Report - dratingmaject.com/f5372333-1c5f-4112-a444-ec1448dcf4a0

Report Overview

Submitted URL
dratingmaject.com/f5372333-1c5f-4112-a444-ec1448dcf4a0
IP
18.195.149.11
ASN
#16509 AMAZON-02
Submitted
2022-09-05 11:44:44
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321 B	229 B	34.117.237.239
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.7 kB	3.5 kB	142.250.74.3
my.rtmark.net	9054	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	496 B	746 B	139.45.195.8
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.6 kB	4.4 kB	23.36.77.32
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	329 B	737 B	93.184.220.29
ocsp.sectigo.com	487	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	328 B	963 B	104.18.32.68
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594 B	127 B	44.238.3.246
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	5.8 kB	143.204.55.110
fonts.googleapis.com	8877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	447 B	2.1 kB	142.250.74.10
fonts.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	942 B	34 kB	142.250.74.163
dratingmaject.com	821761	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.3 kB	4.8 kB	18.195.149.11
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	325 B	1.6 kB	143.204.55.35
deefauph.com	135892	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.6 kB	2.0 kB	139.45.197.251
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.7 kB	66 kB	34.120.237.76
babesroulette.com	281754	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	947 B	658 B	104.21.72.186

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-09-05	medium	dratingmaject.com/f5372333-1c5f-4112-a444-ec1448dcf4a0	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (6)

	URL	Size	First Seen	Last Seen
	babesroulette.com/landers/lander18/?clickid=wmr09crlc1tejrqiiakeo586&source=f5372333-1c5f-4112-a444-ec1448dcf4a0&cep=95pEm7dRgYAYTY4Jf52U9s63KhEmWcg3x3aNRYhXDFz8qtXfsxfbrrPkBT5hAlkeK_S3fmW7cvdC6j8pUh7fef1LRDDc6lNMt3bI5QI2Sl-6WrLUaWZbJmNKH1UeB8AuLWZ2OXByHng0gVQiDqAz_NFCBjo8sDih4raDHbyZn5kKQbOqLq9aNYPSZdczstsSYr4XgIAAsXT_zlb-CbCHY5jIpARB47G9cmNQWLxlJqJkL4B8vlGLWc3yKDakXm2No-MR2cNzHAKnMFRu4s_YQGHd3jEmOs9ZlJvllJWwdwc8l99IJir44tSti5hfWTvgsO712G4o3IMdQQc1viJ8LvIThPsAOY7EjM-26aQI3OF-jpwoZgZyU0VQ_pAkX4be&lptoken=165f626738bb00cc7208	660 B	2023-03-07	2023-04-05
Pretty URL babesroulette.com/landers/lander18/?clickid=wmr09crlc1tejrqiiakeo586&source=f5372333-1c5f-4112-a444-ec1448dcf4a0&cep=95pEm7dRgYAYTY4Jf52U9s63KhEmWcg3x3aNRYhXDFz8qtXfsxfbrrPkBT5hAlkeK_S3fmW7cvdC6j8pUh7fef1LRDDc6lNMt3bI5QI2Sl-6WrLUaWZbJmNKH1UeB8AuLWZ2OXByHng0gVQiDqAz_NFCBjo8sDih4raDHbyZn5kKQbOqLq9aNYPSZdczstsSYr4XgIAAsXT_zlb-CbCHY5jIpARB47G9cmNQWLxlJqJkL4B8vlGLWc3yKDakXm2No-MR2cNzHAKnMFRu4s_YQGHd3jEmOs9ZlJvllJWwdwc8l99IJir44tSti5hfWTvgsO712G4o3IMdQQc1viJ8LvIThPsAOY7EjM-26aQI3OF-jpwoZgZyU0VQ_pAkX4be&lptoken=165f626738bb00cc7208 IP 104.21.72.186 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:00 Last Seen2023-04-05 01:55:44 Times Seen17 Hash 97441e7379ca32ad9f6044c50451ff13 80fb696604e2b6e293615725845d9642cc4171d7 976578c853ded099ba704b2fda49934f67dbbb03e53d81b589d332ffaa543fdc Loading...

	babesroulette.com/landers/lander18/?clickid=wmr09crlc1tejrqiiakeo586&source=f5372333-1c5f-4112-a444-ec1448dcf4a0&cep=95pEm7dRgYAYTY4Jf52U9s63KhEmWcg3x3aNRYhXDFz8qtXfsxfbrrPkBT5hAlkeK_S3fmW7cvdC6j8pUh7fef1LRDDc6lNMt3bI5QI2Sl-6WrLUaWZbJmNKH1UeB8AuLWZ2OXByHng0gVQiDqAz_NFCBjo8sDih4raDHbyZn5kKQbOqLq9aNYPSZdczstsSYr4XgIAAsXT_zlb-CbCHY5jIpARB47G9cmNQWLxlJqJkL4B8vlGLWc3yKDakXm2No-MR2cNzHAKnMFRu4s_YQGHd3jEmOs9ZlJvllJWwdwc8l99IJir44tSti5hfWTvgsO712G4o3IMdQQc1viJ8LvIThPsAOY7EjM-26aQI3OF-jpwoZgZyU0VQ_pAkX4be&lptoken=165f626738bb00cc7208	1.4 kB	2023-03-07	2023-04-05
Pretty URL babesroulette.com/landers/lander18/?clickid=wmr09crlc1tejrqiiakeo586&source=f5372333-1c5f-4112-a444-ec1448dcf4a0&cep=95pEm7dRgYAYTY4Jf52U9s63KhEmWcg3x3aNRYhXDFz8qtXfsxfbrrPkBT5hAlkeK_S3fmW7cvdC6j8pUh7fef1LRDDc6lNMt3bI5QI2Sl-6WrLUaWZbJmNKH1UeB8AuLWZ2OXByHng0gVQiDqAz_NFCBjo8sDih4raDHbyZn5kKQbOqLq9aNYPSZdczstsSYr4XgIAAsXT_zlb-CbCHY5jIpARB47G9cmNQWLxlJqJkL4B8vlGLWc3yKDakXm2No-MR2cNzHAKnMFRu4s_YQGHd3jEmOs9ZlJvllJWwdwc8l99IJir44tSti5hfWTvgsO712G4o3IMdQQc1viJ8LvIThPsAOY7EjM-26aQI3OF-jpwoZgZyU0VQ_pAkX4be&lptoken=165f626738bb00cc7208 IP 104.21.72.186 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:00 Last Seen2023-04-05 01:55:44 Times Seen17 Hash 8d9b1690a74f07a3810d671b838dd1bd 636798778433d0449d1a29d4a1dbdd1a23af8c46 185faac7437690399b751628e681b202ceb6f5dc205874483379a82cddd2e737 Loading...

