Report - cc255de60.srtrak.com/promo-tools/direct-offers/mainstream/sweepstakes/winiphone14/?idev_id=106&set=3&link=2602&page=931&clickid=065cf8c1b74ad0196f6e2b466790fdb563a7192237e046be34cfb321e4810092

Report Overview

Submitted URL
cc255de60.srtrak.com/promo-tools/direct-offers/mainstream/sweepstakes/winiphone14/?idev_id=106&set=3&link=2602&page=931&clickid=065cf8c1b74ad0196f6e2b466790fdb563a7192237e046be34cfb321e4810092
IP
91.132.60.212
ASN
#44901 Belcloud LTD
Submitted
2022-12-03 10:48:00
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
34

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	229 B	34.117.237.239
ocsp.sectigo.com	487	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	340 B	963 B	172.64.155.188
app.api-push.com	307671	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	859 B	1.6 kB	172.64.162.28
accounts.google.com	81	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.1 kB	14 kB	142.250.74.109
ajax.googleapis.com	12905	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	356 B	32 kB	216.58.207.234
track.gositego.live	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	512 B	423 B	34.141.179.97
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	4.5 kB	9.1 kB	142.250.74.131
js.sentry-cdn.com	5259	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	385 B	1.7 kB	151.101.194.217
fonts.googleapis.com	8877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	728 B	2.5 kB	142.250.74.106
www.facebook.com	99	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	360 B	3.8 kB	31.13.72.36
pornhub.com	4903	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	335 B	721 B	66.254.114.41
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	4.4 kB	12 kB	95.101.11.115
setupquickoverlyinfo-file.info	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	545 B	499 B	3.226.146.143
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	42 kB	34.120.237.76
www.pornhub.com	10781	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	353 B	68 kB	66.254.114.41
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	54.148.69.31
alexatracker.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.1 kB	1.2 kB	104.21.85.99
lh3.google.com	213	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	391 B	956 B	216.58.207.206
cc255de60.srtrak.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.1 kB	1.3 kB	91.132.60.212
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.4 kB	6.7 kB	93.184.220.29
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
startd0wnload22x.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.3 kB	6.7 kB	188.72.236.34
www.pornhubpremium.com	142013	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	796 B	10 kB	66.254.114.33
e1.o.lencr.org	6159	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	676 B	1.5 kB	23.33.119.27
www.xvideos.com	11464	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	341 B	33 kB	185.88.181.8
her-cupid.com	698724	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	12 kB	8.3 MB	54.39.22.228
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	34.102.187.140
1d6cfc34913.tc999linkz.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	662 B	1.5 kB	94.237.99.118
cdnjam.com	204001	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	326 B	12 kB	188.114.97.1
browser.sentry-cdn.com	4393	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	389 B	21 kB	151.101.194.217
fonts.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	982 B	43 kB	142.250.74.35
o65532.ingest.sentry.io	747982	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	577 B	469 B	34.120.195.249
funkydaters.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	966 B	32 kB	172.67.218.62

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-12-03	medium	her-cupid.com/static/AwAA/images/en/pics-for-bg/pic-2.webp	Phishing
2022-12-03	medium	her-cupid.com/static/AwAA/images/en/pics-for-bg/pic-3.webp	Phishing
2022-12-03	medium	her-cupid.com/static/AwAA/images/en/pics-for-bg/pic-4.webp	Phishing
2022-12-03	medium	her-cupid.com/static/AwAA/images/en/pics-for-bg/pic-5.webp	Phishing
2022-12-03	medium	her-cupid.com/static/AwAA/images/en/pics-for-bg/pic-6.webp	Phishing
2022-12-03	medium	her-cupid.com/static/AwAA/images/en/pics-for-bg/pic-7.webp	Phishing
2022-12-03	medium	her-cupid.com/static/AwAA/images/en/pics-for-bg/pic-8.webp	Phishing
2022-12-03	medium	her-cupid.com/static/AwAA/images/en/pics-for-bg/pic-9.webp	Phishing
2022-12-03	medium	her-cupid.com/static/AwAA/images/en/pics-for-bg/pic-10.webp	Phishing
2022-12-03	medium	her-cupid.com/static/AwAA/images/en/pics-for-bg/gif-1.webp	Phishing
2022-12-03	medium	her-cupid.com/static/AwAA/images/en/pics-for-bg/gif-2.webp	Phishing
2022-12-03	medium	her-cupid.com/static/AwAA/images/en/pics-for-bg/gif-3.webp	Phishing
2022-12-03	medium	her-cupid.com/static/AwAA/images/en/pics-for-bg/gif-center-bottom-ql.webp	Phishing
2022-12-03	medium	her-cupid.com/static/AwAA/images/en/pics-for-bg/gif-4.webp	Phishing
2022-12-03	medium	her-cupid.com/stats	Phishing
2022-12-03	medium	her-cupid.com/stats	Phishing
2022-12-03	medium	her-cupid.com/stats	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (15)

	URL	Size	First Seen	Last Seen
	1d6cfc34913.tc999linkz.com/?p=5221&wid=132902&wid_hmac=d0cd5a96a873328888c8f7fbeabd778d&pl_settings%5Bprize%5D=iphone-14&o_settings%5Bprize%5D=iphone-14&pi=106&click_id=065cf8c1b74ad0196f6e2b466790fdb563a7192237e046be34cfb321e4810092&co=1&noback=1	322 B	2023-03-08	2023-03-08
Pretty URL 1d6cfc34913.tc999linkz.com/?p=5221&wid=132902&wid_hmac=d0cd5a96a873328888c8f7fbeabd778d&pl_settings%5Bprize%5D=iphone-14&o_settings%5Bprize%5D=iphone-14&pi=106&click_id=065cf8c1b74ad0196f6e2b466790fdb563a7192237e046be34cfb321e4810092&co=1&noback=1 IP 94.237.99.118 ASN #202053 UpCloud Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:15:37 Last Seen2023-03-08 15:15:37 Times Seen1 Hash 316591ced2659ed57cfe07bb76939c83 3e888a9dde935d20609ec0970a4cbb9b2d47e7ca 899bcf088a8c72e9ba36c23934e45eedd912cc9291573d48d50987f2ed262ef5 Loading...

	startd0wnload22x.com/GcrKe5df719a4160df814a97c81d2d8cf908b45f4a921?q=&s1=3664_v66R&s3=638b295521e612000151bbc4	422 B	2023-03-08	2023-03-08
Pretty URL startd0wnload22x.com/GcrKe5df719a4160df814a97c81d2d8cf908b45f4a921?q=&s1=3664_v66R&s3=638b295521e612000151bbc4 IP 188.72.236.34 ASN #35415 Webzilla B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:15:37 Last Seen2023-03-08 15:15:37 Times Seen1 Hash 03ede1a7672cd174a7cd4cac46657e4d e4f8764bdba9576887728292b24f286e5b033fd4 d453dbe86e0f49619bb901997b6709026bdc08e6f0fed930a2267756cc3f4895 Loading...

	cdnjam.com/cdn/push.min.js	36 kB	2023-03-07	2024-04-19
Pretty URL cdnjam.com/cdn/push.min.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:20 Last Seen2024-04-19 15:59:32 Times Seen140 Hash 44c9e373bc246e347c8420a2eb8f54d4 5eb6010833c0c873766407c7a51ea5eafe69dbdf 2dac93602a4e47e156b8b54455dfdcd7a7a4901ab33f2a0c2c416a395e1ebda5 Loading...

	js.sentry-cdn.com/f44bbfb9a37b4915ac9fa50036de00f6.min.js	1.9 kB	2023-03-08	2023-03-11
Pretty URL js.sentry-cdn.com/f44bbfb9a37b4915ac9fa50036de00f6.min.js IP 151.101.194.217 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:49:35 Last Seen2023-03-11 23:49:30 Times Seen1 Hash 952d73e2c54e099a4449bd8b081660b2 c2ddab3cf21fa62bdbdd5d9163f3a2c6f784b24c f5c43b08fc6f567eb57fb48adcda4daff8066d8b7d1138a0aaf4c05ce8ef0852 Loading...

	her-cupid.com/AwAA/10040/oth?i=PF1MLGOLKVc&u=8233547463102507350	541 B	2023-03-08	2023-05-21
Pretty URL her-cupid.com/AwAA/10040/oth?i=PF1MLGOLKVc&u=8233547463102507350 IP 54.39.22.228 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:49:35 Last Seen2023-05-21 20:14:57 Times Seen64 Hash 7fbdaafa595648042e44880998db47d6 c0908c1f668700c134efbef4e5b80cbd84d08d55 cd69bfc221f9a450b2e461c17360c700c0a8efa0235a6cef616ce0c200a3b546 Loading...

	her-cupid.com/AwAA/10040/oth?i=PF1MLGOLKVc&u=8233547463102507350	18 kB	2023-03-08	2023-03-11
Pretty URL her-cupid.com/AwAA/10040/oth?i=PF1MLGOLKVc&u=8233547463102507350 IP 54.39.22.228 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:49:35 Last Seen2023-03-11 23:49:30 Times Seen1 Hash 650422bd9a367ee6bbd2f9ecf8191337 c61405ad4f78da26e3243da535723f686b31be4b e3f11db5568c30912e8ce58d0ebb802e16764f67dd40e6b7b673e27d5fafa417 Loading...

	1d6cfc34913.tc999linkz.com/?p=5221&wid=132902&wid_hmac=d0cd5a96a873328888c8f7fbeabd778d&pl_settings%5Bprize%5D=iphone-14&o_settings%5Bprize%5D=iphone-14&pi=106&click_id=065cf8c1b74ad0196f6e2b466790fdb563a7192237e046be34cfb321e4810092&co=1&noback=1	250 B	2023-03-08	2023-03-08
Pretty URL 1d6cfc34913.tc999linkz.com/?p=5221&wid=132902&wid_hmac=d0cd5a96a873328888c8f7fbeabd778d&pl_settings%5Bprize%5D=iphone-14&o_settings%5Bprize%5D=iphone-14&pi=106&click_id=065cf8c1b74ad0196f6e2b466790fdb563a7192237e046be34cfb321e4810092&co=1&noback=1 IP 94.237.99.118 ASN #202053 UpCloud Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:15:37 Last Seen2023-03-08 15:15:37 Times Seen1 Hash d491bb20e5dd2b1b8c75629bfbdf0038 03e5aa37e56565664c4e9d4f8630383bfff52f69 806f78293ffd57c6853021bc26fefa0f0cb66f06fe62ed6cba393294fdc1652b Loading...

	funkydaters.com/nwAA?prid=AFUpi2MPKgUAmFYCAE5PFwAMAH6hcrAA&usid=338447	522 B	2023-03-08	2023-03-13
Pretty URL funkydaters.com/nwAA?prid=AFUpi2MPKgUAmFYCAE5PFwAMAH6hcrAA&usid=338447 IP 172.67.218.62 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:49:35 Last Seen2023-03-13 02:11:38 Times Seen1 Hash fb67996fc9e5dfeb461edb47f6c08026 5a1d96bbf8a04ff725cfdc3dce298183a4736684 29838d2d65b29af9d0645f1913b789e92fecf1dcc260094bbcf2469aa6171e9b Loading...

	ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js	90 kB	2023-03-07	2024-04-25
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js IP 216.58.207.234 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-04-25 17:44:40 Times Seen139145 Hash dc5e7f18c8d36ac1d3d4753a87c98d0a c8e1c8b386dc5b7a9184c763c88d19a346eb3342 f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Loading...

	her-cupid.com/AwAA/10040/oth?i=PF1MLGOLKVc&u=8233547463102507350	94 B	2023-03-08	2023-03-13
Pretty URL her-cupid.com/AwAA/10040/oth?i=PF1MLGOLKVc&u=8233547463102507350 IP 54.39.22.228 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:49:35 Last Seen2023-03-13 06:54:02 Times Seen1 Hash abd83097ff968509c2d13a68695d83d2 46bf322c6a7a8b3f2310176d14d94e76c97c366c 954970561be7c748848a5268a58ea2d6a2a3f319a1ebd3b3f1df6f4d640e4af6 Loading...

	browser.sentry-cdn.com/7.23.0/bundle.es5.min.js	62 kB	2023-03-08	2023-03-11
Pretty URL browser.sentry-cdn.com/7.23.0/bundle.es5.min.js IP 151.101.194.217 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:49:35 Last Seen2023-03-11 23:49:30 Times Seen1 Hash 02334dc39e381afdaf07587690426973 3e49d874020df81d8d0f1019fa42a6a24bd0c970 4eaf1cd7d43cc6cfbcc27e02a1c786724662577a9ba3f27fe0801d4a97d0dcfc Loading...

	www.pornhubpremium.com/user/security/1111	24 kB	2023-03-08	2023-03-08
Pretty URL www.pornhubpremium.com/user/security/1111 IP 66.254.114.33 ASN #29789 REFLECTED Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:15:37 Last Seen2023-03-08 15:15:37 Times Seen1 Hash 0937d7e56d4d494cec7ba599fe2a953f 31b7d59da47b7115fce07c8dc39e769d313fdc5f 4dbf79dd0cc7ad29c4cd1f1082b26ba4bb85d499e8e23ccbdca8b638a921cb38 Loading...

	1d6ce2131d3.tcompany-offer.com/?p=5221&plid=1&plid_hmac=8e4ba4d770c032b1b72f66f3beb1a9ac&wid=132902&wid_hmac=d0cd5a96a873328888c8f7fbeabd778d&pl_settings%5Bprize%5D=iphone-14&o_settings%5Bprize%5D=iphone-14&pi=106&click_id=065cf8c1b74ad0196f6e2b466790fdb563a7192237e046be34cfb321e4810092	362 B	2023-03-08	2023-03-08
Pretty URL 1d6ce2131d3.tcompany-offer.com/?p=5221&plid=1&plid_hmac=8e4ba4d770c032b1b72f66f3beb1a9ac&wid=132902&wid_hmac=d0cd5a96a873328888c8f7fbeabd778d&pl_settings%5Bprize%5D=iphone-14&o_settings%5Bprize%5D=iphone-14&pi=106&click_id=065cf8c1b74ad0196f6e2b466790fdb563a7192237e046be34cfb321e4810092 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:15:37 Last Seen2023-03-08 15:15:37 Times Seen1 Hash 20ec147d0ec45992c186529ea023849f b7937dd213dacf1ee613eaadb78e7f8ff6d3d153 fcad023f7d5fb3da43bd43988520f501e6100e20eaf87839bcd2c44cb626cd83 Loading...

	1d6ce2131d3.tcompany-offer.com/?p=5221&plid=1&plid_hmac=8e4ba4d770c032b1b72f66f3beb1a9ac&wid=132902&wid_hmac=d0cd5a96a873328888c8f7fbeabd778d&pl_settings%5Bprize%5D=iphone-14&o_settings%5Bprize%5D=iphone-14&pi=106&click_id=065cf8c1b74ad0196f6e2b466790fdb563a7192237e046be34cfb321e4810092	367 B	2023-03-08	2023-03-08
Pretty URL 1d6ce2131d3.tcompany-offer.com/?p=5221&plid=1&plid_hmac=8e4ba4d770c032b1b72f66f3beb1a9ac&wid=132902&wid_hmac=d0cd5a96a873328888c8f7fbeabd778d&pl_settings%5Bprize%5D=iphone-14&o_settings%5Bprize%5D=iphone-14&pi=106&click_id=065cf8c1b74ad0196f6e2b466790fdb563a7192237e046be34cfb321e4810092 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:15:37 Last Seen2023-03-08 15:15:37 Times Seen1 Hash 1cc3ea449facb990cffd0767a6ff4b26 9d9b9847dcbc1e50d20abf5a7bbfddcf2f6b140e 02e4300451894f53d5aa0a21009966498f8bb6c29ddab47705d23d4497b7f21b Loading...

	funkydaters.com/static/js/build/bd.js	9.6 kB	2023-03-08	2024-02-28
Pretty URL funkydaters.com/static/js/build/bd.js IP 172.67.218.62 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:49:35 Last Seen2024-02-28 12:28:08 Times Seen126 Hash f6069a3618aaf83f49bc275cefdabc62 941b46212809c234480798ed57cef569ab4316f3 56f971147c45eee57e6c99f09f4cd65f7a1a47a87b9be4814708de41decb0cd5 Loading...

HTTP Transactions (101)

URL IP Response Size

cc255de60.srtrak.com/promo-tools/direct-offers/mainstream/sweepstakes/winiphone14/?idev_id=106&set=3&link=2602&page=931&clickid=065cf8c1b74ad0196f6e2b466790fdb563a7192237e046be34cfb321e4810092

91.132.60.212

301 Moved Permanently

162 B

URL HTTP/1.1
cc255de60.srtrak.com/promo-tools/direct-offers/mainstream/sweepstakes/winiphone14/?idev_id=106&set=3&link=2602&page=931&clickid=065cf8c1b74ad0196f6e2b466790fdb563a7192237e046be34cfb321e4810092
IP
91.132.60.212:0
ASN
#44901 Belcloud LTD

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
162 B (162 bytes)
Hash
4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

HTTP Headers

GET /promo-tools/direct-offers/mainstream/sweepstakes/winiphone14/?idev_id=106&set=3&link=2602&page=931&clickid=065cf8c1b74ad0196f6e2b466790fdb563a7192237e046be34cfb321e4810092 HTTP/1.1
Host: cc255de60.srtrak.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 03 Dec 2022 10:47:46 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://cc255de60.srtrak.com/promo-tools/direct-offers/mainstream/sweepstakes/winiphone14/?idev_id=106&set=3&link=2602&page=931&clickid=065cf8c1b74ad0196f6e2b466790fdb563a7192237e046be34cfb321e4810092
X-Robots-Tag: noindex, nofollow, nosnippet, noarchive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3bbb845b153026fc5332dd4506585b57
3cad200fac28fd00f34ce6ef79373e661e188743
6035871c0de6ff2d120921461207cfa32bc286e1fe78849ce74815ffbb9ff950

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6035871C0DE6FF2D120921461207CFA32BC286E1FE78849CE74815FFBB9FF950"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2377
Expires: Sat, 03 Dec 2022 11:27:24 GMT
Date: Sat, 03 Dec 2022 10:47:47 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
7439fb99a444b66db1e68ffbfaa38451
4b7742d7956485906f1c392c478515ff89a46184
636327ce88f733e5a1d39af212f97242717a39ce20edaef330fafea238e3a309

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5151
Cache-Control: max-age=90559
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 10:47:47 GMT
Etag: "6389d3f3-1d7"
Expires: Sun, 04 Dec 2022 11:57:06 GMT
Last-Modified: Fri, 02 Dec 2022 10:31:15 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
55b4c61a1e99001307750e3647fe1102
7559f9f6770b7d3f45b723167062096312641e08
39f6bb64420bcfc8f0b010168fd35b67732984cd0698409f04d5ae40410422aa

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39F6BB64420BCFC8F0B010168FD35B67732984CD0698409F04D5AE40410422AA"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17384
Expires: Sat, 03 Dec 2022 15:37:31 GMT
Date: Sat, 03 Dec 2022 10:47:47 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 03 Dec 2022 10:18:15 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 1772
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: fWNnALuSb2l2pwYtD4E+IPqAzcPchmE84oOFNg5wLauAIAfJUO5xaO4zJPERT08+9cJRuT7wNOU=
x-amz-request-id: NPBD7AEXDVA0BJAV
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 03 Dec 2022 10:47:05 GMT
age: 42
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a84d9e27a1b9a8f844289f5e8616fead
b1a74e318617fba8a86150e60e84e1f4625631c8
03c0c88fda805de4e7804efb5f4e557c6e661a95bcf8c9731ae04a932fb97044

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "03C0C88FDA805DE4E7804EFB5F4E557C6E661A95BCF8C9731AE04A932FB97044"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10049
Expires: Sat, 03 Dec 2022 13:35:16 GMT
Date: Sat, 03 Dec 2022 10:47:47 GMT
Connection: keep-alive

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 03 Dec 2022 10:47:47 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
6ec75a06a0238750f33f6952d6d5ccf0
f6066161979852bf4312f14bb310998cc9875aa6
0f4f1035f25519743e51fc5a69126df9bcb92808312a3f9db2df69dd6ea15495

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0F4F1035F25519743E51FC5A69126DF9BCB92808312A3F9DB2DF69DD6EA15495"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15400
Expires: Sat, 03 Dec 2022 15:04:27 GMT
Date: Sat, 03 Dec 2022 10:47:47 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 03 Dec 2022 10:08:58 GMT
cache-control: public,max-age=3600
age: 2329
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
2f912d8208afe9a4cffa648695297a85
31049ee8811c2252e11e6a1cdf980d771cf873d9
f2f5e55c42a11110a9b2ca98da0de4aad9b3ac55b141389e4daff4641c2297fe

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F2F5E55C42A11110A9B2CA98DA0DE4AAD9B3AC55B141389E4DAFF4641C2297FE"
Last-Modified: Thu, 01 Dec 2022 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6797
Expires: Sat, 03 Dec 2022 12:41:04 GMT
Date: Sat, 03 Dec 2022 10:47:47 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
a151c326c67e1abb747847c1427db76f
80885d30ef8ba867bf33c40b861976958a27493a
de2b573ee1c8af980e593352e0c331b2595f62bd4499300ace30821d20814760

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5137
Cache-Control: max-age=171881
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 10:47:47 GMT
Etag: "638b11ab-1d7"
Expires: Mon, 05 Dec 2022 10:32:28 GMT
Last-Modified: Sat, 03 Dec 2022 09:06:51 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

54.148.69.31

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.148.69.31:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: jNU+XVv+lPshMB9Qsg1MFQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: oAQBc4gHvImYgq2jd+JjAyS5C7E=

1d6cfc34913.tc999linkz.com/?p=5221&wid=132902&wid_hmac=d0cd5a96a873328888c8f7fbeabd778d&pl_settings%5Bprize%5D=iphone-14&o_settings%5Bprize%5D=iphone-14&pi=106&click_id=065cf8c1b74ad0196f6e2b466790fdb563a7192237e046be34cfb321e4810092&co=1&noback=1

94.237.99.118

200 OK

704 B

URL HTTP/2
1d6cfc34913.tc999linkz.com/?p=5221&wid=132902&wid_hmac=d0cd5a96a873328888c8f7fbeabd778d&pl_settings%5Bprize%5D=iphone-14&o_settings%5Bprize%5D=iphone-14&pi=106&click_id=065cf8c1b74ad0196f6e2b466790fdb563a7192237e046be34cfb321e4810092&co=1&noback=1
IP
94.237.99.118:0
ASN
#202053 UpCloud Ltd

File type
data
Size
704 B (704 bytes)
Hash
8a7876164cbb90a290dbc4c809f499be
eeeb1151d21241d7927646d41366db193dc2584d
6f5a3b1da52e4b6df16c15c89f1de970a41f8b034d9a30d0a56d83b5563fc4a1

HTTP Headers

GET /?p=5221&wid=132902&wid_hmac=d0cd5a96a873328888c8f7fbeabd778d&pl_settings%5Bprize%5D=iphone-14&o_settings%5Bprize%5D=iphone-14&pi=106&click_id=065cf8c1b74ad0196f6e2b466790fdb563a7192237e046be34cfb321e4810092&co=1&noback=1 HTTP/1.1
Host: 1d6cfc34913.tc999linkz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 03 Dec 2022 10:47:47 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: rts-trck=1; expires=Sat, 03-Dec-2022 10:57:47 GMT; Max-Age=600; path=/; domain=1d6cfc34913.tc999linkz.com
t-uuid=24pzbr2a6ebwazmighcsws4ks; expires=Fri, 03-Dec-2032 10:47:47 GMT; Max-Age=315619200; path=/; domain=.tc999linkz.com
rts-trck=1; expires=Sat, 03-Dec-2022 10:57:47 GMT; Max-Age=600; path=/; domain=1d6cfc34913.tc999linkz.com
traffic-back=ok; expires=Sat, 03-Dec-2022 10:48:17 GMT; Max-Age=30; path=/; domain=.tc999linkz.com
last-modified: Sat, 3 Dec 2022 10:47:47 GMT
expires: Sat, 3 Dec 2022 10:47:47 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
x-robots-tag: noindex, nofollow
content-encoding: gzip
X-Firefox-Spdy: h2

setupquickoverlyinfo-file.info/g26IweUEtmc7fVLaDYukLOfkH5R5qjHyZqD_31wiL4U?clck=5x464n6blc8s0q8db13k8g0ww,16543791,5,5221&sid=5221

3.226.146.143

302 Moved Temporarily

142 B

URL HTTP/1.1
setupquickoverlyinfo-file.info/g26IweUEtmc7fVLaDYukLOfkH5R5qjHyZqD_31wiL4U?clck=5x464n6blc8s0q8db13k8g0ww,16543791,5,5221&sid=5221
IP
3.226.146.143:0
ASN
#14618 AMAZON-AES

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
142 B (142 bytes)
Hash
82c98e8e012b79c922655461171cc2fa
0828d79135573276005b04be42d79a8a3291292b
745173bcc5c57ce9751dd019606e877e0aae13b60372fdb090f3db0470c3a43c

HTTP Headers

GET /g26IweUEtmc7fVLaDYukLOfkH5R5qjHyZqD_31wiL4U?clck=5x464n6blc8s0q8db13k8g0ww,16543791,5,5221&sid=5221 HTTP/1.1
Host: setupquickoverlyinfo-file.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/1.1 302 Moved Temporarily
Date: Sat, 03 Dec 2022 10:47:48 GMT
Content-Type: text/html
Content-Length: 142
Connection: keep-alive
Set-Cookie: session=uYiOdBBz60c3tpNr4d5umG6MRtw0Lhc4
Access-Control-Allow-Origin: *
Location: https://track.gositego.live/click?pid=3664&offer_id=17742&sub1=uYiOdBBz60c3tpNr4d5umG6MRtw0Lhc4&sub2=v66R
Server: nginx

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9663
Expires: Sat, 03 Dec 2022 13:28:52 GMT
Date: Sat, 03 Dec 2022 10:47:49 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9663
Expires: Sat, 03 Dec 2022 13:28:52 GMT
Date: Sat, 03 Dec 2022 10:47:49 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9663
Expires: Sat, 03 Dec 2022 13:28:52 GMT
Date: Sat, 03 Dec 2022 10:47:49 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F627a3f86-b7fa-44c4-a119-2e3d23eb8b6a.jpeg

34.120.237.76

200 OK

5.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F627a3f86-b7fa-44c4-a119-2e3d23eb8b6a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.4 kB (5354 bytes)
Hash
1e74254b3fdce7d6b84a71a7aff43789
65c8b4abf957f9b54d99d0f78559e639adb29efb
f278c3cc6734da7188862a8c651c803e7ac1fda82234e191761453cb1359d3ee

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F627a3f86-b7fa-44c4-a119-2e3d23eb8b6a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5354
x-amzn-requestid: 3d58ffea-3433-4c5c-a60b-17f6de3a33e5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cSsnvG44oAMFfyQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638427ca-63b375f04189b7ce7d84cd5d;Sampled=0
x-amzn-remapped-date: Mon, 28 Nov 2022 03:15:22 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: GBhAilKMKo9RvIzqzF9V4jTZbvpa2rPZeoy6Jy8fMc1-JO078OAYzQ==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 11:13:09 GMT
age: 84880
etag: "65c8b4abf957f9b54d99d0f78559e639adb29efb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F528dcb40-0960-4efd-98b7-a07004a61b22.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.7 kB (7657 bytes)
Hash
3abdcce275bb9723b4ac1d0c38cc8891
91f0d888c38db0899f106b652e3dcac062648099
ff411fc0d5abaf519d6600961ec51ad71ad9a02e23cc02ad818e27f0324b3d1e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F528dcb40-0960-4efd-98b7-a07004a61b22.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7657
x-amzn-requestid: c0dbd862-41cf-4fa8-ab6b-256763c63fbf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ciZN1Fo6IAMF9EQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638a6f25-554ffbc83fd70c557437120f;Sampled=0
x-amzn-remapped-date: Fri, 02 Dec 2022 21:33:25 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ElvfdUly4Rb3YOQyMO2C_VelFUe6xcFbMh6x5fNrRzGjKCITdGSwLQ==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 21:37:47 GMT
age: 47402
etag: "91f0d888c38db0899f106b652e3dcac062648099"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

2.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
2.9 kB (2942 bytes)
Hash
b47431190f34eccf0a6efb98e2a32b7d
9fc7ab3a4eb2d36fd6df7e0267a26a47627d1704
08d3b6be354cafb70c20e6865788cb375adbf88d47711651fe1a3b855094daf2

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 2942
x-amzn-requestid: ed26679f-cd56-477f-9914-f9afbcaaeea6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGeoGFYoAMFWgA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891df7-4ec6bebe21656d5026456994;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:47 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: XvG2dAUeB914GQ1qJwQRHovAtra8OSjG-CsXeR8UOBq5r8qVjEbPBQ==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 22:39:04 GMT
age: 43725
etag: "9fc7ab3a4eb2d36fd6df7e0267a26a47627d1704"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F652bfe35-9b09-4fba-b7b5-c6bd90cccdbe.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.1 kB (6119 bytes)
Hash
7ffa12df550123f63b20f67437cd8a04
398fd2d837c73f54c4591b69cd683f29bdf9184a
fd9ac4396488098923c27531295e64475047dd008a901e59915109a73a69f305

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F652bfe35-9b09-4fba-b7b5-c6bd90cccdbe.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6119
x-amzn-requestid: b0bf3aed-f968-4ebb-953e-35300d74ef16
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cdCe8GgNIAMFQag=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63884ac5-4b20ca67753e65c5232660f5;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 06:33:41 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: axyk2U1R7AX1RVQmdc303S2S2CUs_RgphyeYPsbGveGHMAjY3KEzdw==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 13:19:35 GMT
age: 77294
etag: "398fd2d837c73f54c4591b69cd683f29bdf9184a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.2 kB (6174 bytes)
Hash
b986f9fcbeca91ed5c8d58fbfaf47d19
6e6c8bd2bce144cc4da1cd7be375b046b60dca79
07a8938d2841f8c13bd646f4e79e41e46acd6463aa019cd70871b3741f12bb4f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6174
x-amzn-requestid: f78f1e9d-8c0c-495d-a862-61838f8297e8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cZ0iyH2WoAMFQdg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63870144-45442a8544259930564f685b;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 07:07:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: QIOz71_Kr08pIIwOm2GUkWr421fO7-UyUI7LYld0JBaGnYQ0j3IDFg==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 06:00:50 GMT
age: 17219
etag: "6e6c8bd2bce144cc4da1cd7be375b046b60dca79"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F20049904-a818-4d1c-9585-79edf76dcc61.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.0 kB (6966 bytes)
Hash
9b77186d0d93f7ccfe729edd9d184af3
458aa485b9abef3b72427d308a172d1c24eceabd
8bed5a8e56e8c43fcbdc807245c2b651d014a06368574e57a25b718399a4a701

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F20049904-a818-4d1c-9585-79edf76dcc61.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6966
x-amzn-requestid: 2b40c185-e050-4bfd-9b08-bb70e6f89824
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfAb7Ev3oAMFnrQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6389144c-65301ace20da6f580ed77e82;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 20:53:32 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: qweaKZsigecnsWw0Cqz_dizuuFZmXkK1gGP0EN3pZx-yYK6eF7YjUg==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 05:22:26 GMT
age: 19523
etag: "458aa485b9abef3b72427d308a172d1c24eceabd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
76787a7b3723e29f9d6575f90b1085b1
e13f33f22ef5675203e9f144600dcef8dc07fd77
aaae4262471d53fd6befcf00d41d5ed6cca3df7ebc039ac5e2ed6678e8c675e3

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:47:49 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 30 Nov 2022 03:34:03 GMT
Expires: Wed, 07 Dec 2022 03:34:02 GMT
Etag: "e13f33f22ef5675203e9f144600dcef8dc07fd77"
Cache-Control: max-age=318972,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 773bb9f4ca770b3d-OSL

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
71f3940c01e363213bc7a63f3f54085a
a86a662dcaabc5d81c55cd3e2ae9cea7ef10846d
a644f39b160acb62415694a9b2abb358662043aa2adfe03c5fa0cb7905776306

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A644F39B160ACB62415694A9B2ABB358662043AA2ADFE03C5FA0CB7905776306"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13121
Expires: Sat, 03 Dec 2022 14:26:30 GMT
Date: Sat, 03 Dec 2022 10:47:49 GMT
Connection: keep-alive

startd0wnload22x.com/GcrKe5df719a4160df814a97c81d2d8cf908b45f4a921?q=&s1=3664_v66R&s3=638b295521e612000151bbc4

188.72.236.34

200 OK

5.9 kB

URL HTTP/1.1
startd0wnload22x.com/GcrKe5df719a4160df814a97c81d2d8cf908b45f4a921?q=&s1=3664_v66R&s3=638b295521e612000151bbc4
IP
188.72.236.34:0
ASN
#35415 Webzilla B.V.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (5876), with no line terminators
Size
5.9 kB (5876 bytes)
Hash
69d8ec786dd0c7013ff9853d99943732
d7f134e43a9f50589f7ba486d6d9b15435907191
9abc0440c9763294b58666996052894e6eaf8fd0d279ae4b2b31118c31797fb7

HTTP Headers

GET /GcrKe5df719a4160df814a97c81d2d8cf908b45f4a921?q=&s1=3664_v66R&s3=638b295521e612000151bbc4 HTTP/1.1
Host: startd0wnload22x.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Dec 2022 10:47:49 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: bd_context=67dseYdXiBtQl6f2T5Bq3eF56OjhTpGdFqkxGs6P7x41RBWZjAzRs0NZuNPAGV8pps/yBVy6QP7Ol/J/hLVJIMjwr/4ExhIlXm/xjBsGRK387NmED7RZV/epEuH10thbxDjMJMlsHt/z7CNNLFdFhOlcuQDJjdoCEsxfGb/n4NuqEtqlwQfYCXFQn4o/KdIrjAqgSajDo9OKLxKgsZuJFOv45Lho8/4oKqDqP3Abmex5QVMud3NDTuxw7t+zTzpFyypELWLcIZaRXp5u3bJayGZPqYb9KAY5O3zg+SpMe5pO0RusLsnINmQNb2HtrhsmV1PaHET5OFs+7g==; Expires=Sun, 03 Dec 2023 10:47:49 GMT

startd0wnload22x.com/favicon.ico

188.72.236.34

200 OK

43 B

URL HTTP/1.1
startd0wnload22x.com/favicon.ico
IP
188.72.236.34:0
ASN
#35415 Webzilla B.V.

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: startd0wnload22x.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://startd0wnload22x.com/
Connection: keep-alive
Cookie: bd_context=67dseYdXiBtQl6f2T5Bq3eF56OjhTpGdFqkxGs6P7x41RBWZjAzRs0NZuNPAGV8pps/yBVy6QP7Ol/J/hLVJIMjwr/4ExhIlXm/xjBsGRK387NmED7RZV/epEuH10thbxDjMJMlsHt/z7CNNLFdFhOlcuQDJjdoCEsxfGb/n4NuqEtqlwQfYCXFQn4o/KdIrjAqgSajDo9OKLxKgsZuJFOv45Lho8/4oKqDqP3Abmex5QVMud3NDTuxw7t+zTzpFyypELWLcIZaRXp5u3bJayGZPqYb9KAY5O3zg+SpMe5pO0RusLsnINmQNb2HtrhsmV1PaHET5OFs+7g==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Dec 2022 10:47:49 GMT
Content-Type: image/gif
Content-Length: 43
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Connection: keep-alive

e1.o.lencr.org/

23.33.119.27

200 OK

346 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
346 B (346 bytes)
Hash
172b65a01e5bf34063223056fa5c9a27
2ac292c011e6c4cdf5a4b8af4d7f26632fb8948d
37ecb06b09304b583166424d75640ec9befeffb0eab1b44d08aa2591610fc777

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "37ECB06B09304B583166424D75640EC9BEFEFFB0EAB1B44D08AA2591610FC777"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18216
Expires: Sat, 03 Dec 2022 15:51:26 GMT
Date: Sat, 03 Dec 2022 10:47:50 GMT
Connection: keep-alive

e1.o.lencr.org/

23.33.119.27

200 OK

346 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
346 B (346 bytes)
Hash
172b65a01e5bf34063223056fa5c9a27
2ac292c011e6c4cdf5a4b8af4d7f26632fb8948d
37ecb06b09304b583166424d75640ec9befeffb0eab1b44d08aa2591610fc777

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "37ECB06B09304B583166424D75640EC9BEFEFFB0EAB1B44D08AA2591610FC777"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18216
Expires: Sat, 03 Dec 2022 15:51:26 GMT
Date: Sat, 03 Dec 2022 10:47:50 GMT
Connection: keep-alive

ocsp.pki.goog/s/gts1p5/WN5AJRoEZfI

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1p5/WN5AJRoEZfI
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
f45c8c501b5f2a7553002cf33200f24b
eee42f2abb325f6eb9c07d804930259ae78c02e7
ddae41d5e213d492e548160fd9f6562b21c5e343180a9df6bb99790897ee0a8f

HTTP Headers

POST /s/gts1p5/WN5AJRoEZfI HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 10:47:50 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

alexatracker.com/?r=aHR0cHM6Ly93d3cyLmZ1bmt5ZGF0ZXJzLmNvbS9ud0FBP3ByaWQ9QUZVcGkyTVBLZ1VBbUZZQ0FFNVBGd0FNQUg2aGNyQUEmdXNpZD0zMzg0NDcmYmRhdGE9ZXlKa1lYUmhJanA3SW5Cc1lYUm1iM0p0SWpvaVRHbHVkWGdnZURnMlh6WTBJbjBzSW1WNGRISmhJanA3SWs1aGRtbG5ZWFJ2Y2k1d2JHRjBabTl5YlNJNld5Sk1hVzUxZUNCd2JHRjBabTl5YlNCaGJtUWdWMmx1Wkc5M2N5QjFjMlZ5SUdGblpXNTBJR1J2SUc1dmRDQnRZWFJqYUNKZGZTd2laWEp5YjNKeklqcDdJbWxtY21GdFpTSTZXeUpqWVc0bmRDQmhZMk5sYzNNZ2NISnZjR1Z5ZEhrZ1hDSmhjSEJsYm1SRGFHbHNaRndpTENCa2IyTjFiV1Z1ZEM1aWIyUjVJR2x6SUc1MWJHd2lYU3dpWTJGdWRtRnpYMk52Ym5SbGVIUWlPbHNpUm1GcGJHVmtJSFJ2SUdkbGRDQmpZVzUyWVhNZ1kyOXVkR1Y0ZENKZGZTd2lZbTkwVTJOdmNtVWlPaUl5TkNKOQ%3D%3D&h=04d437d59ca474df84f325e6d32194d4

104.21.85.99

301 Moved Permanently

0 B

URL HTTP/2
alexatracker.com/?r=aHR0cHM6Ly93d3cyLmZ1bmt5ZGF0ZXJzLmNvbS9ud0FBP3ByaWQ9QUZVcGkyTVBLZ1VBbUZZQ0FFNVBGd0FNQUg2aGNyQUEmdXNpZD0zMzg0NDcmYmRhdGE9ZXlKa1lYUmhJanA3SW5Cc1lYUm1iM0p0SWpvaVRHbHVkWGdnZURnMlh6WTBJbjBzSW1WNGRISmhJanA3SWs1aGRtbG5ZWFJ2Y2k1d2JHRjBabTl5YlNJNld5Sk1hVzUxZUNCd2JHRjBabTl5YlNCaGJtUWdWMmx1Wkc5M2N5QjFjMlZ5SUdGblpXNTBJR1J2SUc1dmRDQnRZWFJqYUNKZGZTd2laWEp5YjNKeklqcDdJbWxtY21GdFpTSTZXeUpqWVc0bmRDQmhZMk5sYzNNZ2NISnZjR1Z5ZEhrZ1hDSmhjSEJsYm1SRGFHbHNaRndpTENCa2IyTjFiV1Z1ZEM1aWIyUjVJR2x6SUc1MWJHd2lYU3dpWTJGdWRtRnpYMk52Ym5SbGVIUWlPbHNpUm1GcGJHVmtJSFJ2SUdkbGRDQmpZVzUyWVhNZ1kyOXVkR1Y0ZENKZGZTd2lZbTkwVTJOdmNtVWlPaUl5TkNKOQ%3D%3D&h=04d437d59ca474df84f325e6d32194d4
IP
104.21.85.99:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /?r=aHR0cHM6Ly93d3cyLmZ1bmt5ZGF0ZXJzLmNvbS9ud0FBP3ByaWQ9QUZVcGkyTVBLZ1VBbUZZQ0FFNVBGd0FNQUg2aGNyQUEmdXNpZD0zMzg0NDcmYmRhdGE9ZXlKa1lYUmhJanA3SW5Cc1lYUm1iM0p0SWpvaVRHbHVkWGdnZURnMlh6WTBJbjBzSW1WNGRISmhJanA3SWs1aGRtbG5ZWFJ2Y2k1d2JHRjBabTl5YlNJNld5Sk1hVzUxZUNCd2JHRjBabTl5YlNCaGJtUWdWMmx1Wkc5M2N5QjFjMlZ5SUdGblpXNTBJR1J2SUc1dmRDQnRZWFJqYUNKZGZTd2laWEp5YjNKeklqcDdJbWxtY21GdFpTSTZXeUpqWVc0bmRDQmhZMk5sYzNNZ2NISnZjR1Z5ZEhrZ1hDSmhjSEJsYm1SRGFHbHNaRndpTENCa2IyTjFiV1Z1ZEM1aWIyUjVJR2x6SUc1MWJHd2lYU3dpWTJGdWRtRnpYMk52Ym5SbGVIUWlPbHNpUm1GcGJHVmtJSFJ2SUdkbGRDQmpZVzUyWVhNZ1kyOXVkR1Y0ZENKZGZTd2lZbTkwVTJOdmNtVWlPaUl5TkNKOQ%3D%3D&h=04d437d59ca474df84f325e6d32194d4 HTTP/1.1
Host: alexatracker.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://funkydaters.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 301 Moved Permanently
date: Sat, 03 Dec 2022 10:47:50 GMT
content-length: 0
location: https://www2.funkydaters.com/nwAA?prid=AFUpi2MPKgUAmFYCAE5PFwAMAH6hcrAA&usid=338447&bdata=eyJkYXRhIjp7InBsYXRmb3JtIjoiTGludXggeDg2XzY0In0sImV4dHJhIjp7Ik5hdmlnYXRvci5wbGF0Zm9ybSI6WyJMaW51eCBwbGF0Zm9ybSBhbmQgV2luZG93cyB1c2VyIGFnZW50IGRvIG5vdCBtYXRjaCJdfSwiZXJyb3JzIjp7ImlmcmFtZSI6WyJjYW4ndCBhY2Nlc3MgcHJvcGVydHkgXCJhcHBlbmRDaGlsZFwiLCBkb2N1bWVudC5ib2R5IGlzIG51bGwiXSwiY2FudmFzX2NvbnRleHQiOlsiRmFpbGVkIHRvIGdldCBjYW52YXMgY29udGV4dCJdfSwiYm90U2NvcmUiOiIyNCJ9&tbsession=8233547463102507350&c=2784697716
set-cookie: trbarid=8233547463102507350;expires=Mon, 02 Dec 2024 10:47:50 GMT;secure;HttpOnly;SameSite=None;path=/
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X3%2BxgIhEAq7DU%2Fr24eCWHnnJSOIOTehljfSc2MTQMf0U43WOydpdb2npDhxnF9q8tw6MdHLnxU%2FjHVWLeL1KMNUTDN6HwVaEUSS%2BW%2BT7deETy3mnthB%2FR2EUDo3RR49kkpMC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 773bb9fde84ab523-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.pki.goog/s/gts1p5/WN5AJRoEZfI

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1p5/WN5AJRoEZfI
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
f45c8c501b5f2a7553002cf33200f24b
eee42f2abb325f6eb9c07d804930259ae78c02e7
ddae41d5e213d492e548160fd9f6562b21c5e343180a9df6bb99790897ee0a8f

HTTP Headers

POST /s/gts1p5/WN5AJRoEZfI HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 10:47:50 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a7eb950b71af416b65e4ea53f0f662a1
63c0c80603e9f3f5acb5f0ea63ca663f4eb348b6
497b9fdfb20f5f541483ab9a9f486a128a88d37a1dbb58ea69b815335892d48b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "497B9FDFB20F5F541483AB9A9F486A128A88D37A1DBB58EA69B815335892D48B"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Sat, 03 Dec 2022 16:47:51 GMT
Date: Sat, 03 Dec 2022 10:47:51 GMT
Connection: keep-alive

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
98fe7e5fd6b778bcdcc63028c3a49fbd
06b34160c344526fbe14ce41445b9fe76c0a878d
d45d898dfe5bf1151557bbbc3be6e6878fbadce386136d60777b4464199173a6

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 10:47:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
60b21b4f32da0819a4df2afccca4ef0f
2a2a0c17d71527673b810fb7d4d42df739a0a43e
5e69c209b02595ab9beb1592a9280ede55e61814d7c1f78e732f7c6fffab1039

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4805
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 10:47:52 GMT
Last-Modified: Sat, 03 Dec 2022 09:27:47 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 279

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
98fe7e5fd6b778bcdcc63028c3a49fbd
06b34160c344526fbe14ce41445b9fe76c0a878d
d45d898dfe5bf1151557bbbc3be6e6878fbadce386136d60777b4464199173a6

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 10:47:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
98fe7e5fd6b778bcdcc63028c3a49fbd
06b34160c344526fbe14ce41445b9fe76c0a878d
d45d898dfe5bf1151557bbbc3be6e6878fbadce386136d60777b4464199173a6

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 10:47:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js

216.58.207.234

200 OK

31 kB

URL HTTP/2
ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
IP
216.58.207.234:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (65451)
Size
31 kB (31021 bytes)
Hash
903bc7a7e510f87aa5d0201eb59a0832
ac9aa4dd94cde1bcba9037e94087138b127e41fc
41a7ac8150cc9f38421451d5143c1ffec7a1f1fafbf7a7fc0f51b98ad699cf8f

HTTP Headers

GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 31021
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 29 Nov 2022 21:57:45 GMT
expires: Wed, 29 Nov 2023 21:57:45 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Fri, 08 May 2020 07:05:03 GMT
content-type: text/javascript; charset=UTF-8
age: 305407
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

js.sentry-cdn.com/f44bbfb9a37b4915ac9fa50036de00f6.min.js

151.101.194.217

200 OK

1.0 kB

URL HTTP/2
js.sentry-cdn.com/f44bbfb9a37b4915ac9fa50036de00f6.min.js
IP
151.101.194.217:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (512)
Size
1.0 kB (1021 bytes)
Hash
99a5b7eea6036e09e1a20a11493728e1
b461e16ec66d5edea53d5408d97eaf6ef08109f1
73c3d93e680753cd0c54ecf4e3bc7d23c3f52e9db72833df2fe9647b2f96b49e

HTTP Headers

GET /f44bbfb9a37b4915ac9fa50036de00f6.min.js HTTP/1.1
Host: js.sentry-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://her-cupid.com
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=3600, s-maxage=60, stale-while-revalidate=315360000, stale-if-error=315360000
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-envoy-attempt-count: 1
x-envoy-upstream-service-time: 10
content-encoding: gzip
accept-ranges: bytes
date: Sat, 03 Dec 2022 10:47:52 GMT
age: 62
x-served-by: getsentry-web-default-common-production-b7dd6866c-kqd9k, cache-bma1672-BMA
vary: Accept-Encoding
timing-allow-origin: https://sentry.io
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 1021
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
60b21b4f32da0819a4df2afccca4ef0f
2a2a0c17d71527673b810fb7d4d42df739a0a43e
5e69c209b02595ab9beb1592a9280ede55e61814d7c1f78e732f7c6fffab1039

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4805
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 10:47:52 GMT
Last-Modified: Sat, 03 Dec 2022 09:27:47 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 279

cdnjam.com/cdn/push.min.js

188.114.97.1

200 OK

12 kB

URL HTTP/2
cdnjam.com/cdn/push.min.js
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (36273)
Size
12 kB (11496 bytes)
Hash
afc54530662ac5e6e7cfb0c2c848a68e
bc50072f9956a6b6ffbf285afa29c101db2a3334
a212f95f326edae4f537f2e8176b82dd7221bb494cca6fb278f737a389774070

HTTP Headers

GET /cdn/push.min.js HTTP/1.1
Host: cdnjam.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 03 Dec 2022 10:47:52 GMT
content-type: application/x-javascript
content-security-policy: block-all-mixed-content
etag: W/"44c9e373bc246e347c8420a2eb8f54d4"
last-modified: Mon, 06 Jun 2022 20:30:35 GMT
strict-transport-security: max-age=15724800; includeSubDomains
vary: Origin, Accept-Encoding
x-amz-request-id: 16F62D8C82243EE0
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=14400
cf-cache-status: HIT
age: 4834
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rMU7YqoeBKhwGPVd2wvCZDzyIpe6lKNgFX7m2F00ec65DHdOo517%2B%2F25sp2FeLQjDp3buuN89UmlkD%2FWoWWebWxgzcah0qZ6T8o4IJcf3vu0Rbp9dmmYJZPfYp2z"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 773bba062fa5fab4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

browser.sentry-cdn.com/7.23.0/bundle.es5.min.js

151.101.194.217

200 OK

20 kB

URL HTTP/2
browser.sentry-cdn.com/7.23.0/bundle.es5.min.js
IP
151.101.194.217:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (62319)
Size
20 kB (20248 bytes)
Hash
e60a1240b59e0344b25f60e474a786d9
0ed53a90ae8ce793f6d0289c9e84bbe8c7c3ad6a
96f4f73ddbff917a3270a84c811e4c687eeaf64e2a8ac60b3f279ee00dcb9909

HTTP Headers

GET /7.23.0/bundle.es5.min.js HTTP/1.1
Host: browser.sentry-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://her-cupid.com
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=31536000
expires: Fri, 01 Dec 2023 19:00:52 GMT
last-modified: Thu, 01 Dec 2022 16:53:49 GMT
etag: "e60a1240b59e0344b25f60e474a786d9"
content-type: application/javascript; charset=utf-8
content-encoding: gzip
accept-ranges: bytes
date: Sat, 03 Dec 2022 10:47:52 GMT
age: 143219
vary: Accept-Encoding
access-control-allow-origin: *
server: Fastly
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 20248
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
98fe7e5fd6b778bcdcc63028c3a49fbd
06b34160c344526fbe14ce41445b9fe76c0a878d
d45d898dfe5bf1151557bbbc3be6e6878fbadce386136d60777b4464199173a6

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 10:47:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
baaba92c2ccd740f080a25a9ea5cb3ad
3322d5a9fb0b3a2ec83247eac9865234cbcefece
5150dcbc7293378fff4a337fd0f61bdbbf6b4f64bddba6d0fd270be37e81fe07

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 10:47:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
baaba92c2ccd740f080a25a9ea5cb3ad
3322d5a9fb0b3a2ec83247eac9865234cbcefece
5150dcbc7293378fff4a337fd0f61bdbbf6b4f64bddba6d0fd270be37e81fe07

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 10:47:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/oswald/v49/TK3_WkUHHAIjg75cFRf3bXL8LICs1xZosUZiZQ.woff2

142.250.74.35

200 OK

10 kB

URL HTTP/2
fonts.gstatic.com/s/oswald/v49/TK3_WkUHHAIjg75cFRf3bXL8LICs1xZosUZiZQ.woff2
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 10172, version 1.0\012- data
Size
10 kB (10172 bytes)
Hash
58e5c92fd1a1fc89b8ca6d74ce4793b8
337771c465778aeed6de18195e0cbe9d9098d299
6e059f38d9d643cd149fa02dfd97d6844f9b106198e027f55e2fe1e9a1428acf

HTTP Headers

GET /s/oswald/v49/TK3_WkUHHAIjg75cFRf3bXL8LICs1xZosUZiZQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://her-cupid.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 10172
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 28 Nov 2022 21:19:18 GMT
expires: Tue, 28 Nov 2023 21:19:18 GMT
cache-control: public, max-age=31536000
age: 394114
last-modified: Mon, 18 Jul 2022 19:23:34 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
baaba92c2ccd740f080a25a9ea5cb3ad
3322d5a9fb0b3a2ec83247eac9865234cbcefece
5150dcbc7293378fff4a337fd0f61bdbbf6b4f64bddba6d0fd270be37e81fe07

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 10:47:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
999e2810699805f508822dfef8a7941c
02223388c11ce158a03aeab09b2bff1fb2b9258b
a9053eab6c72a3ad28a9de8df060d4b0580f6f6a7472a924878c77232f7a0320

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5900
Cache-Control: max-age=169798
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 10:47:52 GMT
Etag: "638b0692-118"
Expires: Mon, 05 Dec 2022 09:57:50 GMT
Last-Modified: Sat, 03 Dec 2022 08:19:30 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 280

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
999e2810699805f508822dfef8a7941c
02223388c11ce158a03aeab09b2bff1fb2b9258b
a9053eab6c72a3ad28a9de8df060d4b0580f6f6a7472a924878c77232f7a0320

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1246
Cache-Control: max-age=165144
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 10:47:52 GMT
Etag: "638b0692-118"
Expires: Mon, 05 Dec 2022 08:40:16 GMT
Last-Modified: Sat, 03 Dec 2022 08:19:30 GMT
Server: ECS (amb/6B91)
X-Cache: HIT
Content-Length: 280

fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

142.250.74.35

200 OK

31 kB

URL HTTP/2
fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 30928, version 1.0\012- data
Size
31 kB (30928 bytes)
Hash
ac0d2859ea5f8fd6bcb3c305c08ec184
7f6c17e3e592cd8bd346b9cc261d8dd961b8aef7
ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780

HTTP Headers

GET /s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://her-cupid.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 30928
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 02 Dec 2022 06:30:11 GMT
expires: Sat, 02 Dec 2023 06:30:11 GMT
cache-control: public, max-age=31536000
age: 101861
last-modified: Mon, 11 Jul 2022 18:57:39 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
133700a221adc632096ba07231dff450
65709336bcc45deca9015c0a33722eb0a9779bbb
d3391e367acafd98b2680500556201f58671a391fdf267c0eaacb4409ecc5e9b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D3391E367ACAFD98B2680500556201F58671A391FDF267C0EAACB4409ECC5E9B"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8810
Expires: Sat, 03 Dec 2022 13:14:42 GMT
Date: Sat, 03 Dec 2022 10:47:52 GMT
Connection: keep-alive

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
baaba92c2ccd740f080a25a9ea5cb3ad
3322d5a9fb0b3a2ec83247eac9865234cbcefece
5150dcbc7293378fff4a337fd0f61bdbbf6b4f64bddba6d0fd270be37e81fe07

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 10:47:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

o65532.ingest.sentry.io/api/6161109/envelope/?sentry_key=f44bbfb9a37b4915ac9fa50036de00f6&sentry_version=7&sentry_client=sentry.javascript.browser%2F7.23.0

34.120.195.249

200 OK

2 B

URL HTTP/2
o65532.ingest.sentry.io/api/6161109/envelope/?sentry_key=f44bbfb9a37b4915ac9fa50036de00f6&sentry_version=7&sentry_client=sentry.javascript.browser%2F7.23.0
IP
34.120.195.249:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

HTTP Headers

POST /api/6161109/envelope/?sentry_key=f44bbfb9a37b4915ac9fa50036de00f6&sentry_version=7&sentry_client=sentry.javascript.browser%2F7.23.0 HTTP/1.1
Host: o65532.ingest.sentry.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://her-cupid.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://her-cupid.com
Content-Length: 426
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 03 Dec 2022 10:47:52 GMT
content-type: application/json
content-length: 2
access-control-allow-origin: https://her-cupid.com
access-control-expose-headers: x-sentry-error, retry-after, x-sentry-rate-limits
vary: Origin
x-envoy-upstream-service-time: 0
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
133700a221adc632096ba07231dff450
65709336bcc45deca9015c0a33722eb0a9779bbb
d3391e367acafd98b2680500556201f58671a391fdf267c0eaacb4409ecc5e9b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D3391E367ACAFD98B2680500556201F58671A391FDF267C0EAACB4409ECC5E9B"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8810
Expires: Sat, 03 Dec 2022 13:14:42 GMT
Date: Sat, 03 Dec 2022 10:47:52 GMT
Connection: keep-alive

app.api-push.com/get-keys

172.64.162.28

204 No Content

0 B

URL HTTP/2
app.api-push.com/get-keys
IP
172.64.162.28:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /get-keys HTTP/1.1
Host: app.api-push.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://her-cupid.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
date: Sat, 03 Dec 2022 10:47:52 GMT
vary: Origin
access-control-allow-origin: *
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE,PATCH
access-control-allow-headers: content-type
strict-transport-security: max-age=15724800; includeSubDomains
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZJb%2FF2dEtdSWVhfcWhNYmEUGqeU4tEMHk5XEN%2FZwoAAiZheHvvcng9JWpHUI956uo2ea%2F%2BrM4xDpYeMaFbhmHdK2SQP6%2Fa9ggR2o1ts5CekF2H8DlnOulkgnJ1ohwHVxrno%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 773bba075a6b76c0-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

funkydaters.com/nwAA?prid=AFUpi2MPKgUAmFYCAE5PFwAMAH6hcrAA&usid=338447

172.67.218.62

200 OK

31 kB

URL HTTP/2
funkydaters.com/nwAA?prid=AFUpi2MPKgUAmFYCAE5PFwAMAH6hcrAA&usid=338447
IP
172.67.218.62:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
31 kB (30615 bytes)
Hash
c03c9a2286469f8a3441fcd4872b7043
3ea41860b3967f3b44b66af2d2a05e510c264adb
52113b3baf3c1d191e955a03b9be9f8487617b87ea3d507cb84da67fd3e8aed6

HTTP Headers

GET /nwAA?prid=AFUpi2MPKgUAmFYCAE5PFwAMAH6hcrAA&usid=338447 HTTP/1.1
Host: funkydaters.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://startd0wnload22x.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 03 Dec 2022 10:47:50 GMT
content-type: text/html
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YkfihYOFJAbzLSgHXRQyQFHiV6CojpTgn8LuNWcnLI36wdLPbH2H8J4k4rZGKZ%2FQJQbjjUnFfpvYRulpjBhIeQZTFoJ9J0WU1vRKGP%2B6hHFbr2uqT%2BH6T82HFiy%2FWz3P%2FU0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 773bb9f9db10b4ed-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
999e2810699805f508822dfef8a7941c
02223388c11ce158a03aeab09b2bff1fb2b9258b
a9053eab6c72a3ad28a9de8df060d4b0580f6f6a7472a924878c77232f7a0320

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1246
Cache-Control: max-age=165144
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 10:47:52 GMT
Etag: "638b0692-118"
Expires: Mon, 05 Dec 2022 08:40:16 GMT
Last-Modified: Sat, 03 Dec 2022 08:19:30 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 280

her-cupid.com/static/AwAA/images/en/pics-for-bg/pic-2.webp

54.39.22.228

200 OK

30 kB

URL HTTP/2
her-cupid.com/static/AwAA/images/en/pics-for-bg/pic-2.webp
IP
54.39.22.228:0
ASN
#16276 OVH SAS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
30 kB (29526 bytes)
Hash
7a14d6654f06cf115f1bfa361b6133f4
be7c7984440b7fca15a2dba45e9727f83c7ed5a7
63008d1cf81485851d5d2136644923f9a778fcf2a4e874e5ea718fc426a02fbc

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /static/AwAA/images/en/pics-for-bg/pic-2.webp HTTP/1.1
Host: her-cupid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Sat, 03 Dec 2022 10:47:52 GMT
content-type: image/webp
content-length: 29526
last-modified: Mon, 03 Aug 2020 11:47:48 GMT
etag: "5f27f964-7356"
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

her-cupid.com/static/AwAA/images/en/pics-for-bg/pic-3.webp

54.39.22.228

200 OK

32 kB

URL HTTP/2
her-cupid.com/static/AwAA/images/en/pics-for-bg/pic-3.webp
IP
54.39.22.228:0
ASN
#16276 OVH SAS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
32 kB (31946 bytes)
Hash
0a776348771c52ebdedbae6aec1a21bb
6b2d5183853987c743ae74bbb8d1977e91e58542
6bdae8b55844e8ca25ad6422da39ac01f362f3ffb3bb9c8b020cfaf0b146169e

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /static/AwAA/images/en/pics-for-bg/pic-3.webp HTTP/1.1
Host: her-cupid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Sat, 03 Dec 2022 10:47:52 GMT
content-type: image/webp
content-length: 31946
last-modified: Mon, 03 Aug 2020 11:47:48 GMT
etag: "5f27f964-7cca"
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

her-cupid.com/static/AwAA/images/en/pics-for-bg/pic-4.webp

54.39.22.228

200 OK

31 kB

URL HTTP/2
her-cupid.com/static/AwAA/images/en/pics-for-bg/pic-4.webp
IP
54.39.22.228:0
ASN
#16276 OVH SAS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
31 kB (31114 bytes)
Hash
8ff3901573b3b7571c19f57460bd64ab
ab0478e05e29ceca93cce58fcc9e628287899fe9
dc893e9b7abe8a4ab2cfeb8924f833fcb43a16f560e1793e8fdb906e9a6aefbb

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /static/AwAA/images/en/pics-for-bg/pic-4.webp HTTP/1.1
Host: her-cupid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Sat, 03 Dec 2022 10:47:52 GMT
content-type: image/webp
content-length: 31114
last-modified: Mon, 03 Aug 2020 11:47:48 GMT
etag: "5f27f964-798a"
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

her-cupid.com/static/AwAA/images/en/pics-for-bg/pic-5.webp

54.39.22.228

200 OK

29 kB

URL HTTP/2
her-cupid.com/static/AwAA/images/en/pics-for-bg/pic-5.webp
IP
54.39.22.228:0
ASN
#16276 OVH SAS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
29 kB (29010 bytes)
Hash
d0be4db567029a82f6b2abb8a598047f
54fc8433892867b4f1b04010fda6432bfc8dc672
47aedcc05f343844b3db56c484fb5c2821d3fa4985a405ac86febe1604f6d1e5

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /static/AwAA/images/en/pics-for-bg/pic-5.webp HTTP/1.1
Host: her-cupid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Sat, 03 Dec 2022 10:47:52 GMT
content-type: image/webp
content-length: 29010
last-modified: Mon, 03 Aug 2020 11:47:48 GMT
etag: "5f27f964-7152"
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

her-cupid.com/static/AwAA/images/en/pics-for-bg/pic-6.webp

54.39.22.228

200 OK

27 kB

URL HTTP/2
her-cupid.com/static/AwAA/images/en/pics-for-bg/pic-6.webp
IP
54.39.22.228:0
ASN
#16276 OVH SAS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
27 kB (27214 bytes)
Hash
212ab1ac3dd4c0571230527cd14608b5
5d095508ce1777610120bf7dff74eecab451c9d9
d9d36905a77e8ff1e9893c618aaa63770c83217ea01cf2744a0279d02ff0d568

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /static/AwAA/images/en/pics-for-bg/pic-6.webp HTTP/1.1
Host: her-cupid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Sat, 03 Dec 2022 10:47:52 GMT
content-type: image/webp
content-length: 27214
last-modified: Mon, 03 Aug 2020 11:47:45 GMT
etag: "5f27f961-6a4e"
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Oswald:700

142.250.74.106

200 OK

976 B

URL HTTP/2
fonts.googleapis.com/css?family=Oswald:700
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type
data
Size
976 B (976 bytes)
Hash
2e17349ffd6959c7c64b68ae4cd337e5
92710765ff0df1cc8ac034beb63314bf0830ed76
b4b76bddfc61e15c158b1d0efc53d0e018c4ccbe24e5e4fbbf015ab9917c8010

HTTP Headers

GET /css?family=Oswald:700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 03 Dec 2022 10:47:52 GMT
date: Sat, 03 Dec 2022 10:47:52 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

her-cupid.com/static/AwAA/3-2.png

54.39.22.228

200 OK

535 B

URL HTTP/2
her-cupid.com/static/AwAA/3-2.png
IP
54.39.22.228:0
ASN
#16276 OVH SAS

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size
535 B (535 bytes)
Hash
7621845db78d7540608060c63a721252
b24bca5f9e3ca0daf6f0f4822d66febc5c65d169
5368506adbbdfa70cffa4f9cf91127edd324af89c40e14cc273fe7e0d322adf1

HTTP Headers

GET /static/AwAA/3-2.png HTTP/1.1
Host: her-cupid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: slappInfo64_PF1MLGOLKVc=eyJuYmwiOm51bGwsImltcHJlc3Npb24iOiJQRjFNTEdPTEtWYyIsInRydXN0TGV2ZWwiOjAsImJvdFNjb3JlIjowLCJmaW5pc2hDbGlja3NDb3VudCI6MCwibGFuZGluZ0NvbmZpZyI6bnVsbCwic2hvd2VkUG9wcyI6MCwidXJpIjoiaHR0cHM6Ly9oZXItY3VwaWQuY29tL0F3QUEvMTAwNDAvb3RoP2k9UEYxTUxHT0xLVmMmdT04MjMzNTQ3NDYzMTAyNTA3MzUwIiwic2VhcmNoIjoiP2k9UEYxTUxHT0xLVmMmdT04MjMzNTQ3NDYzMTAyNTA3MzUwIiwiY29udGFjdEV4aXN0cyI6ZmFsc2V9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Sat, 03 Dec 2022 10:47:52 GMT
content-type: image/png
content-length: 535
last-modified: Mon, 03 Aug 2020 11:47:36 GMT
etag: "5f27f958-217"
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

her-cupid.com/static/AwAA/images/en/pics-for-bg/pic-7.webp

54.39.22.228

200 OK

20 kB

URL HTTP/2
her-cupid.com/static/AwAA/images/en/pics-for-bg/pic-7.webp
IP
54.39.22.228:0
ASN
#16276 OVH SAS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
20 kB (20464 bytes)
Hash
531177239b443129aa3c4a7df46587a0
d10b5d62feac76a5023a60b1e858c152985ac781
43fc687f4ff9435f336a4c020dd653830c82c07a827b0cc78faae5be2076080d

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /static/AwAA/images/en/pics-for-bg/pic-7.webp HTTP/1.1
Host: her-cupid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Sat, 03 Dec 2022 10:47:52 GMT
content-type: image/webp
content-length: 20464
last-modified: Mon, 03 Aug 2020 11:47:45 GMT
etag: "5f27f961-4ff0"
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

her-cupid.com/static/AwAA/images/en/pics-for-bg/pic-8.webp

54.39.22.228

200 OK

32 kB

URL HTTP/2
her-cupid.com/static/AwAA/images/en/pics-for-bg/pic-8.webp
IP
54.39.22.228:0
ASN
#16276 OVH SAS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
32 kB (32216 bytes)
Hash
ed47b38a109df684d6f47d847baba3ce
42804d2a2f18ea6899033cb513ae25e2412be1da
fd71ee9e633f59c1218eb20e865121e1d0c51d31dfbe04d210ff54c2a5528ce3

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /static/AwAA/images/en/pics-for-bg/pic-8.webp HTTP/1.1
Host: her-cupid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Sat, 03 Dec 2022 10:47:52 GMT
content-type: image/webp
content-length: 32216
last-modified: Mon, 03 Aug 2020 11:47:48 GMT
etag: "5f27f964-7dd8"
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

her-cupid.com/static/AwAA/images/en/pics-for-bg/pic-9.webp

54.39.22.228

200 OK

49 kB

URL HTTP/2
her-cupid.com/static/AwAA/images/en/pics-for-bg/pic-9.webp
IP
54.39.22.228:0
ASN
#16276 OVH SAS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
49 kB (49118 bytes)
Hash
3d3e96d7abdf026fe492e7937f2a59cc
890ba98493246b4ced8317ffb371e95596e630ce
411c4615e4d3d050066ef0ae6ef6e69e7702bc02c0c4e267b26076a47ffd14b2

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /static/AwAA/images/en/pics-for-bg/pic-9.webp HTTP/1.1
Host: her-cupid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Sat, 03 Dec 2022 10:47:52 GMT
content-type: image/webp
content-length: 49118
last-modified: Mon, 03 Aug 2020 11:47:48 GMT
etag: "5f27f964-bfde"
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

her-cupid.com/static/AwAA/images/en/pics-for-bg/pic-10.webp

54.39.22.228

200 OK

21 kB

URL HTTP/2
her-cupid.com/static/AwAA/images/en/pics-for-bg/pic-10.webp
IP
54.39.22.228:0
ASN
#16276 OVH SAS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
21 kB (21094 bytes)
Hash
b914513208055760188667de39db6716
04ae5f3be7a1c7bea6dd09cce098ee9edef554cb
70894006834d4a2a1dcb6029cd29e86f14b9a7e03e8017304669ebd3d3bfec62

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /static/AwAA/images/en/pics-for-bg/pic-10.webp HTTP/1.1
Host: her-cupid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Sat, 03 Dec 2022 10:47:52 GMT
content-type: image/webp
content-length: 21094
last-modified: Mon, 03 Aug 2020 11:47:45 GMT
etag: "5f27f961-5266"
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

her-cupid.com/static/AwAA/images/en/pics-for-bg/gif-1.webp

54.39.22.228

200 OK

1.3 MB

URL HTTP/2
her-cupid.com/static/AwAA/images/en/pics-for-bg/gif-1.webp
IP
54.39.22.228:0
ASN
#16276 OVH SAS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
1.3 MB (1270992 bytes)
Hash
6e76e71ebf7277bce1079af604723e23
c8fcbea450f77451ce8a6709c54c979e70507ca1
085be44516153804017cb6d998e5b39372a7caa480593c80f97c2c24dfab3de8

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /static/AwAA/images/en/pics-for-bg/gif-1.webp HTTP/1.1
Host: her-cupid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Sat, 03 Dec 2022 10:47:52 GMT
content-type: image/webp
content-length: 1270992
last-modified: Mon, 03 Aug 2020 11:47:45 GMT
etag: "5f27f961-1364d0"
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

her-cupid.com/static/AwAA/images/en/pics-for-bg/gif-2.webp

54.39.22.228

200 OK

2.5 MB

URL HTTP/2
her-cupid.com/static/AwAA/images/en/pics-for-bg/gif-2.webp
IP
54.39.22.228:0
ASN
#16276 OVH SAS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
2.5 MB (2464052 bytes)
Hash
5ea931f6f8f26a124460551efe002ac4
36e800547ef0feaa5d7a7ac69e5a24b66c81f907
f8e38aed3d19c1771bafe0bab8e336732fcf527dae61034e4c25c66251a170ea

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /static/AwAA/images/en/pics-for-bg/gif-2.webp HTTP/1.1
Host: her-cupid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Sat, 03 Dec 2022 10:47:52 GMT
content-type: image/webp
content-length: 2464052
last-modified: Mon, 03 Aug 2020 11:47:48 GMT
etag: "5f27f964-259934"
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

her-cupid.com/static/AwAA/images/en/pics-for-bg/gif-3.webp

54.39.22.228

200 OK

1.6 MB

URL HTTP/2
her-cupid.com/static/AwAA/images/en/pics-for-bg/gif-3.webp
IP
54.39.22.228:0
ASN
#16276 OVH SAS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
1.6 MB (1640424 bytes)
Hash
c2c8cf2a99d71b95804d661f795b5ce9
5ca43250f3c7bc1a67295381f430df71bffa3a6f
12a310bfa2100acb12ae355b75594e42bed1e75d693778c26f1842ba5a26da04

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /static/AwAA/images/en/pics-for-bg/gif-3.webp HTTP/1.1
Host: her-cupid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Sat, 03 Dec 2022 10:47:52 GMT
content-type: image/webp
content-length: 1640424
last-modified: Mon, 03 Aug 2020 11:47:48 GMT
etag: "5f27f964-1907e8"
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

her-cupid.com/static/AwAA/images/en/pics-for-bg/gif-center-bottom-ql.webp

54.39.22.228

200 OK

1.0 MB

URL HTTP/2
her-cupid.com/static/AwAA/images/en/pics-for-bg/gif-center-bottom-ql.webp
IP
54.39.22.228:0
ASN
#16276 OVH SAS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
1.0 MB (1031120 bytes)
Hash
ed3e40b68948820502bbf1716eae56b2
50ae8497f4d8bea52c4cb2c0177bc5be25c8b263
d977d9f29ccba9faae1ffea2dd6b1fa30a8194abe92cec1a4c2fee8dbca18e13

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /static/AwAA/images/en/pics-for-bg/gif-center-bottom-ql.webp HTTP/1.1
Host: her-cupid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Sat, 03 Dec 2022 10:47:52 GMT
content-type: image/webp
content-length: 1031120
last-modified: Mon, 03 Aug 2020 11:47:48 GMT
etag: "5f27f964-fbbd0"
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

her-cupid.com/static/AwAA/images/en/pics-for-bg/gif-4.webp

54.39.22.228

200 OK

1.6 MB

URL HTTP/2
her-cupid.com/static/AwAA/images/en/pics-for-bg/gif-4.webp
IP
54.39.22.228:0
ASN
#16276 OVH SAS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
1.6 MB (1637252 bytes)
Hash
10d4826a92e3fc1e4dbbf0be274bc061
9f4c667c8d1000c30789dc1f9b837803096b5b4f
a78e89556b22804599224527cfe8273a6edbe84d3458e9fb582079addf86011b

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /static/AwAA/images/en/pics-for-bg/gif-4.webp HTTP/1.1
Host: her-cupid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Sat, 03 Dec 2022 10:47:52 GMT
content-type: image/webp
content-length: 1637252
last-modified: Mon, 03 Aug 2020 11:47:48 GMT
etag: "5f27f964-18fb84"
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
933bd2bc7dd004d74961dfc0878c1d22
8a4f50edb54fea8ffa604f5ca593345341ce15a1
252363badd64d5ec8ad9eb56af41e44bb094d8c80646dd228e90dba5e56c87b8

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6523
Cache-Control: max-age=154553
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 10:47:53 GMT
Etag: "638ac897-1d7"
Expires: Mon, 05 Dec 2022 05:43:46 GMT
Last-Modified: Sat, 03 Dec 2022 03:55:03 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
1f3a4f3edea56419c58836a0c80d5cea
1558a7ad0acc0c09cdf39ec92030f7ee5736e595
70aeda0cb136ac1add86931a338558b9f302576cd65537575d232fda623fe2f0

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 10:47:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

lh3.google.com/u/0/d/1l0frEmdXyaOzgdSdyzEFLxHRz8nZsme1xNv0ZMbsDI0=w100

216.58.207.206

302 Found

337 B

URL HTTP/2
lh3.google.com/u/0/d/1l0frEmdXyaOzgdSdyzEFLxHRz8nZsme1xNv0ZMbsDI0=w100
IP
216.58.207.206:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Size
337 B (337 bytes)
Hash
66a43eafe19fd2e9782007272dd06ced
9d5112f8b4482ef224d10b0d0a17bfaf053e8e23
f432da756645f1aa0bdfff17c86556d7343c5ae482f941597552d9701560d6bb

HTTP Headers

GET /u/0/d/1l0frEmdXyaOzgdSdyzEFLxHRz8nZsme1xNv0ZMbsDI0=w100 HTTP/1.1
Host: lh3.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
location: https://accounts.google.com/ServiceLogin?continue=https://lh3.google.com/u/0/d/1l0frEmdXyaOzgdSdyzEFLxHRz8nZsme1xNv0ZMbsDI0%3Dw100&hl=en
cache-control: private
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 03 Dec 2022 10:47:53 GMT
server: fife
content-length: 337
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

her-cupid.com/static/AwAA/favicon-150x150.png

54.39.22.228

200 OK

7.0 kB

URL HTTP/2
her-cupid.com/static/AwAA/favicon-150x150.png
IP
54.39.22.228:0
ASN
#16276 OVH SAS

File type
PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced\012- data
Size
7.0 kB (7017 bytes)
Hash
f19d6f44b496c9dedce8b96bd0f5f829
c887ac358a0c8d6979f8b67013954aa8cf4ab1c8
97a873b3ce2ab69cc38287181a190dcd90c09869c0901b5d75e8461f628bef78

HTTP Headers

GET /static/AwAA/favicon-150x150.png HTTP/1.1
Host: her-cupid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: slappInfo64_PF1MLGOLKVc=eyJuYmwiOm51bGwsImltcHJlc3Npb24iOiJQRjFNTEdPTEtWYyIsInRydXN0TGV2ZWwiOjAsImJvdFNjb3JlIjowLCJmaW5pc2hDbGlja3NDb3VudCI6MCwibGFuZGluZ0NvbmZpZyI6bnVsbCwic2hvd2VkUG9wcyI6MCwidXJpIjoiaHR0cHM6Ly9oZXItY3VwaWQuY29tL0F3QUEvMTAwNDAvb3RoP2k9UEYxTUxHT0xLVmMmdT04MjMzNTQ3NDYzMTAyNTA3MzUwIiwic2VhcmNoIjoiP2k9UEYxTUxHT0xLVmMmdT04MjMzNTQ3NDYzMTAyNTA3MzUwIiwiY29udGFjdEV4aXN0cyI6ZmFsc2UsImV2ZW50Ijoic3RlcC0xIiwiZGF0YSI6eyJyZWFsX3N0ZXBfbnVtYmVyIjoxfX0=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Sat, 03 Dec 2022 10:47:53 GMT
content-type: image/png
content-length: 7017
last-modified: Mon, 03 Aug 2020 11:47:36 GMT
etag: "5f27f958-1b69"
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

her-cupid.com/stats

54.39.22.228

200 OK

1.3 kB

URL HTTP/2
her-cupid.com/stats
IP
54.39.22.228:0
ASN
#16276 OVH SAS

File type
data
Size
1.3 kB (1284 bytes)
Hash
a2d9e98a1ed51f42aec447f995b07671
4b07e4f4034b7d79d16282a5633a1ebe3f01d79b
5b808b9d82ff97058092e4e24729db3739fc1a05ec4c0e9353a9d482c7832048

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

POST /stats HTTP/1.1
Host: her-cupid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 310
Origin: https://her-cupid.com
Connection: keep-alive
Cookie: slappInfo64_PF1MLGOLKVc=eyJuYmwiOm51bGwsImltcHJlc3Npb24iOiJQRjFNTEdPTEtWYyIsInRydXN0TGV2ZWwiOjAsImJvdFNjb3JlIjowLCJmaW5pc2hDbGlja3NDb3VudCI6MCwibGFuZGluZ0NvbmZpZyI6bnVsbCwic2hvd2VkUG9wcyI6MCwidXJpIjoiaHR0cHM6Ly9oZXItY3VwaWQuY29tL0F3QUEvMTAwNDAvb3RoP2k9UEYxTUxHT0xLVmMmdT04MjMzNTQ3NDYzMTAyNTA3MzUwIiwic2VhcmNoIjoiP2k9UEYxTUxHT0xLVmMmdT04MjMzNTQ3NDYzMTAyNTA3MzUwIiwiY29udGFjdEV4aXN0cyI6ZmFsc2UsImV2ZW50Ijoic3RlcC0xIiwiZGF0YSI6eyJyZWFsX3N0ZXBfbnVtYmVyIjoxfX0=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Sat, 03 Dec 2022 10:47:52 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

www.facebook.com/v14.0/plugins/like.php

31.13.72.36

200 OK

0 B

URL HTTP/2
www.facebook.com/v14.0/plugins/like.php
IP
31.13.72.36:0
ASN
#32934 FACEBOOK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /v14.0/plugins/like.php HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/html;charset=utf-8
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-xss-protection: 0
x-fb-debug: w6PPJWcm1zpYsu6w9BUeFB1n2qY0ubxa+qxXt1ZmGoGQO2MyOBg3jWQxU6DIBB79HQEQtThXTRH1314piu+y6A==
content-length: 0
date: Sat, 03 Dec 2022 10:47:53 GMT
priority: u=3,i
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
1f3a4f3edea56419c58836a0c80d5cea
1558a7ad0acc0c09cdf39ec92030f7ee5736e595
70aeda0cb136ac1add86931a338558b9f302576cd65537575d232fda623fe2f0

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 10:47:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
a06afa1875c7542451698bb20623def1
b6075db78f93567b4a115d4cc0c1cc7f170de3f6
0257f7232d4431fadd985f2137df900816246f51936ae8521d35f44b21fa6c83

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 10:47:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
933bd2bc7dd004d74961dfc0878c1d22
8a4f50edb54fea8ffa604f5ca593345341ce15a1
252363badd64d5ec8ad9eb56af41e44bb094d8c80646dd228e90dba5e56c87b8

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6523
Cache-Control: max-age=154553
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 10:47:53 GMT
Etag: "638ac897-1d7"
Expires: Mon, 05 Dec 2022 05:43:46 GMT
Last-Modified: Sat, 03 Dec 2022 03:55:03 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471

accounts.google.com/ServiceLogin?continue=https://lh3.google.com/u/0/d/1l0frEmdXyaOzgdSdyzEFLxHRz8nZsme1xNv0ZMbsDI0%3Dw100&hl=en

142.250.74.109

302 Found

413 B

URL HTTP/2
accounts.google.com/ServiceLogin?continue=https://lh3.google.com/u/0/d/1l0frEmdXyaOzgdSdyzEFLxHRz8nZsme1xNv0ZMbsDI0%3Dw100&hl=en
IP
142.250.74.109:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (387)
Size
413 B (413 bytes)
Hash
198ea5ce44c732370d5781ab5ebd151e
e1047a230f26614b1bf110df3898b02c6bc3d071
33c1763add0e3d75f4bedb9e55c7c85579ef3fb3639d8ee6c5520edeef086732

HTTP Headers

GET /ServiceLogin?continue=https://lh3.google.com/u/0/d/1l0frEmdXyaOzgdSdyzEFLxHRz8nZsme1xNv0ZMbsDI0%3Dw100&hl=en HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 03 Dec 2022 10:47:53 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-1408706254%3A1670064473379782&continue=https%3A%2F%2Flh3.google.com%2Fu%2F0%2Fd%2F1l0frEmdXyaOzgdSdyzEFLxHRz8nZsme1xNv0ZMbsDI0%3Dw100&hl=en&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAvNtJwCFr2djUhtSn6D5tXokGTrUgVx6GNAbho_QoQ6e-5PjOqDgP8AI5rCTGbZ6C74FhfkHw
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-CmEitofJLT4m6f034iJO-Q' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 413
server: GSE
set-cookie: __Host-GAPS=1:kb2wvZ94eomTxz9p__3k7FMPG8hDJw:LVDdjkIRHA9j9n6A;Path=/;Expires=Mon, 02-Dec-2024 10:47:53 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

313 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
313 B (313 bytes)
Hash
08ed8903eca988f8ed8ceb015b632d96
6cb38fe0a58c021a2d093ec710d4efd215df2488
b2db497994a45447b4fb03b9bf19a5d6abe702359efe5e61f8e4a8173c69d9a2

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4000
Cache-Control: max-age=122503
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 10:47:53 GMT
Etag: "638a5540-139"
Expires: Sun, 04 Dec 2022 20:49:36 GMT
Last-Modified: Fri, 02 Dec 2022 19:42:56 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 313

pornhub.com/video/manage?o=mr&t=pr2

66.254.114.41

301 Moved Permanently

166 B

URL HTTP/2
pornhub.com/video/manage?o=mr&t=pr2
IP
66.254.114.41:0
ASN
#29789 REFLECTED

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
166 B (166 bytes)
Hash
3ea1c8d079b38532a6e01a96216ba5e2
598d3ff91d3e252f1e13df8cf0348b270ff2da3f
87a9323ac85ce28867d5d7ce590c8f29b8d1a999961fca71bb33adef48683691

HTTP Headers

GET /video/manage?o=mr&t=pr2 HTTP/1.1
Host: pornhub.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 301 Moved Permanently
server: openresty
date: Sat, 03 Dec 2022 10:47:53 GMT
content-type: text/html
content-length: 166
location: https://www.pornhub.com/video/manage?o=mr&t=pr2
x-frame-options: SAMEORIGIN
rating: RTA-5042-1996-1400-1577-RTA
set-cookie: __s=638B2959-42FE722901BB5162-19EC2C1D; Secure; Samesite=None
__l=638B2959-42FE722901BB5162-19EC2C1D; Secure; Samesite=None; Max-Age=31556926
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-request-id: 638B2959-42FE722901BB5162-19EC2C1D
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1a7eed5d6f3d09daa75d2a8e4c5e7392
e105a85e78b7a1808c9e0c66da51271577d92ebf
142e6f08c8cf7fa661344cf3dfedd80e55947fd103634fc6d107f6eb00a0ff5e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "142E6F08C8CF7FA661344CF3DFEDD80E55947FD103634FC6D107F6EB00A0FF5E"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21563
Expires: Sat, 03 Dec 2022 16:47:16 GMT
Date: Sat, 03 Dec 2022 10:47:53 GMT
Connection: keep-alive

www.pornhubpremium.com/user/security/1111

66.254.114.33

302 Found

0 B

URL HTTP/1.1
www.pornhubpremium.com/user/security/1111
IP
66.254.114.33:0
ASN
#29789 REFLECTED

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /user/security/1111 HTTP/1.1
Host: www.pornhubpremium.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 302 Found
server: openresty
date: Sat, 03 Dec 2022 10:47:53 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
set-cookie: ua=df16c081c25306654a0efb89b8761a08; expires=Sun, 04-Dec-2022 10:47:53 GMT; Max-Age=86400; path=/; domain=pornhubpremium.com; secure; HttpOnly
platform=pc; expires=Sat, 10-Dec-2022 10:47:53 GMT; Max-Age=604800; path=/; domain=pornhubpremium.com; secure; HttpOnly
bs=k2jt0m5irf6lhhtdp2mlgqmxounb1s56; expires=Tue, 30-Nov-2032 10:47:53 GMT; Max-Age=315360000; path=/; domain=pornhubpremium.com; secure; HttpOnly; SameSite=None
ss=276715750822938957; expires=Sun, 03-Dec-2023 10:47:53 GMT; Max-Age=31536000; path=/; domain=pornhubpremium.com; secure; HttpOnly
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
ph-redirect: 1026
location: https://www.pornhubpremium.com/premium/login?redirect=FxeLa98PJMEGxMaprVSzWWwSEbX3sny7trDqIwJrWbpzjx64KVl22XS-a5cSqtiW
x-frame-options: SAMEORIGIN
vary: User-Agent
rating: RTA-5042-1996-1400-1577-RTA
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-request-id: 638B2959-42FE722101BBCC39-1A3F8D00

www.pornhubpremium.com/premium/login?redirect=FxeLa98PJMEGxMaprVSzWWwSEbX3sny7trDqIwJrWbpzjx64KVl22XS-a5cSqtiW

66.254.114.33

200 OK

7.8 kB

URL HTTP/1.1
www.pornhubpremium.com/premium/login?redirect=FxeLa98PJMEGxMaprVSzWWwSEbX3sny7trDqIwJrWbpzjx64KVl22XS-a5cSqtiW
IP
66.254.114.33:0
ASN
#29789 REFLECTED

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (2404)
Size
7.8 kB (7797 bytes)
Hash
f0a5c92d23ebbb58bc120fe00c912e1b
c617c8d21ad4c9200555cfc2ad4685bad61f6246
bcc6e3558c34faa7108114194f69ea3119adef0c6c1f1ca6670221366b9df4c2

HTTP Headers

GET /premium/login?redirect=FxeLa98PJMEGxMaprVSzWWwSEbX3sny7trDqIwJrWbpzjx64KVl22XS-a5cSqtiW HTTP/1.1
Host: www.pornhubpremium.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: bs=k2jt0m5irf6lhhtdp2mlgqmxounb1s56
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
server: openresty
date: Sat, 03 Dec 2022 10:47:53 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
set-cookie: ua=df16c081c25306654a0efb89b8761a08; expires=Sun, 04-Dec-2022 10:47:53 GMT; Max-Age=86400; path=/; domain=pornhubpremium.com; secure; HttpOnly
platform=pc; expires=Sat, 10-Dec-2022 10:47:53 GMT; Max-Age=604800; path=/; domain=pornhubpremium.com; secure; HttpOnly
ss=638818184442194675; expires=Sun, 03-Dec-2023 10:47:53 GMT; Max-Age=31536000; path=/; domain=pornhubpremium.com; secure; HttpOnly
fg_0d2ec4cbd943df07ec161982a603817e=79601.100000; expires=Mon, 02-Jan-2023 10:47:53 GMT; Max-Age=2592000; path=/; domain=pornhubpremium.com; secure
ats=eyJhIjoyNiwibiI6MywicyI6MiwiZSI6ODAwMCwicCI6NSwiY24iOiJOb3RfTWVtYmVyX0xvZ2luX0MwMDBfNDJfMV80MTEifQ%3D%3D; expires=Mon, 02-Jan-2023 10:47:53 GMT; Max-Age=2592000; path=/; domain=pornhubpremium.com; secure; HttpOnly
x-frame-options: SAMEORIGIN
cache-control: no-cache, no-store, must-revalidate
vary: User-Agent
rating: RTA-5042-1996-1400-1577-RTA
content-encoding: gzip
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-request-id: 638B2959-42FE722101BBCC39-1A3F8D54

www.pornhub.com/video/manage?o=mr&t=pr2

66.254.114.41

302 Found

66 kB

URL HTTP/2
www.pornhub.com/video/manage?o=mr&t=pr2
IP
66.254.114.41:0
ASN
#29789 REFLECTED

File type
gzip compressed data, max speed, from Unix\012- data
Size
66 kB (66286 bytes)
Hash
9a689a2208a04cc7667e8fc9f182555b
76578414944d848f47d7c512dbd3d91c0c87e7c5
9ac5e33ec85df7fbcb5322d5af24ffb3802744e4c79276296f0615dcdb1f52e1

HTTP Headers

GET /video/manage?o=mr&t=pr2 HTTP/1.1
Host: www.pornhub.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 302 Found
server: openresty
date: Sat, 03 Dec 2022 10:47:53 GMT
content-type: text/html; charset=UTF-8
set-cookie: ua=df16c081c25306654a0efb89b8761a08; expires=Sun, 04-Dec-2022 10:47:53 GMT; Max-Age=86400; path=/; domain=pornhub.com; secure
platform=pc; expires=Sat, 10-Dec-2022 10:47:53 GMT; Max-Age=604800; path=/; domain=pornhub.com; secure
bs=1d8tpsouhfb3nmkv4fidwac8g7akjfpq; expires=Tue, 30-Nov-2032 10:47:53 GMT; Max-Age=315360000; path=/; domain=pornhub.com; secure; SameSite=None
ss=455899114796450334; expires=Sun, 03-Dec-2023 10:47:53 GMT; Max-Age=31536000; path=/; domain=pornhub.com; secure
fg_0d2ec4cbd943df07ec161982a603817e=25110.100000; expires=Mon, 02-Jan-2023 10:47:53 GMT; Max-Age=2592000; path=/; domain=pornhub.com; secure
__s=638B2959-42FE722901BB5162-19EC2C92; Secure; Samesite=None
__l=638B2959-42FE722901BB5162-19EC2C92; Secure; Samesite=None; Max-Age=31556926
x-frame-options: SAMEORIGIN
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
ph-redirect: 1041
location: /login
vary: User-Agent
rating: RTA-5042-1996-1400-1577-RTA
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-request-id: 638B2959-42FE722901BB5162-19EC2C92
X-Firefox-Spdy: h2

www.xvideos.com/favorite/90902157/mk_1123

185.88.181.8

404 Not Found

26 kB

URL HTTP/1.1
www.xvideos.com/favorite/90902157/mk_1123
IP
185.88.181.8:0
ASN
#46652 SERVERSTACK-ASN

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (8648)
Size
26 kB (25869 bytes)
Hash
cd287792f75b73459f822821b46d51c0
89bb588e0d9c3dd346c2643189400cb275d00ae7
a8160192cb4b68ebd70b64ae4f871745ddb49c8364085409d3ccad1eda95dfa5

HTTP Headers

GET /favorite/90902157/mk_1123 HTTP/1.1
Host: www.xvideos.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 404 Not Found
Date: Sat, 03 Dec 2022 10:47:53 GMT
P3p: policyref="/p3p.xml", CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Vary: Accept-Encoding,User-Agent,Accept-Language,Cookie
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com z8y8f3q6.ssl.hwcdn.net https://www.xvideos.com https://wg-xvdev.xvideos.com *.trafficfactory.biz fonts.googleapis.com fonts.gstatic.com ajax.googleapis.com www.google-analytics.com www.googletagmanager.com *.addthis.com *.addthisedge.com www.iwanttodeliver.com apis.google.com www.google.com www.gstatic.com accounts.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.hwcdn.net fcm.googleapis.com *.nk-img.com https://static-dev-xvlive.xvideos.com https://dev-api.naked.com http://dev-api.naked.com *.googleapis.com *.cdn77.org *.pingdom.net *.exoclick.com *.exosrv.com *.realsrv.com *.orbsrv.com *.exdynsrv.com *.ackcdn.net *.afcdn.net *.aucdn.net *.adtng.com *.adglare.net adinvent.engine.adglare.net *.bngpt.com bngpt.com *.trafficjunky.net *.ohmybutt.com *.flirt4free.com *.xlovecam.com *.wlresources.com *.medleyads.com *.cams.com *.acdn5165543.com *.protoawe.com *.google-analytics.com livejasmin.com *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com *.promo-bc.com *.bongacams.com *.bongacash.com *.gammae.com *.servingmillions.com *.super-route.com cdn01.flashmediaportal.com engine.asf4f.us *.htdvt.com *.jerkmate.com *.vfgtb.com *.hytxg2.com *.awemdia.com *.cfgr3.com *.ajxx98.online *.sf4f.us *.adworldmedia.com as.air2s.com bngpst.com cretgate.com mysexchatroom.com trknex.com medleyads.com ajxx98.online gamesfromheaven.com go.hpyjmp.com r.trwl2.com bongacams.com clickserve.dartsearch.net afrtrk.com track.cam4tracking.com *.smljmp.com sffsdvc.com www.sffsdvc.com bmedia.justservingfiles.net blkditsup.com vast.bimbim.com promo.cameraprive.com bngprl.com *.bngprl.com trafforsrv.com serving.stat-rock.com zubivu.com *.xxxjmp.com *.feelpornx.com *.crjugate.com *.hqscene.com *.xlviirdr.com adulttime.xxx *.adulttime.xxx *.javhd.com *.doppiocdn.com *.videosworks.com xlivrdr.com *.xlivrdr.com *.servetraff.com *.adglare.net www.flirt4free.com www.ohmybutt.com www.secretpartners.com cdn.asf4f.us *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com etahub.com ctrack.trafficjunky.net tracking.sexcash.com wss://dev-chatserver.camster.com wss://staging-chatserver.camster.com wss://m.1ka.com wss://c1.1ka.com wss://c11.1ka.com wss://c12.1ka.com wss://c13.1ka.com wss://c14.1ka.com wss://c15.1ka.com wss://c16.1ka.com wss://c17.1ka.com wss://c18.1ka.com wss://c19.1ka.com wss://c110.1ka.com wss://c111.1ka.com wss://c112.1ka.com wss://c113.1ka.com wss://c114.1ka.com wss://c115.1ka.com wss://c2.1ka.com wss://c21.1ka.com wss://c22.1ka.com wss://c23.1ka.com wss://c24.1ka.com wss://c25.1ka.com wss://c26.1ka.com wss://c27.1ka.com wss://c28.1ka.com wss://c29.1ka.com wss://c210.1ka.com wss://c211.1ka.com wss://c212.1ka.com wss://c213.1ka.com wss://c214.1ka.com wss://c215.1ka.com wss://c3.1ka.com wss://c31.1ka.com wss://c32.1ka.com wss://c33.1ka.com wss://c34.1ka.com wss://c35.1ka.com wss://c36.1ka.com wss://c37.1ka.com wss://c38.1ka.com wss://c39.1ka.com wss://c4.1ka.com wss://c41.1ka.com wss://c42.1ka.com wss://c43.1ka.com wss://c44.1ka.com wss://c45.1ka.com wss://c46.1ka.com wss://c47.1ka.com wss://c48.1ka.com wss://c49.1ka.com wss://c410.1ka.com wss://c411.1ka.com wss://c412.1ka.com wss://c413.1ka.com wss://c414.1ka.com wss://c415.1ka.com wss://c5.1ka.com wss://c51.1ka.com wss://c52.1ka.com wss://c53.1ka.com wss://c54.1ka.com wss://c55.1ka.com wss://c56.1ka.com wss://c57.1ka.com wss://c58.1ka.com wss://c59.1ka.com wss://c510.1ka.com wss://c511.1ka.com wss://c512.1ka.com wss://c513.1ka.com wss://c514.1ka.com wss://c515.1ka.com https://dev-chatserver.camster.com https://staging-chatserver.camster.com https://m.1ka.com https://c1.1ka.com https://c11.1ka.com https://c12.1ka.com https://c13.1ka.com https://c14.1ka.com https://c15.1ka.com https://c16.1ka.com https://c17.1ka.com https://c18.1ka.com https://c19.1ka.com https://c110.1ka.com https://c111.1ka.com https://c112.1ka.com https://c113.1ka.com https://c114.1ka.com https://c115.1ka.com https://c2.1ka.com https://c21.1ka.com https://c22.1ka.com https://c23.1ka.com https://c24.1ka.com https://c25.1ka.com https://c26.1ka.com https://c27.1ka.com https://c28.1ka.com https://c29.1ka.com https://c210.1ka.com https://c211.1ka.com https://c212.1ka.com https://c213.1ka.com https://c214.1ka.com https://c215.1ka.com https://c3.1ka.com https://c31.1ka.com https://c32.1ka.com https://c33.1ka.com https://c34.1ka.com https://c35.1ka.com https://c36.1ka.com https://c37.1ka.com https://c38.1ka.com https://c39.1ka.com https://c4.1ka.com https://c41.1ka.com https://c42.1ka.com https://c43.1ka.com https://c44.1ka.com https://c45.1ka.com https://c46.1ka.com https://c47.1ka.com https://c48.1ka.com https://c49.1ka.com https://c410.1ka.com https://c411.1ka.com https://c412.1ka.com https://c413.1ka.com https://c414.1ka.com https://c415.1ka.com https://c5.1ka.com https://c51.1ka.com https://c52.1ka.com https://c53.1ka.com https://c54.1ka.com https://c55.1ka.com https://c56.1ka.com https://c57.1ka.com https://c58.1ka.com https://c59.1ka.com https://c510.1ka.com https://c511.1ka.com https://c512.1ka.com https://c513.1ka.com https://c514.1ka.com https://c515.1ka.com https://media.1ka.com https://u.1ka.com https://n.1ka.com;img-src 'self' 'unsafe-inline' data: blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.hwcdn.net *.trafficfactory.biz www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com *.vscdns.com *.doubleclick.net *.google.fr *.google.com *.exoclick.com *.exosrv.com *.realsrv.com *.exdynsrv.com *.ackcdn.net *.afcdn.net *.aucdn.net bmedia.justservingfiles.net;
Referrer-Policy: no-referrer-when-downgrade
Set-Cookie: session_token=a32ba8231d559dd7I3dNGKNrly7XmWUDCAQsyZcGCZLYpx0uC4jRYJsypvwkXV98YXdiogzJe-j-cpbVjELj62o6OpiqqOZuY8N_r2ib4iQfpQ2VKJkVna6T6DvCogOz87rVaUEC9sdde2IxfBFhzM3DV3ck1YsLixyfBT9wUt2eu9Qg2q6mMg_liYp5-bDFCiNvucwjFDsa8TDS; expires=Mon, 02-Jan-2023 10:47:53 GMT; Max-Age=2592000; path=/; domain=.xvideos.com
_ga=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.xvideos.com
_gid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.xvideos.com
_gat=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.xvideos.com
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
Server: nginx

accounts.google.com/v3/signin/identifier?dsh=S-1408706254%3A1670064473379782&continue=https%3A%2F%2Flh3.google.com%2Fu%2F0%2Fd%2F1l0frEmdXyaOzgdSdyzEFLxHRz8nZsme1xNv0ZMbsDI0%3Dw100&hl=en&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAvNtJwCFr2djUhtSn6D5tXokGTrUgVx6GNAbho_QoQ6e-5PjOqDgP8AI5rCTGbZ6C74FhfkHw

142.250.74.109

403 Forbidden

11 kB

URL HTTP/2
accounts.google.com/v3/signin/identifier?dsh=S-1408706254%3A1670064473379782&continue=https%3A%2F%2Flh3.google.com%2Fu%2F0%2Fd%2F1l0frEmdXyaOzgdSdyzEFLxHRz8nZsme1xNv0ZMbsDI0%3Dw100&hl=en&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAvNtJwCFr2djUhtSn6D5tXokGTrUgVx6GNAbho_QoQ6e-5PjOqDgP8AI5rCTGbZ6C74FhfkHw
IP
142.250.74.109:0
ASN
#15169 GOOGLE

File type
data
Size
11 kB (10712 bytes)
Hash
38e10ae0dff4889d33e9550427711807
077d9844e7a2c9c86f3cd4f8c7ea70829d5f1602
23a86d15330ff8bf0f14cb46be7d370a0a5841b7ea332b894dc7c21c8f8c8078

HTTP Headers

GET /v3/signin/identifier?dsh=S-1408706254%3A1670064473379782&continue=https%3A%2F%2Flh3.google.com%2Fu%2F0%2Fd%2F1l0frEmdXyaOzgdSdyzEFLxHRz8nZsme1xNv0ZMbsDI0%3Dw100&hl=en&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAvNtJwCFr2djUhtSn6D5tXokGTrUgVx6GNAbho_QoQ6e-5PjOqDgP8AI5rCTGbZ6C74FhfkHw HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 03 Dec 2022 10:47:53 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-IRpir6N8hum8Ms4kBgFTfQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

cc255de60.srtrak.com/promo-tools/direct-offers/mainstream/sweepstakes/winiphone14/?idev_id=106&set=3&link=2602&page=931&clickid=065cf8c1b74ad0196f6e2b466790fdb563a7192237e046be34cfb321e4810092

91.132.60.212

302 Found

0 B

URL HTTP/2
cc255de60.srtrak.com/promo-tools/direct-offers/mainstream/sweepstakes/winiphone14/?idev_id=106&set=3&link=2602&page=931&clickid=065cf8c1b74ad0196f6e2b466790fdb563a7192237e046be34cfb321e4810092
IP
91.132.60.212:0
ASN
#44901 Belcloud LTD

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /promo-tools/direct-offers/mainstream/sweepstakes/winiphone14/?idev_id=106&set=3&link=2602&page=931&clickid=065cf8c1b74ad0196f6e2b466790fdb563a7192237e046be34cfb321e4810092 HTTP/1.1
Host: cc255de60.srtrak.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 302 Found
server: nginx
date: Sat, 03 Dec 2022 10:47:47 GMT
content-type: text/html; charset=UTF-8
location: https://1d6ce2131d3.tcompany-offer.com/?p=5221&plid=1&plid_hmac=8e4ba4d770c032b1b72f66f3beb1a9ac&wid=132902&wid_hmac=d0cd5a96a873328888c8f7fbeabd778d&pl_settings%5Bprize%5D=iphone-14&o_settings%5Bprize%5D=iphone-14&pi=106&click_id=065cf8c1b74ad0196f6e2b466790fdb563a7192237e046be34cfb321e4810092
set-cookie: _s=jc5c42oh9g4i7em62h2nko0eg7; path=/; HttpOnly
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
referrer-policy: no-referrer
x-robots-tag: noindex, nofollow, nosnippet, noarchive
X-Firefox-Spdy: h2

her-cupid.com/user-id?nbl=&impression=PF1MLGOLKVc&trustLevel=0&botScore=0&finishClicksCount=0&landingConfig=&showedPops=0&uri=https%3A%2F%2Fher-cupid.com%2FAwAA%2F10040%2Foth%3Fi%3DPF1MLGOLKVc%26u%3D8233547463102507350&search=%3Fi%3DPF1MLGOLKVc%26u%3D8233547463102507350&contactExists=false

54.39.22.228

200 OK

0 B

URL HTTP/2
her-cupid.com/user-id?nbl=&impression=PF1MLGOLKVc&trustLevel=0&botScore=0&finishClicksCount=0&landingConfig=&showedPops=0&uri=https%3A%2F%2Fher-cupid.com%2FAwAA%2F10040%2Foth%3Fi%3DPF1MLGOLKVc%26u%3D8233547463102507350&search=%3Fi%3DPF1MLGOLKVc%26u%3D8233547463102507350&contactExists=false
IP
54.39.22.228:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /user-id?nbl=&impression=PF1MLGOLKVc&trustLevel=0&botScore=0&finishClicksCount=0&landingConfig=&showedPops=0&uri=https%3A%2F%2Fher-cupid.com%2FAwAA%2F10040%2Foth%3Fi%3DPF1MLGOLKVc%26u%3D8233547463102507350&search=%3Fi%3DPF1MLGOLKVc%26u%3D8233547463102507350&contactExists=false HTTP/1.1
Host: her-cupid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Cookie: slappInfo64_PF1MLGOLKVc=eyJuYmwiOm51bGwsImltcHJlc3Npb24iOiJQRjFNTEdPTEtWYyIsInRydXN0TGV2ZWwiOjAsImJvdFNjb3JlIjowLCJmaW5pc2hDbGlja3NDb3VudCI6MCwibGFuZGluZ0NvbmZpZyI6bnVsbCwic2hvd2VkUG9wcyI6MCwidXJpIjoiaHR0cHM6Ly9oZXItY3VwaWQuY29tL0F3QUEvMTAwNDAvb3RoP2k9UEYxTUxHT0xLVmMmdT04MjMzNTQ3NDYzMTAyNTA3MzUwIiwic2VhcmNoIjoiP2k9UEYxTUxHT0xLVmMmdT04MjMzNTQ3NDYzMTAyNTA3MzUwIiwiY29udGFjdEV4aXN0cyI6ZmFsc2UsImV2ZW50Ijoic3RlcC0xIiwiZGF0YSI6eyJyZWFsX3N0ZXBfbnVtYmVyIjoxfX0=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Sat, 03 Dec 2022 10:47:53 GMT
content-type: application/json; charset=UTF-8
set-cookie: userid=27a8233f905aa2dcbf0b5ca6e520c4380db0008d9a9685b112dcae5a8e7b371ba%3A2%3A%7Bi%3A0%3Bs%3A6%3A%22userid%22%3Bi%3A1%3Bi%3A190083124385%3B%7D; expires=Mon, 04-Dec-2023 07:04:33 GMT; Max-Age=31609000; path=/; HttpOnly; SameSite=Lax
access-control-allow-origin: *
X-Firefox-Spdy: h2

her-cupid.com/AwAA/10040/oth?i=PF1MLGOLKVc&u=8233547463102507350

54.39.22.228

200 OK

0 B

URL HTTP/2
her-cupid.com/AwAA/10040/oth?i=PF1MLGOLKVc&u=8233547463102507350
IP
54.39.22.228:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /AwAA/10040/oth?i=PF1MLGOLKVc&u=8233547463102507350 HTTP/1.1
Host: her-cupid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://funkydaters.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Sat, 03 Dec 2022 10:47:51 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
x-cache-status: HIT
content-encoding: gzip
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Montserrat:100,400,700,900

142.250.74.106

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css?family=Montserrat:100,400,700,900
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css?family=Montserrat:100,400,700,900 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 03 Dec 2022 10:47:52 GMT
date: Sat, 03 Dec 2022 10:47:52 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

track.gositego.live/click?pid=3664&offer_id=17742&sub1=uYiOdBBz60c3tpNr4d5umG6MRtw0Lhc4&sub2=v66R

34.141.179.97

200 OK

0 B

URL HTTP/2
track.gositego.live/click?pid=3664&offer_id=17742&sub1=uYiOdBBz60c3tpNr4d5umG6MRtw0Lhc4&sub2=v66R
IP
34.141.179.97:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /click?pid=3664&offer_id=17742&sub1=uYiOdBBz60c3tpNr4d5umG6MRtw0Lhc4&sub2=v66R HTTP/1.1
Host: track.gositego.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 03 Dec 2022 10:47:49 GMT
content-type: text/html; charset=utf-8
x-adjust-use-original-forwarded-for: 1
set-cookie: afclick=638b295521e612000151bbc4; expires=Sun, 03 Dec 2023 10:47:49 GMT; secure; SameSite=None
afoffers={"17742":1670064469}; expires=Sun, 03 Dec 2023 10:47:49 GMT; secure; SameSite=None
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

app.api-push.com/get-keys

172.64.162.28

200 OK

0 B

URL HTTP/2
app.api-push.com/get-keys
IP
172.64.162.28:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

POST /get-keys HTTP/1.1
Host: app.api-push.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 174
Origin: https://her-cupid.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 03 Dec 2022 10:47:52 GMT
content-type: application/json; charset=utf-8
vary: Origin
access-control-allow-origin: *
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE,PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=15724800; includeSubDomains
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CwymI7Dn7JctvbIqlEnwwHvyMScgqsKOC4V1nb%2BAsLGMU6XnWf4k3zFTKE2xn135S9G7MTGukjLU9cnW8qQBPjFTTAr3p4S6hgpQfJi6YDemNz3jKYeycr6LEBYIUK4TkIxR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 773bba07fb2476c0-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

funkydaters.com/static/js/build/bd.js

172.67.218.62

200 OK

0 B

URL HTTP/2
funkydaters.com/static/js/build/bd.js
IP
172.67.218.62:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /static/js/build/bd.js HTTP/1.1
Host: funkydaters.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://funkydaters.com/nwAA?prid=AFUpi2MPKgUAmFYCAE5PFwAMAH6hcrAA&usid=338447
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 03 Dec 2022 10:47:50 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 773bb9fa2b89b4ed-OSL
age: 40587
etag: W/"static/js/build/bd.3ad9d77bdd.js"
vary: Accept-Encoding
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a0gmmNJGiiTasKV4ePF%2B%2FMa3JuSVJ1TPSu5yb3ZVl98PGoeJ1Ft7ul64vqciB2ZK9O0M1MWv2gt%2B1qT7K2UXpbT7WFCjf3DsSDIMWs%2BZ97ypm9oruwzwiwvzXx7Dhfx7NHE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

her-cupid.com/stats

54.39.22.228

200 OK

0 B

URL HTTP/2
her-cupid.com/stats
IP
54.39.22.228:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

POST /stats HTTP/1.1
Host: her-cupid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 318
Origin: https://her-cupid.com
Connection: keep-alive
Cookie: slappInfo64_PF1MLGOLKVc=eyJuYmwiOm51bGwsImltcHJlc3Npb24iOiJQRjFNTEdPTEtWYyIsInRydXN0TGV2ZWwiOjEsImJvdFNjb3JlIjowLCJmaW5pc2hDbGlja3NDb3VudCI6MCwibGFuZGluZ0NvbmZpZyI6bnVsbCwic2hvd2VkUG9wcyI6MCwidXJpIjoiaHR0cHM6Ly9oZXItY3VwaWQuY29tL0F3QUEvMTAwNDAvb3RoP2k9UEYxTUxHT0xLVmMmdT04MjMzNTQ3NDYzMTAyNTA3MzUwIiwic2VhcmNoIjoiP2k9UEYxTUxHT0xLVmMmdT04MjMzNTQ3NDYzMTAyNTA3MzUwIiwiY29udGFjdEV4aXN0cyI6ZmFsc2UsImV2ZW50IjoiZXh0c2VzIiwiZGF0YSI6eyJwaCI6ImZhbHNlIn0sImx1aWQiOjE5MDA4MzEyNDM4NX0=; userid=27a8233f905aa2dcbf0b5ca6e520c4380db0008d9a9685b112dcae5a8e7b371ba%3A2%3A%7Bi%3A0%3Bs%3A6%3A%22userid%22%3Bi%3A1%3Bi%3A190083124385%3B%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Sat, 03 Dec 2022 10:47:54 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

her-cupid.com/stats

54.39.22.228

200 OK

0 B

URL HTTP/2
her-cupid.com/stats
IP
54.39.22.228:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

POST /stats HTTP/1.1
Host: her-cupid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 580
Origin: https://her-cupid.com
Connection: keep-alive
Cookie: slappInfo64_PF1MLGOLKVc=eyJuYmwiOm51bGwsImltcHJlc3Npb24iOiJQRjFNTEdPTEtWYyIsInRydXN0TGV2ZWwiOjEsImJvdFNjb3JlIjowLCJmaW5pc2hDbGlja3NDb3VudCI6MCwibGFuZGluZ0NvbmZpZyI6eyJ0cmFmZmljV2l0aEVtYWlsQ2FzY2FkZUlkIjp0cnVlLCJyZWFsVXNlcnNDYXNjYWRlSWQiOnRydWUsIm1haW5DYXNjYWRlIjp0cnVlLCJiYWNrQ2FzY2FkZSI6dHJ1ZSwic2Vjb25kQ2xpY2tDYXNjYWRlIjp0cnVlLCJwb3BzQ2FzY2FkZSI6dHJ1ZSwicG9wc0NvdW50IjoxfSwic2hvd2VkUG9wcyI6MCwidXJpIjoiaHR0cHM6Ly9oZXItY3VwaWQuY29tL0F3QUEvMTAwNDAvb3RoP2k9UEYxTUxHT0xLVmMmdT04MjMzNTQ3NDYzMTAyNTA3MzUwIiwic2VhcmNoIjoiP2k9UEYxTUxHT0xLVmMmdT04MjMzNTQ3NDYzMTAyNTA3MzUwIiwiY29udGFjdEV4aXN0cyI6ZmFsc2UsImV2ZW50IjoiZXh0c2VzIiwiZGF0YSI6eyJ4dmlkIjoiZmFsc2UifSwibHVpZCI6MTkwMDgzMTI0Mzg1fQ==; userid=27a8233f905aa2dcbf0b5ca6e520c4380db0008d9a9685b112dcae5a8e7b371ba%3A2%3A%7Bi%3A0%3Bs%3A6%3A%22userid%22%3Bi%3A1%3Bi%3A190083124385%3B%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Sat, 03 Dec 2022 10:47:54 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (15)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations