Report - ptproz.com/

Report Overview

Submitted URL
ptproz.com/
IP
216.219.81.101
ASN
#19318 IS-AS-1
Submitted
2022-10-25 07:39:12
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-10T05:10:00Z	321 B	229 B	34.117.237.239
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-10T05:11:10Z	2.3 kB	4.9 kB	142.250.74.3
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-10T05:10:02Z	594 B	127 B	54.187.102.159
bilqi-omv.com	unknown	2022-10-17T15:55:17Z	2022-12-22T22:34:10Z	1.5 kB	4.4 kB	34.239.209.41
www.googletagmanager.com	75	2013-05-22T04:07:37Z	2023-03-10T10:58:09Z	380 B	50 kB	142.250.74.168
ptproz.com	unknown	2020-11-13T01:19:38Z	2022-12-11T09:40:44Z	330 B	302 B	216.219.81.101
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-10T05:10:00Z	758 B	2.8 kB	143.204.55.35
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-10T13:49:44Z	658 B	1.4 kB	93.184.220.29
ocsp.sca1b.amazontrust.com	1015	2017-03-03T16:20:51Z	2019-03-27T05:05:54Z	676 B	2.0 kB	54.230.245.110
cdn3reference.com	unknown	2022-03-18T04:16:13Z	2023-03-09T14:57:35Z	2.9 kB	1.0 MB	54.230.111.43
cdnjs.cloudflare.com	235	2015-04-17T22:46:33Z	2023-03-10T08:04:05Z	387 B	15 kB	104.17.24.14
fonts.gstatic.com	unknown	2014-09-09T02:40:21Z	2023-03-10T13:37:03Z	1.9 kB	64 kB	216.58.207.195
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-10T05:09:10Z	2.3 kB	6.2 kB	23.36.77.32
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-10T05:12:35Z	401 B	5.8 kB	34.160.144.191
cartining-specute.com	unknown	2021-02-01T00:37:43Z	2023-03-10T05:40:38Z	833 B	743 B	18.197.36.77
fonts.googleapis.com	8877	2013-06-10T22:14:26Z	2023-03-10T12:25:49Z	801 B	3.1 kB	142.250.74.10
retarget2core.com	86164	2021-10-14T09:26:59Z	2023-03-09T14:57:35Z	923 B	979 B	18.185.204.76
newaidvalue.com	unknown			1.4 kB	1.5 kB	81.171.22.6
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-10T05:10:04Z	3.2 kB	61 kB	34.120.237.76
bustygirls4u.com	821036	2021-04-23T21:00:54Z	2023-03-09T13:41:37Z	6.2 kB	6.4 kB	3.126.64.74

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-10-25	medium	newaidvalue.com/	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (19)

	URL	Size	First Seen	Last Seen
	newaidvalue.com/	367 B	2023-03-10	2023-03-10
Pretty URL newaidvalue.com/ IP 81.171.22.6 ASN #60781 LeaseWeb Netherlands B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 14:44:58 Last Seen2023-03-10 14:44:58 Times Seen1 Hash ed5c883cce8be3620e15c39dee06bd6d 85aa2ccea4e5a7878ed89fa606524d8b1ee622f2 22eb3682bf298939e0fc94c9b736c43987946d1a0cb12b532b54d66bbe309218 Loading...

	bilqi-omv.com/zcvisitor/1820add2-5438-11ed-b31c-12b1aee382d1/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=62c492c0-3b47-11ed-a49b-0a918cbcbb97	747 B	2023-03-10	2023-03-10
Pretty URL bilqi-omv.com/zcvisitor/1820add2-5438-11ed-b31c-12b1aee382d1/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=62c492c0-3b47-11ed-a49b-0a918cbcbb97 IP 34.239.209.41 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 14:44:58 Last Seen2023-03-10 14:44:58 Times Seen1 Hash 43437a28ed04624c4a3ae6d0d61ae4b0 b9686ce8d8ab7474d586f3599b484d595872054a bc7d06408487970d00e5487c6331269b3cb1f653199968f1c7de2a804585b380 Loading...

	cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js	48 kB	2023-03-07	2024-04-25
Pretty URL cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:31:53 Last Seen2024-04-25 09:12:40 Times Seen45974 Hash 2ca03ad87885ab983541092b87adb299 1a17f60bf776a8c468a185c1e8e985c41a50dc27 8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762 Loading...

	bustygirls4u.com/ufis/main.js?ippContent=null&wpContent=null&pwaContent=null&doc_location=https%3A%2F%2Fbustygirls4u.com%2Fjump%3Ftds_host%3Dbustygirls4u.com%26s1%3Dps%26data2%3Dw1mf5rf7q2aon70ki5jvgu18%26_tgUrl%3DaHR0cHM6Ly9idXN0eWdpcmxzNHUuY29tL3Rkcy9hZS90Zy9zLzdmZDljODVhZWM3MWVmNWNjNmI4NmFlYTBhMGE4OGQxP19fdD0xNjY2NjgzNTQzNTEzJl9fbD0zNjAw%26utm_campaign%3D497f5345%26id%3D24402%26tds_rt%3D%26tds_campaign%3Db1727pos%26tds_cid%3Da8ab3a61830abcc58cff3fcb760ea0b6f8c80d0f%26utm_source%3Dint%26tds_id%3Db1727pos_jump_a_1598613018653%26tds_oid%3D24402%26dci%3D007e3e6181db666ec9872a558f72767d81c39877%26tds_ac_id%3Ds8655tok%26tds_ao%3D1%26s3%3Dw1mf5rf7q2aon70ki5jvgu18%26utm_content%3D&uaDataValues={}	199 B	2023-03-08	2024-04-24
Pretty URL bustygirls4u.com/ufis/main.js?ippContent=null&wpContent=null&pwaContent=null&doc_location=https%3A%2F%2Fbustygirls4u.com%2Fjump%3Ftds_host%3Dbustygirls4u.com%26s1%3Dps%26data2%3Dw1mf5rf7q2aon70ki5jvgu18%26_tgUrl%3DaHR0cHM6Ly9idXN0eWdpcmxzNHUuY29tL3Rkcy9hZS90Zy9zLzdmZDljODVhZWM3MWVmNWNjNmI4NmFlYTBhMGE4OGQxP19fdD0xNjY2NjgzNTQzNTEzJl9fbD0zNjAw%26utm_campaign%3D497f5345%26id%3D24402%26tds_rt%3D%26tds_campaign%3Db1727pos%26tds_cid%3Da8ab3a61830abcc58cff3fcb760ea0b6f8c80d0f%26utm_source%3Dint%26tds_id%3Db1727pos_jump_a_1598613018653%26tds_oid%3D24402%26dci%3D007e3e6181db666ec9872a558f72767d81c39877%26tds_ac_id%3Ds8655tok%26tds_ao%3D1%26s3%3Dw1mf5rf7q2aon70ki5jvgu18%26utm_content%3D&uaDataValues={} IP 3.126.64.74 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:49:12 Last Seen2024-04-24 09:26:55 Times Seen202 Hash cd4ae55f3af545b5863f65b73a6a7b80 a85fca461d97f90eaf52246b95974eeabba27c20 ae4475effcb2e8533194b150ee30b2472c1cb7498b2c83a764718d962deaa84f Loading...

	www.googletagmanager.com/gtm.js?id=GTM-KMSJRW&l=adsLayer	132 kB	2023-03-10	2023-03-10
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-KMSJRW&l=adsLayer IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 14:44:59 Last Seen2023-03-10 14:44:59 Times Seen1 Hash 80efc61b73c37b44c9e4692a3ce3545f acbc40183fd14f438949667a161c3143c8350731 8ef3e298b8a60e1bdf88c426bc0bf11bc7b92c6d1afddcf8d9d51019f5323a01 Loading...

	bustygirls4u.com/jump?tds_host=bustygirls4u.com&s1=ps&data2=w1mf5rf7q2aon70ki5jvgu18&_tgUrl=aHR0cHM6Ly9idXN0eWdpcmxzNHUuY29tL3Rkcy9hZS90Zy9zLzdmZDljODVhZWM3MWVmNWNjNmI4NmFlYTBhMGE4OGQxP19fdD0xNjY2NjgzNTQzNTEzJl9fbD0zNjAw&utm_campaign=497f5345&id=24402&tds_rt=&tds_campaign=b1727pos&tds_cid=a8ab3a61830abcc58cff3fcb760ea0b6f8c80d0f&utm_source=int&tds_id=b1727pos_jump_a_1598613018653&tds_oid=24402&dci=007e3e6181db666ec9872a558f72767d81c39877&tds_ac_id=s8655tok&tds_ao=1&s3=w1mf5rf7q2aon70ki5jvgu18&utm_content=	446 B	2023-03-10	2023-03-10
Pretty URL bustygirls4u.com/jump?tds_host=bustygirls4u.com&s1=ps&data2=w1mf5rf7q2aon70ki5jvgu18&_tgUrl=aHR0cHM6Ly9idXN0eWdpcmxzNHUuY29tL3Rkcy9hZS90Zy9zLzdmZDljODVhZWM3MWVmNWNjNmI4NmFlYTBhMGE4OGQxP19fdD0xNjY2NjgzNTQzNTEzJl9fbD0zNjAw&utm_campaign=497f5345&id=24402&tds_rt=&tds_campaign=b1727pos&tds_cid=a8ab3a61830abcc58cff3fcb760ea0b6f8c80d0f&utm_source=int&tds_id=b1727pos_jump_a_1598613018653&tds_oid=24402&dci=007e3e6181db666ec9872a558f72767d81c39877&tds_ac_id=s8655tok&tds_ao=1&s3=w1mf5rf7q2aon70ki5jvgu18&utm_content= IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 14:44:59 Last Seen2023-03-10 14:44:59 Times Seen1 Hash ca5444619eb5c72fd99a90ca3888fee5 f0b5ce6445e23e48d4f882c2efaf5d815344d3ef 9b4fe7a1a3300a59ffc0c943457370bbee71e88865eaacc1ee38ad89572c6de8 Loading...

	bustygirls4u.com/jump?tds_host=bustygirls4u.com&s1=ps&data2=w1mf5rf7q2aon70ki5jvgu18&_tgUrl=aHR0cHM6Ly9idXN0eWdpcmxzNHUuY29tL3Rkcy9hZS90Zy9zLzdmZDljODVhZWM3MWVmNWNjNmI4NmFlYTBhMGE4OGQxP19fdD0xNjY2NjgzNTQzNTEzJl9fbD0zNjAw&utm_campaign=497f5345&id=24402&tds_rt=&tds_campaign=b1727pos&tds_cid=a8ab3a61830abcc58cff3fcb760ea0b6f8c80d0f&utm_source=int&tds_id=b1727pos_jump_a_1598613018653&tds_oid=24402&dci=007e3e6181db666ec9872a558f72767d81c39877&tds_ac_id=s8655tok&tds_ao=1&s3=w1mf5rf7q2aon70ki5jvgu18&utm_content=	522 B	2023-03-07	2023-04-05
Pretty URL bustygirls4u.com/jump?tds_host=bustygirls4u.com&s1=ps&data2=w1mf5rf7q2aon70ki5jvgu18&_tgUrl=aHR0cHM6Ly9idXN0eWdpcmxzNHUuY29tL3Rkcy9hZS90Zy9zLzdmZDljODVhZWM3MWVmNWNjNmI4NmFlYTBhMGE4OGQxP19fdD0xNjY2NjgzNTQzNTEzJl9fbD0zNjAw&utm_campaign=497f5345&id=24402&tds_rt=&tds_campaign=b1727pos&tds_cid=a8ab3a61830abcc58cff3fcb760ea0b6f8c80d0f&utm_source=int&tds_id=b1727pos_jump_a_1598613018653&tds_oid=24402&dci=007e3e6181db666ec9872a558f72767d81c39877&tds_ac_id=s8655tok&tds_ao=1&s3=w1mf5rf7q2aon70ki5jvgu18&utm_content= IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:10:46 Last Seen2023-04-05 01:48:41 Times Seen13 Hash 48e0ad9290ec0a3b6617a0ca76df0c6b 68f9154a03c5c339a330aa52d65bade74dfcbec7 7f3bfd860b6876e4c728d82f8ac7eab9e9150068c90c68aef4faec0f1da901fc Loading...

	bustygirls4u.com/integration.js	1.8 kB	2023-03-07	2023-03-10
Pretty URL bustygirls4u.com/integration.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:10:46 Last Seen2023-03-10 18:41:17 Times Seen1 Hash a0b8d8ca7bf4e7e27dad3c6debb2b03e 045a9bd9d4d796aa091853cbe9e08ee999fa380a 3666071e459401713631ae32dc7eca89ff8b877db35023832c3baa813035a9d8 Loading...

	bustygirls4u.com/bridge/ao_loader.js	836 B	2023-03-08	2023-03-17
Pretty URL bustygirls4u.com/bridge/ao_loader.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:00:33 Last Seen2023-03-17 23:34:04 Times Seen1 Hash 9c129816fdafb5e9525563ba64018bd7 79dfb5a385a3583a597716ac4b1e1649e9b9994d 43d06cd88d872d0f1ab73eda7cf55805382dfd0d56bb90aad3398c72a5bb4acf Loading...

	retarget2core.com/fp/fp_ec.js	1.2 kB	2023-03-07	2023-03-29
Pretty URL retarget2core.com/fp/fp_ec.js IP 18.185.204.76 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:31:53 Last Seen2023-03-29 23:19:33 Times Seen17 Hash 6faaf5b255433abc88fbe4a547ac7784 c60ab4a050864bbd815922e5abade6d5af4333a6 7eda108904da9c98eeeeab666426197e6738b78dfd103a653897d14366e2cd20 Loading...

	bustygirls4u.com/bridge/intg.js?v=8	317 B	2023-03-08	2023-03-17
Pretty URL bustygirls4u.com/bridge/intg.js?v=8 IP 3.126.64.74 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 05:30:48 Last Seen2023-03-17 23:34:04 Times Seen1 Hash d9bd6d4fe07232e0fcae03c7e68d4e81 4a7e1c2e8cc35c2ff31c71175095f4b1a2b8c17b 0ad2eb2d6a74f3d18026ab24c088ca7c561a742fd870e44045db9d823ac0a3c6 Loading...

	bustygirls4u.com/jump?tds_host=bustygirls4u.com&s1=ps&data2=w1mf5rf7q2aon70ki5jvgu18&_tgUrl=aHR0cHM6Ly9idXN0eWdpcmxzNHUuY29tL3Rkcy9hZS90Zy9zLzdmZDljODVhZWM3MWVmNWNjNmI4NmFlYTBhMGE4OGQxP19fdD0xNjY2NjgzNTQzNTEzJl9fbD0zNjAw&utm_campaign=497f5345&id=24402&tds_rt=&tds_campaign=b1727pos&tds_cid=a8ab3a61830abcc58cff3fcb760ea0b6f8c80d0f&utm_source=int&tds_id=b1727pos_jump_a_1598613018653&tds_oid=24402&dci=007e3e6181db666ec9872a558f72767d81c39877&tds_ac_id=s8655tok&tds_ao=1&s3=w1mf5rf7q2aon70ki5jvgu18&utm_content=	405 B	2023-03-07	2023-04-05
Pretty URL bustygirls4u.com/jump?tds_host=bustygirls4u.com&s1=ps&data2=w1mf5rf7q2aon70ki5jvgu18&_tgUrl=aHR0cHM6Ly9idXN0eWdpcmxzNHUuY29tL3Rkcy9hZS90Zy9zLzdmZDljODVhZWM3MWVmNWNjNmI4NmFlYTBhMGE4OGQxP19fdD0xNjY2NjgzNTQzNTEzJl9fbD0zNjAw&utm_campaign=497f5345&id=24402&tds_rt=&tds_campaign=b1727pos&tds_cid=a8ab3a61830abcc58cff3fcb760ea0b6f8c80d0f&utm_source=int&tds_id=b1727pos_jump_a_1598613018653&tds_oid=24402&dci=007e3e6181db666ec9872a558f72767d81c39877&tds_ac_id=s8655tok&tds_ao=1&s3=w1mf5rf7q2aon70ki5jvgu18&utm_content= IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:10:46 Last Seen2023-04-05 01:48:41 Times Seen13 Hash be45a98359190c7f593f94249f7ff883 cfe7d73f5da8d22e196c0f6e766d98a8836fa672 5282055274dc1ebc1563a15afa096712df400e687714122538816184520c7b75 Loading...

	cdn3reference.com/js/dc_img.js?v=8	488 B	2023-03-07	2023-05-14
Pretty URL cdn3reference.com/js/dc_img.js?v=8 IP 54.230.111.43 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:31:53 Last Seen2023-05-14 11:44:44 Times Seen18 Hash 866e1e7da88eb0918114ea04e4379f40 cb9ed6b52f93bead89eb5da6d618c9b58b34a2b5 ac742d62b8d28cb2cc72fa86d6d1769ead306bd34eb3b04e712d9f32a7378c53 Loading...

	bilqi-omv.com/zcredirect?visitid=1820add2-5438-11ed-b31c-12b1aee382d1&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false	432 B	2023-03-10	2023-03-10
Pretty URL bilqi-omv.com/zcredirect?visitid=1820add2-5438-11ed-b31c-12b1aee382d1&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false IP 34.239.209.41 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 14:44:59 Last Seen2023-03-10 14:44:59 Times Seen1 Hash ea8a6090f6fe8a7df02b51d192339208 dade199b8657a2cb1be05bc61b2b82c17ed2c5ba 98d7bea9571aaad5a36382f7cec4f8ffd850ff1b9a7c06db7a5c24b0f82db53f Loading...

	cdn3reference.com/js/webPushMotivationPopupSmall.js?v=8	8.9 kB	2023-03-07	2023-05-14
Pretty URL cdn3reference.com/js/webPushMotivationPopupSmall.js?v=8 IP 54.230.111.43 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:31:53 Last Seen2023-05-14 11:44:44 Times Seen2 Hash c0fafab6f2cbb33a818ba23d30f68842 c016126575618881427fdc86eed31717844f0573 85f09c34c4b7fc07125b5a5c84f6bbd1dde7df7f1ee059701a3660264300342f Loading...

	cdn3reference.com/landings/24402/js/20dff8cf5ed8c45d47eca00751d44eb9.js	97 kB	2023-03-07	2024-04-24
Pretty URL cdn3reference.com/landings/24402/js/20dff8cf5ed8c45d47eca00751d44eb9.js IP 54.230.111.43 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:10:46 Last Seen2024-04-24 09:26:55 Times Seen279 Hash 20dff8cf5ed8c45d47eca00751d44eb9 209faa3f1a08dcb3c943fe8b6c344571005ef3b4 aaf2bc75c60776c40df9015d7f99cde0e9adb2f81e859276ed30d7c431d6a720 Loading...

	bustygirls4u.com/bridge/frodi_data.js	6.6 kB	2023-03-07	2023-12-25
Pretty URL bustygirls4u.com/bridge/frodi_data.js IP 3.126.64.74 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:31:53 Last Seen2023-12-25 02:16:58 Times Seen154 Hash acba46edbe151b3ac5b3a3ad6adb6852 967fc6c8942a27986534f16a8a5ae2f71b0481bf 544d040fe3985f2f3f2f519c6db58110b24d23c8b13e794a988ec90a05b48658 Loading...

	bustygirls4u.com/ao.js	5.4 kB	2023-03-08	2023-03-11
Pretty URL bustygirls4u.com/ao.js IP 3.126.64.74 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:31:53 Last Seen2023-03-11 23:29:50 Times Seen1 Hash ce09d14c7f77aca5540b8698fc8660e9 615280b6e7ad2283a4189e3899c6f4be35512a61 3c26c141856ddfee1337878ecbe13e65ce7127fd42fd7e845ad4e1592d5e6411 Loading...