	deefauph.com/pfe/current/micro.tag.min.js?z=4740019&ymid=wmr09crlc1tejrqiiakeo586&var=f5372333-1c5f-4112-a444-ec1448dcf4a0&sw=/sw-check-permissions-2e801.js	107 kB	2023-03-07	2023-03-17
Pretty URL deefauph.com/pfe/current/micro.tag.min.js?z=4740019&ymid=wmr09crlc1tejrqiiakeo586&var=f5372333-1c5f-4112-a444-ec1448dcf4a0&sw=/sw-check-permissions-2e801.js IP 139.45.197.251 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:13 Last Seen2023-03-17 10:41:37 Times Seen1 Hash b5aa4970581654f8f161b2d503f8dcea e771ed2c3c6ebc493536734f15a7598d3284fcf7 f0affc3c8b4613627051bd3bb298e4e3e2c012c95e7aabacc6d6b4eb18aa6d0c Loading...

	babesroulette.com/landers/lander18/?clickid=wmr09crlc1tejrqiiakeo586&source=f5372333-1c5f-4112-a444-ec1448dcf4a0&cep=95pEm7dRgYAYTY4Jf52U9s63KhEmWcg3x3aNRYhXDFz8qtXfsxfbrrPkBT5hAlkeK_S3fmW7cvdC6j8pUh7fef1LRDDc6lNMt3bI5QI2Sl-6WrLUaWZbJmNKH1UeB8AuLWZ2OXByHng0gVQiDqAz_NFCBjo8sDih4raDHbyZn5kKQbOqLq9aNYPSZdczstsSYr4XgIAAsXT_zlb-CbCHY5jIpARB47G9cmNQWLxlJqJkL4B8vlGLWc3yKDakXm2No-MR2cNzHAKnMFRu4s_YQGHd3jEmOs9ZlJvllJWwdwc8l99IJir44tSti5hfWTvgsO712G4o3IMdQQc1viJ8LvIThPsAOY7EjM-26aQI3OF-jpwoZgZyU0VQ_pAkX4be&lptoken=165f626738bb00cc7208	103 B	2023-03-07	2023-03-07
Pretty URL babesroulette.com/landers/lander18/?clickid=wmr09crlc1tejrqiiakeo586&source=f5372333-1c5f-4112-a444-ec1448dcf4a0&cep=95pEm7dRgYAYTY4Jf52U9s63KhEmWcg3x3aNRYhXDFz8qtXfsxfbrrPkBT5hAlkeK_S3fmW7cvdC6j8pUh7fef1LRDDc6lNMt3bI5QI2Sl-6WrLUaWZbJmNKH1UeB8AuLWZ2OXByHng0gVQiDqAz_NFCBjo8sDih4raDHbyZn5kKQbOqLq9aNYPSZdczstsSYr4XgIAAsXT_zlb-CbCHY5jIpARB47G9cmNQWLxlJqJkL4B8vlGLWc3yKDakXm2No-MR2cNzHAKnMFRu4s_YQGHd3jEmOs9ZlJvllJWwdwc8l99IJir44tSti5hfWTvgsO712G4o3IMdQQc1viJ8LvIThPsAOY7EjM-26aQI3OF-jpwoZgZyU0VQ_pAkX4be&lptoken=165f626738bb00cc7208 IP 104.21.72.186 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:55:55 Last Seen2023-03-07 12:55:55 Times Seen1 Hash 295407b6c29cc2fa9f019fd434fb5fce 33ad713903b35a7c8d220a0815d3a75be3efe05c f670ba398d44e48e4609715b7420e89ca4281322538ae7f75c88b54c35dd500a Loading...

	dratingmaject.com/d/.js?lpref=&lpurl=https%3A%2F%2Fbabesroulette.com%2Flanders%2Flander18%2F%3Fclickid%3Dwmr09crlc1tejrqiiakeo586%26source%3Df5372333-1c5f-4112-a444-ec1448dcf4a0%26cep%3D95pEm7dRgYAYTY4Jf52U9s63KhEmWcg3x3aNRYhXDFz8qtXfsxfbrrPkBT5hAlkeK_S3fmW7cvdC6j8pUh7fef1LRDDc6lNMt3bI5QI2Sl-6WrLUaWZbJmNKH1UeB8AuLWZ2OXByHng0gVQiDqAz_NFCBjo8sDih4raDHbyZn5kKQbOqLq9aNYPSZdczstsSYr4XgIAAsXT_zlb-CbCHY5jIpARB47G9cmNQWLxlJqJkL4B8vlGLWc3yKDakXm2No-MR2cNzHAKnMFRu4s_YQGHd3jEmOs9ZlJvllJWwdwc8l99IJir44tSti5hfWTvgsO712G4o3IMdQQc1viJ8LvIThPsAOY7EjM-26aQI3OF-jpwoZgZyU0VQ_pAkX4be%26lptoken%3D165f626738bb00cc7208&lpt=Title%20here&t=1662378269481	3.0 kB	2023-03-07	2023-03-07
Pretty URL dratingmaject.com/d/.js?lpref=&lpurl=https%3A%2F%2Fbabesroulette.com%2Flanders%2Flander18%2F%3Fclickid%3Dwmr09crlc1tejrqiiakeo586%26source%3Df5372333-1c5f-4112-a444-ec1448dcf4a0%26cep%3D95pEm7dRgYAYTY4Jf52U9s63KhEmWcg3x3aNRYhXDFz8qtXfsxfbrrPkBT5hAlkeK_S3fmW7cvdC6j8pUh7fef1LRDDc6lNMt3bI5QI2Sl-6WrLUaWZbJmNKH1UeB8AuLWZ2OXByHng0gVQiDqAz_NFCBjo8sDih4raDHbyZn5kKQbOqLq9aNYPSZdczstsSYr4XgIAAsXT_zlb-CbCHY5jIpARB47G9cmNQWLxlJqJkL4B8vlGLWc3yKDakXm2No-MR2cNzHAKnMFRu4s_YQGHd3jEmOs9ZlJvllJWwdwc8l99IJir44tSti5hfWTvgsO712G4o3IMdQQc1viJ8LvIThPsAOY7EjM-26aQI3OF-jpwoZgZyU0VQ_pAkX4be%26lptoken%3D165f626738bb00cc7208&lpt=Title%20here&t=1662378269481 IP 18.195.149.11 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:55:55 Last Seen2023-03-07 12:55:55 Times Seen1 Hash 2e50e47381f4e1da622364692eb1de55 324c0fce03ef052c11a95b8ab7310df6a96c8ae7 22d1764693f5364276ee0a81b42f38f614f24580436a754a4e43ccb7e1eac617 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 29f9e407561c777f3201a1bf8af46be1	80 B	2023-03-07	2023-03-07
Pretty Observations First Seen2023-03-07 12:55:55 Last Seen2023-03-07 12:55:55 Times Seen1 Hash 29f9e407561c777f3201a1bf8af46be1 0e895f6c437ae0ff1dcb56e5cd5a47f105e01765 2b723c2f27e667a6a0d3999bb40b873c30233fb844a3f07efda4a7df5bb93f00 Loading...

HTTP Transactions (33)

URL IP Response Size

dratingmaject.com/f5372333-1c5f-4112-a444-ec1448dcf4a0

18.195.149.11

302

0 B

URL HTTP/1.1
dratingmaject.com/f5372333-1c5f-4112-a444-ec1448dcf4a0
IP
18.195.149.11:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /f5372333-1c5f-4112-a444-ec1448dcf4a0 HTTP/1.1
Host: dratingmaject.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 
Server: nginx
Date: Mon, 05 Sep 2022 11:44:32 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://babesroulette.com/landers/lander18/?clickid=wmr09crlc1tejrqiiakeo586&source=f5372333-1c5f-4112-a444-ec1448dcf4a0&cep=95pEm7dRgYAYTY4Jf52U9s63KhEmWcg3x3aNRYhXDFz8qtXfsxfbrrPkBT5hAlkeK_S3fmW7cvdC6j8pUh7fef1LRDDc6lNMt3bI5QI2Sl-6WrLUaWZbJmNKH1UeB8AuLWZ2OXByHng0gVQiDqAz_NFCBjo8sDih4raDHbyZn5kKQbOqLq9aNYPSZdczstsSYr4XgIAAsXT_zlb-CbCHY5jIpARB47G9cmNQWLxlJqJkL4B8vlGLWc3yKDakXm2No-MR2cNzHAKnMFRu4s_YQGHd3jEmOs9ZlJvllJWwdwc8l99IJir44tSti5hfWTvgsO712G4o3IMdQQc1viJ8LvIThPsAOY7EjM-26aQI3OF-jpwoZgZyU0VQ_pAkX4be&lptoken=165f626738bb00cc7208
Pragma: no-cache
Set-Cookie: f5372333-1c5f-4112-a444-ec1448dcf4a0-v4=q96RPSTeQFv6NVGW29Qa13w5H7MUuwG9NouQgwVuXWA; Max-Age=86400; Expires=Tue, 06-Sep-2022 11:44:32 GMT; Domain=dratingmaject.com; Path=/; HttpOnly
cep-v4=rUwunR5NYmJ85w5GIa82XYfhwZufhrkq2JgkTfvKxFFNvu9u6KIMkJ1AesH29QvGDpyJu-oJK63y8lDmpqxXJnbJ3vgmdms04EJPYDJ81P40qYVWvD0lJEKVEXyUFSewizdPI3hoy2xv2IWqY5U6GWd3qj2uFaKSIYwXj-IA_6bpkRqlkxko7F9xBL1NFQYgbjMuqMPZ2gWDwUokLNMrBWuu9W4XSkqSLtVtZaRSaeyDeG4dWUWIlVOYOEymZaKfZYlk5qPpHKMCDYZSIoIJ0TCJN8txf4f7hk99pj9DapqMZG3bqpQS5gMYLAVmt3IMnKXwTUNu8FFax22Rx3G9AAR4fnd_TCN6nGYraa5Eyr9z0xmLcWS99K2F97Tj2R9-; Max-Age=86400; Expires=Tue, 06-Sep-2022 11:44:32 GMT; Domain=dratingmaject.com; Path=/; HttpOnly

firefox.settings.services.mozilla.com/v1/

143.204.55.35

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.35:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
91dd975a7b17b2922dd23c0e49314e40
57a2ece1e3cee7c4ebf927f2ba92f52cac395fe2
09966873bbf317f8910c59544cfde2a6d46e8acd2905797cc7c85c6b4d18ea8a

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Content-Type, Alert, Backoff, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Mon, 05 Sep 2022 10:44:47 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 6a757ab2991da716151f94ca00b38098.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 3AnTjmLDYqZlIrJhLcDbcOQkeufjjlsyGHn4qSF2h4vAIA5gi9RwHQ==
Age: 3586

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d931e0142ef5ffe9cdb4c4c6bfcb9bc9
d9c4caf525e8926b042a14f38d374cc4033ed768
f610984fb0a75b3a31424faa860cbc8172c7f21804df1dc14fbb685b7c456f29

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F610984FB0A75B3A31424FAA860CBC8172C7F21804DF1DC14FBB685B7C456F29"
Last-Modified: Sat, 03 Sep 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12099
Expires: Mon, 05 Sep 2022 15:06:12 GMT
Date: Mon, 05 Sep 2022 11:44:33 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain

143.204.55.110

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP
143.204.55.110:0
ASN
#16509 AMAZON-02

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Mon, 05 Sep 2022 01:15:19 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 9dd61138197a68f8d69f12574aab6930.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: JjC9Ax-urkA3yW1b_iycVvw2y73_50HLhT-AHabXSeutXS7YNLqi6w==
age: 37756
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 05 Sep 2022 11:44:33 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
a73c40e0fed317f31e35a24d5b5e2d0d
fb19e9d403e37956762ebb527260576860161872
4a38f2cc8997dada402e2cce06bbd8776cbad2075b00696d00efa59ad5388644

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Sep 2022 11:44:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.googleapis.com/css?family=Roboto:100,100italic,300,400,400italic,300italic,500,500italic,700,700italic

142.250.74.10

200 OK

1.4 kB

URL HTTP/2
fonts.googleapis.com/css?family=Roboto:100,100italic,300,400,400italic,300italic,500,500italic,700,700italic
IP
142.250.74.10:0
ASN
#15169 GOOGLE

File type
data
Size
1.4 kB (1382 bytes)
Hash
30aecc73f499fa2e84bac7c054e7f020
15289b168ac86dcad20629dd3b8a3d24b4d96d8e
b38484851e364e6ede59bbbd810b06e410b119258c156002b7a326020dc01f23

HTTP Headers

GET /css?family=Roboto:100,100italic,300,400,400italic,300italic,500,500italic,700,700italic HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://babesroulette.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 05 Sep 2022 11:44:33 GMT
date: Mon, 05 Sep 2022 11:44:33 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
a73c40e0fed317f31e35a24d5b5e2d0d
fb19e9d403e37956762ebb527260576860161872
4a38f2cc8997dada402e2cce06bbd8776cbad2075b00696d00efa59ad5388644

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Sep 2022 11:44:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
3958546039b436bd448017432b45c949
45aadab2339c0718b57200a1b2849073c04f08f5
903f9b9e0ccec46513fb56991790db64f79dd2548f6240c4905cf9f19bdaa783

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Sep 2022 11:44:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
3958546039b436bd448017432b45c949
45aadab2339c0718b57200a1b2849073c04f08f5
903f9b9e0ccec46513fb56991790db64f79dd2548f6240c4905cf9f19bdaa783

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Sep 2022 11:44:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
dd96e11718a7cf890dbaab9b8eb25e83
927c6d72d1b4b1171d10b234b417cfb96d9800ee
a7487b4826ee5e8d0b84193f5f686aa63294862a492e422111efd87a97c4f155

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A7487B4826EE5E8D0B84193F5F686AA63294862A492E422111EFD87A97C4F155"
Last-Modified: Sat, 03 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13322
Expires: Mon, 05 Sep 2022 15:26:35 GMT
Date: Mon, 05 Sep 2022 11:44:33 GMT
Connection: keep-alive

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

142.250.74.163

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://babesroulette.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 31 Aug 2022 19:34:08 GMT
expires: Thu, 31 Aug 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 403825
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

142.250.74.163

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://babesroulette.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 31 Aug 2022 19:34:08 GMT
expires: Thu, 31 Aug 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 403825
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
3958546039b436bd448017432b45c949
45aadab2339c0718b57200a1b2849073c04f08f5
903f9b9e0ccec46513fb56991790db64f79dd2548f6240c4905cf9f19bdaa783

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Sep 2022 11:44:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

dratingmaject.com/d/.js?lpref=&lpurl=https%3A%2F%2Fbabesroulette.com%2Flanders%2Flander18%2F%3Fclickid%3Dwmr09crlc1tejrqiiakeo586%26source%3Df5372333-1c5f-4112-a444-ec1448dcf4a0%26cep%3D95pEm7dRgYAYTY4Jf52U9s63KhEmWcg3x3aNRYhXDFz8qtXfsxfbrrPkBT5hAlkeK_S3fmW7cvdC6j8pUh7fef1LRDDc6lNMt3bI5QI2Sl-6WrLUaWZbJmNKH1UeB8AuLWZ2OXByHng0gVQiDqAz_NFCBjo8sDih4raDHbyZn5kKQbOqLq9aNYPSZdczstsSYr4XgIAAsXT_zlb-CbCHY5jIpARB47G9cmNQWLxlJqJkL4B8vlGLWc3yKDakXm2No-MR2cNzHAKnMFRu4s_YQGHd3jEmOs9ZlJvllJWwdwc8l99IJir44tSti5hfWTvgsO712G4o3IMdQQc1viJ8LvIThPsAOY7EjM-26aQI3OF-jpwoZgZyU0VQ_pAkX4be%26lptoken%3D165f626738bb00cc7208&lpt=Title%20here&t=1662378269481

18.195.149.11

200 OK

3.0 kB

URL HTTP/2
dratingmaject.com/d/.js?lpref=&lpurl=https%3A%2F%2Fbabesroulette.com%2Flanders%2Flander18%2F%3Fclickid%3Dwmr09crlc1tejrqiiakeo586%26source%3Df5372333-1c5f-4112-a444-ec1448dcf4a0%26cep%3D95pEm7dRgYAYTY4Jf52U9s63KhEmWcg3x3aNRYhXDFz8qtXfsxfbrrPkBT5hAlkeK_S3fmW7cvdC6j8pUh7fef1LRDDc6lNMt3bI5QI2Sl-6WrLUaWZbJmNKH1UeB8AuLWZ2OXByHng0gVQiDqAz_NFCBjo8sDih4raDHbyZn5kKQbOqLq9aNYPSZdczstsSYr4XgIAAsXT_zlb-CbCHY5jIpARB47G9cmNQWLxlJqJkL4B8vlGLWc3yKDakXm2No-MR2cNzHAKnMFRu4s_YQGHd3jEmOs9ZlJvllJWwdwc8l99IJir44tSti5hfWTvgsO712G4o3IMdQQc1viJ8LvIThPsAOY7EjM-26aQI3OF-jpwoZgZyU0VQ_pAkX4be%26lptoken%3D165f626738bb00cc7208&lpt=Title%20here&t=1662378269481
IP
18.195.149.11:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (961)
Size
3.0 kB (2989 bytes)
Hash
2e50e47381f4e1da622364692eb1de55
324c0fce03ef052c11a95b8ab7310df6a96c8ae7
22d1764693f5364276ee0a81b42f38f614f24580436a754a4e43ccb7e1eac617

HTTP Headers

GET /d/.js?lpref=&lpurl=https%3A%2F%2Fbabesroulette.com%2Flanders%2Flander18%2F%3Fclickid%3Dwmr09crlc1tejrqiiakeo586%26source%3Df5372333-1c5f-4112-a444-ec1448dcf4a0%26cep%3D95pEm7dRgYAYTY4Jf52U9s63KhEmWcg3x3aNRYhXDFz8qtXfsxfbrrPkBT5hAlkeK_S3fmW7cvdC6j8pUh7fef1LRDDc6lNMt3bI5QI2Sl-6WrLUaWZbJmNKH1UeB8AuLWZ2OXByHng0gVQiDqAz_NFCBjo8sDih4raDHbyZn5kKQbOqLq9aNYPSZdczstsSYr4XgIAAsXT_zlb-CbCHY5jIpARB47G9cmNQWLxlJqJkL4B8vlGLWc3yKDakXm2No-MR2cNzHAKnMFRu4s_YQGHd3jEmOs9ZlJvllJWwdwc8l99IJir44tSti5hfWTvgsO712G4o3IMdQQc1viJ8LvIThPsAOY7EjM-26aQI3OF-jpwoZgZyU0VQ_pAkX4be%26lptoken%3D165f626738bb00cc7208&lpt=Title%20here&t=1662378269481 HTTP/1.1
Host: dratingmaject.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://babesroulette.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 05 Sep 2022 11:44:33 GMT
content-type: application/javascript;charset=UTF-8
content-length: 2989
access-control-allow-origin: *
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
b57a9dd04797bf34612c80361f1dffb3
56573166d8b9cd9b8dae19fd905e4f3293af306b
b03552109f1e7d1e482aa14614ffb1e38fb53ae4951152aab307b927674dad98

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1574
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 05 Sep 2022 11:44:33 GMT
Last-Modified: Mon, 05 Sep 2022 11:18:19 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471

deefauph.com/zone?&pub=0&zone_id=4740019&is_mobile=false&domain=babesroulette.com&var=f5372333-1c5f-4112-a444-ec1448dcf4a0&ymid=wmr09crlc1tejrqiiakeo586&var_3=&dsig=&action=prerequest

139.45.197.251

200 OK

110 B

URL HTTP/2
deefauph.com/zone?&pub=0&zone_id=4740019&is_mobile=false&domain=babesroulette.com&var=f5372333-1c5f-4112-a444-ec1448dcf4a0&ymid=wmr09crlc1tejrqiiakeo586&var_3=&dsig=&action=prerequest
IP
139.45.197.251:0
ASN
#9002 RETN Limited

File type
data
Size
110 B (110 bytes)
Hash
0d85f6b24105b7e5af176966bfff4eff
996d6da05fe3d2205527d8417f97646e907222af
46b7326c7351d42dbc0bb31fe2942a7f29b4fe71d743e8cf3485e9ce525e39ce

HTTP Headers

POST /zone?&pub=0&zone_id=4740019&is_mobile=false&domain=babesroulette.com&var=f5372333-1c5f-4112-a444-ec1448dcf4a0&ymid=wmr09crlc1tejrqiiakeo586&var_3=&dsig=&action=prerequest HTTP/1.1
Host: deefauph.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://babesroulette.com
Connection: keep-alive
Referer: https://babesroulette.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Sep 2022 11:44:34 GMT
content-length: 0
x-trace-id: cc3d796ecf42972c181179d8a0ce973f
access-control-allow-origin: https://babesroulette.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

deefauph.com/zone?&pub=0&zone_id=4740019&is_mobile=false&domain=babesroulette.com&var=f5372333-1c5f-4112-a444-ec1448dcf4a0&ymid=wmr09crlc1tejrqiiakeo586&var_3=&dsig=&action=settings

139.45.197.251

200 OK

693 B

URL HTTP/2
deefauph.com/zone?&pub=0&zone_id=4740019&is_mobile=false&domain=babesroulette.com&var=f5372333-1c5f-4112-a444-ec1448dcf4a0&ymid=wmr09crlc1tejrqiiakeo586&var_3=&dsig=&action=settings
IP
139.45.197.251:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text, with very long lines (692)
Size
693 B (693 bytes)
Hash
557683d491fb7c28d0ae3408cd19988f
ce818311d63933916109997fbfb82d007b15d1dc
2cee7494ea8240d1ede88281de219194704c6e27b1119f7cc3872376822e4d1c

HTTP Headers

GET /zone?&pub=0&zone_id=4740019&is_mobile=false&domain=babesroulette.com&var=f5372333-1c5f-4112-a444-ec1448dcf4a0&ymid=wmr09crlc1tejrqiiakeo586&var_3=&dsig=&action=settings HTTP/1.1
Host: deefauph.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://babesroulette.com/
Origin: https://babesroulette.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Sep 2022 11:44:34 GMT
content-type: application/json; charset=utf-8
content-length: 693
x-trace-id: 5fae63d8b79dfb67a89a4e2e41cd0a58
access-control-allow-origin: https://babesroulette.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

ocsp.sectigo.com/

104.18.32.68

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
912f9a32166cf6d4e458969545df501d
6cecdd7246361b80f2464910ba31ee1f4381ee7d
58d632863a6aab3b308ad380f47595e74120f4495f48e83e89647e4f42533fa3

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 05 Sep 2022 11:44:34 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 05 Sep 2022 06:25:21 GMT
Expires: Mon, 12 Sep 2022 06:25:20 GMT
Etag: "6cecdd7246361b80f2464910ba31ee1f4381ee7d"
Cache-Control: max-age=585045,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 745eb6b58fc0b51e-OSL

push.services.mozilla.com/

44.238.3.246

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
44.238.3.246:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: UUc7tnvo0PCtYB375Kw3tA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: XhjJKrt9C7KvY5IcfQDg53tJ8Jg=

my.rtmark.net/gid.js?pub=0&userId=&zoneId=4740019&checkDuplicate=true&ymid=wmr09crlc1tejrqiiakeo586&var=f5372333-1c5f-4112-a444-ec1448dcf4a0

139.45.195.8

200 OK

65 B

URL HTTP/2
my.rtmark.net/gid.js?pub=0&userId=&zoneId=4740019&checkDuplicate=true&ymid=wmr09crlc1tejrqiiakeo586&var=f5372333-1c5f-4112-a444-ec1448dcf4a0
IP
139.45.195.8:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text
Size
65 B (65 bytes)
Hash
418598dc361a5000fb212475fd0c814d
dcdeb57b92853df3c9304059e233542a433c69a8
0d1aa6a03e111695a71865f17d86b35d99e2bb5b710db08f0f3a45564ffc8e30

HTTP Headers

GET /gid.js?pub=0&userId=&zoneId=4740019&checkDuplicate=true&ymid=wmr09crlc1tejrqiiakeo586&var=f5372333-1c5f-4112-a444-ec1448dcf4a0 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://babesroulette.com/
Origin: https://babesroulette.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 05 Sep 2022 11:44:34 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://babesroulette.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=ab758bbd58264442a485956062b8463f; expires=Tue, 05 Sep 2023 11:44:34 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b15f3f14bd92b7a544ec2347e6810c7b
dd55fd8396d796082edabb5ab6e2d7fb3b51b731
87c27c4b0288f31faa405ba5247767d1f299938551bd284212ee487dbb0deb63

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5904
Expires: Mon, 05 Sep 2022 13:22:59 GMT
Date: Mon, 05 Sep 2022 11:44:35 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b15f3f14bd92b7a544ec2347e6810c7b
dd55fd8396d796082edabb5ab6e2d7fb3b51b731
87c27c4b0288f31faa405ba5247767d1f299938551bd284212ee487dbb0deb63

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5904
Expires: Mon, 05 Sep 2022 13:22:59 GMT
Date: Mon, 05 Sep 2022 11:44:35 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b15f3f14bd92b7a544ec2347e6810c7b
dd55fd8396d796082edabb5ab6e2d7fb3b51b731
87c27c4b0288f31faa405ba5247767d1f299938551bd284212ee487dbb0deb63

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5904
Expires: Mon, 05 Sep 2022 13:22:59 GMT
Date: Mon, 05 Sep 2022 11:44:35 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F13d7f0db-89d6-4166-b182-85e35e518df9.jpeg

34.120.237.76

200 OK

8.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F13d7f0db-89d6-4166-b182-85e35e518df9.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.5 kB (8469 bytes)
Hash
30bf854fd3e27e2313a3d26fc43b9990
032acf1bfb0c8e2cbce8f2ff4d2964424b044951
7641be64dd25487edf4f845d1fbb0b07daa80fa8fb58863dd09081d9d169bd13

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F13d7f0db-89d6-4166-b182-85e35e518df9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8469
x-amzn-requestid: de0e8998-4a52-4651-bcd6-3068c50193b6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X9Ey2Eq4oAMFZlQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63151b45-15da44d87bf486cb1738fe18;Sampled=0
x-amzn-remapped-date: Sun, 04 Sep 2022 21:40:21 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: GuATNx2xnWnEl0cr_2ZWZo_jOWbHlSBYksIeHFDoHAK9o5Tf0PPliQ==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Sep 2022 22:03:29 GMT
etag: "032acf1bfb0c8e2cbce8f2ff4d2964424b044951"
content-type: image/jpeg
age: 49266
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F022243d2-ac74-4a81-b31f-104b203bf550.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.5 kB (5459 bytes)
Hash
7fe061740ad833cfe7ff0fe078d6810d
15d0fc3fdced758b5797361bae0fd53341e0581d
5409b6775bca5afd03901975c61c27f267efe2c8a8e739f05ebc52a938c5a368

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F022243d2-ac74-4a81-b31f-104b203bf550.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5459
x-amzn-requestid: a75bf8a5-dc96-4a88-9de5-b79d1d62ff21
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XxB_bFMFoAMFkEg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631049fc-2685c90962d8af5f4a7b5908;Sampled=0
x-amzn-remapped-date: Thu, 01 Sep 2022 05:58:20 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: rZh0s85w1Nt6qZdZybNBcQHEXMWQIJvtAyCbF4oWsYUOlIKuNS5Fpg==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Sep 2022 22:38:48 GMT
age: 47147
etag: "15d0fc3fdced758b5797361bae0fd53341e0581d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfc2d378-c53c-424f-a82f-55ed32313f68.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.7 kB (8678 bytes)
Hash
f66d31b81d9fc88126f29d021a4e9274
27a8f7e44f69ad5feeec7ce6c64e9b2d552c2fe7
5769765bb634ce5e9f6c40bfb85e09b61ac6fe6d0e20c249e4f88e6fce6034f6

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfc2d378-c53c-424f-a82f-55ed32313f68.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8678
x-amzn-requestid: 309a861d-31c1-4782-be91-aa3956e72c5c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X9Ey3HujIAMFybQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63151b45-0d21ac553e964f31183018e7;Sampled=0
x-amzn-remapped-date: Sun, 04 Sep 2022 21:40:21 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: CLDQW6hpGXAJlTk8AEBZyAwJ0msoRFnDszGTBqM-tyWnvqHwKrsCqQ==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 5954c6394458ffb44c970b3819d7ff2a.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Sep 2022 21:46:20 GMT
age: 50295
etag: "27a8f7e44f69ad5feeec7ce6c64e9b2d552c2fe7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5b72072c-e8d1-4d87-8b3d-88a344002b6a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.6 kB (9632 bytes)
Hash
3fa914e288ca54908967c65ae6000607
b470ee66546236df6932247b8de7982a081e3170
04dc2796377fdd129e03e1a1902207ba57f23933f4296908794097353f2de13f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5b72072c-e8d1-4d87-8b3d-88a344002b6a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9632
x-amzn-requestid: aee8c394-86b7-4b7e-8a1b-134b4de8454f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XnTxZF0rIAMFodg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630c666f-2f2a9e20556d8899447fc662;Sampled=0
x-amzn-remapped-date: Mon, 29 Aug 2022 07:10:39 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 77bXbuBtQ1AUHqlplB8HwTfSd83WZTTsmHsN2hZiTk83XvP5Bdpfhg==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 02d90bf99fd6253b329a53c82f19e224.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Sep 2022 19:05:29 GMT
age: 59946
etag: "b470ee66546236df6932247b8de7982a081e3170"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff1be72d8-944d-4a7e-9b1e-ad82d49d9cf3.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11654 bytes)
Hash
236f57d73839def5d9ddd1b993394bac
a32ddb91fce6c75ee39530117afcf31d6c6eea94
5c4eab322f6c6a7462a4350dde8d32fc321e6d026e72c0bdb282a56da72c9664

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff1be72d8-944d-4a7e-9b1e-ad82d49d9cf3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11654
x-amzn-requestid: 7dec27e0-0959-435b-b155-6afeb503dac9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XxJUJGf-oAMFZNQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631055b3-15838b603291931a4d236ff2;Sampled=0
x-amzn-remapped-date: Thu, 01 Sep 2022 06:48:20 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: wWaGFAA7vsAS2zhpSM0Cy5CueNSI8s-cS8sTOWUZGdy-AW2vhbNrBA==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Sep 2022 19:05:28 GMT
age: 59947
etag: "a32ddb91fce6c75ee39530117afcf31d6c6eea94"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F69b1e092-41e6-4f1e-b330-193f7dd11afc.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.8 kB (7830 bytes)
Hash
290f6551c5ac539ea60810b135750f17
3633391a8dd87ef10fcb0d04d7b309738affc4a7
d94d133faaf232cf15b5c3f38f5b45d87d70bce0668d607b5c66a8d3f836540f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F69b1e092-41e6-4f1e-b330-193f7dd11afc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7830
x-amzn-requestid: c56af3b5-2c48-4243-b220-d56a9be47990
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X9Ey3H4JoAMFiMg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63151b45-23ec24d867e3e5906fffa1a6;Sampled=0
x-amzn-remapped-date: Sun, 04 Sep 2022 21:40:21 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: VgP7BDBmd5A5bAmRgO88geep419uZ0TQop4jEmRkx-q9rX4PUJZOCQ==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Sep 2022 22:16:55 GMT
age: 48460
etag: "3633391a8dd87ef10fcb0d04d7b309738affc4a7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4bd909ca-6c46-4b8b-a2f5-4d5470335397.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.4 kB (7358 bytes)
Hash
e4d6973685c96423469bad0cdf87aef3
9c00f2f5c3677908c2bdd8c1272d50d113672a88
f0fccb7a9c7bd00777e74b67ef248b1d9596ccaeb40b24c3451f4a65d0079968

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4bd909ca-6c46-4b8b-a2f5-4d5470335397.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-length: 7358
x-amzn-requestid: d925ec69-0baa-4dc0-912c-ab4d0e86ffac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X9Ey3GRfIAMFmyQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63151b45-041f82c20184278e2bfaad12;Sampled=0
x-amzn-remapped-date: Sun, 04 Sep 2022 21:40:21 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: FjgrWe3PbQeEjqtBdrv4qZYxS-dsxh3ia9K5cxPxLq8pImfznoXFpQ==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Sep 2022 22:13:34 GMT
age: 48668
etag: "9c00f2f5c3677908c2bdd8c1272d50d113672a88"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

babesroulette.com/landers/lander18/?clickid=wmr09crlc1tejrqiiakeo586&source=f5372333-1c5f-4112-a444-ec1448dcf4a0&cep=95pEm7dRgYAYTY4Jf52U9s63KhEmWcg3x3aNRYhXDFz8qtXfsxfbrrPkBT5hAlkeK_S3fmW7cvdC6j8pUh7fef1LRDDc6lNMt3bI5QI2Sl-6WrLUaWZbJmNKH1UeB8AuLWZ2OXByHng0gVQiDqAz_NFCBjo8sDih4raDHbyZn5kKQbOqLq9aNYPSZdczstsSYr4XgIAAsXT_zlb-CbCHY5jIpARB47G9cmNQWLxlJqJkL4B8vlGLWc3yKDakXm2No-MR2cNzHAKnMFRu4s_YQGHd3jEmOs9ZlJvllJWwdwc8l99IJir44tSti5hfWTvgsO712G4o3IMdQQc1viJ8LvIThPsAOY7EjM-26aQI3OF-jpwoZgZyU0VQ_pAkX4be&lptoken=165f626738bb00cc7208

104.21.72.186

200 OK

0 B

URL HTTP/2
babesroulette.com/landers/lander18/?clickid=wmr09crlc1tejrqiiakeo586&source=f5372333-1c5f-4112-a444-ec1448dcf4a0&cep=95pEm7dRgYAYTY4Jf52U9s63KhEmWcg3x3aNRYhXDFz8qtXfsxfbrrPkBT5hAlkeK_S3fmW7cvdC6j8pUh7fef1LRDDc6lNMt3bI5QI2Sl-6WrLUaWZbJmNKH1UeB8AuLWZ2OXByHng0gVQiDqAz_NFCBjo8sDih4raDHbyZn5kKQbOqLq9aNYPSZdczstsSYr4XgIAAsXT_zlb-CbCHY5jIpARB47G9cmNQWLxlJqJkL4B8vlGLWc3yKDakXm2No-MR2cNzHAKnMFRu4s_YQGHd3jEmOs9ZlJvllJWwdwc8l99IJir44tSti5hfWTvgsO712G4o3IMdQQc1viJ8LvIThPsAOY7EjM-26aQI3OF-jpwoZgZyU0VQ_pAkX4be&lptoken=165f626738bb00cc7208
IP
104.21.72.186:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /landers/lander18/?clickid=wmr09crlc1tejrqiiakeo586&source=f5372333-1c5f-4112-a444-ec1448dcf4a0&cep=95pEm7dRgYAYTY4Jf52U9s63KhEmWcg3x3aNRYhXDFz8qtXfsxfbrrPkBT5hAlkeK_S3fmW7cvdC6j8pUh7fef1LRDDc6lNMt3bI5QI2Sl-6WrLUaWZbJmNKH1UeB8AuLWZ2OXByHng0gVQiDqAz_NFCBjo8sDih4raDHbyZn5kKQbOqLq9aNYPSZdczstsSYr4XgIAAsXT_zlb-CbCHY5jIpARB47G9cmNQWLxlJqJkL4B8vlGLWc3yKDakXm2No-MR2cNzHAKnMFRu4s_YQGHd3jEmOs9ZlJvllJWwdwc8l99IJir44tSti5hfWTvgsO712G4o3IMdQQc1viJ8LvIThPsAOY7EjM-26aQI3OF-jpwoZgZyU0VQ_pAkX4be&lptoken=165f626738bb00cc7208 HTTP/1.1
Host: babesroulette.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
date: Mon, 05 Sep 2022 11:44:33 GMT
content-type: text/html
last-modified: Thu, 25 Aug 2022 23:06:49 GMT
x-powered-by: PleskLin
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9jN%2BBGv7l8bY7BX%2FEyEZysFkXK2Ki4RK%2Bo5E3yJyhEKYrldd%2FpRIcZfIpTv08CpRze%2FMYWw58%2BCBjnF1UH8p6hJkLXgy%2BXRiJGpbpRbqM2Ks2wFka7oPSf5iw71rLyeqTBPRuA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 745eb6af9d43b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

deefauph.com/pfe/current/micro.tag.min.js?z=4740019&ymid=wmr09crlc1tejrqiiakeo586&var=f5372333-1c5f-4112-a444-ec1448dcf4a0&sw=/sw-check-permissions-2e801.js

139.45.197.251

200 OK

0 B

URL HTTP/2
deefauph.com/pfe/current/micro.tag.min.js?z=4740019&ymid=wmr09crlc1tejrqiiakeo586&var=f5372333-1c5f-4112-a444-ec1448dcf4a0&sw=/sw-check-permissions-2e801.js
IP
139.45.197.251:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /pfe/current/micro.tag.min.js?z=4740019&ymid=wmr09crlc1tejrqiiakeo586&var=f5372333-1c5f-4112-a444-ec1448dcf4a0&sw=/sw-check-permissions-2e801.js HTTP/1.1
Host: deefauph.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://babesroulette.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 05 Sep 2022 11:44:33 GMT
content-type: application/javascript
last-modified: Mon, 22 Aug 2022 12:18:11 GMT
etag: W/"63037403-1a25a"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (6)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

HTTP Transactions (33)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP