gomydates.com/jump?utm_source=intc&tds_rt=&clickid={clickid}&tds_ao=1&tds_p_campaign=b4979kas&dci=d62388515ec2de4b27b6824712dcc74f8577c1a0&affid=9559e5a1&tds_oid=22194&s1=ps&subid2={subid2}&tds_cid=c91334ec37512d42142d204f186b23dc659f2ce5&tds_campaign=b0506rie&tds_host=gomydates.com&tds_ac_id=s0624kas&tds_id=b0506rie_jump_a_1582201042300&id=22194&_tgUrl=aHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzMwN2NjZmQxNWU2M2NkM2I1YWUxMzQyNDk2MWRhOTA4P19fdD0xNjc1OTAxODY1MjE0Jl9fbD0zNjAw&subid=clickadu
52.28.40.216200 OK 2.2 kB URL HTTP/1.1 gomydates.com/jump?utm_source=intc&tds_rt=&clickid={clickid}&tds_ao=1&tds_p_campaign=b4979kas&dci=d62388515ec2de4b27b6824712dcc74f8577c1a0&affid=9559e5a1&tds_oid=22194&s1=ps&subid2={subid2}&tds_cid=c91334ec37512d42142d204f186b23dc659f2ce5&tds_campaign=b0506rie&tds_host=gomydates.com&tds_ac_id=s0624kas&tds_id=b0506rie_jump_a_1582201042300&id=22194&_tgUrl=aHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzMwN2NjZmQxNWU2M2NkM2I1YWUxMzQyNDk2MWRhOTA4P19fdD0xNjc1OTAxODY1MjE0Jl9fbD0zNjAw&subid=clickadu
IP 52.28.40.216:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (7171)
Hash b35bb38b2e998d2a1f7b750d5c75023e
f9d76a494c7d397356aae33f539087a3ab051cf6
c7bdbeadb3b3de0b2b62436e132dbbfd7e6082ba0cc297fcd4db2d53d3e11aba
GET /jump?utm_source=intc&tds_rt=&clickid={clickid}&tds_ao=1&tds_p_campaign=b4979kas&dci=d62388515ec2de4b27b6824712dcc74f8577c1a0&affid=9559e5a1&tds_oid=22194&s1=ps&subid2={subid2}&tds_cid=c91334ec37512d42142d204f186b23dc659f2ce5&tds_campaign=b0506rie&tds_host=gomydates.com&tds_ac_id=s0624kas&tds_id=b0506rie_jump_a_1582201042300&id=22194&_tgUrl=aHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzMwN2NjZmQxNWU2M2NkM2I1YWUxMzQyNDk2MWRhOTA4P19fdD0xNjc1OTAxODY1MjE0Jl9fbD0zNjAw&subid=clickadu HTTP/1.1
Host: gomydates.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 00:18:00 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Content-Encoding: gzip
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 565c1bbc5c1c40be1988b3bf6fd9dc1a
cfdba5bc597130461dd67bf6cda53183be592493
60ceb36a8329c92fc49a3caf50daf511a38e01eac21a07d7a0a838166bea058d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "60CEB36A8329C92FC49A3CAF50DAF511A38E01EAC21A07D7A0A838166BEA058D"
Last-Modified: Mon, 06 Feb 2023 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3859
Expires: Thu, 09 Feb 2023 01:22:19 GMT
Date: Thu, 09 Feb 2023 00:18:00 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash dca68db7aea32f6683ce8d542c078f04
19c495238df74fca680e21f18627ff94de5dd2e5
35cab3987fc0e4a41b305cb208c1e33fa38ce8bdfd9f386c3dc0411dd4d5ac61
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "35CAB3987FC0E4A41B305CB208C1E33FA38CE8BDFD9F386C3DC0411DD4D5AC61"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4964
Expires: Thu, 09 Feb 2023 01:40:44 GMT
Date: Thu, 09 Feb 2023 00:18:00 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bf0c602d32b3c14606f22a86183b5e3c
6eabd8d83475eba731968abe1a05a8bfd272f160
6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Backoff, Alert, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 08 Feb 2023 23:34:14 GMT
content-type: application/json
age: 2626
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash cc14b0d2f7c451f6431dc87ba54d1d60
bab8bfda6fa3e2f17125353f5147211787dc25d0
b58fe18a5cc8fe5aaf49ba7eadd0ef34692892e68e9c52eb5bb56ea27e1300ad
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B58FE18A5CC8FE5AAF49BA7EADD0EF34692892E68E9C52EB5BB56EA27E1300AD"
Last-Modified: Mon, 06 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5862
Expires: Thu, 09 Feb 2023 01:55:42 GMT
Date: Thu, 09 Feb 2023 00:18:00 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e76071a28ee566dababb3834f46d68ed
aebb4e68c1ba2de0f90025283e8ed8470944fde0
78b6df2627172e5b35476bc31020f02898cdc412aaf4337af2c3b049a60912b6
GET /chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: nEOBV688HThyV0qB6j+xZaKiy0O4CJrKBvKEPKWgbl556LNPyidt2zCYODexAymmCfCPiheipkI=
x-amz-request-id: FC7YHGDAZ54YZSAR
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 08 Feb 2023 23:46:09 GMT
age: 1912
last-modified: Sun, 29 Jan 2023 18:44:47 GMT
etag: "e76071a28ee566dababb3834f46d68ed"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 09 Feb 2023 00:18:00 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
gomydates.com/bridge/intg.js?v=8
52.28.40.216200 OK 269 B URL HTTP/1.1 gomydates.com/bridge/intg.js?v=8
IP 52.28.40.216:0
Hash 8c8514ed7eae8968b59692f7897f2857
69e9f6e0625ef8bf0a4099b05f7356587e3e62be
556f2a46047c9b8dedbae5ef8c59dc7ea04ff88e76d7dcda568f1eb2dce03548
Analyzer Verdict Alert fortinet Phishing
GET /bridge/intg.js?v=8 HTTP/1.1
Host: gomydates.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gomydates.com/jump?utm_source=intc&tds_rt=&clickid={clickid}&tds_ao=1&tds_p_campaign=b4979kas&dci=d62388515ec2de4b27b6824712dcc74f8577c1a0&affid=9559e5a1&tds_oid=22194&s1=ps&subid2={subid2}&tds_cid=c91334ec37512d42142d204f186b23dc659f2ce5&tds_campaign=b0506rie&tds_host=gomydates.com&tds_ac_id=s0624kas&tds_id=b0506rie_jump_a_1582201042300&id=22194&_tgUrl=aHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzMwN2NjZmQxNWU2M2NkM2I1YWUxMzQyNDk2MWRhOTA4P19fdD0xNjc1OTAxODY1MjE0Jl9fbD0zNjAw&subid=clickadu
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 00:18:01 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 269
Connection: keep-alive
Server: nginx
Access-Control-Allow-Origin: *
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
X-Robots-Tag: noindex
Accept-Ranges: bytes
Cache-Control: public, max-age=3600
Last-Modified: Wed, 08 Feb 2023 12:32:22 GMT
ETag: W/"10d-18631033ff0"
Vary: Accept-Encoding
gomydates.com/bridge/ao_loader.js
52.28.40.216200 OK 836 B URL HTTP/1.1 gomydates.com/bridge/ao_loader.js
IP 52.28.40.216:0
File type ASCII text, with very long lines (835)
Hash 05f233960b55dfe40742964902345911
e00af7d954b5032f95c32341794e0f4d73208bff
d5d65364c02602f4fae5c63195607cfff433ac59d4c7d756e4a0a2e6f33ccd19
Analyzer Verdict Alert fortinet Phishing
GET /bridge/ao_loader.js HTTP/1.1
Host: gomydates.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gomydates.com/jump?utm_source=intc&tds_rt=&clickid={clickid}&tds_ao=1&tds_p_campaign=b4979kas&dci=d62388515ec2de4b27b6824712dcc74f8577c1a0&affid=9559e5a1&tds_oid=22194&s1=ps&subid2={subid2}&tds_cid=c91334ec37512d42142d204f186b23dc659f2ce5&tds_campaign=b0506rie&tds_host=gomydates.com&tds_ac_id=s0624kas&tds_id=b0506rie_jump_a_1582201042300&id=22194&_tgUrl=aHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzMwN2NjZmQxNWU2M2NkM2I1YWUxMzQyNDk2MWRhOTA4P19fdD0xNjc1OTAxODY1MjE0Jl9fbD0zNjAw&subid=clickadu
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 00:18:01 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 836
Connection: keep-alive
Server: nginx
Access-Control-Allow-Origin: *
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
X-Robots-Tag: noindex
Accept-Ranges: bytes
Cache-Control: public, max-age=3600
Last-Modified: Wed, 08 Feb 2023 12:32:22 GMT
ETag: W/"344-18631033ff0"
Vary: Accept-Encoding
cdn3reference.com/js/dc_img.js?v=8
54.230.111.55200 OK 324 B URL HTTP/1.1 cdn3reference.com/js/dc_img.js?v=8
IP 54.230.111.55:0
File type ASCII text, with very long lines (350)
Hash e4ce4a12b20f6729b1dff496aa37772b
f99b82ce285c754486f676c6bb90c14752b6df3e
d27b3460b2ea7fd76a7178d2d8582a011390500cbe1e726de31894df61692dc4
GET /js/dc_img.js?v=8 HTTP/1.1
Host: cdn3reference.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gomydates.com/
HTTP/1.1 200 OK
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Date: Thu, 09 Feb 2023 00:18:01 GMT
Last-Modified: Thu, 29 Oct 2020 09:22:15 GMT
Content-Encoding: gzip
ETag: W/"1e8-5b2cbd0d9620d"
X-Cache: Miss from cloudfront
Via: 1.1 fc5e625db631bc657fc73f189d53fa14.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: S54wBcM-PBRoq880iuKG-5K2nd2_ed7_6a4sp2HLqOJ3OSw7R48HqQ==
cdn3reference.com/landings/22194/css/816d4ae8540beb41a215456480b07afe.css
54.230.111.55200 OK 1.1 kB URL HTTP/1.1 cdn3reference.com/landings/22194/css/816d4ae8540beb41a215456480b07afe.css
IP 54.230.111.55:0
File type ASCII text, with very long lines (3166), with no line terminators
Hash 511d8232259f0708a1d8250e816d5009
81b19ef3d95097ac92d60f4489438fde74d199bc
922f674082d40e87a457f5f8e34660d944d36fc4e733ca219be8b2d756b375a7
GET /landings/22194/css/816d4ae8540beb41a215456480b07afe.css HTTP/1.1
Host: cdn3reference.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gomydates.com/
HTTP/1.1 200 OK
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Date: Thu, 09 Feb 2023 00:18:01 GMT
Last-Modified: Tue, 12 Jun 2018 14:22:15 GMT
Content-Encoding: gzip
ETag: W/"c5e-56e7297c2b3c0"
X-Cache: Miss from cloudfront
Via: 1.1 04c4f064943f75498361739eb063cb7a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: ZK1lmAniJwiZ8ONwugtOO6Y0jM_ofm9SEpoPOcCu_6g_THMraXLCdQ==
gomydates.com/bridge/frodi_data.js
52.28.40.216200 OK 2.9 kB URL HTTP/1.1 gomydates.com/bridge/frodi_data.js
IP 52.28.40.216:0
File type C source, ASCII text, with very long lines (6647)
Hash 625b730293917702d84f6d523a8f393d
06864e7f108f35894939cb7c1d4f35728bac196b
d41f3ab66a1cce893c51be831fb7af4889964f145779c569f33ffde9c6f1a584
Analyzer Verdict Alert fortinet Phishing
GET /bridge/frodi_data.js HTTP/1.1
Host: gomydates.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gomydates.com/jump?utm_source=intc&tds_rt=&clickid={clickid}&tds_ao=1&tds_p_campaign=b4979kas&dci=d62388515ec2de4b27b6824712dcc74f8577c1a0&affid=9559e5a1&tds_oid=22194&s1=ps&subid2={subid2}&tds_cid=c91334ec37512d42142d204f186b23dc659f2ce5&tds_campaign=b0506rie&tds_host=gomydates.com&tds_ac_id=s0624kas&tds_id=b0506rie_jump_a_1582201042300&id=22194&_tgUrl=aHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzMwN2NjZmQxNWU2M2NkM2I1YWUxMzQyNDk2MWRhOTA4P19fdD0xNjc1OTAxODY1MjE0Jl9fbD0zNjAw&subid=clickadu
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 00:18:01 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Access-Control-Allow-Origin: *
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
X-Robots-Tag: noindex
Accept-Ranges: bytes
Cache-Control: public, max-age=3600
Last-Modified: Wed, 08 Feb 2023 12:32:22 GMT
ETag: W/"19f8-18631033ff0"
Vary: Accept-Encoding
Content-Encoding: gzip
gomydates.com/integration.js
52.28.40.216200 OK 753 B URL HTTP/1.1 gomydates.com/integration.js
IP 52.28.40.216:0
Hash b475914d6c89a21b81c2d511dae152a7
ca48b88066e335a8c9cc3e56ade678066ae7625c
34f4181775bb904fd85751490fc0b531a2b9dfdf197fc49c60a3706f32e4b57f
Analyzer Verdict Alert fortinet Phishing
GET /integration.js HTTP/1.1
Host: gomydates.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gomydates.com/jump?utm_source=intc&tds_rt=&clickid={clickid}&tds_ao=1&tds_p_campaign=b4979kas&dci=d62388515ec2de4b27b6824712dcc74f8577c1a0&affid=9559e5a1&tds_oid=22194&s1=ps&subid2={subid2}&tds_cid=c91334ec37512d42142d204f186b23dc659f2ce5&tds_campaign=b0506rie&tds_host=gomydates.com&tds_ac_id=s0624kas&tds_id=b0506rie_jump_a_1582201042300&id=22194&_tgUrl=aHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzMwN2NjZmQxNWU2M2NkM2I1YWUxMzQyNDk2MWRhOTA4P19fdD0xNjc1OTAxODY1MjE0Jl9fbD0zNjAw&subid=clickadu
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 00:18:01 GMT
Content-Type: text/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
X-Powered-By: Express
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
ETag: W/"70f-PIVfoteh+izw8vxX+x46WElvLHY"
Vary: Accept-Encoding
Content-Encoding: gzip
gomydates.com/bridge/crypto-4.1.1.js
52.28.40.216200 OK 17 kB URL HTTP/1.1 gomydates.com/bridge/crypto-4.1.1.js
IP 52.28.40.216:0
File type ASCII text, with very long lines (48609)
Hash d23b931e89a3b1e929c7413f4f6e6529
2c4ee12f0712fa5465c87bcb81c786f321c4cf8c
459fc7cbb98c2fcbf0d0458d3d539b6229bc9b5ec4161bd4d42182e85a0afaef
Analyzer Verdict Alert fortinet Phishing
GET /bridge/crypto-4.1.1.js HTTP/1.1
Host: gomydates.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gomydates.com/jump?utm_source=intc&tds_rt=&clickid={clickid}&tds_ao=1&tds_p_campaign=b4979kas&dci=d62388515ec2de4b27b6824712dcc74f8577c1a0&affid=9559e5a1&tds_oid=22194&s1=ps&subid2={subid2}&tds_cid=c91334ec37512d42142d204f186b23dc659f2ce5&tds_campaign=b0506rie&tds_host=gomydates.com&tds_ac_id=s0624kas&tds_id=b0506rie_jump_a_1582201042300&id=22194&_tgUrl=aHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzMwN2NjZmQxNWU2M2NkM2I1YWUxMzQyNDk2MWRhOTA4P19fdD0xNjc1OTAxODY1MjE0Jl9fbD0zNjAw&subid=clickadu
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 00:18:01 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Access-Control-Allow-Origin: *
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
X-Robots-Tag: noindex
Accept-Ranges: bytes
Cache-Control: public, max-age=3600
Last-Modified: Wed, 08 Feb 2023 12:32:22 GMT
ETag: W/"bde2-18631033ff0"
Vary: Accept-Encoding
Content-Encoding: gzip
cdn3reference.com/landings/22194/js/7eab83ab7aaed2a16e6c57c4c54e197c.js
54.230.111.55200 OK 34 kB URL HTTP/1.1 cdn3reference.com/landings/22194/js/7eab83ab7aaed2a16e6c57c4c54e197c.js
IP 54.230.111.55:0
File type ASCII text, with very long lines (65535)
Hash cf700c94b30981b3148fc4e0c25dc312
683c10798ed82fdce3d236e1df50d6e7e28ab88a
830458b7d396e87c7fc23d70085854973380dd4bf89d6cdb97f453b5fb29064c
GET /landings/22194/js/7eab83ab7aaed2a16e6c57c4c54e197c.js HTTP/1.1
Host: cdn3reference.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gomydates.com/
HTTP/1.1 200 OK
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Date: Thu, 09 Feb 2023 00:18:01 GMT
Last-Modified: Tue, 12 Jun 2018 14:22:15 GMT
Content-Encoding: gzip
ETag: W/"17e19-56e7297c2b3c0"
X-Cache: Miss from cloudfront
Via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: TITI4y7VBaG-Sf-NnWiPSBUrjtC411ifIfSOntaKqjtFXXs8ksb1fQ==
gomydates.com/ao.js
52.28.40.216200 OK 2.2 kB IP 52.28.40.216:0
File type ASCII text, with very long lines (5384)
Hash daffd3c72e45d4a19fb423279cec556e
f6d9974ed37c69ed428e1c8ddcc0341775b7363d
093c80a4b6ca69755c539ba942659b5e10e791a79262d5e71863ad92502f3fa1
Analyzer Verdict Alert fortinet Phishing
GET /ao.js HTTP/1.1
Host: gomydates.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gomydates.com/jump?utm_source=intc&tds_rt=&clickid={clickid}&tds_ao=1&tds_p_campaign=b4979kas&dci=d62388515ec2de4b27b6824712dcc74f8577c1a0&affid=9559e5a1&tds_oid=22194&s1=ps&subid2={subid2}&tds_cid=c91334ec37512d42142d204f186b23dc659f2ce5&tds_campaign=b0506rie&tds_host=gomydates.com&tds_ac_id=s0624kas&tds_id=b0506rie_jump_a_1582201042300&id=22194&_tgUrl=aHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzMwN2NjZmQxNWU2M2NkM2I1YWUxMzQyNDk2MWRhOTA4P19fdD0xNjc1OTAxODY1MjE0Jl9fbD0zNjAw&subid=clickadu
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 00:18:01 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Access-Control-Allow-Origin: *
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
X-Robots-Tag: noindex
Accept-Ranges: bytes
Cache-Control: public, max-age=3600
Last-Modified: Wed, 08 Feb 2023 12:32:22 GMT
ETag: W/"1509-18631033ff0"
Vary: Accept-Encoding
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 0333fa3e34f17f01e9829bd8ee662c23
be4c7a8599038facc49c73d6d14451023bc919e7
8b4ad992549334395b268f43cf73150ed0dfe58801cf9595c3e245ea92dea7d9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 00:18:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
gomydates.com/ufis/main.js?ippContent=null&wpContent=null&pwaContent=null&doc_location=http%3A%2F%2Fgomydates.com%2Fjump%3Futm_source%3Dintc%26tds_rt%3D%26clickid%3D%7Bclickid%7D%26tds_ao%3D1%26tds_p_campaign%3Db4979kas%26dci%3Dd62388515ec2de4b27b6824712dcc74f8577c1a0%26affid%3D9559e5a1%26tds_oid%3D22194%26s1%3Dps%26subid2%3D%7Bsubid2%7D%26tds_cid%3Dc91334ec37512d42142d204f186b23dc659f2ce5%26tds_campaign%3Db0506rie%26tds_host%3Dgomydates.com%26tds_ac_id%3Ds0624kas%26tds_id%3Db0506rie_jump_a_1582201042300%26id%3D22194%26_tgUrl%3DaHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzMwN2NjZmQxNWU2M2NkM2I1YWUxMzQyNDk2MWRhOTA4P19fdD0xNjc1OTAxODY1MjE0Jl9fbD0zNjAw%26subid%3Dclickadu&uaDataValues={}
52.28.40.216200 OK 292 kB URL HTTP/1.1 gomydates.com/ufis/main.js?ippContent=null&wpContent=null&pwaContent=null&doc_location=http%3A%2F%2Fgomydates.com%2Fjump%3Futm_source%3Dintc%26tds_rt%3D%26clickid%3D%7Bclickid%7D%26tds_ao%3D1%26tds_p_campaign%3Db4979kas%26dci%3Dd62388515ec2de4b27b6824712dcc74f8577c1a0%26affid%3D9559e5a1%26tds_oid%3D22194%26s1%3Dps%26subid2%3D%7Bsubid2%7D%26tds_cid%3Dc91334ec37512d42142d204f186b23dc659f2ce5%26tds_campaign%3Db0506rie%26tds_host%3Dgomydates.com%26tds_ac_id%3Ds0624kas%26tds_id%3Db0506rie_jump_a_1582201042300%26id%3D22194%26_tgUrl%3DaHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzMwN2NjZmQxNWU2M2NkM2I1YWUxMzQyNDk2MWRhOTA4P19fdD0xNjc1OTAxODY1MjE0Jl9fbD0zNjAw%26subid%3Dclickadu&uaDataValues={}
IP 52.28.40.216:0
File type C++ source, ASCII text, with very long lines (21894)
Size 292 kB (291487 bytes)
Hash ded69707c918848b0d52ca99eccb7bbf
cea14845687660fd9ecefa30a3faf21748187072
ddbee8fdc31fbadf07237fdb7a31bd5a06f134c390af06046adc72200a8255a5
GET /ufis/main.js?ippContent=null&wpContent=null&pwaContent=null&doc_location=http%3A%2F%2Fgomydates.com%2Fjump%3Futm_source%3Dintc%26tds_rt%3D%26clickid%3D%7Bclickid%7D%26tds_ao%3D1%26tds_p_campaign%3Db4979kas%26dci%3Dd62388515ec2de4b27b6824712dcc74f8577c1a0%26affid%3D9559e5a1%26tds_oid%3D22194%26s1%3Dps%26subid2%3D%7Bsubid2%7D%26tds_cid%3Dc91334ec37512d42142d204f186b23dc659f2ce5%26tds_campaign%3Db0506rie%26tds_host%3Dgomydates.com%26tds_ac_id%3Ds0624kas%26tds_id%3Db0506rie_jump_a_1582201042300%26id%3D22194%26_tgUrl%3DaHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzMwN2NjZmQxNWU2M2NkM2I1YWUxMzQyNDk2MWRhOTA4P19fdD0xNjc1OTAxODY1MjE0Jl9fbD0zNjAw%26subid%3Dclickadu&uaDataValues={} HTTP/1.1
Host: gomydates.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gomydates.com/jump?utm_source=intc&tds_rt=&clickid={clickid}&tds_ao=1&tds_p_campaign=b4979kas&dci=d62388515ec2de4b27b6824712dcc74f8577c1a0&affid=9559e5a1&tds_oid=22194&s1=ps&subid2={subid2}&tds_cid=c91334ec37512d42142d204f186b23dc659f2ce5&tds_campaign=b0506rie&tds_host=gomydates.com&tds_ac_id=s0624kas&tds_id=b0506rie_jump_a_1582201042300&id=22194&_tgUrl=aHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzMwN2NjZmQxNWU2M2NkM2I1YWUxMzQyNDk2MWRhOTA4P19fdD0xNjc1OTAxODY1MjE0Jl9fbD0zNjAw&subid=clickadu
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 00:18:01 GMT
Content-Type: text/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
X-Powered-By: Express
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
ETag: W/"768c1-jPUJOUbfAJ37s7FrpbqtPBEcLqg"
Vary: Accept-Encoding
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 0333fa3e34f17f01e9829bd8ee662c23
be4c7a8599038facc49c73d6d14451023bc919e7
8b4ad992549334395b268f43cf73150ed0dfe58801cf9595c3e245ea92dea7d9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 00:18:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Content-Type, Expires, Pragma, Retry-After, Last-Modified, ETag, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 09 Feb 2023 00:14:52 GMT
age: 189
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
www.googletagmanager.com/gtm.js?id=GTM-KMSJRW&l=adsLayer
142.250.74.168302 Found 265 B URL HTTP/1.1 www.googletagmanager.com/gtm.js?id=GTM-KMSJRW&l=adsLayer
IP 142.250.74.168:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 89fb7d2ef48c4a5d43b40ba73184510f
d3c8774d6ab3d1a24b8721b0aa148f6f2f134e24
4a84ebd3a763279bd4c3e9f12d43b7bdce8f916d07ef34371da477104a78811f
GET /gtm.js?id=GTM-KMSJRW&l=adsLayer HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gomydates.com/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtm.js?id=GTM-KMSJRW&l=adsLayer
Cross-Origin-Resource-Policy: cross-origin
Date: Thu, 09 Feb 2023 00:18:01 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 265
X-XSS-Protection: 0
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 986afab4bad851da3c4a2b8db670c876
c58b7142ce3bebda918b77649973715dbd71b4d2
24e4025e6576d86e781fd0861a0a87338b7b5d52b9e559ae76ca52755cc3a865
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 00:18:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
gomydates.com/ufis/recaptcha/inject/gomydates.com?placement=default&doc_location=http%3A%2F%2Fgomydates.com%2Fjump%3Futm_source%3Dintc%26tds_rt%3D%26clickid%3D%7Bclickid%7D%26tds_ao%3D1%26tds_p_campaign%3Db4979kas%26dci%3Dd62388515ec2de4b27b6824712dcc74f8577c1a0%26affid%3D9559e5a1%26tds_oid%3D22194%26s1%3Dps%26subid2%3D%7Bsubid2%7D%26tds_cid%3Dc91334ec37512d42142d204f186b23dc659f2ce5%26tds_campaign%3Db0506rie%26tds_host%3Dgomydates.com%26tds_ac_id%3Ds0624kas%26tds_id%3Db0506rie_jump_a_1582201042300%26id%3D22194%26_tgUrl%3DaHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzMwN2NjZmQxNWU2M2NkM2I1YWUxMzQyNDk2MWRhOTA4P19fdD0xNjc1OTAxODY1MjE0Jl9fbD0zNjAw%26subid%3Dclickadu
52.28.40.216200 OK 27 B URL HTTP/1.1 gomydates.com/ufis/recaptcha/inject/gomydates.com?placement=default&doc_location=http%3A%2F%2Fgomydates.com%2Fjump%3Futm_source%3Dintc%26tds_rt%3D%26clickid%3D%7Bclickid%7D%26tds_ao%3D1%26tds_p_campaign%3Db4979kas%26dci%3Dd62388515ec2de4b27b6824712dcc74f8577c1a0%26affid%3D9559e5a1%26tds_oid%3D22194%26s1%3Dps%26subid2%3D%7Bsubid2%7D%26tds_cid%3Dc91334ec37512d42142d204f186b23dc659f2ce5%26tds_campaign%3Db0506rie%26tds_host%3Dgomydates.com%26tds_ac_id%3Ds0624kas%26tds_id%3Db0506rie_jump_a_1582201042300%26id%3D22194%26_tgUrl%3DaHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzMwN2NjZmQxNWU2M2NkM2I1YWUxMzQyNDk2MWRhOTA4P19fdD0xNjc1OTAxODY1MjE0Jl9fbD0zNjAw%26subid%3Dclickadu
IP 52.28.40.216:0
File type JSON data\012- , ASCII text, with no line terminators
Hash c7f55b876f962b6dc8dc3b2145a13315
aef7bcbe00d506bf8ae34b4f469ccc69b701fdb4
341891286e02aad359716b2976363f926c510a574f3ec042f10fb056f629f9af
GET /ufis/recaptcha/inject/gomydates.com?placement=default&doc_location=http%3A%2F%2Fgomydates.com%2Fjump%3Futm_source%3Dintc%26tds_rt%3D%26clickid%3D%7Bclickid%7D%26tds_ao%3D1%26tds_p_campaign%3Db4979kas%26dci%3Dd62388515ec2de4b27b6824712dcc74f8577c1a0%26affid%3D9559e5a1%26tds_oid%3D22194%26s1%3Dps%26subid2%3D%7Bsubid2%7D%26tds_cid%3Dc91334ec37512d42142d204f186b23dc659f2ce5%26tds_campaign%3Db0506rie%26tds_host%3Dgomydates.com%26tds_ac_id%3Ds0624kas%26tds_id%3Db0506rie_jump_a_1582201042300%26id%3D22194%26_tgUrl%3DaHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzMwN2NjZmQxNWU2M2NkM2I1YWUxMzQyNDk2MWRhOTA4P19fdD0xNjc1OTAxODY1MjE0Jl9fbD0zNjAw%26subid%3Dclickadu HTTP/1.1
Host: gomydates.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gomydates.com/jump?utm_source=intc&tds_rt=&clickid={clickid}&tds_ao=1&tds_p_campaign=b4979kas&dci=d62388515ec2de4b27b6824712dcc74f8577c1a0&affid=9559e5a1&tds_oid=22194&s1=ps&subid2={subid2}&tds_cid=c91334ec37512d42142d204f186b23dc659f2ce5&tds_campaign=b0506rie&tds_host=gomydates.com&tds_ac_id=s0624kas&tds_id=b0506rie_jump_a_1582201042300&id=22194&_tgUrl=aHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzMwN2NjZmQxNWU2M2NkM2I1YWUxMzQyNDk2MWRhOTA4P19fdD0xNjc1OTAxODY1MjE0Jl9fbD0zNjAw&subid=clickadu
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 00:18:01 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 27
Connection: keep-alive
Server: nginx
X-Powered-By: Express
Access-Control-Allow-Origin: *
ETag: W/"1b-rve8vgDVBr+K40tPRpzMabcB/bQ"
Vary: Accept-Encoding
gomydates.com/ufis/rtr?referer=http%3A%2F%2Fgomydates.com%2Fjump%3Futm_source%3Dintc%26tds_rt%3D%26clickid%3D%7Bclickid%7D%26tds_ao%3D1%26tds_p_campaign%3Db4979kas%26dci%3Dd62388515ec2de4b27b6824712dcc74f8577c1a0%26affid%3D9559e5a1%26tds_oid%3D22194%26s1%3Dps%26subid2%3D%7Bsubid2%7D%26tds_cid%3Dc91334ec37512d42142d204f186b23dc659f2ce5%26tds_campaign%3Db0506rie%26tds_host%3Dgomydates.com%26tds_ac_id%3Ds0624kas%26tds_id%3Db0506rie_jump_a_1582201042300%26id%3D22194%26_tgUrl%3DaHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzMwN2NjZmQxNWU2M2NkM2I1YWUxMzQyNDk2MWRhOTA4P19fdD0xNjc1OTAxODY1MjE0Jl9fbD0zNjAw%26subid%3Dclickadu
52.28.40.216200 OK 10 B URL HTTP/1.1 gomydates.com/ufis/rtr?referer=http%3A%2F%2Fgomydates.com%2Fjump%3Futm_source%3Dintc%26tds_rt%3D%26clickid%3D%7Bclickid%7D%26tds_ao%3D1%26tds_p_campaign%3Db4979kas%26dci%3Dd62388515ec2de4b27b6824712dcc74f8577c1a0%26affid%3D9559e5a1%26tds_oid%3D22194%26s1%3Dps%26subid2%3D%7Bsubid2%7D%26tds_cid%3Dc91334ec37512d42142d204f186b23dc659f2ce5%26tds_campaign%3Db0506rie%26tds_host%3Dgomydates.com%26tds_ac_id%3Ds0624kas%26tds_id%3Db0506rie_jump_a_1582201042300%26id%3D22194%26_tgUrl%3DaHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzMwN2NjZmQxNWU2M2NkM2I1YWUxMzQyNDk2MWRhOTA4P19fdD0xNjc1OTAxODY1MjE0Jl9fbD0zNjAw%26subid%3Dclickadu
IP 52.28.40.216:0
File type JSON data\012- , ASCII text, with no line terminators
Hash c2db64f99c6ebc0162f2ff0a32704299
d483e5dbd40c7600c97357394ebe7c7e747aee9f
0d891cd61411a07f3c3be0426f9cfdd76d1c8c84955cdd9d3a8e3b95d986b5d6
Analyzer Verdict Alert fortinet Phishing
GET /ufis/rtr?referer=http%3A%2F%2Fgomydates.com%2Fjump%3Futm_source%3Dintc%26tds_rt%3D%26clickid%3D%7Bclickid%7D%26tds_ao%3D1%26tds_p_campaign%3Db4979kas%26dci%3Dd62388515ec2de4b27b6824712dcc74f8577c1a0%26affid%3D9559e5a1%26tds_oid%3D22194%26s1%3Dps%26subid2%3D%7Bsubid2%7D%26tds_cid%3Dc91334ec37512d42142d204f186b23dc659f2ce5%26tds_campaign%3Db0506rie%26tds_host%3Dgomydates.com%26tds_ac_id%3Ds0624kas%26tds_id%3Db0506rie_jump_a_1582201042300%26id%3D22194%26_tgUrl%3DaHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzMwN2NjZmQxNWU2M2NkM2I1YWUxMzQyNDk2MWRhOTA4P19fdD0xNjc1OTAxODY1MjE0Jl9fbD0zNjAw%26subid%3Dclickadu HTTP/1.1
Host: gomydates.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gomydates.com/jump?utm_source=intc&tds_rt=&clickid={clickid}&tds_ao=1&tds_p_campaign=b4979kas&dci=d62388515ec2de4b27b6824712dcc74f8577c1a0&affid=9559e5a1&tds_oid=22194&s1=ps&subid2={subid2}&tds_cid=c91334ec37512d42142d204f186b23dc659f2ce5&tds_campaign=b0506rie&tds_host=gomydates.com&tds_ac_id=s0624kas&tds_id=b0506rie_jump_a_1582201042300&id=22194&_tgUrl=aHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzMwN2NjZmQxNWU2M2NkM2I1YWUxMzQyNDk2MWRhOTA4P19fdD0xNjc1OTAxODY1MjE0Jl9fbD0zNjAw&subid=clickadu
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 00:18:01 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 10
Connection: keep-alive
Server: nginx
X-Powered-By: Express
Access-Control-Allow-Origin: *
ETag: W/"a-1IPl29QMdgDJc1c5Tr58fnR67p8"
Vary: Accept-Encoding
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 986afab4bad851da3c4a2b8db670c876
c58b7142ce3bebda918b77649973715dbd71b4d2
24e4025e6576d86e781fd0861a0a87338b7b5d52b9e559ae76ca52755cc3a865
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 00:18:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
retarget2core.com/fp/fp_ec.js
18.196.40.175200 OK 703 B URL HTTP/1.1 retarget2core.com/fp/fp_ec.js
IP 18.196.40.175:0
File type ASCII text, with very long lines (1212)
Hash ada333f1282ce9b098687f8c699c96e4
953cc03e6c595d3d58247b6966370da05054957e
823521b4328c9b2d58026cb8fb904ffe437b13a8a0a1773de479afbe218ebc85
GET /fp/fp_ec.js HTTP/1.1
Host: retarget2core.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gomydates.com/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 00:18:01 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Access-Control-Allow-Origin: *
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
X-Robots-Tag: noindex
Accept-Ranges: bytes
Cache-Control: public, max-age=3600
Last-Modified: Wed, 08 Feb 2023 12:32:22 GMT
ETag: W/"4bd-18631033ff0"
Vary: Accept-Encoding
Content-Encoding: gzip
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
216.58.207.227200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://gomydates.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 06 Feb 2023 18:52:41 GMT
expires: Tue, 06 Feb 2024 18:52:41 GMT
cache-control: public, max-age=31536000
age: 192320
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 472 B IP 142.250.74.163:0
Hash c99599d6628f41d54430edaa40f5c533
4bbd35fd1097784ae5e1e046ba35595eb49ac57f
3cb4e5c0f89f5e97bd7b4a11c25b6bae84bb5a1d55982c44719b76b3f852035e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 00:18:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 986afab4bad851da3c4a2b8db670c876
c58b7142ce3bebda918b77649973715dbd71b4d2
24e4025e6576d86e781fd0861a0a87338b7b5d52b9e559ae76ca52755cc3a865
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 00:18:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 9b88bae61bca33aba8aa99f6128db8d9
a07b61fb2458917699613fcae68710941b595416
54915c2f79822732e06a592d027da421ad1e7a6458c545f98333db25612b3dea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "54915C2F79822732E06A592D027DA421AD1E7A6458C545F98333DB25612B3DEA"
Last-Modified: Mon, 06 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4262
Expires: Thu, 09 Feb 2023 01:29:03 GMT
Date: Thu, 09 Feb 2023 00:18:01 GMT
Connection: keep-alive
www.googletagmanager.com/gtm.js?id=GTM-KMSJRW&l=adsLayer
142.250.74.168200 OK 50 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-KMSJRW&l=adsLayer
IP 142.250.74.168:0
File type ASCII text, with very long lines (4073)
Hash 87bc72e85b41230dd4e765a155fd55d8
173af707837c76dc13136c003d532b42ac25f857
b34d7ec8608911630bddcc4d7b26c92020bd1647ebc859cb17d28a05788c858c
GET /gtm.js?id=GTM-KMSJRW&l=adsLayer HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://gomydates.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 09 Feb 2023 00:18:01 GMT
expires: Thu, 09 Feb 2023 00:18:01 GMT
cache-control: private, max-age=900
last-modified: Thu, 09 Feb 2023 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 50239
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
retarget2core.com/43fbb6270523e1760fa5f0d2579dea07/ac3fc68831981c704535980c826941a5?tds_cid=c91334ec37512d42142d204f186b23dc659f2ce5&dci=d62388515ec2de4b27b6824712dcc74f8577c1a0&j_type=open&jump=22194&jump_name=
18.196.40.175200 OK 35 B URL HTTP/1.1 retarget2core.com/43fbb6270523e1760fa5f0d2579dea07/ac3fc68831981c704535980c826941a5?tds_cid=c91334ec37512d42142d204f186b23dc659f2ce5&dci=d62388515ec2de4b27b6824712dcc74f8577c1a0&j_type=open&jump=22194&jump_name=
IP 18.196.40.175:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
GET /43fbb6270523e1760fa5f0d2579dea07/ac3fc68831981c704535980c826941a5?tds_cid=c91334ec37512d42142d204f186b23dc659f2ce5&dci=d62388515ec2de4b27b6824712dcc74f8577c1a0&j_type=open&jump=22194&jump_name= HTTP/1.1
Host: retarget2core.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gomydates.com/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 00:18:01 GMT
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Access-Control-Allow-Origin: *
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform, Sec-CH-UA-Wow64, Sec-CH-UA
Set-Cookie: dci=6a563590b96515f4a4f6eec58fbb6952252613ea; Max-Age=31536000; Domain=.retarget2core.com; Path=/; Expires=Fri, 09 Feb 2024 00:18:01 GMT; Secure; SameSite=None
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 472 B IP 142.250.74.163:0
Hash c99599d6628f41d54430edaa40f5c533
4bbd35fd1097784ae5e1e046ba35595eb49ac57f
3cb4e5c0f89f5e97bd7b4a11c25b6bae84bb5a1d55982c44719b76b3f852035e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 00:18:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
gomydates.com/ufis/pwa/track?uaDataValues={}&networkGroup=
52.28.40.216200 OK 20 B URL HTTP/1.1 gomydates.com/ufis/pwa/track?uaDataValues={}&networkGroup=
IP 52.28.40.216:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 5820854f62a6eb3d38ba7ba0d1b3ea75
639df0b84fe699b4a290a713fd6b9a94bd4deb95
912d0c07da7bdb22cdae025b96da26d01523aaab7362edb28544e3949deb369d
POST /ufis/pwa/track?uaDataValues={}&networkGroup= HTTP/1.1
Host: gomydates.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://gomydates.com/jump?utm_source=intc&tds_rt=&clickid={clickid}&tds_ao=1&tds_p_campaign=b4979kas&dci=d62388515ec2de4b27b6824712dcc74f8577c1a0&affid=9559e5a1&tds_oid=22194&s1=ps&subid2={subid2}&tds_cid=c91334ec37512d42142d204f186b23dc659f2ce5&tds_campaign=b0506rie&tds_host=gomydates.com&tds_ac_id=s0624kas&tds_id=b0506rie_jump_a_1582201042300&id=22194&_tgUrl=aHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzMwN2NjZmQxNWU2M2NkM2I1YWUxMzQyNDk2MWRhOTA4P19fdD0xNjc1OTAxODY1MjE0Jl9fbD0zNjAw&subid=clickadu
Content-Type: application/json
Origin: http://gomydates.com
Content-Length: 1018
Connection: keep-alive
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 00:18:02 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 20
Connection: keep-alive
Server: nginx
X-Powered-By: Express
Access-Control-Allow-Origin: *
ETag: W/"14-Y53wuE/mmbSikKcT/WualL1N65U"
Vary: Accept-Encoding
cdn3reference.com/landings/22194/images/1.jpg
54.230.111.55200 OK 112 kB URL HTTP/1.1 cdn3reference.com/landings/22194/images/1.jpg
IP 54.230.111.55:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1600x900, components 3\012- data
Size 112 kB (111525 bytes)
Hash 33401eb5ced00c9c1f209140f697a7cd
756e24d3a36444af2415f7ff63ada7c69f1f0216
5c042e57fa41060ceeb81b900f546abcc28684e9d836a720df38f5f98b26e0cf
GET /landings/22194/images/1.jpg HTTP/1.1
Host: cdn3reference.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cdn3reference.com/landings/22194/css/816d4ae8540beb41a215456480b07afe.css
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 111525
Connection: keep-alive
Server: nginx
Date: Thu, 09 Feb 2023 00:18:01 GMT
Last-Modified: Tue, 12 Jun 2018 13:28:33 GMT
ETag: "1b3a5-56e71d7b6e240"
Accept-Ranges: bytes
Cache-Control: public, max-age=604800
X-Cache: Miss from cloudfront
Via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: pJc8LvpBP725tSDAaugqsBh92RogRhIjMLkEHDVCQJqA0gDy1RM5UA==
fonts.googleapis.com/css?family=Open+Sans:400,700,800
142.250.74.106200 OK 129 kB URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans:400,700,800
IP 142.250.74.106:0
Size 129 kB (129385 bytes)
Hash 2b7deb2075f76a40bea5b7399a3cf8be
7b01be0f58b519782f0f9637ec830ebadcfd6e64
aa2e361dbae46267c599e4275551a9fe9d88890d04385ac600df5def073f731a
GET /css?family=Open+Sans:400,700,800 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cdn3reference.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 09 Feb 2023 00:18:01 GMT
date: Thu, 09 Feb 2023 00:18:01 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
push.services.mozilla.com/
44.227.109.32101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 44.227.109.32:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: wtc/m74aaZWRFUD2CGLcZA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: lyuedO25tiZHzjWSit5ymKEe9Do=
www.gstatic.com/firebasejs/8.6.8/firebase-messaging.js
142.250.74.35200 OK 11 kB URL HTTP/2 www.gstatic.com/firebasejs/8.6.8/firebase-messaging.js
IP 142.250.74.35:0
File type ASCII text, with very long lines (40876)
Hash 5df942bc55c20f421cf56876855ced51
61e1c33b26d5a693425a8c229f90b1ea39736f29
3fb9f58427a7229af7bfb3c37e2f9718ba1e8776c368a80c511c6e27466d4932
GET /firebasejs/8.6.8/firebase-messaging.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gomydates.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 10869
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 07 Feb 2023 00:51:48 GMT
expires: Wed, 07 Feb 2024 00:51:48 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 01 Jul 2021 23:11:55 GMT
content-type: text/javascript; charset=UTF-8
age: 170774
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn3reference.com/images/jump-favicon.ico
54.230.111.55200 OK 140 B URL HTTP/1.1 cdn3reference.com/images/jump-favicon.ico
IP 54.230.111.55:0
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash 9323618250d1ebf9d90bb8ccd61ae3ed
f5959b04c30f434573c990cf4c454e8f8ea417e8
9fc17a567b7c732de87bf32b86d9bbdba2b44ecedeff4d39fb5d025a30552ba2
GET /images/jump-favicon.ico HTTP/1.1
Host: cdn3reference.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gomydates.com/
HTTP/1.1 200 OK
Content-Type: image/vnd.microsoft.icon
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Date: Thu, 09 Feb 2023 00:18:02 GMT
Last-Modified: Fri, 05 Dec 2014 08:28:50 GMT
Cache-Control: public, max-age=604800
Content-Encoding: gzip
ETag: W/"47e-50973ddc33480"
X-Cache: Miss from cloudfront
Via: 1.1 04c4f064943f75498361739eb063cb7a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: UdB03PB2KmsxubdW8L_KKA55AkueDUqt0aaQwGlQRz6rCdJ3PQrOMg==
gomydates.com/ufis/webpush/track?uaDataValues={}&networkGroup=
52.28.40.216200 OK 30 B URL HTTP/1.1 gomydates.com/ufis/webpush/track?uaDataValues={}&networkGroup=
IP 52.28.40.216:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 81e3f07d1645f13d7cf94d9fe27b2db2
ff7bd614a52eeaf470852cb2c90344225fc3ffa5
33913d055081924c5e30b81bbab55e0a68df0397f2e3ae3c9606467c2d00da64
POST /ufis/webpush/track?uaDataValues={}&networkGroup= HTTP/1.1
Host: gomydates.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json; charset=UTF-8
Content-Length: 1046
Origin: http://gomydates.com
Connection: keep-alive
Referer: http://gomydates.com/jump?utm_source=intc&tds_rt=&clickid={clickid}&tds_ao=1&tds_p_campaign=b4979kas&dci=d62388515ec2de4b27b6824712dcc74f8577c1a0&affid=9559e5a1&tds_oid=22194&s1=ps&subid2={subid2}&tds_cid=c91334ec37512d42142d204f186b23dc659f2ce5&tds_campaign=b0506rie&tds_host=gomydates.com&tds_ac_id=s0624kas&tds_id=b0506rie_jump_a_1582201042300&id=22194&_tgUrl=aHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzMwN2NjZmQxNWU2M2NkM2I1YWUxMzQyNDk2MWRhOTA4P19fdD0xNjc1OTAxODY1MjE0Jl9fbD0zNjAw&subid=clickadu
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 00:18:02 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 30
Connection: keep-alive
Server: nginx
X-Powered-By: Express
Access-Control-Allow-Origin: *
ETag: W/"1e-/3vWFKUu6vRwhSyyyQNEIl/D/6U"
Vary: Accept-Encoding
gomydates.com/ufis/webpush/track?uaDataValues={}&networkGroup=
52.28.40.216200 OK 30 B URL HTTP/1.1 gomydates.com/ufis/webpush/track?uaDataValues={}&networkGroup=
IP 52.28.40.216:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 81e3f07d1645f13d7cf94d9fe27b2db2
ff7bd614a52eeaf470852cb2c90344225fc3ffa5
33913d055081924c5e30b81bbab55e0a68df0397f2e3ae3c9606467c2d00da64
POST /ufis/webpush/track?uaDataValues={}&networkGroup= HTTP/1.1
Host: gomydates.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json; charset=UTF-8
Content-Length: 1129
Origin: http://gomydates.com
Connection: keep-alive
Referer: http://gomydates.com/jump?utm_source=intc&tds_rt=&clickid={clickid}&tds_ao=1&tds_p_campaign=b4979kas&dci=d62388515ec2de4b27b6824712dcc74f8577c1a0&affid=9559e5a1&tds_oid=22194&s1=ps&subid2={subid2}&tds_cid=c91334ec37512d42142d204f186b23dc659f2ce5&tds_campaign=b0506rie&tds_host=gomydates.com&tds_ac_id=s0624kas&tds_id=b0506rie_jump_a_1582201042300&id=22194&_tgUrl=aHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzMwN2NjZmQxNWU2M2NkM2I1YWUxMzQyNDk2MWRhOTA4P19fdD0xNjc1OTAxODY1MjE0Jl9fbD0zNjAw&subid=clickadu
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 00:18:02 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 30
Connection: keep-alive
Server: nginx
X-Powered-By: Express
Access-Control-Allow-Origin: *
ETag: W/"1e-/3vWFKUu6vRwhSyyyQNEIl/D/6U"
Vary: Accept-Encoding
gomydates.com/tds/interlayer?handler=FrodiData
52.28.40.216200 OK 0 B URL HTTP/1.1 gomydates.com/tds/interlayer?handler=FrodiData
IP 52.28.40.216:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
POST /tds/interlayer?handler=FrodiData HTTP/1.1
Host: gomydates.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json; charset=utf-8
Content-Length: 1389
Origin: http://gomydates.com
Connection: keep-alive
Referer: http://gomydates.com/jump?utm_source=intc&tds_rt=&clickid={clickid}&tds_ao=1&tds_p_campaign=b4979kas&dci=d62388515ec2de4b27b6824712dcc74f8577c1a0&affid=9559e5a1&tds_oid=22194&s1=ps&subid2={subid2}&tds_cid=c91334ec37512d42142d204f186b23dc659f2ce5&tds_campaign=b0506rie&tds_host=gomydates.com&tds_ac_id=s0624kas&tds_id=b0506rie_jump_a_1582201042300&id=22194&_tgUrl=aHR0cHM6Ly9nb215ZGF0ZXMuY29tL3Rkcy9hZS90Zy9zLzMwN2NjZmQxNWU2M2NkM2I1YWUxMzQyNDk2MWRhOTA4P19fdD0xNjc1OTAxODY1MjE0Jl9fbD0zNjAw&subid=clickadu
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 00:18:03 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Access-Control-Allow-Origin: *
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform, Sec-CH-UA-Wow64, Sec-CH-UA
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1d885cfc22a04f1216c98dd64df5338a
589916a844b81fac40af88a772865b8e28dfb64e
40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14733
Expires: Thu, 09 Feb 2023 04:23:36 GMT
Date: Thu, 09 Feb 2023 00:18:03 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1d885cfc22a04f1216c98dd64df5338a
589916a844b81fac40af88a772865b8e28dfb64e
40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14733
Expires: Thu, 09 Feb 2023 04:23:36 GMT
Date: Thu, 09 Feb 2023 00:18:03 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1d885cfc22a04f1216c98dd64df5338a
589916a844b81fac40af88a772865b8e28dfb64e
40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14733
Expires: Thu, 09 Feb 2023 04:23:36 GMT
Date: Thu, 09 Feb 2023 00:18:03 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F718f24db-3c28-422f-953f-730a3ae78cb5.jpeg
34.120.237.76200 OK 3.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F718f24db-3c28-422f-953f-730a3ae78cb5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 28ae39b238f62d6c0aee7bb16ff863d5
3c2247e40747c3ca72dd7877facee9a9fecf0f59
c530ba92455ea45e14410f497d2df04cc1321e2937cc7e81aa75f4fc14206a7c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F718f24db-3c28-422f-953f-730a3ae78cb5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3014
x-amzn-requestid: bec40915-584b-48fc-94c2-293e96567474
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AChJKGrGoAMFelg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e4156d-2250ff00772341353151dd34;Sampled=0
x-amzn-remapped-date: Wed, 08 Feb 2023 21:34:37 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: lmJxNCnPKUD5O4HCWIjqeVaanXL50KZ60Xu1iOC6bisRBDJNkVXvww==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 21:42:38 GMT
etag: "3c2247e40747c3ca72dd7877facee9a9fecf0f59"
content-type: image/jpeg
age: 9325
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc03326d1-bbfd-4654-a9db-ac431757b9f6.jpeg
34.120.237.76200 OK 8.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc03326d1-bbfd-4654-a9db-ac431757b9f6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 764b732e88dd1e9c1824529b24b3dffc
2ba954a51c2972b267ae0536e343e608aa9aa7f4
a1efdf03b14bb05cf8e407b92476592c35fa2d27c5e66705322abdb4c6412a06
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc03326d1-bbfd-4654-a9db-ac431757b9f6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8150
x-amzn-requestid: 3834493a-4162-4cc9-b67c-541cc9be895b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fwD8IH0TIAMFWqQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dcb380-3746ff7b0a6894366efa848e;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 07:10:56 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: HNuUU4SaVvuPbW0clgJa6UZ-0zefgWJWfIJEsz_yCfKiCrx2wsu6vA==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 09:58:24 GMT
age: 51579
etag: "2ba954a51c2972b267ae0536e343e608aa9aa7f4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f087272-940e-484d-ad9d-2c67bcd6dccd.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f087272-940e-484d-ad9d-2c67bcd6dccd.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash bb7c8b758fe17f6c06ce2bebb5008495
032d747cf20951f6ca6fd51489fefd7c09c4948d
835d89e028ec4c85a845f2835cb5eddb9653937f6736e2713b671419474608ed
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f087272-940e-484d-ad9d-2c67bcd6dccd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12811
x-amzn-requestid: be33f9ef-31cb-4572-9f22-0a433423e195
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AChzZFiWIAMFgmA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e4167b-70ed2a756b8da4372ccc1f83;Sampled=0
x-amzn-remapped-date: Wed, 08 Feb 2023 21:39:07 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: HB03bmBiXVTrYbU01OssMQ_EbKhhFPhoUa-qcze2ZgD9Hr48Q8mEbQ==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 22:15:23 GMT
age: 7360
etag: "032d747cf20951f6ca6fd51489fefd7c09c4948d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff8db31dc-3366-48e5-8c4b-ebe994dd40ef.jpeg
34.120.237.76200 OK 15 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff8db31dc-3366-48e5-8c4b-ebe994dd40ef.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 95081172f8e19d19921acc802488e019
8531c150cb11de44361a95624b11cf46b9e0ba02
7a2d8f012c7d590f3f39ad834d4f3f9fb729143b7395bc588bd608b5bdee039b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff8db31dc-3366-48e5-8c4b-ebe994dd40ef.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 15019
x-amzn-requestid: 574e3e2c-2fbe-4215-9500-021147338832
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f583LHiioAMFqkQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e0a82d-4f12aac524c39f822ca4f422;Sampled=0
x-amzn-remapped-date: Mon, 06 Feb 2023 07:11:41 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: _3jIo3Giw3zmTmnSkJArAllT6uigN7EEzLPfkGpd6168_mSdqdk_Cg==
via: 1.1 23206a1c229d8877bdd053c4b05f9d12.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 08:24:16 GMT
age: 57227
etag: "8531c150cb11de44361a95624b11cf46b9e0ba02"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3ab2faf0-d9a7-41a6-b5cf-bf6189f66342.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3ab2faf0-d9a7-41a6-b5cf-bf6189f66342.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9203cfb9f0c1c958dd008eac55a9d3c4
6bdd1047590dd3fb54c15d5d6d38e7c86274b203
09770229be5ff3037708543e3204c66de84253b3a858a83a0e1672a04c0e9cb1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3ab2faf0-d9a7-41a6-b5cf-bf6189f66342.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11760
x-amzn-requestid: b2863a01-4714-4554-a478-5402467b3448
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AChJKHc_oAMFwlw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e4156d-1c5a3edf37bc7cc937c800d2;Sampled=0
x-amzn-remapped-date: Wed, 08 Feb 2023 21:34:37 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: euok7HXthk9GEynD8n9wXgf85lD0shxOdtT5VZvj-xHkoxEMxuohmA==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 21:42:38 GMT
age: 9325
etag: "6bdd1047590dd3fb54c15d5d6d38e7c86274b203"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F90107713-2512-413b-bb6c-0156521b403c.jpeg
34.120.237.76200 OK 4.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F90107713-2512-413b-bb6c-0156521b403c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 113363afa7cfd484dbc115a9f44c1723
2f9dfb845aa919a51a0b5fa9a824ac4845f669be
a91a045600ef2fdebd582ce453a85f7ce0c9f8be7258baf311d0d940de027c20
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F90107713-2512-413b-bb6c-0156521b403c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4308
x-amzn-requestid: 2d4ce596-9a69-4394-8e10-cd5c54687a06
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fzKZ0F2DoAMF6nA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ddf10b-6c4fabe01360b8781bdd8e06;Sampled=0
x-amzn-remapped-date: Sat, 04 Feb 2023 05:45:47 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: R_VDTHUaRhwthD0THsWg42L1OF7lZAX3ENsTfV0U7kkn9o0x-mQ_9g==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 13:53:53 GMT
age: 37450
etag: "2f9dfb845aa919a51a0b5fa9a824ac4845f669be"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2