		Size	First Seen	Last Seen
	#1 Eval - ca45c42226c1d974d33ba66f5fbec226	273 B	2023-03-07	2024-04-24
Pretty Observations First Seen2023-03-07 01:31:53 Last Seen2024-04-24 09:26:55 Times Seen299 Hash ca45c42226c1d974d33ba66f5fbec226 acdf858cb51509213a6b58ea26c99788ffa9ba51 8f61ee4a89b9d76a579f5ed446960dc9aba5dad5f67f5676bc5aab5f8fe726b3 Loading...

HTTP Transactions (60)

URL IP Response Size

ptproz.com/

216.219.81.101

200 OK

63 B

URL HTTP/1.1
ptproz.com/
IP
216.219.81.101:0
ASN
#19318 IS-AS-1

File type
ASCII text, with no line terminators
Size
63 B (63 bytes)
Hash
2de74e2f97830382043b5e23153a9591
bd4df156628492b465b2325bd24b48ae07fc7709
309d51696e2cc17492349d527ee526c27a099af31ab7800798b3000eb858dcf6

HTTP Headers

GET / HTTP/1.1
Host: ptproz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Tue, 25 Oct 2022 07:39:00 GMT
Server: Apache
Last-Modified: Tue, 05 Jan 2021 01:07:33 GMT
Accept-Ranges: bytes
Content-Length: 63
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html

firefox.settings.services.mozilla.com/v1/

143.204.55.35

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.35:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
050bfd0155f265780e88dabcdde8b147
93ff7f46889322c0e9dbd3f4695e4c6a7fefe08f
9f3db0b3c51195b5313122d984f5f5f62b2df0f1d818eafefaa8b73e15914038

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Backoff, Alert, Retry-After, Content-Length, Content-Type
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 25 Oct 2022 06:53:07 GMT
Expires: Tue, 25 Oct 2022 06:59:06 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 b9f0050ca4d212d7c855e005be54b1ac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: MvirXnf7xuMovJje2qdLiXyivhCe6lyON4e6KYP9RvyrneWOAzINtg==
Age: 2754

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e36c852b5e145f2f09fe73111fb162e1
e439c6a462f86a3003d6464a8b9999b1c4d1e210
52a721168d0c41cb0854ff8c730fce3b79db2e804b383238e95ff1401922bd74

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "52A721168D0C41CB0854FF8C730FCE3B79DB2E804B383238E95FF1401922BD74"
Last-Modified: Mon, 24 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21249
Expires: Tue, 25 Oct 2022 13:33:10 GMT
Date: Tue, 25 Oct 2022 07:39:01 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8db408c487f7d35bba323046736e8d3a
01b91e2dce7c6d3de9adfe6ff4d38f9b24ab7db0
9aeafc72c1a969243e1fc96f68ce18888034a749ee70582208bf814bd40b61a5

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9AEAFC72C1A969243E1FC96F68CE18888034A749EE70582208BF814BD40B61A5"
Last-Modified: Tue, 25 Oct 2022 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8970
Expires: Tue, 25 Oct 2022 10:08:31 GMT
Date: Tue, 25 Oct 2022 07:39:01 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: 407TVDPqzYXjIGWpsrLDsFHg1iSV9Fg8dXVuNAZEa0KJ6Yi4qdk2sMKJAnOnL6LCEAzoEYR3XAI=
x-amz-request-id: 31J5FE23M5F9M79Z
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 25 Oct 2022 07:38:42 GMT
age: 19
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 25 Oct 2022 07:39:01 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

newaidvalue.com/

81.171.22.6

200 OK

471 B

URL HTTP/1.1
newaidvalue.com/
IP
81.171.22.6:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (471), with no line terminators
Size
471 B (471 bytes)
Hash
011afc7a8fdb2b6b857d47e73894bebc
e9c4477dbc593145993180173eccd7dfd0904d76
269b4af0a1b7bd8c79c64742b01e720baf4257f98abe47253cc8278b96a211b1

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET / HTTP/1.1
Host: newaidvalue.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 471
content-type: text/html; charset=utf-8
date: Tue, 25 Oct 2022 07:39:01 GMT
server: nginx
set-cookie: sid=17fdd58a-5438-11ed-b5c0-d4c3503105e4; path=/; domain=.newaidvalue.com; expires=Sun, 12 Nov 2090 10:53:08 GMT; max-age=2147483647; HttpOnly

newaidvalue.com/favicon.ico

81.171.22.6

404 Not Found

9 B

URL HTTP/1.1
newaidvalue.com/favicon.ico
IP
81.171.22.6:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
ASCII text, with no line terminators
Size
9 B (9 bytes)
Hash
d8f4a1993546cc4b850cde3599e27aec
094b763b4cfcc0b05e5d040581cd513c3ca08067
907ba78b4545338d3539683e63ecb51cf51c10adc9dabd86e92bd52339f298b9

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: newaidvalue.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://newaidvalue.com/
Cookie: sid=17fdd58a-5438-11ed-b5c0-d4c3503105e4

HTTP/1.1 404 Not Found
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 9
date: Tue, 25 Oct 2022 07:39:01 GMT
server: nginx

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

143.204.55.35

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
143.204.55.35:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Tue, 25 Oct 2022 07:33:32 GMT
Cache-Control: max-age=3600
Expires: Tue, 25 Oct 2022 08:05:46 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 dac7cf040932e0c072eeed10afdd7b3e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: _mMBIT9XIIcDLAIqja1VHiu65M36YllAFQOqQuMhME5TguBZn-SGSw==
Age: 330

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
7c6fdc8e76ef5875b5c965ade2df503e
45d548aa2a9d7ede163743274790700878eaea62
d2ff6eacd48af4892a2642e5d7bb925ca683062139f5a5cb4047f6f706830618

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4907
Cache-Control: max-age=92970
Content-Type: application/ocsp-response
Date: Tue, 25 Oct 2022 07:39:02 GMT
Etag: "63564795-1d7"
Expires: Wed, 26 Oct 2022 09:28:32 GMT
Last-Modified: Mon, 24 Oct 2022 08:06:45 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471

newaidvalue.com/?js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY2NjY5MDc0MSwiaWF0IjoxNjY2NjgzNTQxLCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIyc2dqdm1lMTVkdTBrZjV0cXMyN2ZrODUiLCJuYmYiOjE2NjY2ODM1NDEsInRzIjoxNjY2NjgzNTQxNTg1MDQyfQ.P98YY-8O_mQDioPqfoqTksQOjQ8eRKnqTza7hFz5xhA&sid=17fdd58a-5438-11ed-b5c0-d4c3503105e4

81.171.22.6

302 Found

11 B

URL HTTP/1.1
newaidvalue.com/?js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY2NjY5MDc0MSwiaWF0IjoxNjY2NjgzNTQxLCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIyc2dqdm1lMTVkdTBrZjV0cXMyN2ZrODUiLCJuYmYiOjE2NjY2ODM1NDEsInRzIjoxNjY2NjgzNTQxNTg1MDQyfQ.P98YY-8O_mQDioPqfoqTksQOjQ8eRKnqTza7hFz5xhA&sid=17fdd58a-5438-11ed-b5c0-d4c3503105e4
IP
81.171.22.6:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
ASCII text, with no line terminators
Size
11 B (11 bytes)
Hash
32682312d17c7cbf18e73594f5570319
60e22121bdd0bc71cdb2bae2a3aa577006b2eae9
e55fb1a1d731153e943b68844af12dcce8bfac917c98ffdea64c80da0607dd47

HTTP Headers

GET /?js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY2NjY5MDc0MSwiaWF0IjoxNjY2NjgzNTQxLCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIyc2dqdm1lMTVkdTBrZjV0cXMyN2ZrODUiLCJuYmYiOjE2NjY2ODM1NDEsInRzIjoxNjY2NjgzNTQxNTg1MDQyfQ.P98YY-8O_mQDioPqfoqTksQOjQ8eRKnqTza7hFz5xhA&sid=17fdd58a-5438-11ed-b5c0-d4c3503105e4 HTTP/1.1
Host: newaidvalue.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://newaidvalue.com/
Cookie: sid=17fdd58a-5438-11ed-b5c0-d4c3503105e4
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 Found
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 11
date: Tue, 25 Oct 2022 07:39:02 GMT
location: http://bilqi-omv.com/zcvisitor/1820add2-5438-11ed-b31c-12b1aee382d1/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=62c492c0-3b47-11ed-a49b-0a918cbcbb97
server: nginx
set-cookie: sid=17fdd58a-5438-11ed-b5c0-d4c3503105e4; path=/; domain=.newaidvalue.com; expires=Sun, 12 Nov 2090 10:53:09 GMT; max-age=2147483647; HttpOnly

push.services.mozilla.com/

54.187.102.159

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.187.102.159:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: /znOiqnDgZoQ+VWNJB0S1g==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 4fJzVIvqliXbmdhszKRQZxlIjnA=

bilqi-omv.com/zcvisitor/1820add2-5438-11ed-b31c-12b1aee382d1/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=62c492c0-3b47-11ed-a49b-0a918cbcbb97

34.239.209.41

200

996 B

URL HTTP/1.1
bilqi-omv.com/zcvisitor/1820add2-5438-11ed-b31c-12b1aee382d1/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=62c492c0-3b47-11ed-a49b-0a918cbcbb97
IP
34.239.209.41:0
ASN
#14618 AMAZON-AES

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
996 B (996 bytes)
Hash
bffc402c557eb5935f28c9e00fe51245
d0a83688ddc79a4d0b3329124fc6795bfbc7d999
c14e338de64a6f5d3bde13f152db2f9b2855aa2d5d1ca3d439e66cf6f87ddf6c

HTTP Headers

GET /zcvisitor/1820add2-5438-11ed-b31c-12b1aee382d1/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=62c492c0-3b47-11ed-a49b-0a918cbcbb97 HTTP/1.1
Host: bilqi-omv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://newaidvalue.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 
Date: Tue, 25 Oct 2022 07:39:02 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Server: LpNBhHHJ

bilqi-omv.com/zcredirect?visitid=1820add2-5438-11ed-b31c-12b1aee382d1&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false

34.239.209.41

200

994 B

URL HTTP/1.1
bilqi-omv.com/zcredirect?visitid=1820add2-5438-11ed-b31c-12b1aee382d1&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false
IP
34.239.209.41:0
ASN
#14618 AMAZON-AES

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (454)
Size
994 B (994 bytes)
Hash
eb94e3d666c7b8e3eeb810374d0c3272
935b91b023f51c16e3968e151e1ccb1d7378c154
f9d231e8fc33ccfc2758cbb5b2dabe89bf77d2bee6d3bff1dadfde1eee10723d

HTTP Headers

GET /zcredirect?visitid=1820add2-5438-11ed-b31c-12b1aee382d1&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false HTTP/1.1
Host: bilqi-omv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bilqi-omv.com/zcvisitor/1820add2-5438-11ed-b31c-12b1aee382d1/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=62c492c0-3b47-11ed-a49b-0a918cbcbb97
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 
Date: Tue, 25 Oct 2022 07:39:02 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
redirected: JS
Server: DVJCrbbz

bilqi-omv.com/favicon.ico

34.239.209.41

404

653 B

URL HTTP/1.1
bilqi-omv.com/favicon.ico
IP
34.239.209.41:0
ASN
#14618 AMAZON-AES

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (649), with no line terminators
Size
653 B (653 bytes)
Hash
ba2732b1b2fa2626ffaa15f62f9e7d66
203d4e7fbb1d80449d6e4e1f3ae7a9bf8625debe
879861cb72fe9fbb476dab246021c4c83b4066327de2529e05ec54d3afb0a1c8

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: bilqi-omv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bilqi-omv.com/zcredirect?visitid=1820add2-5438-11ed-b31c-12b1aee382d1&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false

HTTP/1.1 404 
Date: Tue, 25 Oct 2022 07:39:03 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 653
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Content-Language: en
Server: DSXqxqRc

cartining-specute.com/zp-redirect?target=https%3A%2F%2Fbustygirls4u.com%2Ftds%2Fae%3FtdsId%3Ds8655tok_r%26tds_campaign%3Ds8655tok%26utm_sub%3Dopnfnl%26s1%3Dps%26utm_source%3Dint%26affid%3D497f5345%26subid%3D%26clickid%3Dw1mf5rf7q2aon70ki5jvgu18%26subid2%3Dw1mf5rf7q2aon70ki5jvgu18&caid=8500be2f-30a7-4684-a7e7-f51ce3b821c4&zpid=1820add2-5438-11ed-b31c-12b1aee382d1&cid=w1mf5rf7q2aon70ki5jvgu18&rt=R

18.197.36.77

302 Found

0 B

URL HTTP/2
cartining-specute.com/zp-redirect?target=https%3A%2F%2Fbustygirls4u.com%2Ftds%2Fae%3FtdsId%3Ds8655tok_r%26tds_campaign%3Ds8655tok%26utm_sub%3Dopnfnl%26s1%3Dps%26utm_source%3Dint%26affid%3D497f5345%26subid%3D%26clickid%3Dw1mf5rf7q2aon70ki5jvgu18%26subid2%3Dw1mf5rf7q2aon70ki5jvgu18&caid=8500be2f-30a7-4684-a7e7-f51ce3b821c4&zpid=1820add2-5438-11ed-b31c-12b1aee382d1&cid=w1mf5rf7q2aon70ki5jvgu18&rt=R
IP
18.197.36.77:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /zp-redirect?target=https%3A%2F%2Fbustygirls4u.com%2Ftds%2Fae%3FtdsId%3Ds8655tok_r%26tds_campaign%3Ds8655tok%26utm_sub%3Dopnfnl%26s1%3Dps%26utm_source%3Dint%26affid%3D497f5345%26subid%3D%26clickid%3Dw1mf5rf7q2aon70ki5jvgu18%26subid2%3Dw1mf5rf7q2aon70ki5jvgu18&caid=8500be2f-30a7-4684-a7e7-f51ce3b821c4&zpid=1820add2-5438-11ed-b31c-12b1aee382d1&cid=w1mf5rf7q2aon70ki5jvgu18&rt=R HTTP/1.1
Host: cartining-specute.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://bilqi-omv.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
server: nginx
date: Tue, 25 Oct 2022 07:39:03 GMT
content-length: 0
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://bustygirls4u.com/tds/ae?tdsId=s8655tok_r&tds_campaign=s8655tok&utm_sub=opnfnl&s1=ps&utm_source=int&affid=497f5345&subid=&clickid=w1mf5rf7q2aon70ki5jvgu18&subid2=w1mf5rf7q2aon70ki5jvgu18
pragma: no-cache
set-cookie: cc-v4=S%2B2aVv8kkvtfX9c7IK1vrTDwv2rKeqyD%2BB9QNnxI0kfya1XsC1nPXseMRN6zyWkSPXyjoHtpTUgfMqUigEdIYdjYSPcTkjr4IeJZ1%2F4RKLWv8K0PXgjbnv1tTFEhy8C4PuKgolqr4QzzbOzgKdiMag%3D%3D; Max-Age=31536000; Expires=Wed, 25-Oct-2023 07:39:02 GMT; Domain=cartining-specute.com; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2

ocsp.sca1b.amazontrust.com/

54.230.245.110

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
54.230.245.110:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
17d16565175c97fcd8005f311fdd9c0d
cd96dfd458807be7e54e31e64cce84db5b139e90
3af38ee118d518d74ad4ba95e981f02c84181ee082e402e5ef9dd795bfc6a9ac

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=153929
Date: Tue, 25 Oct 2022 07:39:03 GMT
Etag: "63573125-1d7"
Expires: Thu, 27 Oct 2022 02:24:32 GMT
Last-Modified: Tue, 25 Oct 2022 00:43:17 GMT
Server: ECS (dcb/7F5B)
X-Cache: Miss from cloudfront
Via: 1.1 04c4f064943f75498361739eb063cb7a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: oVOehY72u-c6qKlEg9YP73_8yg_Fig3txf3QtU6QsCRrRH50R_vJxA==
Age: 6075

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
398e3c90084d7d71fc1e9fd833116f5f
3e202da5559a8f219144adee3639d063a98559c0
724547db3ed9f1779308e9dd6604664e6ffa3580ca076fbdc1dfb1b75591bba4

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "724547DB3ED9F1779308E9DD6604664E6FFA3580CA076FBDC1DFB1B75591BBA4"
Last-Modified: Mon, 24 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5422
Expires: Tue, 25 Oct 2022 09:09:25 GMT
Date: Tue, 25 Oct 2022 07:39:03 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
398e3c90084d7d71fc1e9fd833116f5f
3e202da5559a8f219144adee3639d063a98559c0
724547db3ed9f1779308e9dd6604664e6ffa3580ca076fbdc1dfb1b75591bba4

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "724547DB3ED9F1779308E9DD6604664E6FFA3580CA076FBDC1DFB1B75591BBA4"
Last-Modified: Mon, 24 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5422
Expires: Tue, 25 Oct 2022 09:09:25 GMT
Date: Tue, 25 Oct 2022 07:39:03 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
398e3c90084d7d71fc1e9fd833116f5f
3e202da5559a8f219144adee3639d063a98559c0
724547db3ed9f1779308e9dd6604664e6ffa3580ca076fbdc1dfb1b75591bba4

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "724547DB3ED9F1779308E9DD6604664E6FFA3580CA076FBDC1DFB1B75591BBA4"
Last-Modified: Mon, 24 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5422
Expires: Tue, 25 Oct 2022 09:09:25 GMT
Date: Tue, 25 Oct 2022 07:39:03 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
398e3c90084d7d71fc1e9fd833116f5f
3e202da5559a8f219144adee3639d063a98559c0
724547db3ed9f1779308e9dd6604664e6ffa3580ca076fbdc1dfb1b75591bba4

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "724547DB3ED9F1779308E9DD6604664E6FFA3580CA076FBDC1DFB1B75591BBA4"
Last-Modified: Mon, 24 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5422
Expires: Tue, 25 Oct 2022 09:09:25 GMT
Date: Tue, 25 Oct 2022 07:39:03 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
398e3c90084d7d71fc1e9fd833116f5f
3e202da5559a8f219144adee3639d063a98559c0
724547db3ed9f1779308e9dd6604664e6ffa3580ca076fbdc1dfb1b75591bba4

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "724547DB3ED9F1779308E9DD6604664E6FFA3580CA076FBDC1DFB1B75591BBA4"
Last-Modified: Mon, 24 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5422
Expires: Tue, 25 Oct 2022 09:09:25 GMT
Date: Tue, 25 Oct 2022 07:39:03 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ac739ea-5d5d-4900-8e3f-c815c25f5c8d.png

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ac739ea-5d5d-4900-8e3f-c815c25f5c8d.png
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11916 bytes)
Hash
1f22a424f72f369a3511d6af25d67a82
e9aabd2daee2d2e6265a69e309542c5b5983d1f2
600f1a4989fe65b14cfe5234c8bc723834d53543026c13eaf8217b22d3a3a9a9

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ac739ea-5d5d-4900-8e3f-c815c25f5c8d.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11916
x-amzn-requestid: 319eaac6-dfda-4a48-ae9a-612650705bd6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: afdKuHK6IAMFnXA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63560f11-61545bf1110795c0299b85f4;Sampled=0
x-amzn-remapped-date: Mon, 24 Oct 2022 04:05:37 GMT
x-amz-cf-pop: SFO53-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: wrxksbQXK96TvYk2rEf5biIaLtjbB1ia0FpYxnd908Dd_MkKQSRCtQ==
via: 1.1 0da7848263e39308b12bac6a925793b0.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Mon, 24 Oct 2022 15:02:35 GMT
etag: "e9aabd2daee2d2e6265a69e309542c5b5983d1f2"
content-type: image/jpeg
age: 59788
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fda327ff0-bd82-4034-a53b-e04d5c486276.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.1 kB (8090 bytes)
Hash
531f350512ac7712d932234803aa4602
2fb4599ad3d513a160c1f29fefda27b45852c381
7a4da3420f736c098806676359b8ff80578a2e1e98fc0e20e45e2d6192e1d566

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fda327ff0-bd82-4034-a53b-e04d5c486276.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8090
x-amzn-requestid: a84a2888-e0eb-40d3-8377-9c1ea2af733c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aVb2oH2uoAMFueA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63520cf7-204870ee3f63ced427033eb5;Sampled=0
x-amzn-remapped-date: Fri, 21 Oct 2022 03:07:35 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: fUBXr7SKYdvhryoB8p9to-Eo8twjspRYnHO2xf9TtvLJIIyOwe3W1w==
via: 1.1 1de1880e08f1cae7d1aca174a29a5c1e.cloudfront.net (CloudFront), 1.1 d01e7742f82df0bbc1fb681d709ed69c.cloudfront.net (CloudFront), 1.1 google
date: Mon, 24 Oct 2022 08:34:45 GMT
age: 83058
etag: "2fb4599ad3d513a160c1f29fefda27b45852c381"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4187937-4231-40b4-ad9b-64f01574c759.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (11349 bytes)
Hash
3f221d25faa21470234ce71bf4c932d1
645eaf4c0b5fddecf421e60cec8383b18aa9ade1
fed14838d30250a3e543b00460f099db77084cbe8be03d6dcd4bf41f3e843125

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4187937-4231-40b4-ad9b-64f01574c759.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11349
x-amzn-requestid: 75e9b497-24e9-4fa9-918a-f1500bddb597
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aLiDqGEiIAMF6LQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634e16e4-23e290b155802d4c7ddea4a8;Sampled=0
x-amzn-remapped-date: Tue, 18 Oct 2022 03:00:52 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 3WzSkIh7GxMUoDzYRvmCsEPY7ma9XF7arHIvbhD3KXMUwe5NGWgSog==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 25 Oct 2022 07:35:57 GMT
age: 186
etag: "645eaf4c0b5fddecf421e60cec8383b18aa9ade1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4f505e74-07f3-4154-bfa4-5dfc184b8262.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.4 kB (7361 bytes)
Hash
01dacddfb62128799a20e0541bf5a18c
1bb8047c270b76c9dfcd8dba4a63b25c7604f03d
65f5c51b84ff7a131a3a695142ae9d82a73a516792abdd2d137714a1a3cf3bb5

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4f505e74-07f3-4154-bfa4-5dfc184b8262.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7361
x-amzn-requestid: e0f20463-79ba-4eec-b7f5-adbe39995a00
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aYvMsGpjIAMFyIA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63535f1d-79afe3a37142b5743a499e36;Sampled=0
x-amzn-remapped-date: Sat, 22 Oct 2022 03:10:21 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: QxySJ74mvhz9JJK3s-uBK87yNZE4DRbrMann1Kfu8Rk3W_tsNeKTdg==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Tue, 25 Oct 2022 05:53:36 GMT
age: 6327
etag: "1bb8047c270b76c9dfcd8dba4a63b25c7604f03d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F075a794f-9140-4676-afb2-493f44932cc3.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.2 kB (4206 bytes)
Hash
3cf322f19151bcfa374c2e32b9ac986f
e8e69ac951def18bc1e03ecd4fe8a21d3b825b27
54ddfd1876f65e264b9b3209a0e805a3796013b4aacc8e9fd20b49754b4917a0

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F075a794f-9140-4676-afb2-493f44932cc3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4206
x-amzn-requestid: 6b02f96a-ea03-4eff-acde-c73925260102
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ah3E3GPQoAMFpIA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63570552-77cf762d0e54f1f60efe52c3;Sampled=0
x-amzn-remapped-date: Mon, 24 Oct 2022 21:36:18 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: jiu-Z6DMgXxXdZ5BDwjNoq5Y15kBgM894k4EY2qSRZKdvk0bfkn89A==
via: 1.1 fec77e486350d1bd33f526a760d8b5a4.cloudfront.net (CloudFront), 1.1 2f7934de1dfe281c3e4446892eab6462.cloudfront.net (CloudFront), 1.1 google
date: Mon, 24 Oct 2022 21:50:16 GMT
age: 35327
etag: "e8e69ac951def18bc1e03ecd4fe8a21d3b825b27"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe70105c7-5a5d-48c2-a113-06846e24dff9.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11822 bytes)
Hash
e43859d91550f002f2fc145b8a044f40
762e9f0ce9256ff9a54e08d76dca7596d44677df
3d39a87540b716721e9d4e28aa499233ccde5ed4c6e7f1a902010e56572c8f46

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe70105c7-5a5d-48c2-a113-06846e24dff9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11822
x-amzn-requestid: 1702783e-fce4-4c9d-96a9-ee0477cff0ca
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aHpINH1LIAMFZjg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634c889a-0cc362f90671a9827f4573f9;Sampled=0
x-amzn-remapped-date: Sun, 16 Oct 2022 22:41:30 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: YgdgwWNWat8JCI07iCToqMsVpoWDl54TS0Q6o41OGaCePkGjNfYzjA==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 91356d2137f5a7345e93da4516c49ec4.cloudfront.net (CloudFront), 1.1 google
date: Tue, 25 Oct 2022 04:08:53 GMT
age: 12610
etag: "762e9f0ce9256ff9a54e08d76dca7596d44677df"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

bustygirls4u.com/bridge/intg.js?v=8

3.126.64.74

200 OK

317 B

URL HTTP/2
bustygirls4u.com/bridge/intg.js?v=8
IP
3.126.64.74:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (316)
Size
317 B (317 bytes)
Hash
d9bd6d4fe07232e0fcae03c7e68d4e81
4a7e1c2e8cc35c2ff31c71175095f4b1a2b8c17b
0ad2eb2d6a74f3d18026ab24c088ca7c561a742fd870e44045db9d823ac0a3c6

HTTP Headers

GET /bridge/intg.js?v=8 HTTP/1.1
Host: bustygirls4u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bustygirls4u.com/jump?tds_host=bustygirls4u.com&s1=ps&data2=w1mf5rf7q2aon70ki5jvgu18&_tgUrl=aHR0cHM6Ly9idXN0eWdpcmxzNHUuY29tL3Rkcy9hZS90Zy9zLzdmZDljODVhZWM3MWVmNWNjNmI4NmFlYTBhMGE4OGQxP19fdD0xNjY2NjgzNTQzNTEzJl9fbD0zNjAw&utm_campaign=497f5345&id=24402&tds_rt=&tds_campaign=b1727pos&tds_cid=a8ab3a61830abcc58cff3fcb760ea0b6f8c80d0f&utm_source=int&tds_id=b1727pos_jump_a_1598613018653&tds_oid=24402&dci=007e3e6181db666ec9872a558f72767d81c39877&tds_ac_id=s8655tok&tds_ao=1&s3=w1mf5rf7q2aon70ki5jvgu18&utm_content=
Cookie: dci=007e3e6181db666ec9872a558f72767d81c39877; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 25 Oct 2022 07:39:03 GMT
content-type: application/javascript; charset=UTF-8
content-length: 317
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
x-robots-tag: noindex
accept-ranges: bytes
cache-control: public, max-age=3600
last-modified: Thu, 20 Oct 2022 10:01:48 GMT
etag: W/"13d-183f4d782e0"
vary: Accept-Encoding
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
d114ab00b1cfe7f9b4f56c7b3655b55d
641e580d6148329b0c9eb2d49f5f8a30c08f30e9
e5420e919b2c05c148179c7d85a210941be6862b1f65ccfafcfc38d960bf38d7

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 25 Oct 2022 07:39:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

cdn3reference.com/js/dc_img.js?v=8

54.230.111.43

200 OK

796 B

URL HTTP/2
cdn3reference.com/js/dc_img.js?v=8
IP
54.230.111.43:0
ASN
#16509 AMAZON-02

File type
data
Size
796 B (796 bytes)
Hash
dba5a3743d471404238a2ddb62a3a9da
1b711a498cf6802d99ba535c995c6655e500a5af
c3f1d45bffa3b95acab145ab1e109ba91e605e82201fdf686751cb65ec4614d6

HTTP Headers

GET /js/dc_img.js?v=8 HTTP/1.1
Host: cdn3reference.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bustygirls4u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript
server: nginx
date: Tue, 25 Oct 2022 07:39:04 GMT
last-modified: Thu, 29 Oct 2020 09:22:15 GMT
etag: W/"1e8-5b2cbd0d9620d"
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: wjCUDfx0TdgOYnZU_kCyQ_9wywNN6rgVy7HMG3_7ivbEJymERrkhOg==
X-Firefox-Spdy: h2

cdn3reference.com/js/webPushMotivationPopupSmall.js?v=8

54.230.111.43

200 OK

4.2 kB

URL HTTP/2
cdn3reference.com/js/webPushMotivationPopupSmall.js?v=8
IP
54.230.111.43:0
ASN
#16509 AMAZON-02

File type
data
Size
4.2 kB (4244 bytes)
Hash
b5d6144f0eff622aa85d7f8a9a1070c7
adc3ed369ab3b4c8f39b462d8ba8bfd5bb104f0d
bf6eb195601a84dd86e4448bff84d8748b7207c706a1567a7d3a09caa860aa68

HTTP Headers

GET /js/webPushMotivationPopupSmall.js?v=8 HTTP/1.1
Host: cdn3reference.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bustygirls4u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript
server: nginx
date: Tue, 25 Oct 2022 07:39:04 GMT
last-modified: Wed, 31 Oct 2018 08:31:29 GMT
etag: W/"22c1-5798220f7ced0"
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: I8nembiKF-sQZOthJGgvfE9pBkUAOjlIsyDNWnNTSzLMWxxlHno1Vw==
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
6f8923631d6f6f443fb0cb48eb719ad3
dc3cd4693ab796392aa172ad765d422091283f5d
6333ac05f2b0fead32009387e072e7a59b4f380cbf7a382f44b0d5137e9e2bb8

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3102
Cache-Control: max-age=131858
Content-Type: application/ocsp-response
Date: Tue, 25 Oct 2022 07:39:04 GMT
Etag: "6356e68c-117"
Expires: Wed, 26 Oct 2022 20:16:42 GMT
Last-Modified: Mon, 24 Oct 2022 19:25:00 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 279

cdn3reference.com/landings/24402/js/20dff8cf5ed8c45d47eca00751d44eb9.js

54.230.111.43

200 OK

34 kB

URL HTTP/2
cdn3reference.com/landings/24402/js/20dff8cf5ed8c45d47eca00751d44eb9.js
IP
54.230.111.43:0
ASN
#16509 AMAZON-02

File type
data
Size
34 kB (34219 bytes)
Hash
f14650c32f32a0fd184a88c23a7c0b15
2595522460e00ddb2b5ba95341449f5f70b676fc
c15b3e16d3c3d6d3f43a9859de0a9ccdf01a1df523bd6850b7176cb316bebc1d

HTTP Headers

GET /landings/24402/js/20dff8cf5ed8c45d47eca00751d44eb9.js HTTP/1.1
Host: cdn3reference.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bustygirls4u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript
server: nginx
date: Tue, 25 Oct 2022 07:39:04 GMT
last-modified: Fri, 26 Aug 2022 12:23:03 GMT
content-encoding: gzip
etag: W/"17b45-5e723f9b7d7c0"
x-cache: Miss from cloudfront
via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 4Y3FiR-aw8ywcZcDrhpyEDIMCgGCT-o4w5l5IGEpp4M1sqf3pbgFrg==
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js

104.17.24.14

200 OK

14 kB

URL HTTP/2
cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
IP
104.17.24.14:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (48316), with no line terminators
Size
14 kB (13972 bytes)
Hash
2e46e3b0807c19e0ee85603dd4ba3f72
cb55679976d9a5d9933f291218b8ff0f95ebdc17
87a3f839cfc8bca3368a7dec7c5ff14e5f613928e899b601292b5a1f1bd5dc05

HTTP Headers

GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bustygirls4u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Tue, 25 Oct 2022 07:39:04 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61182885-3694"
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 6534367
expires: Sun, 15 Oct 2023 07:39:04 GMT
accept-ranges: bytes
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 75f94bd86aaeb51e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdn3reference.com/css/webPushMotivationPopupSmall.css?v=2

54.230.111.43

200 OK

2.5 kB

URL HTTP/2
cdn3reference.com/css/webPushMotivationPopupSmall.css?v=2
IP
54.230.111.43:0
ASN
#16509 AMAZON-02

File type
data
Size
2.5 kB (2503 bytes)
Hash
24165dadecf13fcd583efcdc329436ef
8331a4091185127675bc6274efbbaf286b4b972e
2037522066a66c89e527ea4c4981bedc38bfffe12ab0b54ee40a84c5684f0462

HTTP Headers

GET /css/webPushMotivationPopupSmall.css?v=2 HTTP/1.1
Host: cdn3reference.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bustygirls4u.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css
server: nginx
date: Tue, 25 Oct 2022 07:39:04 GMT
last-modified: Wed, 31 Oct 2018 08:29:51 GMT
etag: W/"1340-579821b240313"
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: IYA83oM4yAX1wB5IB8Cvd-THEkKpO4_--wBe8PEIARd_N7GuN_wZDA==
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Roboto+Slab&display=swap

142.250.74.10

200 OK

1.6 kB

URL HTTP/2
fonts.googleapis.com/css?family=Roboto+Slab&display=swap
IP
142.250.74.10:0
ASN
#15169 GOOGLE

File type
data
Size
1.6 kB (1596 bytes)
Hash
edeb044cc7a3881191ee63cc9f5728ec
73639d1290881443b107ffccb6fffe53ec4cb5a5
185312e040c150f384c81a063ccc6003f271ab2879d22bd930cf9377dfe7410a

HTTP Headers

GET /css?family=Roboto+Slab&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn3reference.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 25 Oct 2022 07:39:04 GMT
date: Tue, 25 Oct 2022 07:39:04 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
eb9238eaa63063c98563a1961fbbfefa
9b23eea87129d9516b8e7527cce7b8b1efcfa1fe
ff87d571f813dd558347df32a52e27ebb6c66968a6d2e584e6b6467944ef40fb

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 25 Oct 2022 07:39:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
eb9238eaa63063c98563a1961fbbfefa
9b23eea87129d9516b8e7527cce7b8b1efcfa1fe
ff87d571f813dd558347df32a52e27ebb6c66968a6d2e584e6b6467944ef40fb

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 25 Oct 2022 07:39:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
eb9238eaa63063c98563a1961fbbfefa
9b23eea87129d9516b8e7527cce7b8b1efcfa1fe
ff87d571f813dd558347df32a52e27ebb6c66968a6d2e584e6b6467944ef40fb

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 25 Oct 2022 07:39:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
eb9238eaa63063c98563a1961fbbfefa
9b23eea87129d9516b8e7527cce7b8b1efcfa1fe
ff87d571f813dd558347df32a52e27ebb6c66968a6d2e584e6b6467944ef40fb

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 25 Oct 2022 07:39:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

216.58.207.195

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
216.58.207.195:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://bustygirls4u.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 19 Oct 2022 19:34:08 GMT
expires: Thu, 19 Oct 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 475496
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/robotoslab/v24/BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjojISmb2Rj.woff2

216.58.207.195

200 OK

13 kB

URL HTTP/2
fonts.gstatic.com/s/robotoslab/v24/BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjojISmb2Rj.woff2
IP
216.58.207.195:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 12608, version 1.0\012- data
Size
13 kB (12608 bytes)
Hash
b2d90c9a5d17242bc107ee6fb2bb0c65
d14417ba18f48c28d74c6788837a59f4b7967427
e3b93a1b0941a116dcb0ed0b5c3ea062cdcad365207c405b231094eb485d95fc

HTTP Headers

GET /s/robotoslab/v24/BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjojISmb2Rj.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://bustygirls4u.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 12608
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 21 Oct 2022 16:05:03 GMT
expires: Sat, 21 Oct 2023 16:05:03 GMT
cache-control: public, max-age=31536000
age: 315241
last-modified: Mon, 11 Jul 2022 19:15:08 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
f1ae675435a8f16bc0b04ec012c41979
182f87a81464c80b0b25fb524c59592cd40b0ef4
9191ced121d8740b4ed3af75db3033e72c0c44c0b45004abd714583deaa749a4

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 25 Oct 2022 07:39:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.195

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.195:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://bustygirls4u.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 19 Oct 2022 19:34:08 GMT
expires: Thu, 19 Oct 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 475496
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

216.58.207.195

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
216.58.207.195:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Size
16 kB (15920 bytes)
Hash
3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://bustygirls4u.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 19 Oct 2022 14:07:32 GMT
expires: Thu, 19 Oct 2023 14:07:32 GMT
cache-control: public, max-age=31536000
age: 495092
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

bustygirls4u.com/ufis/main.js?ippContent=null&wpContent=null&pwaContent=null&doc_location=https%3A%2F%2Fbustygirls4u.com%2Fjump%3Ftds_host%3Dbustygirls4u.com%26s1%3Dps%26data2%3Dw1mf5rf7q2aon70ki5jvgu18%26_tgUrl%3DaHR0cHM6Ly9idXN0eWdpcmxzNHUuY29tL3Rkcy9hZS90Zy9zLzdmZDljODVhZWM3MWVmNWNjNmI4NmFlYTBhMGE4OGQxP19fdD0xNjY2NjgzNTQzNTEzJl9fbD0zNjAw%26utm_campaign%3D497f5345%26id%3D24402%26tds_rt%3D%26tds_campaign%3Db1727pos%26tds_cid%3Da8ab3a61830abcc58cff3fcb760ea0b6f8c80d0f%26utm_source%3Dint%26tds_id%3Db1727pos_jump_a_1598613018653%26tds_oid%3D24402%26dci%3D007e3e6181db666ec9872a558f72767d81c39877%26tds_ac_id%3Ds8655tok%26tds_ao%3D1%26s3%3Dw1mf5rf7q2aon70ki5jvgu18%26utm_content%3D&uaDataValues={}

3.126.64.74

200 OK

199 B

URL HTTP/2
bustygirls4u.com/ufis/main.js?ippContent=null&wpContent=null&pwaContent=null&doc_location=https%3A%2F%2Fbustygirls4u.com%2Fjump%3Ftds_host%3Dbustygirls4u.com%26s1%3Dps%26data2%3Dw1mf5rf7q2aon70ki5jvgu18%26_tgUrl%3DaHR0cHM6Ly9idXN0eWdpcmxzNHUuY29tL3Rkcy9hZS90Zy9zLzdmZDljODVhZWM3MWVmNWNjNmI4NmFlYTBhMGE4OGQxP19fdD0xNjY2NjgzNTQzNTEzJl9fbD0zNjAw%26utm_campaign%3D497f5345%26id%3D24402%26tds_rt%3D%26tds_campaign%3Db1727pos%26tds_cid%3Da8ab3a61830abcc58cff3fcb760ea0b6f8c80d0f%26utm_source%3Dint%26tds_id%3Db1727pos_jump_a_1598613018653%26tds_oid%3D24402%26dci%3D007e3e6181db666ec9872a558f72767d81c39877%26tds_ac_id%3Ds8655tok%26tds_ao%3D1%26s3%3Dw1mf5rf7q2aon70ki5jvgu18%26utm_content%3D&uaDataValues={}
IP
3.126.64.74:0
ASN
#16509 AMAZON-02

File type
ASCII text
Size
199 B (199 bytes)
Hash
cd4ae55f3af545b5863f65b73a6a7b80
a85fca461d97f90eaf52246b95974eeabba27c20
ae4475effcb2e8533194b150ee30b2472c1cb7498b2c83a764718d962deaa84f

HTTP Headers

GET /ufis/main.js?ippContent=null&wpContent=null&pwaContent=null&doc_location=https%3A%2F%2Fbustygirls4u.com%2Fjump%3Ftds_host%3Dbustygirls4u.com%26s1%3Dps%26data2%3Dw1mf5rf7q2aon70ki5jvgu18%26_tgUrl%3DaHR0cHM6Ly9idXN0eWdpcmxzNHUuY29tL3Rkcy9hZS90Zy9zLzdmZDljODVhZWM3MWVmNWNjNmI4NmFlYTBhMGE4OGQxP19fdD0xNjY2NjgzNTQzNTEzJl9fbD0zNjAw%26utm_campaign%3D497f5345%26id%3D24402%26tds_rt%3D%26tds_campaign%3Db1727pos%26tds_cid%3Da8ab3a61830abcc58cff3fcb760ea0b6f8c80d0f%26utm_source%3Dint%26tds_id%3Db1727pos_jump_a_1598613018653%26tds_oid%3D24402%26dci%3D007e3e6181db666ec9872a558f72767d81c39877%26tds_ac_id%3Ds8655tok%26tds_ao%3D1%26s3%3Dw1mf5rf7q2aon70ki5jvgu18%26utm_content%3D&uaDataValues={} HTTP/1.1
Host: bustygirls4u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bustygirls4u.com/jump?tds_host=bustygirls4u.com&s1=ps&data2=w1mf5rf7q2aon70ki5jvgu18&_tgUrl=aHR0cHM6Ly9idXN0eWdpcmxzNHUuY29tL3Rkcy9hZS90Zy9zLzdmZDljODVhZWM3MWVmNWNjNmI4NmFlYTBhMGE4OGQxP19fdD0xNjY2NjgzNTQzNTEzJl9fbD0zNjAw&utm_campaign=497f5345&id=24402&tds_rt=&tds_campaign=b1727pos&tds_cid=a8ab3a61830abcc58cff3fcb760ea0b6f8c80d0f&utm_source=int&tds_id=b1727pos_jump_a_1598613018653&tds_oid=24402&dci=007e3e6181db666ec9872a558f72767d81c39877&tds_ac_id=s8655tok&tds_ao=1&s3=w1mf5rf7q2aon70ki5jvgu18&utm_content=
Cookie: dci=007e3e6181db666ec9872a558f72767d81c39877; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 25 Oct 2022 07:39:04 GMT
content-type: text/javascript; charset=utf-8
content-length: 199
server: nginx
x-powered-by: Express
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
etag: W/"c7-qF/KRh2X+Q6vUiRrlZdO6ruifCA"
vary: Accept-Encoding
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
eb9238eaa63063c98563a1961fbbfefa
9b23eea87129d9516b8e7527cce7b8b1efcfa1fe
ff87d571f813dd558347df32a52e27ebb6c66968a6d2e584e6b6467944ef40fb

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 25 Oct 2022 07:39:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googletagmanager.com/gtm.js?id=GTM-KMSJRW&l=adsLayer

142.250.74.168

200 OK

50 kB

URL HTTP/2
www.googletagmanager.com/gtm.js?id=GTM-KMSJRW&l=adsLayer
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (4073)
Size
50 kB (49770 bytes)
Hash
a0b061d481557360a3f2d5ff852962b1
69b29d32c65c76a23b5699e523070cdb9a55ec7d
a7d10bb6edcc44eca43a35faf85f52c6786128c5c2c15de5ae339b0b95f07bad

HTTP Headers

GET /gtm.js?id=GTM-KMSJRW&l=adsLayer HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bustygirls4u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 25 Oct 2022 07:39:04 GMT
expires: Tue, 25 Oct 2022 07:39:04 GMT
cache-control: private, max-age=900
last-modified: Tue, 25 Oct 2022 06:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 49770
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

bustygirls4u.com/ao.js

3.126.64.74

200 OK

2.7 kB

URL HTTP/2
bustygirls4u.com/ao.js
IP
3.126.64.74:0
ASN
#16509 AMAZON-02

File type
data
Size
2.7 kB (2655 bytes)
Hash
bec7e2b688311e641dd72d93b881b501
40b298a2ffcecea45b470c110999f8087c8c80c2
279b43244d514f609c65c72f3351dd8d9178cd034604a8d1d838e6c6f5ae9852

HTTP Headers

GET /ao.js HTTP/1.1
Host: bustygirls4u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bustygirls4u.com/jump?tds_host=bustygirls4u.com&s1=ps&data2=w1mf5rf7q2aon70ki5jvgu18&_tgUrl=aHR0cHM6Ly9idXN0eWdpcmxzNHUuY29tL3Rkcy9hZS90Zy9zLzdmZDljODVhZWM3MWVmNWNjNmI4NmFlYTBhMGE4OGQxP19fdD0xNjY2NjgzNTQzNTEzJl9fbD0zNjAw&utm_campaign=497f5345&id=24402&tds_rt=&tds_campaign=b1727pos&tds_cid=a8ab3a61830abcc58cff3fcb760ea0b6f8c80d0f&utm_source=int&tds_id=b1727pos_jump_a_1598613018653&tds_oid=24402&dci=007e3e6181db666ec9872a558f72767d81c39877&tds_ac_id=s8655tok&tds_ao=1&s3=w1mf5rf7q2aon70ki5jvgu18&utm_content=
Cookie: dci=007e3e6181db666ec9872a558f72767d81c39877; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 25 Oct 2022 07:39:04 GMT
content-type: application/javascript; charset=UTF-8
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
x-robots-tag: noindex
accept-ranges: bytes
cache-control: public, max-age=3600
last-modified: Thu, 20 Oct 2022 10:01:48 GMT
etag: W/"1509-183f4d782e0"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

ocsp.sca1b.amazontrust.com/

54.230.245.110

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
54.230.245.110:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
008793410918d88f81ae3da7f66cead9
546ad5b3be7237a97ec1de70664935244fb492b3
6daee690e9aac7620101e9c5bdeea7c3a9720e36a9df77ed3455e63b989c3e2d

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=133172
Date: Tue, 25 Oct 2022 07:39:04 GMT
Etag: "6356e948-1d7"
Expires: Wed, 26 Oct 2022 20:38:36 GMT
Last-Modified: Mon, 24 Oct 2022 19:36:40 GMT
Server: ECS (dcb/7EA4)
X-Cache: Miss from cloudfront
Via: 1.1 04c4f064943f75498361739eb063cb7a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: Vjxbd7vZkfsOaNipRYDxJqKe35ivL9pozOho-4uMsi6T-LntAZ5pig==
Age: 3716

cdn3reference.com/landings/24402/images/1.gif

54.230.111.43

200 OK

990 kB

URL HTTP/2
cdn3reference.com/landings/24402/images/1.gif
IP
54.230.111.43:0
ASN
#16509 AMAZON-02

File type
GIF image data, version 89a, 350 x 350\012- data
Size
990 kB (990217 bytes)
Hash
b6a3143a53b595e8fbdb0b57325eb689
92b4ec51c3d7c4a7153b9f6c71fc773801e681be
0f4d95d70a7c81a640b273cc833c39a15f44c3b6c87c48c7d372926fef736862

HTTP Headers

GET /landings/24402/images/1.gif HTTP/1.1
Host: cdn3reference.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn3reference.com/landings/24402/css/1bb237f1d11d96bafc51aee0e34d1311.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: image/gif
content-length: 990217
server: nginx
last-modified: Wed, 04 Dec 2019 08:19:16 GMT
accept-ranges: bytes
date: Tue, 25 Oct 2022 07:39:04 GMT
cache-control: public, max-age=604800
etag: "f1c09-598dc77f00900"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: vzk7XZ96CsjR1RHA7nJw2m9pWyZCv2u4jmCiavsw1duqWjQbx61CNg==
X-Firefox-Spdy: h2

cdn3reference.com/landings/24402/images/title.svg

54.230.111.43

200 OK

0 B

URL HTTP/2
cdn3reference.com/landings/24402/images/title.svg
IP
54.230.111.43:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /landings/24402/images/title.svg HTTP/1.1
Host: cdn3reference.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn3reference.com/landings/24402/css/1bb237f1d11d96bafc51aee0e34d1311.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: image/svg+xml
server: nginx
date: Tue, 25 Oct 2022 07:39:04 GMT
last-modified: Wed, 04 Dec 2019 08:20:42 GMT
cache-control: public, max-age=604800
content-encoding: gzip
etag: W/"4ed-598dc7d104a80"
x-cache: Miss from cloudfront
via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: eBpKzQy5Pk3j3raFQiP7p7kNOwtQRfHx5hPE03dINrl41e1H4yPRlg==
X-Firefox-Spdy: h2

retarget2core.com/43fbb6270523e1760fa5f0d2579dea07/ac3fc68831981c704535980c826941a5?tds_cid=a8ab3a61830abcc58cff3fcb760ea0b6f8c80d0f&dci=007e3e6181db666ec9872a558f72767d81c39877&j_type=open&jump=24402&jump_name=

18.185.204.76

200 OK

0 B

URL HTTP/2
retarget2core.com/43fbb6270523e1760fa5f0d2579dea07/ac3fc68831981c704535980c826941a5?tds_cid=a8ab3a61830abcc58cff3fcb760ea0b6f8c80d0f&dci=007e3e6181db666ec9872a558f72767d81c39877&j_type=open&jump=24402&jump_name=
IP
18.185.204.76:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /43fbb6270523e1760fa5f0d2579dea07/ac3fc68831981c704535980c826941a5?tds_cid=a8ab3a61830abcc58cff3fcb760ea0b6f8c80d0f&dci=007e3e6181db666ec9872a558f72767d81c39877&j_type=open&jump=24402&jump_name= HTTP/1.1
Host: retarget2core.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bustygirls4u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Tue, 25 Oct 2022 07:39:04 GMT
content-type: image/gif
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
accept-ch: UA, Platform, Model, Mobile, Arch
set-cookie: dci=4cb72a89fc8dfd3ebba9dd4820d3c774a4564745; Max-Age=31536000; Domain=.retarget2core.com; Path=/; Expires=Wed, 25 Oct 2023 07:39:04 GMT; Secure; SameSite=None
X-Firefox-Spdy: h2

bustygirls4u.com/tds/ae?tdsId=s8655tok_r&tds_campaign=s8655tok&utm_sub=opnfnl&s1=ps&utm_source=int&affid=497f5345&subid=&clickid=w1mf5rf7q2aon70ki5jvgu18&subid2=w1mf5rf7q2aon70ki5jvgu18

3.126.64.74

302 Found

0 B

URL HTTP/2
bustygirls4u.com/tds/ae?tdsId=s8655tok_r&tds_campaign=s8655tok&utm_sub=opnfnl&s1=ps&utm_source=int&affid=497f5345&subid=&clickid=w1mf5rf7q2aon70ki5jvgu18&subid2=w1mf5rf7q2aon70ki5jvgu18
IP
3.126.64.74:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /tds/ae?tdsId=s8655tok_r&tds_campaign=s8655tok&utm_sub=opnfnl&s1=ps&utm_source=int&affid=497f5345&subid=&clickid=w1mf5rf7q2aon70ki5jvgu18&subid2=w1mf5rf7q2aon70ki5jvgu18 HTTP/1.1
Host: bustygirls4u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://bilqi-omv.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
date: Tue, 25 Oct 2022 07:39:03 GMT
location: https://bustygirls4u.com/jump?tds_host=bustygirls4u.com&s1=ps&data2=w1mf5rf7q2aon70ki5jvgu18&_tgUrl=aHR0cHM6Ly9idXN0eWdpcmxzNHUuY29tL3Rkcy9hZS90Zy9zLzdmZDljODVhZWM3MWVmNWNjNmI4NmFlYTBhMGE4OGQxP19fdD0xNjY2NjgzNTQzNTEzJl9fbD0zNjAw&utm_campaign=497f5345&id=24402&tds_rt=&tds_campaign=b1727pos&tds_cid=a8ab3a61830abcc58cff3fcb760ea0b6f8c80d0f&utm_source=int&tds_id=b1727pos_jump_a_1598613018653&tds_oid=24402&dci=007e3e6181db666ec9872a558f72767d81c39877&tds_ac_id=s8655tok&tds_ao=1&s3=w1mf5rf7q2aon70ki5jvgu18&utm_content=
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
accept-ch: UA, Platform, Model, Mobile, Arch
set-cookie: dci=007e3e6181db666ec9872a558f72767d81c39877; Max-Age=31536000; Domain=.bustygirls4u.com; Path=/; Expires=Wed, 25 Oct 2023 07:39:03 GMT; Secure; SameSite=None
dm=fe450dd0d1dadc615429144d33241f42; Max-Age=432000; Path=/; Expires=Sun, 30 Oct 2022 07:39:03 GMT
X-Firefox-Spdy: h2

bustygirls4u.com/bridge/frodi_data.js

3.126.64.74

200 OK

0 B

URL HTTP/2
bustygirls4u.com/bridge/frodi_data.js
IP
3.126.64.74:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /bridge/frodi_data.js HTTP/1.1
Host: bustygirls4u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bustygirls4u.com/jump?tds_host=bustygirls4u.com&s1=ps&data2=w1mf5rf7q2aon70ki5jvgu18&_tgUrl=aHR0cHM6Ly9idXN0eWdpcmxzNHUuY29tL3Rkcy9hZS90Zy9zLzdmZDljODVhZWM3MWVmNWNjNmI4NmFlYTBhMGE4OGQxP19fdD0xNjY2NjgzNTQzNTEzJl9fbD0zNjAw&utm_campaign=497f5345&id=24402&tds_rt=&tds_campaign=b1727pos&tds_cid=a8ab3a61830abcc58cff3fcb760ea0b6f8c80d0f&utm_source=int&tds_id=b1727pos_jump_a_1598613018653&tds_oid=24402&dci=007e3e6181db666ec9872a558f72767d81c39877&tds_ac_id=s8655tok&tds_ao=1&s3=w1mf5rf7q2aon70ki5jvgu18&utm_content=
Cookie: dci=007e3e6181db666ec9872a558f72767d81c39877; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 25 Oct 2022 07:39:04 GMT
content-type: application/javascript; charset=UTF-8
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
x-robots-tag: noindex
accept-ranges: bytes
cache-control: public, max-age=3600
last-modified: Thu, 20 Oct 2022 10:01:48 GMT
etag: W/"19f8-183f4d782e0"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

bustygirls4u.com/tds/interlayer?handler=FrodiData

3.126.64.74

200 OK

0 B

URL HTTP/2
bustygirls4u.com/tds/interlayer?handler=FrodiData
IP
3.126.64.74:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

POST /tds/interlayer?handler=FrodiData HTTP/1.1
Host: bustygirls4u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json; charset=utf-8
Content-Length: 1614
Origin: https://bustygirls4u.com
Connection: keep-alive
Referer: https://bustygirls4u.com/jump?tds_host=bustygirls4u.com&s1=ps&data2=w1mf5rf7q2aon70ki5jvgu18&_tgUrl=aHR0cHM6Ly9idXN0eWdpcmxzNHUuY29tL3Rkcy9hZS90Zy9zLzdmZDljODVhZWM3MWVmNWNjNmI4NmFlYTBhMGE4OGQxP19fdD0xNjY2NjgzNTQzNTEzJl9fbD0zNjAw&utm_campaign=497f5345&id=24402&tds_rt=&tds_campaign=b1727pos&tds_cid=a8ab3a61830abcc58cff3fcb760ea0b6f8c80d0f&utm_source=int&tds_id=b1727pos_jump_a_1598613018653&tds_oid=24402&dci=007e3e6181db666ec9872a558f72767d81c39877&tds_ac_id=s8655tok&tds_ao=1&s3=w1mf5rf7q2aon70ki5jvgu18&utm_content=
Cookie: dci=007e3e6181db666ec9872a558f72767d81c39877; dm=fe450dd0d1dadc615429144d33241f42
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 25 Oct 2022 07:39:04 GMT
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
accept-ch: UA, Platform, Model, Mobile, Arch
X-Firefox-Spdy: h2

cdn3reference.com/landings/24402/css/1bb237f1d11d96bafc51aee0e34d1311.css

54.230.111.43

200 OK

0 B

URL HTTP/2
cdn3reference.com/landings/24402/css/1bb237f1d11d96bafc51aee0e34d1311.css
IP
54.230.111.43:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /landings/24402/css/1bb237f1d11d96bafc51aee0e34d1311.css HTTP/1.1
Host: cdn3reference.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bustygirls4u.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css
server: nginx
date: Tue, 25 Oct 2022 07:39:04 GMT
last-modified: Fri, 26 Aug 2022 12:23:03 GMT
content-encoding: gzip
etag: W/"fcb-5e723f9b7d7c0"
x-cache: Miss from cloudfront
via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: xdThENMs4D6VdEc2xVSPrCAGPcJKM5Cu9lkrIzU8bZHIPE9Q80Y4gg==
X-Firefox-Spdy: h2

retarget2core.com/fp/fp_ec.js

18.185.204.76

200 OK

0 B

URL HTTP/2
retarget2core.com/fp/fp_ec.js
IP
18.185.204.76:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /fp/fp_ec.js HTTP/1.1
Host: retarget2core.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bustygirls4u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Tue, 25 Oct 2022 07:39:04 GMT
content-type: application/javascript; charset=UTF-8
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
x-robots-tag: noindex
accept-ranges: bytes
cache-control: public, max-age=3600
last-modified: Thu, 20 Oct 2022 10:01:48 GMT
etag: W/"4bd-183f4d782e0"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Roboto:400,500,700,900&display=swap

142.250.74.10

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css?family=Roboto:400,500,700,900&display=swap
IP
142.250.74.10:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css?family=Roboto:400,500,700,900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn3reference.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 25 Oct 2022 07:39:04 GMT
date: Tue, 25 Oct 2022 07:39:04 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (19)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations