f9edc784adba62dcb
5aa648623cf5e3b4b215fe5d068a7904c59f2925
6da450b6a3ba53bdab36f6529e987a245cdfca9a37b77790f06dfd8d5797bdaa

HTTP Headers

GET /nr-1216.min.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.saveday-inc.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: Vf9xsFZHH0UI6bmTnW+KeBzegICGOxvtMLIWtbljNKoJtdkUEk/MfmbYPFui+bgtiUf/4lC5dk8=
x-amz-request-id: 4AV5AVKCCR961CNG
last-modified: Thu, 14 Apr 2022 16:45:57 GMT
etag: "9f533d8cd24b2c5e3b4dc886ecbd43e8"
x-amz-version-id: mHHzJIqOizHibcYt0xqAszRr0gQRiNYy
content-type: application/javascript
server: AmazonS3
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Wed, 07 Sep 2022 13:24:57 GMT
via: 1.1 varnish
x-served-by: cache-bma1671-BMA
x-cache: HIT
x-cache-hits: 6128
x-timer: S1662557097.272244,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 14391
X-Firefox-Spdy: h2

104.18.21.157

200 OK

72 B

URL HTTP/2
csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=_jrDKRGYNj3eAH.cId3Krg_UumhphTYyJ9Zw8MCVPho-1662557093-0-Aer_qGbuX_YmRKjiEjl3XmQk3iVpSHk20J7T8BDPohXc54fIqAiNlcF-e0P3qbg2XcyZSNs9Qi-QLeyW_UzgWgvjUt4nwIQPf5OXsInb5Ynp
IP
104.18.21.157:0
ASN
#13335 CLOUDFLARENET

File type
gzip compressed data, from Unix\012- data
Size
72 B (72 bytes)
Hash
107d93e382e2c9b00fbf9fb0edc65d86
77e750e3ebf9706f4f6dd253785602d70be17c6c
a1ee50b689ea433a0acdccbf4ee4629e9ea3f9c4bcdd21effb334359a2f9e937

HTTP Headers

POST /cdn-cgi/script_monitor/report?m=_jrDKRGYNj3eAH.cId3Krg_UumhphTYyJ9Zw8MCVPho-1662557093-0-Aer_qGbuX_YmRKjiEjl3XmQk3iVpSHk20J7T8BDPohXc54fIqAiNlcF-e0P3qbg2XcyZSNs9Qi-QLeyW_UzgWgvjUt4nwIQPf5OXsInb5Ynp HTTP/1.1
Host: csp-reporting.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/csp-report
Content-Length: 594
Origin: https://www.saveday-inc.net
Connection: keep-alive
Sec-Fetch-Dest: report
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Wed, 07 Sep 2022 13:24:57 GMT
server: cloudflare
cf-ray: 746fc48288150b69-OSL
x-frame-options: DENY
x-content-type-options: nosniff
X-Firefox-Spdy: h2

104.18.21.157

200 OK

0 B

URL HTTP/2
csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=_jrDKRGYNj3eAH.cId3Krg_UumhphTYyJ9Zw8MCVPho-1662557093-0-Aer_qGbuX_YmRKjiEjl3XmQk3iVpSHk20J7T8BDPohXc54fIqAiNlcF-e0P3qbg2XcyZSNs9Qi-QLeyW_UzgWgvjUt4nwIQPf5OXsInb5Ynp
IP
104.18.21.157:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

POST /cdn-cgi/script_monitor/report?m=_jrDKRGYNj3eAH.cId3Krg_UumhphTYyJ9Zw8MCVPho-1662557093-0-Aer_qGbuX_YmRKjiEjl3XmQk3iVpSHk20J7T8BDPohXc54fIqAiNlcF-e0P3qbg2XcyZSNs9Qi-QLeyW_UzgWgvjUt4nwIQPf5OXsInb5Ynp HTTP/1.1
Host: csp-reporting.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/csp-report
Content-Length: 643
Origin: https://www.saveday-inc.net
Connection: keep-alive
Sec-Fetch-Dest: report
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Wed, 07 Sep 2022 13:24:57 GMT
server: cloudflare
cf-ray: 746fc482a8520b69-OSL
x-frame-options: DENY
x-content-type-options: nosniff
X-Firefox-Spdy: h2

104.18.21.157

200 OK

0 B

URL HTTP/2
csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=_jrDKRGYNj3eAH.cId3Krg_UumhphTYyJ9Zw8MCVPho-1662557093-0-Aer_qGbuX_YmRKjiEjl3XmQk3iVpSHk20J7T8BDPohXc54fIqAiNlcF-e0P3qbg2XcyZSNs9Qi-QLeyW_UzgWgvjUt4nwIQPf5OXsInb5Ynp
IP
104.18.21.157:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

POST /cdn-cgi/script_monitor/report?m=_jrDKRGYNj3eAH.cId3Krg_UumhphTYyJ9Zw8MCVPho-1662557093-0-Aer_qGbuX_YmRKjiEjl3XmQk3iVpSHk20J7T8BDPohXc54fIqAiNlcF-e0P3qbg2XcyZSNs9Qi-QLeyW_UzgWgvjUt4nwIQPf5OXsInb5Ynp HTTP/1.1
Host: csp-reporting.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/csp-report
Content-Length: 751
Origin: https://www.saveday-inc.net
Connection: keep-alive
Sec-Fetch-Dest: report
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Wed, 07 Sep 2022 13:25:01 GMT
server: cloudflare
cf-ray: 746fc49e0f150b69-OSL
x-frame-options: DENY
x-content-type-options: nosniff
X-Firefox-Spdy: h2

104.18.21.157

200 OK

0 B

URL HTTP/2
csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=_jrDKRGYNj3eAH.cId3Krg_UumhphTYyJ9Zw8MCVPho-1662557093-0-Aer_qGbuX_YmRKjiEjl3XmQk3iVpSHk20J7T8BDPohXc54fIqAiNlcF-e0P3qbg2XcyZSNs9Qi-QLeyW_UzgWgvjUt4nwIQPf5OXsInb5Ynp
IP
104.18.21.157:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

POST /cdn-cgi/script_monitor/report?m=_jrDKRGYNj3eAH.cId3Krg_UumhphTYyJ9Zw8MCVPho-1662557093-0-Aer_qGbuX_YmRKjiEjl3XmQk3iVpSHk20J7T8BDPohXc54fIqAiNlcF-e0P3qbg2XcyZSNs9Qi-QLeyW_UzgWgvjUt4nwIQPf5OXsInb5Ynp HTTP/1.1
Host: csp-reporting.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/csp-report
Content-Length: 553
Origin: https://www.saveday-inc.net
Connection: keep-alive
Sec-Fetch-Dest: report
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Wed, 07 Sep 2022 13:24:53 GMT
server: cloudflare
cf-ray: 746fc46919f20b69-OSL
x-frame-options: DENY
x-content-type-options: nosniff
X-Firefox-Spdy: h2

104.18.21.157

200 OK

0 B

URL HTTP/2
csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=_jrDKRGYNj3eAH.cId3Krg_UumhphTYyJ9Zw8MCVPho-1662557093-0-Aer_qGbuX_YmRKjiEjl3XmQk3iVpSHk20J7T8BDPohXc54fIqAiNlcF-e0P3qbg2XcyZSNs9Qi-QLeyW_UzgWgvjUt4nwIQPf5OXsInb5Ynp
IP
104.18.21.157:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

POST /cdn-cgi/script_monitor/report?m=_jrDKRGYNj3eAH.cId3Krg_UumhphTYyJ9Zw8MCVPho-1662557093-0-Aer_qGbuX_YmRKjiEjl3XmQk3iVpSHk20J7T8BDPohXc54fIqAiNlcF-e0P3qbg2XcyZSNs9Qi-QLeyW_UzgWgvjUt4nwIQPf5OXsInb5Ynp HTTP/1.1
Host: csp-reporting.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/csp-report
Content-Length: 510
Origin: https://www.saveday-inc.net
Connection: keep-alive
Sec-Fetch-Dest: report
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Wed, 07 Sep 2022 13:24:53 GMT
server: cloudflare
cf-ray: 746fc46919f10b69-OSL
x-frame-options: DENY
x-content-type-options: nosniff
X-Firefox-Spdy: h2

www.saveday-inc.net/cdn-cgi/rum?

104.16.13.194

200 OK

0 B

URL HTTP/2
www.saveday-inc.net/cdn-cgi/rum?
IP
104.16.13.194:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

POST /cdn-cgi/rum? HTTP/1.1
Host: www.saveday-inc.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: application/json
Content-Length: 29990
Origin: https://www.saveday-inc.net
Connection: keep-alive
Referer: https://www.saveday-inc.net/optin1638821352637
Cookie: __cf_bm=SJitCKiXrGXcKUmes8G0MEb1Ed8eTEEkmARz7nevfy8-1662557093-0-AT48X99IWscCwTGT2PRigHlgGk5haccVMj0ic1/DLtJw3f06iFOU25blbrc9G58KA8AH79OstgrvT7v0vOgHaHUK+CKx16O9sTYNYAIFFVih; cf:aff_sub2=; cf:aff_sub3=; cf:aff_sub=; cf:affiliate_id=; cf:cf_affiliate_id=; cf:content=; cf:medium=; cf:name=; cf:source=; cf:term=; cf:NTIwOTg4ODA=:visited=true; cf:visitor_id=0a14c206-9b1f-4214-8955-7f60db3dae66; addevent_track_cookie=d571e957-fe99-4d9d-1142-4ff67c30ec88; _gcl_au=1.1.2088749376.1662557087; _ga=GA1.2.1017554000.1662557088; _gid=GA1.2.1355425120.1662557088; _dc_gtm_UA-106500592-1=1; _fbp=fb.1.1662557087963.1758884844
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 07 Sep 2022 13:24:57 GMT
content-type: text/plain
access-control-allow-origin: https://www.saveday-inc.net
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 746fc4828bf5b509-OSL
x-frame-options: DENY
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

www.saveday-inc.net/vendor.js

104.16.13.194

200 OK

0 B

URL HTTP/2
www.saveday-inc.net/vendor.js
IP
104.16.13.194:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /vendor.js HTTP/1.1
Host: www.saveday-inc.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.saveday-inc.net/optin1638821352637
Cookie: __cf_bm=SJitCKiXrGXcKUmes8G0MEb1Ed8eTEEkmARz7nevfy8-1662557093-0-AT48X99IWscCwTGT2PRigHlgGk5haccVMj0ic1/DLtJw3f06iFOU25blbrc9G58KA8AH79OstgrvT7v0vOgHaHUK+CKx16O9sTYNYAIFFVih
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 07 Sep 2022 13:24:53 GMT
content-type: application/javascript
cf-ray: 746fc46c38a2b509-OSL
access-control-allow-origin: *
cache-control: max-age=900, public
etag: W/"7422e50efbaea439fda7ef3b0eb54ee1"
strict-transport-security: max-age=0
vary: Accept-Encoding
cf-cache-status: MISS
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
status: 200 OK
x-content-digest: 581e49c9b7bdd06dab54c00931f4256b223e620e
x-frame-options: ALLOWALL
x-powered-by: Phusion Passenger Enterprise 6.0.7
x-rack-cache: miss, store
x-request-id: ea6cc96dcf43f7b8395893733a94bb7d
x-runtime: 0.023204
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

104.18.21.157

200 OK

0 B

URL HTTP/2
csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=_jrDKRGYNj3eAH.cId3Krg_UumhphTYyJ9Zw8MCVPho-1662557093-0-Aer_qGbuX_YmRKjiEjl3XmQk3iVpSHk20J7T8BDPohXc54fIqAiNlcF-e0P3qbg2XcyZSNs9Qi-QLeyW_UzgWgvjUt4nwIQPf5OXsInb5Ynp
IP
104.18.21.157:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

POST /cdn-cgi/script_monitor/report?m=_jrDKRGYNj3eAH.cId3Krg_UumhphTYyJ9Zw8MCVPho-1662557093-0-Aer_qGbuX_YmRKjiEjl3XmQk3iVpSHk20J7T8BDPohXc54fIqAiNlcF-e0P3qbg2XcyZSNs9Qi-QLeyW_UzgWgvjUt4nwIQPf5OXsInb5Ynp HTTP/1.1
Host: csp-reporting.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/csp-report
Content-Length: 753
Origin: https://www.saveday-inc.net
Connection: keep-alive
Sec-Fetch-Dest: report
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Wed, 07 Sep 2022 13:25:01 GMT
server: cloudflare
cf-ray: 746fc49e0f160b69-OSL
x-frame-options: DENY
x-content-type-options: nosniff
X-Firefox-Spdy: h2

www.saveday-inc.net/assets/userevents/application.js

104.16.13.194

200 OK

0 B

URL HTTP/2
www.saveday-inc.net/assets/userevents/application.js
IP
104.16.13.194:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /assets/userevents/application.js HTTP/1.1
Host: www.saveday-inc.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.saveday-inc.net/optin1638821352637
Cookie: __cf_bm=SJitCKiXrGXcKUmes8G0MEb1Ed8eTEEkmARz7nevfy8-1662557093-0-AT48X99IWscCwTGT2PRigHlgGk5haccVMj0ic1/DLtJw3f06iFOU25blbrc9G58KA8AH79OstgrvT7v0vOgHaHUK+CKx16O9sTYNYAIFFVih
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 07 Sep 2022 13:24:53 GMT
content-type: application/x-javascript
cf-ray: 746fc4689939b509-OSL
access-control-allow-origin: *
age: 882
cache-control: public, max-age=1200
etag: W/"630e9cfc-1353"
expires: Wed, 07 Sep 2022 13:44:53 GMT
last-modified: Tue, 30 Aug 2022 23:27:56 GMT
strict-transport-security: max-age=0
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Open+Sans:400,700%7COswald:400,700%7CDroid+Sans:400,700%7CRoboto:400,700%7CLato:400,700%7CPT+Sans:400,700%7CSource+Sans+Pro:400,600,700%7CNoto+Sans:400,700%7CPT+Sans:400,700%7CUbuntu:400,700%7CBitter:400,700%7CPT+Serif:400,700%7CRokkitt:400,700%7CDroid+Serif:400,700%7CRaleway:400,700%7CInconsolata:400,700

142.250.74.10

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css?family=Open+Sans:400,700%7COswald:400,700%7CDroid+Sans:400,700%7CRoboto:400,700%7CLato:400,700%7CPT+Sans:400,700%7CSource+Sans+Pro:400,600,700%7CNoto+Sans:400,700%7CPT+Sans:400,700%7CUbuntu:400,700%7CBitter:400,700%7CPT+Serif:400,700%7CRokkitt:400,700%7CDroid+Serif:400,700%7CRaleway:400,700%7CInconsolata:400,700
IP
142.250.74.10:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css?family=Open+Sans:400,700%7COswald:400,700%7CDroid+Sans:400,700%7CRoboto:400,700%7CLato:400,700%7CPT+Sans:400,700%7CSource+Sans+Pro:400,600,700%7CNoto+Sans:400,700%7CPT+Sans:400,700%7CUbuntu:400,700%7CBitter:400,700%7CPT+Serif:400,700%7CRokkitt:400,700%7CDroid+Serif:400,700%7CRaleway:400,700%7CInconsolata:400,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.saveday-inc.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 07 Sep 2022 13:24:53 GMT
date: Wed, 07 Sep 2022 13:24:53 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

104.18.21.157

200 OK

0 B

URL HTTP/2
csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=_jrDKRGYNj3eAH.cId3Krg_UumhphTYyJ9Zw8MCVPho-1662557093-0-Aer_qGbuX_YmRKjiEjl3XmQk3iVpSHk20J7T8BDPohXc54fIqAiNlcF-e0P3qbg2XcyZSNs9Qi-QLeyW_UzgWgvjUt4nwIQPf5OXsInb5Ynp
IP
104.18.21.157:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

POST /cdn-cgi/script_monitor/report?m=_jrDKRGYNj3eAH.cId3Krg_UumhphTYyJ9Zw8MCVPho-1662557093-0-Aer_qGbuX_YmRKjiEjl3XmQk3iVpSHk20J7T8BDPohXc54fIqAiNlcF-e0P3qbg2XcyZSNs9Qi-QLeyW_UzgWgvjUt4nwIQPf5OXsInb5Ynp HTTP/1.1
Host: csp-reporting.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/csp-report
Content-Length: 555
Origin: https://www.saveday-inc.net
Connection: keep-alive
Sec-Fetch-Dest: report
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Wed, 07 Sep 2022 13:24:53 GMT
server: cloudflare
cf-ray: 746fc46aab8f0b69-OSL
x-frame-options: DENY
x-content-type-options: nosniff
X-Firefox-Spdy: h2

prospectrmktg.com/1410/st46?s=X33W9DWW-9EX0-C65Y-9638-F1E0E32WD83A&p=https%3A//www.saveday-inc.net/optin1638821352637&r=

199.103.4.90

200 OK

0 B

URL HTTP/1.1
prospectrmktg.com/1410/st46?s=X33W9DWW-9EX0-C65Y-9638-F1E0E32WD83A&p=https%3A//www.saveday-inc.net/optin1638821352637&r=
IP
199.103.4.90:0
ASN
#22663 PROMINIC-NET-INC

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /1410/st46?s=X33W9DWW-9EX0-C65Y-9638-F1E0E32WD83A&p=https%3A//www.saveday-inc.net/optin1638821352637&r= HTTP/1.1
Host: prospectrmktg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.saveday-inc.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Wed, 07 Sep 2022 13:24:58 GMT
Connection: close
Content-Type: image/png
Strict-Transport-Security: max-age=604800

104.18.21.157

200 OK

0 B

URL HTTP/2
csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=_jrDKRGYNj3eAH.cId3Krg_UumhphTYyJ9Zw8MCVPho-1662557093-0-Aer_qGbuX_YmRKjiEjl3XmQk3iVpSHk20J7T8BDPohXc54fIqAiNlcF-e0P3qbg2XcyZSNs9Qi-QLeyW_UzgWgvjUt4nwIQPf5OXsInb5Ynp
IP
104.18.21.157:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

POST /cdn-cgi/script_monitor/report?m=_jrDKRGYNj3eAH.cId3Krg_UumhphTYyJ9Zw8MCVPho-1662557093-0-Aer_qGbuX_YmRKjiEjl3XmQk3iVpSHk20J7T8BDPohXc54fIqAiNlcF-e0P3qbg2XcyZSNs9Qi-QLeyW_UzgWgvjUt4nwIQPf5OXsInb5Ynp HTTP/1.1
Host: csp-reporting.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/csp-report
Content-Length: 496
Origin: https://www.saveday-inc.net
Connection: keep-alive
Sec-Fetch-Dest: report
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Wed, 07 Sep 2022 13:24:53 GMT
server: cloudflare
cf-ray: 746fc46c7dc50b69-OSL
x-frame-options: DENY
x-content-type-options: nosniff
X-Firefox-Spdy: h2

www.saveday-inc.net/optin1638821352637

104.16.13.194

200 OK

0 B

URL HTTP/2
www.saveday-inc.net/optin1638821352637
IP
104.16.13.194:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /optin1638821352637 HTTP/1.1
Host: www.saveday-inc.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
date: Wed, 07 Sep 2022 13:24:53 GMT
content-type: text/html; charset=utf-8
cf-ray: 746fc4670efdb509-OSL
access-control-allow-origin: *
cache-control: max-age=60, public, s-maxage=600, r-maxage=10
last-modified: Wed, 15 Dec 2021 19:05:35 GMT
strict-transport-security: max-age=0
vary: Accept-Encoding
cf-cache-status: MISS
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
status: 200 OK
x-content-digest: db3ade980dcadbb2e206fefc51994315386aecbc
x-frame-options: ALLOWALL
x-powered-by: Phusion Passenger Enterprise 6.0.7
x-rack-cache: fresh
x-request-id: 9e7987240c96065453b2c3f1e2d14623
x-runtime: 0.502820
set-cookie: __cf_bm=SJitCKiXrGXcKUmes8G0MEb1Ed8eTEEkmARz7nevfy8-1662557093-0-AT48X99IWscCwTGT2PRigHlgGk5haccVMj0ic1/DLtJw3f06iFOU25blbrc9G58KA8AH79OstgrvT7v0vOgHaHUK+CKx16O9sTYNYAIFFVih; path=/; expires=Wed, 07-Sep-22 13:54:53 GMT; domain=.www.saveday-inc.net; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=_jrDKRGYNj3eAH.cId3Krg_UumhphTYyJ9Zw8MCVPho-1662557093-0-Aer_qGbuX_YmRKjiEjl3XmQk3iVpSHk20J7T8BDPohXc54fIqAiNlcF-e0P3qbg2XcyZSNs9Qi-QLeyW_UzgWgvjUt4nwIQPf5OXsInb5Ynp"}],"group":"cf-csp-endpoint","max_age":86400}
content-security-policy-report-only: script-src 'none'; connect-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=_jrDKRGYNj3eAH.cId3Krg_UumhphTYyJ9Zw8MCVPho-1662557093-0-Aer_qGbuX_YmRKjiEjl3XmQk3iVpSHk20J7T8BDPohXc54fIqAiNlcF-e0P3qbg2XcyZSNs9Qi-QLeyW_UzgWgvjUt4nwIQPf5OXsInb5Ynp; report-to cf-csp-endpoint
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

104.18.21.157

200 OK

0 B

URL HTTP/2
csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=_jrDKRGYNj3eAH.cId3Krg_UumhphTYyJ9Zw8MCVPho-1662557093-0-Aer_qGbuX_YmRKjiEjl3XmQk3iVpSHk20J7T8BDPohXc54fIqAiNlcF-e0P3qbg2XcyZSNs9Qi-QLeyW_UzgWgvjUt4nwIQPf5OXsInb5Ynp
IP
104.18.21.157:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

POST /cdn-cgi/script_monitor/report?m=_jrDKRGYNj3eAH.cId3Krg_UumhphTYyJ9Zw8MCVPho-1662557093-0-Aer_qGbuX_YmRKjiEjl3XmQk3iVpSHk20J7T8BDPohXc54fIqAiNlcF-e0P3qbg2XcyZSNs9Qi-QLeyW_UzgWgvjUt4nwIQPf5OXsInb5Ynp HTTP/1.1
Host: csp-reporting.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/csp-report
Content-Length: 555
Origin: https://www.saveday-inc.net
Connection: keep-alive
Sec-Fetch-Dest: report
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Wed, 07 Sep 2022 13:24:53 GMT
server: cloudflare
cf-ray: 746fc46c4d7f0b69-OSL
x-frame-options: DENY
x-content-type-options: nosniff
X-Firefox-Spdy: h2

app.clickfunnels.com/images/closemodal.png

104.16.13.194

200 OK

0 B

URL HTTP/2
app.clickfunnels.com/images/closemodal.png
IP
104.16.13.194:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /images/closemodal.png HTTP/1.1
Host: app.clickfunnels.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.saveday-inc.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Wed, 07 Sep 2022 13:24:53 GMT
content-type: image/webp
cf-ray: 746fc4693d38b51e-OSL
accept-ranges: bytes
access-control-allow-origin: *
age: 586755
cache-control: public, max-age=2678400
content-disposition: inline; filename="closemodal.webp"
etag: "630e9cfc-314"
expires: Sat, 08 Oct 2022 13:24:53 GMT
last-modified: Tue, 30 Aug 2022 23:27:56 GMT
strict-transport-security: max-age=0
vary: Accept, Accept-Encoding
cf-cache-status: HIT
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=788
set-cookie: __cf_bm=iswux_VM_4U2NDPWDKdy_TBfjYAYbqbWE0VmcjNS0cY-1662557093-0-AUobAHQnnYK8FbGSz+688Jmxuo2Bh5Umkxlydy1ZFYidzd5PtF8yZKpas09jcmLwgYHkj+YSkTBI3HLm3AeRQ05WtFvmsY85rhGsAR/2EKiD; path=/; expires=Wed, 07-Sep-22 13:54:53 GMT; domain=.clickfunnels.com; HttpOnly; Secure; SameSite=None
server: cloudflare
X-Firefox-Spdy: h2

104.18.21.157

200 OK

0 B

URL HTTP/2
csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=_jrDKRGYNj3eAH.cId3Krg_UumhphTYyJ9Zw8MCVPho-1662557093-0-Aer_qGbuX_YmRKjiEjl3XmQk3iVpSHk20J7T8BDPohXc54fIqAiNlcF-e0P3qbg2XcyZSNs9Qi-QLeyW_UzgWgvjUt4nwIQPf5OXsInb5Ynp
IP
104.18.21.157:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

POST /cdn-cgi/script_monitor/report?m=_jrDKRGYNj3eAH.cId3Krg_UumhphTYyJ9Zw8MCVPho-1662557093-0-Aer_qGbuX_YmRKjiEjl3XmQk3iVpSHk20J7T8BDPohXc54fIqAiNlcF-e0P3qbg2XcyZSNs9Qi-QLeyW_UzgWgvjUt4nwIQPf5OXsInb5Ynp HTTP/1.1
Host: csp-reporting.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/csp-report
Content-Length: 556
Origin: https://www.saveday-inc.net
Connection: keep-alive
Sec-Fetch-Dest: report
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Wed, 07 Sep 2022 13:24:53 GMT
server: cloudflare
cf-ray: 746fc46c7dca0b69-OSL
x-frame-options: DENY
x-content-type-options: nosniff
X-Firefox-Spdy: h2

app.clickfunnels.com/userevents/?funnel_id=eThENnR4Zmk0a0FISk4weWlPVCtYQT09LS1qSTVRUk9LZTMvZGlCM2FBaXozT1hRPT0%3D--2df597deecf7a425802bd0e5ecd1ce6489e1b6da&page_id=bnJGR3d4YkRYRFdIM3ZzV2lYbCt5QT09LS16Y0xaMHVRaldFN21aL0tJcExMNjJ3PT0%3D--f69358841eaa48b41796588213093f23443e94b9&funnel_step_id=bmx6T2NwQWN5Y3BBUGJKRG9xTWRmZz09LS00ZEJjRHBDTlpwZm5IL0o3Z1dySDdnPT0%3D--59786c96d79346d129f68009f96dd021e7f5294a&user_id=aFpPcDVVUHlMeFJlM2hRQ2lpa1VQUT09LS1vbWRub1ZCbjlONHZxUG5QeExtbUl3PT0%3D--9a3311e5bcd523b6cbc509fe3878988b1767476c&account_id=VzB0SUFYd0xhTVhpTmVsSUdsSkZydz09LS1NMmNvNGRXVVRSbkV3ckcra1BRRmxnPT0%3D--c221cb55afa42b5bc58c04268236493bfa97577b&page_code=NTIwOTg4ODA%3D&mode_id=1&time_zone=Pacific%20Time%20(US%20%26%20Canada)&app_domain=app.clickfunnels.com&aff_sub2=&aff_sub3=&aff_sub=&affiliate_id=&cf_affiliate_id=&content=&medium=&name=&source=&term=&client_width=1268&type=Userevents::UniqueVisitorsCreatedSummary&nonce=63e87cb3-ae76-48a1-b463-4eeee1507aff&url=https%3A%2F%2Fwww.saveday-inc.net%2Foptin1638821352637

104.16.13.194

202 Accepted

0 B

URL HTTP/2
app.clickfunnels.com/userevents/?funnel_id=eThENnR4Zmk0a0FISk4weWlPVCtYQT09LS1qSTVRUk9LZTMvZGlCM2FBaXozT1hRPT0%3D--2df597deecf7a425802bd0e5ecd1ce6489e1b6da&page_id=bnJGR3d4YkRYRFdIM3ZzV2lYbCt5QT09LS16Y0xaMHVRaldFN21aL0tJcExMNjJ3PT0%3D--f69358841eaa48b41796588213093f23443e94b9&funnel_step_id=bmx6T2NwQWN5Y3BBUGJKRG9xTWRmZz09LS00ZEJjRHBDTlpwZm5IL0o3Z1dySDdnPT0%3D--59786c96d79346d129f68009f96dd021e7f5294a&user_id=aFpPcDVVUHlMeFJlM2hRQ2lpa1VQUT09LS1vbWRub1ZCbjlONHZxUG5QeExtbUl3PT0%3D--9a3311e5bcd523b6cbc509fe3878988b1767476c&account_id=VzB0SUFYd0xhTVhpTmVsSUdsSkZydz09LS1NMmNvNGRXVVRSbkV3ckcra1BRRmxnPT0%3D--c221cb55afa42b5bc58c04268236493bfa97577b&page_code=NTIwOTg4ODA%3D&mode_id=1&time_zone=Pacific%20Time%20(US%20%26%20Canada)&app_domain=app.clickfunnels.com&aff_sub2=&aff_sub3=&aff_sub=&affiliate_id=&cf_affiliate_id=&content=&medium=&name=&source=&term=&client_width=1268&type=Userevents::UniqueVisitorsCreatedSummary&nonce=63e87cb3-ae76-48a1-b463-4eeee1507aff&url=https%3A%2F%2Fwww.saveday-inc.net%2Foptin1638821352637
IP
104.16.13.194:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /userevents/?funnel_id=eThENnR4Zmk0a0FISk4weWlPVCtYQT09LS1qSTVRUk9LZTMvZGlCM2FBaXozT1hRPT0%3D--2df597deecf7a425802bd0e5ecd1ce6489e1b6da&page_id=bnJGR3d4YkRYRFdIM3ZzV2lYbCt5QT09LS16Y0xaMHVRaldFN21aL0tJcExMNjJ3PT0%3D--f69358841eaa48b41796588213093f23443e94b9&funnel_step_id=bmx6T2NwQWN5Y3BBUGJKRG9xTWRmZz09LS00ZEJjRHBDTlpwZm5IL0o3Z1dySDdnPT0%3D--59786c96d79346d129f68009f96dd021e7f5294a&user_id=aFpPcDVVUHlMeFJlM2hRQ2lpa1VQUT09LS1vbWRub1ZCbjlONHZxUG5QeExtbUl3PT0%3D--9a3311e5bcd523b6cbc509fe3878988b1767476c&account_id=VzB0SUFYd0xhTVhpTmVsSUdsSkZydz09LS1NMmNvNGRXVVRSbkV3ckcra1BRRmxnPT0%3D--c221cb55afa42b5bc58c04268236493bfa97577b&page_code=NTIwOTg4ODA%3D&mode_id=1&time_zone=Pacific%20Time%20(US%20%26%20Canada)&app_domain=app.clickfunnels.com&aff_sub2=&aff_sub3=&aff_sub=&affiliate_id=&cf_affiliate_id=&content=&medium=&name=&source=&term=&client_width=1268&type=Userevents::UniqueVisitorsCreatedSummary&nonce=63e87cb3-ae76-48a1-b463-4eeee1507aff&url=https%3A%2F%2Fwww.saveday-inc.net%2Foptin1638821352637 HTTP/1.1
Host: app.clickfunnels.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.saveday-inc.net
Connection: keep-alive
Referer: https://www.saveday-inc.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 202 Accepted
date: Wed, 07 Sep 2022 13:24:54 GMT
content-type: text/html
cf-ray: 746fc46c8a27b51e-OSL
access-control-allow-origin: *
cache-control: no-cache, no-store
strict-transport-security: max-age=0
vary: Accept-Encoding
cf-cache-status: BYPASS
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
access-control-request-method: *
pragma: no-cache
status: 202 Accepted
x-frame-options: ALLOWALL
x-powered-by: Phusion Passenger Enterprise 6.0.7
x-rack-cache: miss
x-request-id: b274ea1f8368483e5951eef0cece49aa
x-runtime: 0.040674
set-cookie: __cf_bm=CIOhybjcsDpfxiOuNye77j4nyJ8MKpOObp4d9Ws69bI-1662557094-0-ATV2rLTVcJrwzVzrw04X7IDIoJZceeWDfNq0UcTt9+O1gTluJEC5iOP+ovnAUlxG02NdZN39d1kUGU3gxdiPONEQGohuI63l3GYjWiFRFQjq; path=/; expires=Wed, 07-Sep-22 13:54:54 GMT; domain=.clickfunnels.com; HttpOnly; Secure; SameSite=None
server: cloudflare
X-Firefox-Spdy: h2

104.18.21.157

200 OK

0 B

URL HTTP/2
csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=_jrDKRGYNj3eAH.cId3Krg_UumhphTYyJ9Zw8MCVPho-1662557093-0-Aer_qGbuX_YmRKjiEjl3XmQk3iVpSHk20J7T8BDPohXc54fIqAiNlcF-e0P3qbg2XcyZSNs9Qi-QLeyW_UzgWgvjUt4nwIQPf5OXsInb5Ynp
IP
104.18.21.157:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

POST /cdn-cgi/script_monitor/report?m=_jrDKRGYNj3eAH.cId3Krg_UumhphTYyJ9Zw8MCVPho-1662557093-0-Aer_qGbuX_YmRKjiEjl3XmQk3iVpSHk20J7T8BDPohXc54fIqAiNlcF-e0P3qbg2XcyZSNs9Qi-QLeyW_UzgWgvjUt4nwIQPf5OXsInb5Ynp HTTP/1.1
Host: csp-reporting.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/csp-report
Content-Length: 643
Origin: https://www.saveday-inc.net
Connection: keep-alive
Sec-Fetch-Dest: report
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Wed, 07 Sep 2022 13:25:01 GMT
server: cloudflare
cf-ray: 746fc49e0f170b69-OSL
x-frame-options: DENY
x-content-type-options: nosniff
X-Firefox-Spdy: h2

www.saveday-inc.net/assets/lander.css

104.16.13.194

200 OK

0 B

URL HTTP/2
www.saveday-inc.net/assets/lander.css
IP
104.16.13.194:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /assets/lander.css HTTP/1.1
Host: www.saveday-inc.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.saveday-inc.net/optin1638821352637
Cookie: __cf_bm=SJitCKiXrGXcKUmes8G0MEb1Ed8eTEEkmARz7nevfy8-1662557093-0-AT48X99IWscCwTGT2PRigHlgGk5haccVMj0ic1/DLtJw3f06iFOU25blbrc9G58KA8AH79OstgrvT7v0vOgHaHUK+CKx16O9sTYNYAIFFVih
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 07 Sep 2022 13:24:53 GMT
content-type: text/css
cf-ray: 746fc468892db509-OSL
access-control-allow-origin: *
age: 882
cache-control: public, max-age=1200
etag: W/"630e9cfc-6a514"
expires: Wed, 07 Sep 2022 13:44:53 GMT
last-modified: Tue, 30 Aug 2022 23:27:56 GMT
strict-transport-security: max-age=0
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

www.saveday-inc.net/assets/lander.js

104.16.13.194

200 OK

0 B

URL HTTP/2
www.saveday-inc.net/assets/lander.js
IP
104.16.13.194:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /assets/lander.js HTTP/1.1
Host: www.saveday-inc.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.saveday-inc.net/optin1638821352637
Cookie: __cf_bm=SJitCKiXrGXcKUmes8G0MEb1Ed8eTEEkmARz7nevfy8-1662557093-0-AT48X99IWscCwTGT2PRigHlgGk5haccVMj0ic1/DLtJw3f06iFOU25blbrc9G58KA8AH79OstgrvT7v0vOgHaHUK+CKx16O9sTYNYAIFFVih
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 07 Sep 2022 13:24:53 GMT
content-type: application/x-javascript
cf-ray: 746fc468a96eb509-OSL
access-control-allow-origin: *
age: 882
cache-control: public, max-age=1200
etag: W/"630e9d40-238fd1"
expires: Wed, 07 Sep 2022 13:44:53 GMT
last-modified: Tue, 30 Aug 2022 23:29:04 GMT
strict-transport-security: max-age=0
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

104.18.21.157

200 OK

0 B

URL HTTP/2
csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=_jrDKRGYNj3eAH.cId3Krg_UumhphTYyJ9Zw8MCVPho-1662557093-0-Aer_qGbuX_YmRKjiEjl3XmQk3iVpSHk20J7T8BDPohXc54fIqAiNlcF-e0P3qbg2XcyZSNs9Qi-QLeyW_UzgWgvjUt4nwIQPf5OXsInb5Ynp
IP
104.18.21.157:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

POST /cdn-cgi/script_monitor/report?m=_jrDKRGYNj3eAH.cId3Krg_UumhphTYyJ9Zw8MCVPho-1662557093-0-Aer_qGbuX_YmRKjiEjl3XmQk3iVpSHk20J7T8BDPohXc54fIqAiNlcF-e0P3qbg2XcyZSNs9Qi-QLeyW_UzgWgvjUt4nwIQPf5OXsInb5Ynp HTTP/1.1
Host: csp-reporting.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/csp-report
Content-Length: 533
Origin: https://www.saveday-inc.net
Connection: keep-alive
Sec-Fetch-Dest: report
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Wed, 07 Sep 2022 13:24:53 GMT
server: cloudflare
cf-ray: 746fc46c4d7d0b69-OSL
x-frame-options: DENY
x-content-type-options: nosniff
X-Firefox-Spdy: h2

use.fontawesome.com/releases/v5.9.0/css/all.css

104.21.63.54

200 OK

0 B

URL HTTP/2
use.fontawesome.com/releases/v5.9.0/css/all.css
IP
104.21.63.54:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /releases/v5.9.0/css/all.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.saveday-inc.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 07 Sep 2022 13:24:53 GMT
content-type: text/css
x-amz-id-2: 5R63sGXcq2LptVgWp1Hbu23fLcn6t7yox4MdVDD4fYkPpwwpE0tP8nap3nE7BUsLxb2kn6BawAQ=
x-amz-request-id: FW5J89H89QA35JM6
last-modified: Wed, 30 Jun 2021 15:48:06 GMT
etag: W/"dbf9d822cefe851ba6f66e1ad57e8987"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 41278
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EPynmiQgEwZgyPeKeNQFfI3%2FSxn2pMXU71tYDeD0Q3D15SKrji4BLS1IkAoIZXcFhC%2Figg5hpSMt%2FnvTOpf9c5HzrPSUrELHKX8Wv%2FzHSohE4QPSEewS9msINfR5zCa85%2FSh36Gw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 746fc468b898b50f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

104.18.21.157

200 OK

0 B

URL HTTP/2
csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=_jrDKRGYNj3eAH.cId3Krg_UumhphTYyJ9Zw8MCVPho-1662557093-0-Aer_qGbuX_YmRKjiEjl3XmQk3iVpSHk20J7T8BDPohXc54fIqAiNlcF-e0P3qbg2XcyZSNs9Qi-QLeyW_UzgWgvjUt4nwIQPf5OXsInb5Ynp
IP
104.18.21.157:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

POST /cdn-cgi/script_monitor/report?m=_jrDKRGYNj3eAH.cId3Krg_UumhphTYyJ9Zw8MCVPho-1662557093-0-Aer_qGbuX_YmRKjiEjl3XmQk3iVpSHk20J7T8BDPohXc54fIqAiNlcF-e0P3qbg2XcyZSNs9Qi-QLeyW_UzgWgvjUt4nwIQPf5OXsInb5Ynp HTTP/1.1
Host: csp-reporting.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/csp-report
Content-Length: 556
Origin: https://www.saveday-inc.net
Connection: keep-alive
Sec-Fetch-Dest: report
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Wed, 07 Sep 2022 13:24:53 GMT
server: cloudflare
cf-ray: 746fc46c7dbb0b69-OSL
x-frame-options: DENY
x-content-type-options: nosniff
X-Firefox-Spdy: h2

104.18.21.157

200 OK

0 B

URL HTTP/2
csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=_jrDKRGYNj3eAH.cId3Krg_UumhphTYyJ9Zw8MCVPho-1662557093-0-Aer_qGbuX_YmRKjiEjl3XmQk3iVpSHk20J7T8BDPohXc54fIqAiNlcF-e0P3qbg2XcyZSNs9Qi-QLeyW_UzgWgvjUt4nwIQPf5OXsInb5Ynp
IP
104.18.21.157:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

POST /cdn-cgi/script_monitor/report?m=_jrDKRGYNj3eAH.cId3Krg_UumhphTYyJ9Zw8MCVPho-1662557093-0-Aer_qGbuX_YmRKjiEjl3XmQk3iVpSHk20J7T8BDPohXc54fIqAiNlcF-e0P3qbg2XcyZSNs9Qi-QLeyW_UzgWgvjUt4nwIQPf5OXsInb5Ynp HTTP/1.1
Host: csp-reporting.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/csp-report
Content-Length: 881
Origin: https://www.saveday-inc.net
Connection: keep-alive
Sec-Fetch-Dest: report
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Wed, 07 Sep 2022 13:24:57 GMT
server: cloudflare
cf-ray: 746fc482a8510b69-OSL
x-frame-options: DENY
x-content-type-options: nosniff
X-Firefox-Spdy: h2

static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194

104.18.47.230

200 OK

0 B

URL HTTP/2
static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194
IP
104.18.47.230:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.saveday-inc.net
Connection: keep-alive
Referer: https://www.saveday-inc.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 07 Sep 2022 13:24:53 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/2021.12.0
last-modified: Thu, 09 Dec 2021 19:55:17 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 746fc4692eda1bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

104.18.21.157

200 OK

0 B

URL HTTP/2
csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=_jrDKRGYNj3eAH.cId3Krg_UumhphTYyJ9Zw8MCVPho-1662557093-0-Aer_qGbuX_YmRKjiEjl3XmQk3iVpSHk20J7T8BDPohXc54fIqAiNlcF-e0P3qbg2XcyZSNs9Qi-QLeyW_UzgWgvjUt4nwIQPf5OXsInb5Ynp
IP
104.18.21.157:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

POST /cdn-cgi/script_monitor/report?m=_jrDKRGYNj3eAH.cId3Krg_UumhphTYyJ9Zw8MCVPho-1662557093-0-Aer_qGbuX_YmRKjiEjl3XmQk3iVpSHk20J7T8BDPohXc54fIqAiNlcF-e0P3qbg2XcyZSNs9Qi-QLeyW_UzgWgvjUt4nwIQPf5OXsInb5Ynp HTTP/1.1
Host: csp-reporting.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/csp-report
Content-Length: 556
Origin: https://www.saveday-inc.net
Connection: keep-alive
Sec-Fetch-Dest: report
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Wed, 07 Sep 2022 13:24:53 GMT
server: cloudflare
cf-ray: 746fc46c7dc10b69-OSL
x-frame-options: DENY
x-content-type-options: nosniff
X-Firefox-Spdy: h2

104.18.21.157

200 OK

0 B

URL HTTP/2
csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=_jrDKRGYNj3eAH.cId3Krg_UumhphTYyJ9Zw8MCVPho-1662557093-0-Aer_qGbuX_YmRKjiEjl3XmQk3iVpSHk20J7T8BDPohXc54fIqAiNlcF-e0P3qbg2XcyZSNs9Qi-QLeyW_UzgWgvjUt4nwIQPf5OXsInb5Ynp
IP
104.18.21.157:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

POST /cdn-cgi/script_monitor/report?m=_jrDKRGYNj3eAH.cId3Krg_UumhphTYyJ9Zw8MCVPho-1662557093-0-Aer_qGbuX_YmRKjiEjl3XmQk3iVpSHk20J7T8BDPohXc54fIqAiNlcF-e0P3qbg2XcyZSNs9Qi-QLeyW_UzgWgvjUt4nwIQPf5OXsInb5Ynp HTTP/1.1
Host: csp-reporting.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/csp-report
Content-Length: 545
Origin: https://www.saveday-inc.net
Connection: keep-alive
Sec-Fetch-Dest: report
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Wed, 07 Sep 2022 13:24:57 GMT
server: cloudflare
cf-ray: 746fc485bbf80b69-OSL
x-frame-options: DENY
x-content-type-options: nosniff
X-Firefox-Spdy: h2

www.saveday-inc.net/cdn-cgi/rum?

104.16.13.194

200 OK

0 B

URL HTTP/2
www.saveday-inc.net/cdn-cgi/rum?
IP
104.16.13.194:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

POST /cdn-cgi/rum? HTTP/1.1
Host: www.saveday-inc.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 431
Origin: https://www.saveday-inc.net
Connection: keep-alive
Referer: https://www.saveday-inc.net/optin1638821352637
Cookie: __cf_bm=SJitCKiXrGXcKUmes8G0MEb1Ed8eTEEkmARz7nevfy8-1662557093-0-AT48X99IWscCwTGT2PRigHlgGk5haccVMj0ic1/DLtJw3f06iFOU25blbrc9G58KA8AH79OstgrvT7v0vOgHaHUK+CKx16O9sTYNYAIFFVih; cf:aff_sub2=; cf:aff_sub3=; cf:aff_sub=; cf:affiliate_id=; cf:cf_affiliate_id=; cf:content=; cf:medium=; cf:name=; cf:source=; cf:term=; cf:NTIwOTg4ODA=:visited=true; cf:visitor_id=0a14c206-9b1f-4214-8955-7f60db3dae66; addevent_track_cookie=d571e957-fe99-4d9d-1142-4ff67c30ec88; _gcl_au=1.1.2088749376.1662557087; _ga=GA1.2.1017554000.1662557088; _gid=GA1.2.1355425120.1662557088; _dc_gtm_UA-106500592-1=1; _fbp=fb.1.1662557087963.1758884844; is_eu=false; puj70qegsxmgi00v=true; 11661049_viewed_1=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 07 Sep 2022 13:25:01 GMT
content-type: text/plain
access-control-allow-origin: https://www.saveday-inc.net
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 746fc49e0eaeb509-OSL
x-frame-options: DENY
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

app.clickfunnels.com/mailcheck.min.js

104.16.13.194

200 OK

0 B

URL HTTP/2
app.clickfunnels.com/mailcheck.min.js
IP
104.16.13.194:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /mailcheck.min.js HTTP/1.1
Host: app.clickfunnels.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.saveday-inc.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 07 Sep 2022 13:24:53 GMT
content-type: application/x-javascript
cf-ray: 746fc4693d37b51e-OSL
access-control-allow-origin: *
age: 181
etag: W/"630e9cfc-a8d"
last-modified: Tue, 30 Aug 2022 23:27:56 GMT
strict-transport-security: max-age=0
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
set-cookie: __cf_bm=zgW3NkwaXLCncNzGN82aiWl8uy7BqAzHUv62_lYReWc-1662557093-0-AQ5dFxzNggbYSa2OvXZQ1NISrTmjdR23fyhf1etbj3L9DEnZ2LH/uaxzaRpS7cZzRpHXEbv92uWHI1DqOF4boTugMdcqCPdYzio0yBb9oT9R; path=/; expires=Wed, 07-Sep-22 13:54:53 GMT; domain=.clickfunnels.com; HttpOnly; Secure; SameSite=None
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

use.fontawesome.com/releases/v5.9.0/css/v4-shims.css

104.21.63.54

200 OK

0 B

URL HTTP/2
use.fontawesome.com/releases/v5.9.0/css/v4-shims.css
IP
104.21.63.54:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /releases/v5.9.0/css/v4-shims.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.saveday-inc.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 07 Sep 2022 13:24:53 GMT
content-type: text/css
x-amz-id-2: 29dQf2WVNOHot5Ay8pBeGC9Jp0pul03AFXB61uD4zFysCnT6qW6VHySxi6MC8oLZjApsDY/NPq0=
x-amz-request-id: B6FTANBTWNEFCW5M
last-modified: Wed, 30 Jun 2021 15:48:06 GMT
etag: W/"e140a7d32f343530f016095df3cc2ae4"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 2641280
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zG9W0czqP5M3vJMuw%2BrLP5pG08%2FY%2FWSpYZEABlvPlc3IXJiCdgZPXPubI9NENAv07EaqNva0ZGnUMeSd7ApJzFlX7Q6TMNrHnJ9V3%2BYCLHpSCSVcOm0LJUM0QZrmxVu2yUCJbeEa"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 746fc468c8b2b50f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

104.18.21.157

200 OK

0 B

URL HTTP/2
csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=_jrDKRGYNj3eAH.cId3Krg_UumhphTYyJ9Zw8MCVPho-1662557093-0-Aer_qGbuX_YmRKjiEjl3XmQk3iVpSHk20J7T8BDPohXc54fIqAiNlcF-e0P3qbg2XcyZSNs9Qi-QLeyW_UzgWgvjUt4nwIQPf5OXsInb5Ynp
IP
104.18.21.157:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

POST /cdn-cgi/script_monitor/report?m=_jrDKRGYNj3eAH.cId3Krg_UumhphTYyJ9Zw8MCVPho-1662557093-0-Aer_qGbuX_YmRKjiEjl3XmQk3iVpSHk20J7T8BDPohXc54fIqAiNlcF-e0P3qbg2XcyZSNs9Qi-QLeyW_UzgWgvjUt4nwIQPf5OXsInb5Ynp HTTP/1.1
Host: csp-reporting.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/csp-report
Content-Length: 554
Origin: https://www.saveday-inc.net
Connection: keep-alive
Sec-Fetch-Dest: report
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Wed, 07 Sep 2022 13:24:53 GMT
server: cloudflare
cf-ray: 746fc46aab890b69-OSL
x-frame-options: DENY
x-content-type-options: nosniff
X-Firefox-Spdy: h2

104.18.21.157

200 OK

0 B

URL HTTP/2
csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=_jrDKRGYNj3eAH.cId3Krg_UumhphTYyJ9Zw8MCVPho-1662557093-0-Aer_qGbuX_YmRKjiEjl3XmQk3iVpSHk20J7T8BDPohXc54fIqAiNlcF-e0P3qbg2XcyZSNs9Qi-QLeyW_UzgWgvjUt4nwIQPf5OXsInb5Ynp
IP
104.18.21.157:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

POST /cdn-cgi/script_monitor/report?m=_jrDKRGYNj3eAH.cId3Krg_UumhphTYyJ9Zw8MCVPho-1662557093-0-Aer_qGbuX_YmRKjiEjl3XmQk3iVpSHk20J7T8BDPohXc54fIqAiNlcF-e0P3qbg2XcyZSNs9Qi-QLeyW_UzgWgvjUt4nwIQPf5OXsInb5Ynp HTTP/1.1
Host: csp-reporting.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/csp-report
Content-Length: 1600
Origin: https://www.saveday-inc.net
Connection: keep-alive
Sec-Fetch-Dest: report
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Wed, 07 Sep 2022 13:24:53 GMT
server: cloudflare
cf-ray: 746fc46d0e6a0b69-OSL
x-frame-options: DENY
x-content-type-options: nosniff
X-Firefox-Spdy: h2

104.18.21.157

200 OK

0 B

URL HTTP/2
csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=_jrDKRGYNj3eAH.cId3Krg_UumhphTYyJ9Zw8MCVPho-1662557093-0-Aer_qGbuX_YmRKjiEjl3XmQk3iVpSHk20J7T8BDPohXc54fIqAiNlcF-e0P3qbg2XcyZSNs9Qi-QLeyW_UzgWgvjUt4nwIQPf5OXsInb5Ynp
IP
104.18.21.157:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

POST /cdn-cgi/script_monitor/report?m=_jrDKRGYNj3eAH.cId3Krg_UumhphTYyJ9Zw8MCVPho-1662557093-0-Aer_qGbuX_YmRKjiEjl3XmQk3iVpSHk20J7T8BDPohXc54fIqAiNlcF-e0P3qbg2XcyZSNs9Qi-QLeyW_UzgWgvjUt4nwIQPf5OXsInb5Ynp HTTP/1.1
Host: csp-reporting.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/csp-report
Content-Length: 751
Origin: https://www.saveday-inc.net
Connection: keep-alive
Sec-Fetch-Dest: report
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Wed, 07 Sep 2022 13:24:54 GMT
server: cloudflare
cf-ray: 746fc46f18d00b69-OSL
x-frame-options: DENY
x-content-type-options: nosniff
X-Firefox-Spdy: h2

www.saveday-inc.net/images/background.png?_unique=0.6137570701133614&_uniqueVisitorID=null&_type=WINDOW&_location=ttps%3A//www.saveday-inc.net/optin1638821352637&_title=SaveDay&_key=fq1volzp&_page_key=puj70qegsxmgi00v&_fid=11661049&_fspos=1&_fvrs=1&_funnel_stat=1&_location=https://www.saveday-inc.net/optin1638821352637&_referrer=

104.16.13.194

200 OK

0 B

URL HTTP/2
www.saveday-inc.net/images/background.png?_unique=0.6137570701133614&_uniqueVisitorID=null&_type=WINDOW&_location=ttps%3A//www.saveday-inc.net/optin1638821352637&_title=SaveDay&_key=fq1volzp&_page_key=puj70qegsxmgi00v&_fid=11661049&_fspos=1&_fvrs=1&_funnel_stat=1&_location=https://www.saveday-inc.net/optin1638821352637&_referrer=
IP
104.16.13.194:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /images/background.png?_unique=0.6137570701133614&_uniqueVisitorID=null&_type=WINDOW&_location=ttps%3A//www.saveday-inc.net/optin1638821352637&_title=SaveDay&_key=fq1volzp&_page_key=puj70qegsxmgi00v&_fid=11661049&_fspos=1&_fvrs=1&_funnel_stat=1&_location=https://www.saveday-inc.net/optin1638821352637&_referrer= HTTP/1.1
Host: www.saveday-inc.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.saveday-inc.net/optin1638821352637
Cookie: __cf_bm=SJitCKiXrGXcKUmes8G0MEb1Ed8eTEEkmARz7nevfy8-1662557093-0-AT48X99IWscCwTGT2PRigHlgGk5haccVMj0ic1/DLtJw3f06iFOU25blbrc9G58KA8AH79OstgrvT7v0vOgHaHUK+CKx16O9sTYNYAIFFVih; cf:aff_sub2=; cf:aff_sub3=; cf:aff_sub=; cf:affiliate_id=; cf:cf_affiliate_id=; cf:content=; cf:medium=; cf:name=; cf:source=; cf:term=; cf:NTIwOTg4ODA=:visited=true; cf:visitor_id=0a14c206-9b1f-4214-8955-7f60db3dae66; addevent_track_cookie=d571e957-fe99-4d9d-1142-4ff67c30ec88; _gcl_au=1.1.2088749376.1662557087; _ga=GA1.2.1017554000.1662557088; _gid=GA1.2.1355425120.1662557088; _dc_gtm_UA-106500592-1=1; _fbp=fb.1.1662557087963.1758884844
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 07 Sep 2022 13:24:57 GMT
content-type: text/javascript; charset=utf-8
cf-ray: 746fc481baceb509-OSL
access-control-allow-origin: *
cache-control: no-cache, no-store, private
strict-transport-security: max-age=0
cf-cache-status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
access-control-request-method: *
status: 200 OK
x-frame-options: ALLOWALL
x-powered-by: Phusion Passenger Enterprise 6.0.7
x-rack-cache: miss
x-request-id: 404f4303f3fb422cce45135f5be4ace2
x-runtime: 0.025286
vary: Accept-Encoding
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

Files detected

URL

IP

ASN

File type

Size

Hash

Detections

URL

IP

ASN

File type

Size

Hash

Detections

URL

IP

ASN

File type

Size

Hash

Detections

JavaScript (32)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML