Report - heydudeskonorge.com/

Report Overview

Submitted URL
heydudeskonorge.com/
IP
172.67.202.93
ASN
#13335 CLOUDFLARENET
Submitted
2023-01-12 04:12:17
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
16

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
www.heydudeforsale.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	9.5 kB	1.0 MB	5.153.234.77
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	52.89.52.214
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	686 B	1.4 kB	142.250.74.131
fonts.googleapis.com	8877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	8.1 kB	92 kB	216.58.207.202
heydudeskonorge.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	800 B	1.5 kB	188.114.97.1
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.0 kB	8.0 kB	23.36.77.32
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	35.241.9.150
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	391 B	34.117.237.239
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	58 kB	34.120.237.76
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	341 B	797 B	93.184.220.29
fonts.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	982 B	18 kB	216.58.207.227

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-01-12	medium	heydudeskonorge.com/	Phishing
2023-01-12	medium	www.heydudeforsale.com/	Phishing
2023-01-12	medium	www.heydudeforsale.com/includes/templates/heydudeforsale/jscript/jscript_cookies.js	Phishing
2023-01-12	medium	www.heydudeforsale.com/includes/templates/heydudeforsale/jscript/jscript_extend.js	Phishing
2023-01-12	medium	www.heydudeforsale.com/includes/templates/heydudeforsale/jscript/jscript_zmain.js	Phishing
2023-01-12	medium	www.heydudeforsale.com/includes/templates/heydudeforsale/jscript/jquery.min.js	Phishing
2023-01-12	medium	www.heydudeforsale.com/includes/templates/heydudeforsale/jscript/jscript_plugins.js	Phishing
2023-01-12	medium	heydudeskonorge.com/	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (7)

	URL	Size	First Seen	Last Seen
	www.heydudeforsale.com/	158 B	2023-03-07	2024-04-18
Pretty URL www.heydudeforsale.com/ IP 5.153.234.77 ASN #57858 Inter Connects Inc Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:18:35 Last Seen2024-04-18 15:30:39 Times Seen400 Hash f898517faa32a1d50013fd8b9ab2aaa7 eaeadc084111ee29bc6e1c05e35cfb8a237cbf5f 828a54afa9f3f8d83b680f98ab03887c8fb7999d5eece48e4c7cb3a4842a03d9 Loading...

	www.heydudeforsale.com/includes/templates/heydudeforsale/jscript/jscript_cookies.js	745 B	2023-03-07	2024-04-18
Pretty URL www.heydudeforsale.com/includes/templates/heydudeforsale/jscript/jscript_cookies.js IP 5.153.234.77 ASN #57858 Inter Connects Inc Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:18:35 Last Seen2024-04-18 15:30:40 Times Seen724 Hash 65807f4bee7bcb4f6af769919ee805d3 c75e394f474f9238cb539f8b7ef9708cc083eff2 6979054ef7300efc7abcaefb0168e095f82adc208a00837ae1a95e0f72e2b598 Loading...

	www.heydudeforsale.com/includes/templates/heydudeforsale/jscript/jscript_extend.js	10 kB	2023-03-09	2024-02-29
Pretty URL www.heydudeforsale.com/includes/templates/heydudeforsale/jscript/jscript_extend.js IP 5.153.234.77 ASN #57858 Inter Connects Inc Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 02:45:49 Last Seen2024-02-29 04:15:30 Times Seen11 Hash cd96fe3b85fddc5267fda9cab39c8427 c4f64aff956c32478a1a53cf93eb6887a64390ea b498d110c859e28a382b1c8207ab387a82bdec9bba2cf6045f20a0693f633a60 Loading...

	www.heydudeforsale.com/includes/templates/heydudeforsale/jscript/jscript_zmain.js	54 kB	2023-03-12	2023-10-13
Pretty URL www.heydudeforsale.com/includes/templates/heydudeforsale/jscript/jscript_zmain.js IP 5.153.234.77 ASN #57858 Inter Connects Inc Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 21:02:16 Last Seen2023-10-13 08:11:02 Times Seen5 Hash b0ea880921d0125eca06a9cfd3c2505b cf0cf3b46da3dbf48f1041df95b980dc9a89213c 02d9671da5921ff64657d2008f2a99f05372d0959dd69e51c320d529c1548fe6 Loading...

	www.heydudeforsale.com/includes/templates/heydudeforsale/jscript/jquery.min.js	90 kB	2023-03-07	2024-04-25
Pretty URL www.heydudeforsale.com/includes/templates/heydudeforsale/jscript/jquery.min.js IP 5.153.234.77 ASN #57858 Inter Connects Inc Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:13 Last Seen2024-04-25 06:13:05 Times Seen261110 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	www.heydudeforsale.com/includes/templates/heydudeforsale/jscript/jscript_plugins.js	273 kB	2023-03-08	2024-04-18
Pretty URL www.heydudeforsale.com/includes/templates/heydudeforsale/jscript/jscript_plugins.js IP 5.153.234.77 ASN #57858 Inter Connects Inc Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 12:00:23 Last Seen2024-04-18 15:30:40 Times Seen376 Hash 61bced23c3ca3a6b3623097507a8e2e4 fa6e156543aee6ad5fd3f14799140842880142aa 1736d465416b468d9836583f60c9a3165138120678649560a81f6365378a2743 Loading...

	www.heydudeforsale.com/	2 B	2023-03-07	2024-04-25
Pretty URL www.heydudeforsale.com/ IP 5.153.234.77 ASN #57858 Inter Connects Inc Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:30 Last Seen2024-04-25 06:02:35 Times Seen13114 Hash e1c06d85ae7b8b032bef47e42e4c08f9 71853c6197a6a7f222db0f1978c7cb232b87c5ee 75a11da44c802486bc6f65640aa48a730f0f684c5c07a42ba3cd1735eb3fb070 Loading...

HTTP Transactions (65)

URL IP Response Size

heydudeskonorge.com/

188.114.97.1

301 Moved Permanently

236 B

URL HTTP/1.1
heydudeskonorge.com/
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
236 B (236 bytes)
Hash
fc795363bbdb43e24ac75980e6a2ba82
1465ea5945e59ff1ab428d7fafdcf5e1222704cd
86f52954fab2c6d4a0152165cc379379155cd648a3ad485d9d3dc2192a0a1d35

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET / HTTP/1.1
Host: heydudeskonorge.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Date: Thu, 12 Jan 2023 04:12:06 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://heydudeskonorge.com/
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7Cp%2BWzYDjaYvbkAp8oQnKnOn4RvyD89gEHsujkIkekEXIYohSl2rO56qi9FXuM%2BLW%2BgTgC5rgSMX51452kWSMumWVAHM4vAECDa4GNHLnlalumPTfI1DjXvRFfUSheQzO4CUzFOt"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 78830d49b9ddb4f7-OSL
alt-svc: h2=":443"; ma=60

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e6b7a72139d0ef7688330456e9be9a4c
e130a94e7d531768300071764dd1e81fee5bbbcb
d3818afd1493030105341b4cfb91037acbf27085c96068b3ef91c5071277c8e5

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D3818AFD1493030105341B4CFB91037ACBF27085C96068B3EF91C5071277C8E5"
Last-Modified: Mon, 09 Jan 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6602
Expires: Thu, 12 Jan 2023 06:02:08 GMT
Date: Thu, 12 Jan 2023 04:12:06 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
cab5b63e128895128726181aff42e42e
d39c36237554fcd41addec0664d7fe7f7d157c06
18e82a5b82eb8f2d8b49df824c336015f19367c5a05467ad139a56db59f88852

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "18E82A5B82EB8F2D8B49DF824C336015F19367C5A05467AD139A56DB59F88852"
Last-Modified: Wed, 11 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9963
Expires: Thu, 12 Jan 2023 06:58:09 GMT
Date: Thu, 12 Jan 2023 04:12:06 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Content-Type, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 12 Jan 2023 03:48:42 GMT
content-type: application/json
age: 1404
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
0f4ecf4f26be1ba09e61135b1b488bf4
f16b8277e00033bc990a8bcce54b693cb3c87d62
3018c2a228f0a894d217e8e8b0b8dd060527f06879cd2f469bac6c8766acbbf8

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3018C2A228F0A894D217E8E8B0B8DD060527F06879CD2F469BAC6C8766ACBBF8"
Last-Modified: Wed, 11 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6241
Expires: Thu, 12 Jan 2023 05:56:07 GMT
Date: Thu, 12 Jan 2023 04:12:06 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
b1fcd419a4245617397846e8d17233f6
2a037ce244587640b27ead9a0ec2af4f862d91b2
e059b6d834c06e58494c43fb2ff42acbc27c1a1d8f7f30e2f32ca0e167599e2f

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: Nvpu/tK2jZ6zzNDOfV2zgAvs0bUHt7Vi+FsvE8Khj+HuizPh7Ybx812Xh7KL9Pz8gNyEi4uhMYw=
x-amz-request-id: P8H395FYFMNQG7CZ
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 12 Jan 2023 04:02:20 GMT
age: 586
last-modified: Tue, 20 Dec 2022 14:47:58 GMT
etag: "b1fcd419a4245617397846e8d17233f6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 12 Jan 2023 04:12:06 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Pragma, Content-Length, Alert, Expires, ETag, Last-Modified, Backoff, Content-Type, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 12 Jan 2023 03:17:24 GMT
age: 3282
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
ce604e6f88a42844a4ec7d404879bdcf
d462a2a194a67d39d091ff49c4435fdfc39b3e5b
9e0222bcc67f019bb5c61657fc921fc42aa0cd7a75f6b1358d05231c53cc26e4

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5270
Cache-Control: max-age=109353
Content-Type: application/ocsp-response
Date: Thu, 12 Jan 2023 04:12:07 GMT
Etag: "63be7c2a-1d7"
Expires: Fri, 13 Jan 2023 10:34:40 GMT
Last-Modified: Wed, 11 Jan 2023 09:06:50 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
cdfcff59240506b0acf2a90ef0080c5f
5cd0f99a7c78b95dedb93624810cf7a19bb59027
8ab0b6349391b8635fc1559405ac81b9622069d8c4c9e51eafd9182b15efc600

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8AB0B6349391B8635FC1559405AC81B9622069D8C4C9E51EAFD9182B15EFC600"
Last-Modified: Wed, 11 Jan 2023 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21027
Expires: Thu, 12 Jan 2023 10:02:34 GMT
Date: Thu, 12 Jan 2023 04:12:07 GMT
Connection: keep-alive

www.heydudeforsale.com/

5.153.234.77

200 OK

5.4 kB

URL HTTP/1.1
www.heydudeforsale.com/
IP
5.153.234.77:0
ASN
#57858 Inter Connects Inc

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (2296), with CRLF, LF line terminators
Size
5.4 kB (5372 bytes)
Hash
4a54f006b606e3815f51d1eb6f8c4887
7493c5f74ca255b3fc014009a0c2c16fdecb6753
1965bad6db826f89cb20f1c5da9dc2db43f1ecc8b86b50a637a0854d2a28961d

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET / HTTP/1.1
Host: www.heydudeforsale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/1.1 200 OK
Date: Thu, 12 Jan 2023 04:12:07 GMT
Server: Apache/2
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: SAMEORIGIN
Set-Cookie: zenid=hp27vr8uu403jiihn6prulivn6; path=/; domain=.www.heydudeforsale.com; secure; HttpOnly; SameSite=lax
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 5372
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8

push.services.mozilla.com/

52.89.52.214

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.89.52.214:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: oDlGa89745CI1CZ1ANlWMQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: QTGn+jqnZkZWDQsa1jx6Mo2Hv6I=

www.heydudeforsale.com/includes/templates/heydudeforsale/css/style_plugins.css

5.153.234.77

200 OK

38 kB

URL HTTP/1.1
www.heydudeforsale.com/includes/templates/heydudeforsale/css/style_plugins.css
IP
5.153.234.77:0
ASN
#57858 Inter Connects Inc

File type
Unicode text, UTF-8 text, with very long lines (64833)
Size
38 kB (37634 bytes)
Hash
2f619466a4c534e1197c63ec4f49fa83
70ba66c1866a8d8011a29963a085058ab4df6871
ba48ffd4e1bff059383fde17f5d8066955b272b4275de11d8ed1381ef4498a03

HTTP Headers

GET /includes/templates/heydudeforsale/css/style_plugins.css HTTP/1.1
Host: www.heydudeforsale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heydudeforsale.com/
Cookie: zenid=hp27vr8uu403jiihn6prulivn6
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 12 Jan 2023 04:12:07 GMT
Server: Apache/2
Last-Modified: Thu, 08 Dec 2022 01:52:29 GMT
Accept-Ranges: bytes
Cache-Control: max-age=3600
Expires: Thu, 12 Jan 2023 05:12:07 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 37634
Keep-Alive: timeout=2, max=99
Connection: Keep-Alive
Content-Type: text/css

www.heydudeforsale.com/includes/templates/heydudeforsale/css/style_zp.css

5.153.234.77

200 OK

3.7 kB

URL HTTP/1.1
www.heydudeforsale.com/includes/templates/heydudeforsale/css/style_zp.css
IP
5.153.234.77:0
ASN
#57858 Inter Connects Inc

File type
ASCII text
Size
3.7 kB (3666 bytes)
Hash
17ae34523e04a71076d3033338e539e0
290d0a3245e2a0581f7872538fb3a8116dc788e5
2706aa509ecf44a2e686c2a5097a3255b683d1e14eadd65ed3637f8de4a47624

HTTP Headers

GET /includes/templates/heydudeforsale/css/style_zp.css HTTP/1.1
Host: www.heydudeforsale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heydudeforsale.com/
Cookie: zenid=hp27vr8uu403jiihn6prulivn6
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 12 Jan 2023 04:12:07 GMT
Server: Apache/2
Last-Modified: Thu, 08 Dec 2022 01:52:29 GMT
Accept-Ranges: bytes
Cache-Control: max-age=3600
Expires: Thu, 12 Jan 2023 05:12:07 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 3666
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: text/css

www.heydudeforsale.com/includes/templates/heydudeforsale/css/stylesheet.css

5.153.234.77

200 OK

12 kB

URL HTTP/1.1
www.heydudeforsale.com/includes/templates/heydudeforsale/css/stylesheet.css
IP
5.153.234.77:0
ASN
#57858 Inter Connects Inc

File type
ASCII text, with very long lines (349)
Size
12 kB (11524 bytes)
Hash
8f13df6c76ab8c4ed275b7e361dfdfc7
9643cee32f37b0b73b8a1a3fa2d2d1fb30aa75ec
fd987fbc3d5bc0964eb915cab62d61fba4cfd8e19c6e7bafd2b643e920bfaded

HTTP Headers

GET /includes/templates/heydudeforsale/css/stylesheet.css HTTP/1.1
Host: www.heydudeforsale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heydudeforsale.com/
Cookie: zenid=hp27vr8uu403jiihn6prulivn6
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 12 Jan 2023 04:12:07 GMT
Server: Apache/2
Last-Modified: Thu, 08 Dec 2022 01:52:29 GMT
Accept-Ranges: bytes
Cache-Control: max-age=3600
Expires: Thu, 12 Jan 2023 05:12:07 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 11524
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: text/css

www.heydudeforsale.com/includes/templates/heydudeforsale/jscript/jscript_cookies.js

5.153.234.77

200 OK

430 B

URL HTTP/1.1
www.heydudeforsale.com/includes/templates/heydudeforsale/jscript/jscript_cookies.js
IP
5.153.234.77:0
ASN
#57858 Inter Connects Inc

File type
ASCII text, with very long lines (745), with no line terminators
Size
430 B (430 bytes)
Hash
57bb94c0061d092d6fea866804f9da64
65b14433607fa05075d1ffd9659751e5b127452c
d3a59fd46e59abcb7bf4c6f28a7fa22c4c7b1cd9f6ecff4d640cef76c1a0ab78

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /includes/templates/heydudeforsale/jscript/jscript_cookies.js HTTP/1.1
Host: www.heydudeforsale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heydudeforsale.com/
Cookie: zenid=hp27vr8uu403jiihn6prulivn6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 12 Jan 2023 04:12:07 GMT
Server: Apache/2
Last-Modified: Thu, 08 Dec 2022 01:52:29 GMT
Accept-Ranges: bytes
Cache-Control: max-age=300
Expires: Thu, 12 Jan 2023 04:17:07 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 430
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: application/javascript

www.heydudeforsale.com/includes/templates/heydudeforsale/jscript/jscript_extend.js

5.153.234.77

200 OK

2.4 kB

URL HTTP/1.1
www.heydudeforsale.com/includes/templates/heydudeforsale/jscript/jscript_extend.js
IP
5.153.234.77:0
ASN
#57858 Inter Connects Inc

File type
ASCII text
Size
2.4 kB (2403 bytes)
Hash
3469a6a73d5afd6ed48c465defe9d18a
1fc8ec13eb5adc7ebc6dd091785811256823f502
db579ad51547ca0df2d32e91bc88299c47cf9f1e80dda9254ba354e065213294

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /includes/templates/heydudeforsale/jscript/jscript_extend.js HTTP/1.1
Host: www.heydudeforsale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heydudeforsale.com/
Cookie: zenid=hp27vr8uu403jiihn6prulivn6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 12 Jan 2023 04:12:07 GMT
Server: Apache/2
Last-Modified: Thu, 08 Dec 2022 01:52:29 GMT
Accept-Ranges: bytes
Cache-Control: max-age=300
Expires: Thu, 12 Jan 2023 04:17:07 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 2403
Keep-Alive: timeout=2, max=98
Connection: Keep-Alive
Content-Type: application/javascript

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
36d866ff9883c4de599d7500e5d075c7
4c7f6817ef09645830f7ac8c74a303ae847dd25c
fc081651de3dd143b05c0fa145ea357197a8f2dda3507959e3f8288d3c42731a

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 12 Jan 2023 04:12:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.heydudeforsale.com/includes/templates/heydudeforsale/css/style_zo.css

5.153.234.77

200 OK

28 kB

URL HTTP/1.1
www.heydudeforsale.com/includes/templates/heydudeforsale/css/style_zo.css
IP
5.153.234.77:0
ASN
#57858 Inter Connects Inc

File type
assembler source, ASCII text, with very long lines (529)
Size
28 kB (27993 bytes)
Hash
31c37cf73d882a8d255749a90086d640
69e79e19f428fa36eb791838e9839937996f6bc9
c61d8b35f6e6909ba24d05a39332ed229c572e7aacf8edea3b9db360960c79e1

HTTP Headers

GET /includes/templates/heydudeforsale/css/style_zo.css HTTP/1.1
Host: www.heydudeforsale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heydudeforsale.com/
Cookie: zenid=hp27vr8uu403jiihn6prulivn6
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 12 Jan 2023 04:12:07 GMT
Server: Apache/2
Last-Modified: Thu, 08 Dec 2022 01:52:29 GMT
Accept-Ranges: bytes
Cache-Control: max-age=3600
Expires: Thu, 12 Jan 2023 05:12:07 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 27993
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: text/css

www.heydudeforsale.com/includes/templates/heydudeforsale/jscript/jscript_zmain.js

5.153.234.77

200 OK

8.3 kB

URL HTTP/1.1
www.heydudeforsale.com/includes/templates/heydudeforsale/jscript/jscript_zmain.js
IP
5.153.234.77:0
ASN
#57858 Inter Connects Inc

File type
ASCII text, with very long lines (528)
Size
8.3 kB (8279 bytes)
Hash
94282c3e825b9a4879cae6076df2d95c
925c313a9ea2ba095f9b3f39e3bb7fa522071fd3
9b2940a3104e0159ca3d54a2a0da664128d5b1d7a570df9e1ba54e4f1825b497

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /includes/templates/heydudeforsale/jscript/jscript_zmain.js HTTP/1.1
Host: www.heydudeforsale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heydudeforsale.com/
Cookie: zenid=hp27vr8uu403jiihn6prulivn6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 12 Jan 2023 04:12:07 GMT
Server: Apache/2
Last-Modified: Thu, 08 Dec 2022 01:52:29 GMT
Accept-Ranges: bytes
Cache-Control: max-age=300
Expires: Thu, 12 Jan 2023 04:17:07 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 8279
Keep-Alive: timeout=2, max=99
Connection: Keep-Alive
Content-Type: application/javascript

www.heydudeforsale.com/includes/templates/heydudeforsale/jscript/jquery.min.js

5.153.234.77

200 OK

31 kB

URL HTTP/1.1
www.heydudeforsale.com/includes/templates/heydudeforsale/jscript/jquery.min.js
IP
5.153.234.77:0
ASN
#57858 Inter Connects Inc

File type
ASCII text, with very long lines (65447)
Size
31 kB (30902 bytes)
Hash
31d53c8cdce8012a24abc8e84aa972e5
7287b1ec5d88304ba44fc1958b8de9596274c4e3
1b72bc7f54bc9170e605f6c4bb5529668c4ee3efeee602fdb63036b45b49f41c

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /includes/templates/heydudeforsale/jscript/jquery.min.js HTTP/1.1
Host: www.heydudeforsale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heydudeforsale.com/
Cookie: zenid=hp27vr8uu403jiihn6prulivn6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 12 Jan 2023 04:12:07 GMT
Server: Apache/2
Last-Modified: Thu, 08 Dec 2022 01:52:29 GMT
Accept-Ranges: bytes
Cache-Control: max-age=300
Expires: Thu, 12 Jan 2023 04:17:07 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 30902
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: application/javascript

www.heydudeforsale.com/images/loader.gif

5.153.234.77

200 OK

35 kB

URL HTTP/1.1
www.heydudeforsale.com/images/loader.gif
IP
5.153.234.77:0
ASN
#57858 Inter Connects Inc

File type
GIF image data, version 89a, 128 x 38\012- data
Size
35 kB (35011 bytes)
Hash
362e988184d842aea3a0b5d09a64d13e
e4ab705fb063ffd2645ce8a25e59e889e98f211c
82656f23517068a7b3d92badc8c29716e53654cd2574d330b08823ca7f7b8fa4

HTTP Headers

GET /images/loader.gif HTTP/1.1
Host: www.heydudeforsale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heydudeforsale.com/
Cookie: zenid=hp27vr8uu403jiihn6prulivn6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 12 Jan 2023 04:12:07 GMT
Server: Apache/2
Accept-Ranges: bytes
Content-Length: 35011
Cache-control: max-age=864000, public, must-revalidate
Keep-Alive: timeout=2, max=99
Connection: Keep-Alive
Content-Type: image/gif

www.heydudeforsale.com/includes/templates/heydudeforsale/images/logo.png

5.153.234.77

200 OK

6.6 kB

URL HTTP/1.1
www.heydudeforsale.com/includes/templates/heydudeforsale/images/logo.png
IP
5.153.234.77:0
ASN
#57858 Inter Connects Inc

File type
PNG image data, 314 x 66, 8-bit/color RGBA, non-interlaced\012- data
Size
6.6 kB (6609 bytes)
Hash
bf5af31867568cc698c8d9b5cf6da26c
17b5b3f97806300d199c443ec30f91b48da271d1
4ed5bfbb057cd0baa0ae322a98dee49144f38592dd7532a7681a1ee34094eadb

HTTP Headers

GET /includes/templates/heydudeforsale/images/logo.png HTTP/1.1
Host: www.heydudeforsale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heydudeforsale.com/
Cookie: zenid=hp27vr8uu403jiihn6prulivn6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 12 Jan 2023 04:12:07 GMT
Server: Apache/2
Accept-Ranges: bytes
Content-Length: 6609
Cache-Control: max-age=864000, public, must-revalidate
Expires: Sat, 11 Feb 2023 04:12:07 GMT
Keep-Alive: timeout=2, max=98
Connection: Keep-Alive
Content-Type: image/png

www.heydudeforsale.com/includes/templates/heydudeforsale/jscript/jscript_plugins.js

5.153.234.77

200 OK

75 kB

URL HTTP/1.1
www.heydudeforsale.com/includes/templates/heydudeforsale/jscript/jscript_plugins.js
IP
5.153.234.77:0
ASN
#57858 Inter Connects Inc

File type
ASCII text, with very long lines (64808)
Size
75 kB (75311 bytes)
Hash
8c8dca70f27d940ca29dce4ca36d9c49
fdfc1d9098187b181d2b1061f625f76f89fb2e99
9a719fb14834b8eed2231460ce2b8b79fa11044962402b8ddf0c35e89242e00d

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /includes/templates/heydudeforsale/jscript/jscript_plugins.js HTTP/1.1
Host: www.heydudeforsale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heydudeforsale.com/
Cookie: zenid=hp27vr8uu403jiihn6prulivn6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 12 Jan 2023 04:12:07 GMT
Server: Apache/2
Last-Modified: Thu, 08 Dec 2022 01:52:29 GMT
Accept-Ranges: bytes
Cache-Control: max-age=300
Expires: Thu, 12 Jan 2023 04:17:07 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Keep-Alive: timeout=2, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript

www.heydudeforsale.com/includes/templates/heydudeforsale/images/heydudeshoes/subject1.jpg

5.153.234.77

200 OK

96 kB

URL HTTP/1.1
www.heydudeforsale.com/includes/templates/heydudeforsale/images/heydudeshoes/subject1.jpg
IP
5.153.234.77:0
ASN
#57858 Inter Connects Inc

File type
JPEG image data, progressive, precision 8, 708x708, components 3\012- data
Size
96 kB (96156 bytes)
Hash
6236472dd8f7728ef3128e9bb0074272
88a908afd43d97dc875d1fe8e93390e01515d2d7
874534ebd0d79f30c5f6ba9954cf959646424b92e0db50d9e14f9baa016675f1

HTTP Headers

GET /includes/templates/heydudeforsale/images/heydudeshoes/subject1.jpg HTTP/1.1
Host: www.heydudeforsale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heydudeforsale.com/
Cookie: zenid=hp27vr8uu403jiihn6prulivn6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 12 Jan 2023 04:12:07 GMT
Server: Apache/2
Accept-Ranges: bytes
Content-Length: 96156
Cache-Control: max-age=864000, public, must-revalidate
Expires: Sat, 11 Feb 2023 04:12:07 GMT
Keep-Alive: timeout=2, max=99
Connection: Keep-Alive
Content-Type: image/jpeg

www.heydudeforsale.com/includes/templates/heydudeforsale/images/heydudeshoes/subject2.jpg

5.153.234.77

200 OK

127 kB

URL HTTP/1.1
www.heydudeforsale.com/includes/templates/heydudeforsale/images/heydudeshoes/subject2.jpg
IP
5.153.234.77:0
ASN
#57858 Inter Connects Inc

File type
JPEG image data, progressive, precision 8, 708x708, components 3\012- data
Size
127 kB (127291 bytes)
Hash
aae0396cfd0079eb4da1ff53f2169b79
73045c04d52c136909ddfaf09a75eadb403a4e6b
859cef32e883874ce76b830f0c1a145cfa115edb6017b809ccfe65e903209677

HTTP Headers

GET /includes/templates/heydudeforsale/images/heydudeshoes/subject2.jpg HTTP/1.1
Host: www.heydudeforsale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heydudeforsale.com/
Cookie: zenid=hp27vr8uu403jiihn6prulivn6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 12 Jan 2023 04:12:07 GMT
Server: Apache/2
Accept-Ranges: bytes
Content-Length: 127291
Cache-Control: max-age=864000, public, must-revalidate
Expires: Sat, 11 Feb 2023 04:12:07 GMT
Keep-Alive: timeout=2, max=97
Connection: Keep-Alive
Content-Type: image/jpeg

www.heydudeforsale.com/includes/templates/heydudeforsale/images/heydudeshoes/subject3.jpg

5.153.234.77

200 OK

116 kB

URL HTTP/1.1
www.heydudeforsale.com/includes/templates/heydudeforsale/images/heydudeshoes/subject3.jpg
IP
5.153.234.77:0
ASN
#57858 Inter Connects Inc

File type
JPEG image data, progressive, precision 8, 708x708, components 3\012- data
Size
116 kB (116250 bytes)
Hash
bb30aece0854c1ee2b0abc4cdc4c56eb
2d8b86a5fe16da31692616a1fdafb73a249b1568
195a9ff09e26028bd9ff8e59c1c2fc53fff32c74f6db90460097b2bdbe32dadf

HTTP Headers

GET /includes/templates/heydudeforsale/images/heydudeshoes/subject3.jpg HTTP/1.1
Host: www.heydudeforsale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heydudeforsale.com/
Cookie: zenid=hp27vr8uu403jiihn6prulivn6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 12 Jan 2023 04:12:07 GMT
Server: Apache/2
Accept-Ranges: bytes
Content-Length: 116250
Cache-Control: max-age=864000, public, must-revalidate
Expires: Sat, 11 Feb 2023 04:12:07 GMT
Keep-Alive: timeout=2, max=98
Connection: Keep-Alive
Content-Type: image/jpeg

www.heydudeforsale.com/includes/templates/heydudeforsale/images/heydudeshoes/banner-poster1.jpg

5.153.234.77

200 OK

124 kB

URL HTTP/1.1
www.heydudeforsale.com/includes/templates/heydudeforsale/images/heydudeshoes/banner-poster1.jpg
IP
5.153.234.77:0
ASN
#57858 Inter Connects Inc

File type
JPEG image data, progressive, precision 8, 1440x500, components 3\012- data
Size
124 kB (124485 bytes)
Hash
15a61b8c5333382cc1f2df0d787fcfa6
fe5cfbba5ca84bfd288b15bbc457ecaaecae0906
2c4b98a1bfbfb1570d284096bf9606f08e8ba9d2b81f4cd6e32c12c8d069fa81

HTTP Headers

GET /includes/templates/heydudeforsale/images/heydudeshoes/banner-poster1.jpg HTTP/1.1
Host: www.heydudeforsale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heydudeforsale.com/
Cookie: zenid=hp27vr8uu403jiihn6prulivn6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 12 Jan 2023 04:12:07 GMT
Server: Apache/2
Accept-Ranges: bytes
Content-Length: 124485
Cache-Control: max-age=864000, public, must-revalidate
Expires: Sat, 11 Feb 2023 04:12:07 GMT
Keep-Alive: timeout=2, max=98
Connection: Keep-Alive
Content-Type: image/jpeg

www.heydudeforsale.com/images/payment.png

5.153.234.77

200 OK

6.2 kB

URL HTTP/1.1
www.heydudeforsale.com/images/payment.png
IP
5.153.234.77:0
ASN
#57858 Inter Connects Inc

File type
PNG image data, 248 x 26, 8-bit/color RGBA, non-interlaced\012- data
Size
6.2 kB (6248 bytes)
Hash
1fb5f66cada185d72ccefaeb9e9a2963
584108601272e3ed07abe10b4c3ca2f6b200d552
ef645db0e0a9a267fda954e584782b888929b2827548ecaef07600656022535b

HTTP Headers

GET /images/payment.png HTTP/1.1
Host: www.heydudeforsale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heydudeforsale.com/
Cookie: zenid=hp27vr8uu403jiihn6prulivn6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 12 Jan 2023 04:12:07 GMT
Server: Apache/2
Accept-Ranges: bytes
Content-Length: 6248
Cache-control: max-age=864000, public, must-revalidate
Keep-Alive: timeout=2, max=97
Connection: Keep-Alive
Content-Type: image/png

www.heydudeforsale.com/includes/templates/heydudeforsale/images/heydudeshoes/banner-poster2.jpg

5.153.234.77

200 OK

163 kB

URL HTTP/1.1
www.heydudeforsale.com/includes/templates/heydudeforsale/images/heydudeshoes/banner-poster2.jpg
IP
5.153.234.77:0
ASN
#57858 Inter Connects Inc

File type
JPEG image data, progressive, precision 8, 1440x500, components 3 DIY-Thermocam raw data\012- (Lepton 2.x), scale 21731--16848, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration: offset 0.000000, slope 9571427548288251801735894969771622400.000000\012- data
Size
163 kB (162914 bytes)
Hash
8ebde34b1cffaa8b80cfef5f01f92d47
6c3e3371041484fa690b1b275cd091d9786114b1
a12c2b01780e14175e4d51b8a1f36835244d587718cd665dc1b3322f7279de2f

HTTP Headers

GET /includes/templates/heydudeforsale/images/heydudeshoes/banner-poster2.jpg HTTP/1.1
Host: www.heydudeforsale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heydudeforsale.com/
Cookie: zenid=hp27vr8uu403jiihn6prulivn6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 12 Jan 2023 04:12:07 GMT
Server: Apache/2
Accept-Ranges: bytes
Content-Length: 162914
Cache-Control: max-age=864000, public, must-revalidate
Expires: Sat, 11 Feb 2023 04:12:07 GMT
Keep-Alive: timeout=2, max=98
Connection: Keep-Alive
Content-Type: image/jpeg

fonts.googleapis.com/css2?family=Poppins:wght@200;300;400;500;600;700;800;900&display=swap

216.58.207.202

200 OK

1.1 kB

URL HTTP/2
fonts.googleapis.com/css2?family=Poppins:wght@200;300;400;500;600;700;800;900&display=swap
IP
216.58.207.202:0
ASN
#15169 GOOGLE

File type
data
Size
1.1 kB (1061 bytes)
Hash
6b8c38c91296e1222fede2321fd6c6fd
fbf8227d5c38d29ff0ce1069e184700145a61bd3
1bd31dbada5054ad3501dcc22d2d4c40e459ef9310f15f1505e6ab5413d8ba5b

HTTP Headers

GET /css2?family=Poppins:wght@200;300;400;500;600;700;800;900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heydudeforsale.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 12 Jan 2023 04:12:07 GMT
date: Thu, 12 Jan 2023 04:12:07 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.heydudeforsale.com/includes/templates/heydudeforsale/images/heydudeshoes/subject4.jpg

5.153.234.77

200 OK

131 kB

URL HTTP/1.1
www.heydudeforsale.com/includes/templates/heydudeforsale/images/heydudeshoes/subject4.jpg
IP
5.153.234.77:0
ASN
#57858 Inter Connects Inc

File type
JPEG image data, progressive, precision 8, 708x708, components 3\012- data
Size
131 kB (130553 bytes)
Hash
4c3dc7f35efdd25792d80b80469fbbd3
5fc2e9b146be9d14c8480c1e96b3b7285d21dc29
290397e8eeaa79c98a7d438a5a5d05180b4161544b2489d7d054f9f0fe7e93f0

HTTP Headers

GET /includes/templates/heydudeforsale/images/heydudeshoes/subject4.jpg HTTP/1.1
Host: www.heydudeforsale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heydudeforsale.com/
Cookie: zenid=hp27vr8uu403jiihn6prulivn6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 12 Jan 2023 04:12:07 GMT
Server: Apache/2
Accept-Ranges: bytes
Content-Length: 130553
Cache-Control: max-age=864000, public, must-revalidate
Expires: Sat, 11 Feb 2023 04:12:07 GMT
Keep-Alive: timeout=2, max=99
Connection: Keep-Alive
Content-Type: image/jpeg

fonts.googleapis.com/css2?family=Montserrat:wght@300;400;500;600;700;800&display=swap

216.58.207.202

200 OK

77 kB

URL HTTP/2
fonts.googleapis.com/css2?family=Montserrat:wght@300;400;500;600;700;800&display=swap
IP
216.58.207.202:0
ASN
#15169 GOOGLE

File type
data
Size
77 kB (76623 bytes)
Hash
2ed6cf55f4484f31a28d9d9f05c27b43
d6f8ed7a5912b8349d8d9ba53e7d640f6fc051dc
603c2e5a0d8e963a8c1db7ea174bd3ae4f303132ea5558ebce5ff8a5752be16d

HTTP Headers

GET /css2?family=Montserrat:wght@300;400;500;600;700;800&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heydudeforsale.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 12 Jan 2023 04:12:07 GMT
date: Thu, 12 Jan 2023 04:12:07 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Playfair+Display:wght@400;500;600;700;800;900&display=swap

216.58.207.202

200 OK

1.0 kB

URL HTTP/2
fonts.googleapis.com/css2?family=Playfair+Display:wght@400;500;600;700;800;900&display=swap
IP
216.58.207.202:0
ASN
#15169 GOOGLE

File type
data
Size
1.0 kB (1045 bytes)
Hash
4b65d5ad5c99004d8f8f46a6441631a8
0b7c6a8d2d60dd958965805d71af1d4870b942a9
0cbea9ea010b1738df1da366aaa3574c43ebbc6449bb59fb80ace18632870580

HTTP Headers

GET /css2?family=Playfair+Display:wght@400;500;600;700;800;900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heydudeforsale.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 12 Jan 2023 04:12:07 GMT
date: Thu, 12 Jan 2023 04:12:07 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2

216.58.207.227

200 OK

7.7 kB

URL HTTP/2
fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 7748, version 1.0\012- data
Size
7.7 kB (7748 bytes)
Hash
a09f2fccfee35b7247b08a1a266f0328
0da2d17e738f46d2a09e6fb7969da451719a9820
cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446

HTTP Headers

GET /s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.heydudeforsale.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7748
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 11 Jan 2023 19:28:50 GMT
expires: Thu, 11 Jan 2024 19:28:50 GMT
cache-control: public, max-age=31536000
age: 31397
last-modified: Wed, 27 Apr 2022 16:21:30 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2

216.58.207.227

200 OK

7.9 kB

URL HTTP/2
fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 7884, version 1.0\012- data
Size
7.9 kB (7884 bytes)
Hash
9212f6f9860f9fc6c69b02fedf6db8c3
ac6d71b4d5fdd2b3dabc9a06ff6c001e4251da0b
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f

HTTP Headers

GET /s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.heydudeforsale.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7884
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 06 Jan 2023 13:33:11 GMT
expires: Sat, 06 Jan 2024 13:33:11 GMT
cache-control: public, max-age=31536000
age: 484736
last-modified: Wed, 27 Apr 2022 17:03:52 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
9a4ba4ab27cd47ead09d38283f795198
cf1d1e13fa427879530cb912e495012a42312b7d
8c0178a28c92e029ad04c5dbb4b8515117303e64cb3df9f3902a10f151ee1aab

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 12 Jan 2023 04:12:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.heydudeforsale.com/includes/templates/heydudeforsale/images/favicon.ico

5.153.234.77

200 OK

995 B

URL HTTP/1.1
www.heydudeforsale.com/includes/templates/heydudeforsale/images/favicon.ico
IP
5.153.234.77:0
ASN
#57858 Inter Connects Inc

File type
MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel\012- data
Size
995 B (995 bytes)
Hash
403034e92e4ca5aa7555567bd58bf534
43e4302fb9d2b5c135a601a9312f40e157e275be
e18f5b35beed249a39de660988bf10ef5b9104ba643b9889a491219cf3001b94

HTTP Headers

GET /includes/templates/heydudeforsale/images/favicon.ico HTTP/1.1
Host: www.heydudeforsale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heydudeforsale.com/
Cookie: zenid=hp27vr8uu403jiihn6prulivn6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 12 Jan 2023 04:12:07 GMT
Server: Apache/2
Accept-Ranges: bytes
Cache-Control: max-age=864000, public, must-revalidate
Expires: Fri, 13 Jan 2023 04:12:07 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 995
Keep-Alive: timeout=2, max=96
Connection: Keep-Alive
Content-Type: image/x-icon

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
385fbe651dc747111b979f40f9583702
a69fa58ffc6e2b15222f17ad6345b2bec9d75106
c82b794c471d79568f5eee05529ceddbefc383ac0d035578da7bc3866062e5cc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C82B794C471D79568F5EEE05529CEDDBEFC383AC0D035578DA7BC3866062E5CC"
Last-Modified: Tue, 10 Jan 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13626
Expires: Thu, 12 Jan 2023 07:59:14 GMT
Date: Thu, 12 Jan 2023 04:12:08 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
385fbe651dc747111b979f40f9583702
a69fa58ffc6e2b15222f17ad6345b2bec9d75106
c82b794c471d79568f5eee05529ceddbefc383ac0d035578da7bc3866062e5cc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C82B794C471D79568F5EEE05529CEDDBEFC383AC0D035578DA7BC3866062E5CC"
Last-Modified: Tue, 10 Jan 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13626
Expires: Thu, 12 Jan 2023 07:59:14 GMT
Date: Thu, 12 Jan 2023 04:12:08 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
385fbe651dc747111b979f40f9583702
a69fa58ffc6e2b15222f17ad6345b2bec9d75106
c82b794c471d79568f5eee05529ceddbefc383ac0d035578da7bc3866062e5cc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C82B794C471D79568F5EEE05529CEDDBEFC383AC0D035578DA7BC3866062E5CC"
Last-Modified: Tue, 10 Jan 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13626
Expires: Thu, 12 Jan 2023 07:59:14 GMT
Date: Thu, 12 Jan 2023 04:12:08 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
385fbe651dc747111b979f40f9583702
a69fa58ffc6e2b15222f17ad6345b2bec9d75106
c82b794c471d79568f5eee05529ceddbefc383ac0d035578da7bc3866062e5cc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C82B794C471D79568F5EEE05529CEDDBEFC383AC0D035578DA7BC3866062E5CC"
Last-Modified: Tue, 10 Jan 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13626
Expires: Thu, 12 Jan 2023 07:59:14 GMT
Date: Thu, 12 Jan 2023 04:12:08 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
385fbe651dc747111b979f40f9583702
a69fa58ffc6e2b15222f17ad6345b2bec9d75106
c82b794c471d79568f5eee05529ceddbefc383ac0d035578da7bc3866062e5cc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C82B794C471D79568F5EEE05529CEDDBEFC383AC0D035578DA7BC3866062E5CC"
Last-Modified: Tue, 10 Jan 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13626
Expires: Thu, 12 Jan 2023 07:59:14 GMT
Date: Thu, 12 Jan 2023 04:12:08 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd511e402-775e-49af-87f1-40b071ae947e.jpeg

34.120.237.76

200 OK

9.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd511e402-775e-49af-87f1-40b071ae947e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.4 kB (9413 bytes)
Hash
cbf9979c9463fc2681e757256e9d028c
a45408076bf9fa5c6ec83c96a4c5680dc7be7da9
1d0d45cbbba75f0add27aae361e0dc31ce6e317ec62b23acf10db34b47f125e5

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd511e402-775e-49af-87f1-40b071ae947e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9413
x-amzn-requestid: fb0125f5-e899-463d-ae4a-0a92945c1731
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: emPDYFKgIAMF7mQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63bf2baf-080b963d391741252d9f67ee;Sampled=0
x-amzn-remapped-date: Wed, 11 Jan 2023 21:35:43 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: -bYZilXGEW2PNyCeUAopo5yCLFhnLbyz2d7dxQyVZK3xI2xyFKQGcw==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Wed, 11 Jan 2023 21:58:00 GMT
age: 22448
etag: "a45408076bf9fa5c6ec83c96a4c5680dc7be7da9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F833916f5-627c-4650-b6f0-2660c9b60953.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.8 kB (8831 bytes)
Hash
108dfcf69c2bcc8ef048eb551e7124fb
23dfe0637328acb741e5cb804fc1845b00e541b5
cc0378002c36bfffadee52d1d29cba2c2359fa02a15e552034d4d3230b5336cf

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F833916f5-627c-4650-b6f0-2660c9b60953.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8831
x-amzn-requestid: 2f01204c-1968-4235-a692-8846898588ce
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: egaGQGQqoAMFkRQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63bcd6f4-214dd7851a1f156d17f25fd6;Sampled=0
x-amzn-remapped-date: Tue, 10 Jan 2023 03:09:40 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: eoc7bKGPVmzCg1b-kfLEKKydM0uJ--GLBeuT1_dNnt4h8nOhDHoUOA==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Thu, 12 Jan 2023 03:31:37 GMT
age: 2431
etag: "23dfe0637328acb741e5cb804fc1845b00e541b5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbb985e2e-1e24-481e-a095-8613375d5083.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.2 kB (5225 bytes)
Hash
dfdce726b9b7038b393ad8fb9309a608
4f59c4b543dd78e6280bb8f6fcbdcd43d9f45eb9
d42511360d52b69fdb52070647fd3885ffcc2d0ec59c1b452757cc9d80011a57

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbb985e2e-1e24-481e-a095-8613375d5083.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5225
x-amzn-requestid: 0ae1903b-cde7-4707-a5f4-57a1336488db
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: emPCtGDFIAMF7zQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63bf2baa-22f80ce41e315c346cefa1f9;Sampled=0
x-amzn-remapped-date: Wed, 11 Jan 2023 21:35:38 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: IWrFD1_1DUXKyLbNv3qieucNlcS7cw3X9jVbLymQILXZtS9xHW3OKg==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 11 Jan 2023 22:02:07 GMT
age: 22201
etag: "4f59c4b543dd78e6280bb8f6fcbdcd43d9f45eb9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52f112f6-2553-4ba2-971f-71e30bee1d9c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (10579 bytes)
Hash
fb89a11a1dca9a2924adf7e3712c6405
a881a7d88f08035b9e045f2bf73a4d9fabc640a0
8a0c9f295dd30123847eaed0ba8d4e7c2c6dea8b9c645fc70cdcb4fa8c082ee4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52f112f6-2553-4ba2-971f-71e30bee1d9c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10579
x-amzn-requestid: 8760acae-f770-45e2-9639-53967ef1cdb2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: emPDWET4oAMFo-w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63bf2bae-153ebb3e4ec7d5045529ce0a;Sampled=0
x-amzn-remapped-date: Wed, 11 Jan 2023 21:35:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: FC9xd9brDeAOtHjXnkpSO0IOX1rLjGRVkuBguuwJ2xFDTq0x9-QtaQ==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 11 Jan 2023 21:55:02 GMT
age: 22626
etag: "a881a7d88f08035b9e045f2bf73a4d9fabc640a0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7b47c36b-0877-478c-a3a5-7add7a4b6418.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11850 bytes)
Hash
ad636bb0e7ac252b0e1df921803c482c
66a5343cf7ab0178bc757fad6f31a57d989dca7d
e8c00e9af5471b3dda11721740aacb215a9197e8bc3f81a2fa3f7eab92063c03

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7b47c36b-0877-478c-a3a5-7add7a4b6418.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11850
x-amzn-requestid: 15d72f03-a32d-4de0-a8d4-1559be1f3575
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: emPDWFSqIAMFsvA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63bf2bae-7b7a6f7e5936863a38937280;Sampled=0
x-amzn-remapped-date: Wed, 11 Jan 2023 21:35:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: a49EPrEooUvSWpdX2SoPQpJ71VmxeKA1GqCRVnSUWn-TZ33l9wqS5Q==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 11 Jan 2023 22:04:57 GMT
age: 22031
etag: "66a5343cf7ab0178bc757fad6f31a57d989dca7d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F414839ad-de87-4348-a1e7-d3f2350f601b.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.3 kB (5335 bytes)
Hash
a412867bfc43416c6334236a7783d0fc
1d4f51968028f4bfd3bef0ae4415b05cef0b39de
5190454755c0138423378c58c901b1c0b4db8721ecee97d04b5fae0827adc986

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F414839ad-de87-4348-a1e7-d3f2350f601b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5335
x-amzn-requestid: 24b91878-f696-44d9-bc25-4efd0e83e212
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eZ1FIGRpoAMFciw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ba3553-555b1277050f8e156f424a3e;Sampled=0
x-amzn-remapped-date: Sun, 08 Jan 2023 03:15:31 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: itDgStpztbAEQzd3CUP8ZGAixWqT90xA8z1ejWFhoXLXEjTdQX2UDQ==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 11 Jan 2023 21:56:56 GMT
age: 22512
etag: "1d4f51968028f4bfd3bef0ae4415b05cef0b39de"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Libre+Baskerville:ital,wght@0,400;0,700;1,400&display=swap

216.58.207.202

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css2?family=Libre+Baskerville:ital,wght@0,400;0,700;1,400&display=swap
IP
216.58.207.202:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css2?family=Libre+Baskerville:ital,wght@0,400;0,700;1,400&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heydudeforsale.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 12 Jan 2023 04:12:07 GMT
date: Thu, 12 Jan 2023 04:12:07 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Roboto+Condensed:wght@300;400;700&display=swap

216.58.207.202

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css2?family=Roboto+Condensed:wght@300;400;700&display=swap
IP
216.58.207.202:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css2?family=Roboto+Condensed:wght@300;400;700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heydudeforsale.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 12 Jan 2023 04:12:07 GMT
date: Thu, 12 Jan 2023 04:12:07 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Arima+Madurai:wght@300;400;500;700;800;900&display=swap

216.58.207.202

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css2?family=Arima+Madurai:wght@300;400;500;700;800;900&display=swap
IP
216.58.207.202:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css2?family=Arima+Madurai:wght@300;400;500;700;800;900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heydudeforsale.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 12 Jan 2023 04:12:07 GMT
date: Thu, 12 Jan 2023 04:12:07 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Merienda:wght@400;700&display=swap

216.58.207.202

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css2?family=Merienda:wght@400;700&display=swap
IP
216.58.207.202:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css2?family=Merienda:wght@400;700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heydudeforsale.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 12 Jan 2023 04:12:07 GMT
date: Thu, 12 Jan 2023 04:12:07 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

heydudeskonorge.com/

188.114.96.1

301 Moved Permanently

0 B

URL HTTP/2
heydudeskonorge.com/
IP
188.114.96.1:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET / HTTP/1.1
Host: heydudeskonorge.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 301 Moved Permanently
date: Thu, 12 Jan 2023 04:12:06 GMT
content-type: text/html; charset=iso-8859-1
location: https://www.heydudeskonorge.com/
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vDAzN6CqicnP7jTwJOYT2hvQLPRCH3uoEWd2qcqGugewnL66QxK0oB1FhWivHShQwHrBA4uzB4RjlKwgHvMXNxb%2FaRZzGXWWY4gMgumvt1F1pj9l5jOWA3DhieYrrx99ejy2f5Ak"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78830d4b9d18b4ed-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Nunito+Sans:ital,wght@0,200;0,300;0,400;0,600;0,800;0,900;1,700&display=swap

216.58.207.202

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css2?family=Nunito+Sans:ital,wght@0,200;0,300;0,400;0,600;0,800;0,900;1,700&display=swap
IP
216.58.207.202:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css2?family=Nunito+Sans:ital,wght@0,200;0,300;0,400;0,600;0,800;0,900;1,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heydudeforsale.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 12 Jan 2023 04:12:07 GMT
date: Thu, 12 Jan 2023 04:12:07 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700;900&display=swap

216.58.207.202

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700;900&display=swap
IP
216.58.207.202:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css2?family=Roboto:wght@100;300;400;500;700;900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heydudeforsale.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 12 Jan 2023 04:12:07 GMT
date: Thu, 12 Jan 2023 04:12:07 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Staatliches&display=swap

216.58.207.202

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css2?family=Staatliches&display=swap
IP
216.58.207.202:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css2?family=Staatliches&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heydudeforsale.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 12 Jan 2023 04:12:07 GMT
date: Thu, 12 Jan 2023 04:12:07 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Alata&display=swap

216.58.207.202

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css2?family=Alata&display=swap
IP
216.58.207.202:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css2?family=Alata&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heydudeforsale.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 12 Jan 2023 04:12:07 GMT
date: Thu, 12 Jan 2023 04:12:07 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Glegoo:wght@400;700&display=swap

216.58.207.202

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css2?family=Glegoo:wght@400;700&display=swap
IP
216.58.207.202:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css2?family=Glegoo:wght@400;700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heydudeforsale.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 12 Jan 2023 04:12:07 GMT
date: Thu, 12 Jan 2023 04:12:07 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Archivo+Narrow:wght@400;500;600;700&display=swap

216.58.207.202

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css2?family=Archivo+Narrow:wght@400;500;600;700&display=swap
IP
216.58.207.202:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css2?family=Archivo+Narrow:wght@400;500;600;700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heydudeforsale.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 12 Jan 2023 04:12:07 GMT
date: Thu, 12 Jan 2023 04:12:07 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Libre+Franklin:wght@100;200;300;400;500;600;700;800;900&display=swap

216.58.207.202

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css2?family=Libre+Franklin:wght@100;200;300;400;500;600;700;800;900&display=swap
IP
216.58.207.202:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css2?family=Libre+Franklin:wght@100;200;300;400;500;600;700;800;900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heydudeforsale.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 12 Jan 2023 04:12:07 GMT
date: Thu, 12 Jan 2023 04:12:07 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.googleapis.com/icon?family=Material+Icons

216.58.207.202

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/icon?family=Material+Icons
IP
216.58.207.202:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /icon?family=Material+Icons HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heydudeforsale.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 12 Jan 2023 04:12:07 GMT
date: Thu, 12 Jan 2023 04:12:07 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Jost:wght@300;400;500;600;700;800&display=swap

216.58.207.202

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css2?family=Jost:wght@300;400;500;600;700;800&display=swap
IP
216.58.207.202:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css2?family=Jost:wght@300;400;500;600;700;800&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heydudeforsale.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 12 Jan 2023 04:12:07 GMT
date: Thu, 12 Jan 2023 04:12:07 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Quicksand:wght@400;500;600;700&display=swap

216.58.207.202

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css2?family=Quicksand:wght@400;500;600;700&display=swap
IP
216.58.207.202:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css2?family=Quicksand:wght@400;500;600;700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heydudeforsale.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 12 Jan 2023 04:12:07 GMT
date: Thu, 12 Jan 2023 04:12:07 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Crimson+Pro:wght@200;300;400;500;600;700;800;900&display=swap

216.58.207.202

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css2?family=Crimson+Pro:wght@200;300;400;500;600;700;800;900&display=swap
IP
216.58.207.202:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css2?family=Crimson+Pro:wght@200;300;400;500;600;700;800;900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heydudeforsale.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 12 Jan 2023 04:12:07 GMT
date: Thu, 12 Jan 2023 04:12:07 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (7)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (65)

URL HTTP/1.1

IP

ASN

File type

Size