re22273.ah.wy5532.com/
185.107.56.200200 OK 482 B IP 185.107.56.200:0
ASN #43350 NForce Entertainment B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (482), with no line terminators
Hash 778c1391bf247c1738f8c7cae2335845
b756622ad6f0c60395f4057a4d9153aa83007c68
26118a3ec2e0d602e7916357f3be93a84e0b3f9bbf2ce0d9666bd1e3f9164719
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: re22273.ah.wy5532.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: sid=ef615a5c-9e2e-11ed-9e54-c70b6a8b185b
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 482
content-type: text/html; charset=utf-8
date: Fri, 27 Jan 2023 12:13:53 GMT
server: nginx
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9fbe85f42e8ae8ae41cc12df5f98b141
949fa36ff0f22f72565fd584bef094dd4de23037
184d3e4df4bce559b4d7c4836372f5fd2de9782a96b04d364230b7d695d737d8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "184D3E4DF4BCE559B4D7C4836372F5FD2DE9782A96B04D364230B7D695D737D8"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5855
Expires: Fri, 27 Jan 2023 13:51:29 GMT
Date: Fri, 27 Jan 2023 12:13:54 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 58ffdcb539c3b250fdf31ed761627fc1
5b55b1522ef84c39b5c42f9bbfbc62b806c1269f
eb783cfa8c8544b0574b345abc0bf3c150979d4efce1a013f17b6cd48076fc63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EB783CFA8C8544B0574B345ABC0BF3C150979D4EFCE1A013F17B6CD48076FC63"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12288
Expires: Fri, 27 Jan 2023 15:38:42 GMT
Date: Fri, 27 Jan 2023 12:13:54 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bf0c602d32b3c14606f22a86183b5e3c
6eabd8d83475eba731968abe1a05a8bfd272f160
6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 27 Jan 2023 11:42:59 GMT
content-type: application/json
age: 1855
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 49049f3c92aad686cd7ff28ecd2a5a4f
9cc2bc9c055450dbc4fae93eabe4ef8509b3ff57
02cf421968192286bb174ff0e6c818a843c4eca61a02cd493e6f95bb58a37015
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "02CF421968192286BB174FF0E6C818A843C4ECA61A02CD493E6F95BB58A37015"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11672
Expires: Fri, 27 Jan 2023 15:28:26 GMT
Date: Fri, 27 Jan 2023 12:13:54 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: /OKVaaQYwzVSEfs/C2GLdYY1uv77ekgrno9XxOn9UEKKN9MS2kXeazQzQPsLaWpJS5mHmevmFpQ=
x-amz-request-id: 7DVEEV9FVVP3KBK0
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 27 Jan 2023 11:49:24 GMT
age: 1470
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 27 Jan 2023 12:13:54 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
re22273.ah.wy5532.com/favicon.ico
185.107.56.200404 Not Found 9 B URL HTTP/1.1 re22273.ah.wy5532.com/favicon.ico
IP 185.107.56.200:0
ASN #43350 NForce Entertainment B.V.
File type ASCII text, with no line terminators
Hash d8f4a1993546cc4b850cde3599e27aec
094b763b4cfcc0b05e5d040581cd513c3ca08067
907ba78b4545338d3539683e63ecb51cf51c10adc9dabd86e92bd52339f298b9
GET /favicon.ico HTTP/1.1
Host: re22273.ah.wy5532.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://re22273.ah.wy5532.com/
Cookie: sid=ef615a5c-9e2e-11ed-9e54-c70b6a8b185b
HTTP/1.1 404 Not Found
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 9
date: Fri, 27 Jan 2023 12:13:54 GMT
server: nginx
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Last-Modified, ETag, Content-Length, Expires, Cache-Control, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 27 Jan 2023 11:41:40 GMT
age: 1934
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 16a7b6a7128312e2f985d30df18c4487
6017bff79ffb525d9c7f9f32b999b74b5dc69602
663fd12209627f08e759c2ed1c76278a5da79dae1e0b46082dd1bb44775f7a16
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "663FD12209627F08E759C2ED1C76278A5DA79DAE1E0B46082DD1BB44775F7A16"
Last-Modified: Fri, 27 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6776
Expires: Fri, 27 Jan 2023 14:06:50 GMT
Date: Fri, 27 Jan 2023 12:13:54 GMT
Connection: keep-alive
re22273.ah.wy5532.com/?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY3NDgyODgzMywiaWF0IjoxNjc0ODIxNjMzLCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIyc3YyaXBvMW5rcjE4MWg5aWcwdmIyY3UiLCJuYmYiOjE2NzQ4MjE2MzMsInRzIjoxNjc0ODIxNjMzODE1OTE0fQ.y901Rq-7x5KUkfGuKqQLLQywc74bmUyVAVVEEIQef8E&sid=ef615a5c-9e2e-11ed-9e54-c70b6a8b185b
185.107.56.200302 Found 11 B URL HTTP/1.1 re22273.ah.wy5532.com/?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY3NDgyODgzMywiaWF0IjoxNjc0ODIxNjMzLCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIyc3YyaXBvMW5rcjE4MWg5aWcwdmIyY3UiLCJuYmYiOjE2NzQ4MjE2MzMsInRzIjoxNjc0ODIxNjMzODE1OTE0fQ.y901Rq-7x5KUkfGuKqQLLQywc74bmUyVAVVEEIQef8E&sid=ef615a5c-9e2e-11ed-9e54-c70b6a8b185b
IP 185.107.56.200:0
ASN #43350 NForce Entertainment B.V.
File type ASCII text, with no line terminators
Hash 32682312d17c7cbf18e73594f5570319
60e22121bdd0bc71cdb2bae2a3aa577006b2eae9
e55fb1a1d731153e943b68844af12dcce8bfac917c98ffdea64c80da0607dd47
GET /?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY3NDgyODgzMywiaWF0IjoxNjc0ODIxNjMzLCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIyc3YyaXBvMW5rcjE4MWg5aWcwdmIyY3UiLCJuYmYiOjE2NzQ4MjE2MzMsInRzIjoxNjc0ODIxNjMzODE1OTE0fQ.y901Rq-7x5KUkfGuKqQLLQywc74bmUyVAVVEEIQef8E&sid=ef615a5c-9e2e-11ed-9e54-c70b6a8b185b HTTP/1.1
Host: re22273.ah.wy5532.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://re22273.ah.wy5532.com/
Cookie: sid=ef615a5c-9e2e-11ed-9e54-c70b6a8b185b
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 11
date: Fri, 27 Jan 2023 12:13:54 GMT
location: http://orest-vlv.com/zcvisitor/114319f3-9e3c-11ed-a39b-123a18907f83/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=105f24d0-089a-11ed-bde8-128084d1ce51
server: nginx
set-cookie: sid=ef615a5c-9e2e-11ed-9e54-c70b6a8b185b; path=/; domain=.wy5532.com; expires=Wed, 14 Feb 2091 15:28:02 GMT; max-age=2147483647; HttpOnly
orest-vlv.com/zcvisitor/114319f3-9e3c-11ed-a39b-123a18907f83/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=105f24d0-089a-11ed-bde8-128084d1ce51
54.237.193.255200 1.1 kB URL HTTP/1.1 orest-vlv.com/zcvisitor/114319f3-9e3c-11ed-a39b-123a18907f83/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=105f24d0-089a-11ed-bde8-128084d1ce51
IP 54.237.193.255:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash ef47770a8bc794b3417c6a6a8a7245ed
63a4dc7f06bac691f33eb1e53e06e9664177af0c
c9c72ee78c1fca01f884091b41f6abdbce088014b803c6d12214f905ab3bda04
GET /zcvisitor/114319f3-9e3c-11ed-a39b-123a18907f83/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=105f24d0-089a-11ed-bde8-128084d1ce51 HTTP/1.1
Host: orest-vlv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://re22273.ah.wy5532.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200
Date: Fri, 27 Jan 2023 12:13:55 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Server: APBHmGOx
push.services.mozilla.com/
35.83.202.51101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.83.202.51:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: LJ6Vy4y5x2+WDL2rDjCrzQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: imhKU8HyAmFE8/bVi9LmZRz9RcE=
orest-vlv.com/zcredirect?visitid=114319f3-9e3c-11ed-a39b-123a18907f83&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false
54.237.193.255200 746 B URL HTTP/1.1 orest-vlv.com/zcredirect?visitid=114319f3-9e3c-11ed-a39b-123a18907f83&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false
IP 54.237.193.255:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (330)
Hash 81ef4b817c3b037dcc382159d590da20
e93a557187904d99bb77edf17fee775fd7f2b9e8
8d033da686a4c7ea793f50df108e88b88d802744db3ea4688b523f37b9462e67
GET /zcredirect?visitid=114319f3-9e3c-11ed-a39b-123a18907f83&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false HTTP/1.1
Host: orest-vlv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://orest-vlv.com/zcvisitor/114319f3-9e3c-11ed-a39b-123a18907f83/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=105f24d0-089a-11ed-bde8-128084d1ce51
Upgrade-Insecure-Requests: 1
HTTP/1.1 200
Date: Fri, 27 Jan 2023 12:13:55 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
redirected: JS
Server: ZGhjhzhP
orest-vlv.com/favicon.ico
54.237.193.255404 653 B URL HTTP/1.1 orest-vlv.com/favicon.ico
IP 54.237.193.255:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (649), with no line terminators
Hash ba2732b1b2fa2626ffaa15f62f9e7d66
203d4e7fbb1d80449d6e4e1f3ae7a9bf8625debe
879861cb72fe9fbb476dab246021c4c83b4066327de2529e05ec54d3afb0a1c8
GET /favicon.ico HTTP/1.1
Host: orest-vlv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://orest-vlv.com/zcredirect?visitid=114319f3-9e3c-11ed-a39b-123a18907f83&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false
HTTP/1.1 404
Date: Fri, 27 Jan 2023 12:13:55 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 653
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Content-Language: en
Server: oWqKGNLF
cartining-specute.com/zp-redirect?target=https%3A%2F%2Fwinandlove.com%2FMtnb3wf8%3Faid%3Dbgzzbzgkdk%26kid%3Ddghhfxfxgbx%26clickid%3Dw76e02otim9t7s6mi08e7a0i&caid=f72d8c37-b1a8-4074-8f00-3243bfd2c432&zpid=114319f3-9e3c-11ed-a39b-123a18907f83&cid=w76e02otim9t7s6mi08e7a0i&rt=R
18.197.36.77302 Found 0 B URL HTTP/2 cartining-specute.com/zp-redirect?target=https%3A%2F%2Fwinandlove.com%2FMtnb3wf8%3Faid%3Dbgzzbzgkdk%26kid%3Ddghhfxfxgbx%26clickid%3Dw76e02otim9t7s6mi08e7a0i&caid=f72d8c37-b1a8-4074-8f00-3243bfd2c432&zpid=114319f3-9e3c-11ed-a39b-123a18907f83&cid=w76e02otim9t7s6mi08e7a0i&rt=R
IP 18.197.36.77:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /zp-redirect?target=https%3A%2F%2Fwinandlove.com%2FMtnb3wf8%3Faid%3Dbgzzbzgkdk%26kid%3Ddghhfxfxgbx%26clickid%3Dw76e02otim9t7s6mi08e7a0i&caid=f72d8c37-b1a8-4074-8f00-3243bfd2c432&zpid=114319f3-9e3c-11ed-a39b-123a18907f83&cid=w76e02otim9t7s6mi08e7a0i&rt=R HTTP/1.1
Host: cartining-specute.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://orest-vlv.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Fri, 27 Jan 2023 12:13:55 GMT
content-length: 0
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://winandlove.com/Mtnb3wf8?aid=bgzzbzgkdk&kid=dghhfxfxgbx&clickid=w76e02otim9t7s6mi08e7a0i
pragma: no-cache
set-cookie: cc-v4=lQ4THsLXe%2F03DMQJ5MjeiYQ2uEK3u17uKVhUF%2FasV2Zgv8wAjKYEaosm6Bh0OfgAHJBXmGTbHPj85o2Yw0xbmBXd%2FSrbAg1I6el%2FJ%2BWVXbyWm2z0P54V8lqgJv9oEe8ORxiluD2S0UgqlsSo1gX6rA%3D%3D; Max-Age=31536000; Expires=Sat, 27-Jan-2024 12:13:55 GMT; Domain=cartining-specute.com; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/1qjPNXlPzIY
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/1qjPNXlPzIY
IP 142.250.74.131:0
Hash a219cb7209a13731db7a3f9d568f2a1e
de7bc983ff059fb6fc81e48e635c669148b6dbbc
40fcd69b41df16cba92ab9493a7061786eae475d737b97ac5f0389e7961d7e89
POST /s/gts1p5/1qjPNXlPzIY HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 12:13:56 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1p5/1qjPNXlPzIY
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/1qjPNXlPzIY
IP 142.250.74.131:0
Hash a219cb7209a13731db7a3f9d568f2a1e
de7bc983ff059fb6fc81e48e635c669148b6dbbc
40fcd69b41df16cba92ab9493a7061786eae475d737b97ac5f0389e7961d7e89
POST /s/gts1p5/1qjPNXlPzIY HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 12:13:56 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 277 B IP 93.184.220.29:0
Hash 569128e63f3f8d089a8dcbae8ca45ab5
121e8903cd53c35f33535a8dd166d3c5b4f42d1c
8e1b02a0191347fdc4ae708d68329ea6de4e1dd3cd35b01228771f86fe96485e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 829
Cache-Control: max-age=142224
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 12:13:56 GMT
Etag: "63d34557-115"
Expires: Sun, 29 Jan 2023 03:44:20 GMT
Last-Modified: Fri, 27 Jan 2023 03:30:31 GMT
Server: ECS (amb/6BAE)
X-Cache: HIT
Content-Length: 277
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash bd56ce22720c6e6072efdabae64669fd
29194390d12177fe0d88e1bd2fb4436509366a1c
c41996d83d942ca58a13e2d1adfd171cf26a84bc9b7fdbd1ca941eb0269b5404
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C41996D83D942CA58A13E2D1ADFD171CF26A84BC9B7FDBD1CA941EB0269B5404"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14903
Expires: Fri, 27 Jan 2023 16:22:19 GMT
Date: Fri, 27 Jan 2023 12:13:56 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash bd56ce22720c6e6072efdabae64669fd
29194390d12177fe0d88e1bd2fb4436509366a1c
c41996d83d942ca58a13e2d1adfd171cf26a84bc9b7fdbd1ca941eb0269b5404
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C41996D83D942CA58A13E2D1ADFD171CF26A84BC9B7FDBD1CA941EB0269B5404"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14903
Expires: Fri, 27 Jan 2023 16:22:19 GMT
Date: Fri, 27 Jan 2023 12:13:56 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash bd56ce22720c6e6072efdabae64669fd
29194390d12177fe0d88e1bd2fb4436509366a1c
c41996d83d942ca58a13e2d1adfd171cf26a84bc9b7fdbd1ca941eb0269b5404
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C41996D83D942CA58A13E2D1ADFD171CF26A84BC9B7FDBD1CA941EB0269B5404"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14903
Expires: Fri, 27 Jan 2023 16:22:19 GMT
Date: Fri, 27 Jan 2023 12:13:56 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash bd56ce22720c6e6072efdabae64669fd
29194390d12177fe0d88e1bd2fb4436509366a1c
c41996d83d942ca58a13e2d1adfd171cf26a84bc9b7fdbd1ca941eb0269b5404
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C41996D83D942CA58A13E2D1ADFD171CF26A84BC9B7FDBD1CA941EB0269B5404"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14903
Expires: Fri, 27 Jan 2023 16:22:19 GMT
Date: Fri, 27 Jan 2023 12:13:56 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash bd56ce22720c6e6072efdabae64669fd
29194390d12177fe0d88e1bd2fb4436509366a1c
c41996d83d942ca58a13e2d1adfd171cf26a84bc9b7fdbd1ca941eb0269b5404
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C41996D83D942CA58A13E2D1ADFD171CF26A84BC9B7FDBD1CA941EB0269B5404"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14903
Expires: Fri, 27 Jan 2023 16:22:19 GMT
Date: Fri, 27 Jan 2023 12:13:56 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F16430244-f45f-4aea-a8a8-2b1f37fa80ef.jpeg
34.120.237.76200 OK 5.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F16430244-f45f-4aea-a8a8-2b1f37fa80ef.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5e7158416f60576804ccff03307319fe
a342f94625e913fa6b8d862a59979f1e3ad80dd1
5c525df7d169cc7e033d920c11f4a0163a781c025a22b70530882b56964a9a52
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F16430244-f45f-4aea-a8a8-2b1f37fa80ef.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5737
x-amzn-requestid: cc977ea9-c418-4a5a-a13b-c86e16bbe6ba
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fRGPFGL5oAMFiSg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d050c6-2d540cac5ca7d4e64cfdb8bc;Sampled=0
x-amzn-remapped-date: Tue, 24 Jan 2023 21:42:30 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: uZnA5gkRlZyqamh_n3992G9PlMJa4gJ-mjSOQEysII73dDKLXmeXsg==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 12:26:22 GMT
age: 85654
etag: "a342f94625e913fa6b8d862a59979f1e3ad80dd1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6418a71b-f89d-45d1-bc77-36d6312f560b.jpeg
34.120.237.76200 OK 5.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6418a71b-f89d-45d1-bc77-36d6312f560b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ba0a42dadf6a976df148f652e9cc1844
4d825b74865effa4a858ddcad1d0969671facc07
7276a38c9ba6b13a06f24ab8b802f210f98c5541df53fbcd8e879a14d2957d95
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6418a71b-f89d-45d1-bc77-36d6312f560b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5943
x-amzn-requestid: 6774f4a4-ed83-49df-868f-4517c2af914b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fUXxNF2UIAMFlYw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d1a007-75b1e8975c3f4b503e0a1c5b;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 21:32:55 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: MeE0Qrn_yZvUApGQTbOKQ14Z2ipPLbPFPyVqkKTk0Bs7ETn0UU6yMg==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 21:48:43 GMT
age: 51913
etag: "4d825b74865effa4a858ddcad1d0969671facc07"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F91a77b6d-ccc1-422b-8493-221c615accaf.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F91a77b6d-ccc1-422b-8493-221c615accaf.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e0fe44d9606e6a149a253423f312dfc5
78e442e8a9142311c25dafd01823a240f4acb0d6
9aad8938c1fda9641f95a4369f57ea57303a28e05f56e3bb1961e17cfbb123f4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F91a77b6d-ccc1-422b-8493-221c615accaf.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13175
x-amzn-requestid: 14ccf28a-a84a-4903-9edc-7659096cb3ae
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fRxOCFrkIAMFt8w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d0958c-6a67f1aa65038439793808fd;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 02:35:56 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 10J4VSVgerDXDZu4y_1eRSX9p883b6Rx82BCc-B2Ck4Z8Eh31jB5uA==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 12a392bc3a7281f8d5d4591bfadc41fc.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 07:43:52 GMT
age: 16204
etag: "78e442e8a9142311c25dafd01823a240f4acb0d6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd33883a9-7857-4110-892f-73f67db692bc.jpeg
34.120.237.76200 OK 9.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd33883a9-7857-4110-892f-73f67db692bc.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a85badd84c0542610b94f22c4f265511
5b490095b5e02d9fef4b762888353998b645dfc9
23d6d9848caf36f0556438c371f112b40dcbf9b08b8b27bd37d4d73960c701c1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd33883a9-7857-4110-892f-73f67db692bc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9482
x-amzn-requestid: 825c5e6b-8fda-445e-9ed3-f5d634943c00
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fIZd0HqkIAMFn7g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ccd5f1-2b31fe3001a1b04a406ff7ff;Sampled=0
x-amzn-remapped-date: Sun, 22 Jan 2023 06:21:37 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: CLTiEOu21gcngjMAN7EcwiAVeXsOYrTqwKr-puh4Cq9W51bI4WivVQ==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 05:22:53 GMT
age: 24663
etag: "5b490095b5e02d9fef4b762888353998b645dfc9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52fbb3f0-e394-4245-a542-f5d9aa7b93cc.jpeg
34.120.237.76200 OK 9.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52fbb3f0-e394-4245-a542-f5d9aa7b93cc.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash dc869235086902c4acc379733b6bfdb8
0170f6aa6bd83ddeb60cf1cb65e9f0443d8d4bae
e614e29b14e69209fd4b82a688290f7a3f541909833a6558cf480aca899bab6d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52fbb3f0-e394-4245-a542-f5d9aa7b93cc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9056
x-amzn-requestid: 81cf473d-8dc6-49e7-b012-d0b7dfaec7f8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fB4COHTlIAMFtRg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ca3a0e-0848461c054db5c66fde9107;Sampled=0
x-amzn-remapped-date: Fri, 20 Jan 2023 06:51:58 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: fdefZSZfSJi1-C7ZTSahawckLN-To4P91H-n1cyPqw34f18VzTeHRg==
via: 1.1 23206a1c229d8877bdd053c4b05f9d12.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 12:54:06 GMT
age: 83990
etag: "0170f6aa6bd83ddeb60cf1cb65e9f0443d8d4bae"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb781854-72d1-4a71-a095-0416f886f570.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb781854-72d1-4a71-a095-0416f886f570.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 131eb343c5abd61939457d69bd371348
ffb2035cf64fc83f01db5c6f26ffa264b6aac95b
8486eb9dc6325018f8721bc6f37408f260b6e652b145280f2d778d860d3ec2d5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb781854-72d1-4a71-a095-0416f886f570.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7538
x-amzn-requestid: 113924cc-a196-4dbd-91d9-68c213265afe
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e3fobF-ZoAMFjjA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c61302-6b24941a642b22cf21e47dc0;Sampled=0
x-amzn-remapped-date: Tue, 17 Jan 2023 03:16:18 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 2P09wOtKPDHjxxAuzcLFMQJwmGN1zNJcH9LA6IJpeaGiaPVRF4y-TA==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 21:59:56 GMT
age: 51240
etag: "ffb2035cf64fc83f01db5c6f26ffa264b6aac95b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
m.luvmenow.com/click?pid=34496&offer_id=5246&sub1=s8hnpa6l95k&sub2=34496&sub3=21&sub4=s8hnpa6l95h&sub5=38577&sub6=156696&sub7=frd&sub8=
104.21.11.83302 Found 0 B URL HTTP/2 m.luvmenow.com/click?pid=34496&offer_id=5246&sub1=s8hnpa6l95k&sub2=34496&sub3=21&sub4=s8hnpa6l95h&sub5=38577&sub6=156696&sub7=frd&sub8=
IP 104.21.11.83:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?pid=34496&offer_id=5246&sub1=s8hnpa6l95k&sub2=34496&sub3=21&sub4=s8hnpa6l95h&sub5=38577&sub6=156696&sub7=frd&sub8= HTTP/1.1
Host: m.luvmenow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://orest-vlv.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Fri, 27 Jan 2023 12:13:56 GMT
content-length: 0
location: https://meshho.com/?a=16295&c=43694&p=r&s1=&s2=a_63d3c00403bb52000107e1c4&s4=34496
x-adjust-use-original-forwarded-for: 1
set-cookie: afclick=63d3c00403bb52000107e1c4; expires=Sat, 27 Jan 2024 12:13:56 GMT; secure; SameSite=None
afoffers={"5246":1674821636}; expires=Sat, 27 Jan 2024 12:13:56 GMT; secure; SameSite=None
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vHVOa5PcDUOZwcTcMYeMSDpao8tNDPbgtd0lHAeQiIWSNfokhCUDANjvsO5fzgwm1p9b9FYClRptc1WDROphiAFVKOX7PHva5MPRB65J4HfAPVSfl3u6WROtLS%2FPxCI2MA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 790167bbef11b51b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 277 B IP 93.184.220.29:0
Hash 569128e63f3f8d089a8dcbae8ca45ab5
121e8903cd53c35f33535a8dd166d3c5b4f42d1c
8e1b02a0191347fdc4ae708d68329ea6de4e1dd3cd35b01228771f86fe96485e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 829
Cache-Control: max-age=142224
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 12:13:56 GMT
Etag: "63d34557-115"
Expires: Sun, 29 Jan 2023 03:44:20 GMT
Last-Modified: Fri, 27 Jan 2023 03:30:31 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 277
ocsp2.globalsign.com/gsalphasha2g2
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp2.globalsign.com/gsalphasha2g2
IP 104.18.20.226:0
Hash 729a6c327283b4e1666d94712ed8c380
a8b6bc76dec2ae726bb040c67a7a919167c77e1f
a236a4b8f8513a6fc25256d7f2267ba88ee64757ac6af9f1a3bd0394a75beb30
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 12:13:56 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Tue, 31 Jan 2023 10:16:04 GMT
ETag: "a8b6bc76dec2ae726bb040c67a7a919167c77e1f"
Last-Modified: Fri, 27 Jan 2023 10:16:05 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 790167bd1d77b509-OSL
meshho.com/?a=16295&c=43694&p=r&s1=&s2=a_63d3c00403bb52000107e1c4&s4=34496
52.51.210.211302 Found 270 B URL HTTP/1.1 meshho.com/?a=16295&c=43694&p=r&s1=&s2=a_63d3c00403bb52000107e1c4&s4=34496
IP 52.51.210.211:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash d5c1215590498f1c7de2d7ced0efa21c
11e2f991c290255691233e633b5d81425e0814ee
e3c9f76f6e19ea25ff91fde62a6e61fa19a91aa7d70ec11ead3dca084fd51218
GET /?a=16295&c=43694&p=r&s1=&s2=a_63d3c00403bb52000107e1c4&s4=34496 HTTP/1.1
Host: meshho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://orest-vlv.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Cache-Control: private
Content-Length: 270
Content-Type: text/html; charset=utf-8
Date: Fri, 27 Jan 2023 12:13:56 GMT
Location: https://toomoffr.com/?a=16295&c=43694&p=r&s1=&s2=a_63d3c00403bb52000107e1c4&s4=34496&ckmguid=aa0b4cf5-10d4-49cc-b4ef-8a56385795f4
Connection: close
ocsp.globalsign.com/alphasslcasha256g4
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/alphasslcasha256g4
IP 104.18.21.226:0
Hash b8c54795f709b361b97a8065803c1a45
15e8709b07bec639d7023f032779eda9843d3e30
2d1101ba15af1b41f23f03b2e16e497a0acca92206642e4d2858ce3769dc61df
POST /alphasslcasha256g4 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 12:13:57 GMT
Content-Type: application/ocsp-response
Content-Length: 1437
Connection: keep-alive
Expires: Tue, 31 Jan 2023 11:08:46 GMT
ETag: "15e8709b07bec639d7023f032779eda9843d3e30"
Last-Modified: Fri, 27 Jan 2023 11:08:47 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 790167c0597db511-OSL
toomoffr.com/?a=16295&c=43694&p=r&s1=&s2=a_63d3c00403bb52000107e1c4&s4=34496&ckmguid=aa0b4cf5-10d4-49cc-b4ef-8a56385795f4
52.51.210.211302 Found 234 B URL HTTP/1.1 toomoffr.com/?a=16295&c=43694&p=r&s1=&s2=a_63d3c00403bb52000107e1c4&s4=34496&ckmguid=aa0b4cf5-10d4-49cc-b4ef-8a56385795f4
IP 52.51.210.211:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 71afb4948597d71904c1a22775607925
5732412080a980b0ab7e485abf1899c4ca410e33
d528d9cb264f6b9a790819b2027befc5730cb3e7b5579b6fcc4b3bf300c3778c
GET /?a=16295&c=43694&p=r&s1=&s2=a_63d3c00403bb52000107e1c4&s4=34496&ckmguid=aa0b4cf5-10d4-49cc-b4ef-8a56385795f4 HTTP/1.1
Host: toomoffr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://orest-vlv.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Cache-Control: private
Content-Length: 234
Content-Type: text/html; charset=utf-8
Date: Fri, 27 Jan 2023 12:13:57 GMT
Location: https://bl.trackham.com/f9908105-7257-45be-97c0-9990466cb2a4?external_id=36197-742559630&source=16295&sum=#p#
P3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: sid=BK1R9FZK7VxVPfS28Xf/Z03YT1aI1Etp34OCedTSMrEg2EowwnfUvA==; domain=.toomoffr.com; path=/; HttpOnly
trk=ylQ8XfatEbMTyrKNsMQJsU3YT1aI1Etp34OCedTSMrEg2EowwnfUvA==; domain=.toomoffr.com; expires=Mon, 27-Jan-2025 12:13:57 GMT; path=/; HttpOnly
c36197=BK1R9FZK7VxyA+ul7mVctGr4Q9mnXlpiQEtKzTfriEBeCUghiDE1Zg==; domain=.toomoffr.com; expires=Sun, 26-Feb-2023 12:13:57 GMT; path=/; HttpOnly
Connection: close
bl.trackham.com/f9908105-7257-45be-97c0-9990466cb2a4?external_id=36197-742559630&source=16295&sum=
18.193.146.82302 Found 0 B URL HTTP/2 bl.trackham.com/f9908105-7257-45be-97c0-9990466cb2a4?external_id=36197-742559630&source=16295&sum=
IP 18.193.146.82:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /f9908105-7257-45be-97c0-9990466cb2a4?external_id=36197-742559630&source=16295&sum= HTTP/1.1
Host: bl.trackham.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://orest-vlv.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Fri, 27 Jan 2023 12:13:57 GMT
content-length: 0
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://mycasualhookups.com/sl/html/032107/n.php?cep=e_5Rkou81B8W_PfhJRNowwcebT-_DOw1uLWpq9Xc_aigD8gWA3_38n-llJi3UcFFlptSNLbpjhHBCcCtp6CSmCXsot1TkDWt_QqmLzhQSgpBzDqJf9qcVudQt46U8M4JkkCa3c4A8HnogJqiaq0NajF2HA1rCyIh37_ppXt-C9bjP_RgzSiBYLLXOb2j4ouG23FShdX2vSX_2BVyoJMn6ZQy86bQgqlwsOnjabN0Mv9QoETg0tRWFnoKtUTTg-dY0BGmPwRLk07JhzW3yAPl3FoC13puRoqKsj18bIbSNhzPQmV-3hZFe0t4ucOhiJs-26xVtnb1J4LdCn-IS1NbT4t08K_Diyus5gEJPuDAY_Sy3GyMNv4MeUY4UWjVY4cMWKhJnjkFJhElfQ5pcUNafN1JreVjVS_goKvtZ6nojW8&lptoken=169574d882863412379e&external_id=36197-742559630&source=16295&sum=
pragma: no-cache
set-cookie: f9908105-7257-45be-97c0-9990466cb2a4-v4=DKagYRmxfXlzycal1HuvCOzfmDWxDGq_esUT5Ecs5hM; Max-Age=86400; Expires=Sat, 28-Jan-2023 12:13:57 GMT; Domain=bl.trackham.com; Path=/; Secure; HttpOnly;SameSite=None
cep-v4=1kqkO7aFFMcyPhjl5zAUXHQuYNK3kZD9aJxxFS_fAbDAm_LeNK9GkizEZ8N3ziphqLo16RvLpAiTOsAE9cNQ3H-DV0uXi7ei4ZdrDuZXgxucDkvUIXrIf5dddOyULMit20UVlsQ2iaWOIsO7J-48-y9KkQGw6T18G_6_junIlgANfOdfzFcLp8n_PdWAFFp6g7SUDAzdGeLM-WoUewYy3vyUfRzAxJGZqMOBWMwtjhmeJqXsWS9XltdO5klQGqPcdHLIztcosFz8LUIVjARsdpDHukKSNAVpqmXikTupYUy1Wt-RsMR6c-0qhLjPlsPu1DygsrAAkM0sRg0ssjE6VJM-XlGmgofF4_ViNNY17kvw7rVkBTw-eHST5K4we0rVs3Vx9juwMgabWHP_thwS0M_IfVtP8V5mwUh94tIIyyw; Max-Age=86400; Expires=Sat, 28-Jan-2023 12:13:57 GMT; Domain=bl.trackham.com; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/QsXoNUJjkNc
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/QsXoNUJjkNc
IP 142.250.74.131:0
Hash c5a8c0a69382a61ef6536ab7e3c36520
4f50a90265d641e1729dc821baca62b206fb8c8b
c71455b2d6c6b38f1d3341b122fc9aac0439890a20f03f522e96968a7a626701
POST /s/gts1p5/QsXoNUJjkNc HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 12:13:57 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 48f87f021aa43dc85cabc3b624264811
6dcc2e3610ec6ef91768905aae267c984227f54a
0e77dc8ff90169c7db1343058490de4942217f3846ca0586bebd33d32513b305
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 12:13:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js?1508931949
142.250.74.10200 OK 34 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js?1508931949
IP 142.250.74.10:0
File type ASCII text, with very long lines (32077)
Hash fd2b58574f9637ba7ef639267349d848
6eda5ea93f549ceb5693f6f1c038893fa56a510d
75627d4b97e5e6294a8f88f5eeaf9b616696dc8600db9701c47ef05f067880ec
GET /ajax/libs/jquery/1.12.4/jquery.min.js?1508931949 HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mycasualhookups.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33951
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 27 Jan 2023 05:18:42 GMT
expires: Sat, 27 Jan 2024 05:18:42 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
age: 24916
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Open+Sans:400,600,800
142.250.74.138200 OK 1.2 kB URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans:400,600,800
IP 142.250.74.138:0
Hash 659c9bad1ded451ca7fd89ee35344814
fe602f64d4f476e603bf59a3c305e619386ed92d
88e1f7c670f0462d59ad0565a80d7bffe98040426954f14f0dc82b2b1137b0c2
GET /css?family=Open+Sans:400,600,800 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mycasualhookups.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 27 Jan 2023 12:13:58 GMT
date: Fri, 27 Jan 2023 12:13:58 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
app.api-push.com/get-keys
172.64.162.28204 No Content 0 B URL HTTP/2 app.api-push.com/get-keys
IP 172.64.162.28:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /get-keys HTTP/1.1
Host: app.api-push.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-referer
Referer: https://mycasualhookups.com/
Origin: https://mycasualhookups.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Fri, 27 Jan 2023 12:13:58 GMT
vary: Origin
access-control-allow-origin: *
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE,PATCH
access-control-allow-headers: content-type,x-referer
strict-transport-security: max-age=15724800; includeSubDomains
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hlcpWNo9H1NUhkbUnTQ3TvAR2LMrOkI%2BKbs8Gn7iSp5OJ2yG6nQ80INGsglgIG%2Ff9rp4lt46uwUVcyFk91uq6jKV5q0%2FdewRe%2Bn37Ckee4ZF9y7Tyq9kMFCilnDDXmXZOi3w"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 790167c8f8ee88b0-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
app.api-push.com/get-keys
172.64.162.28200 OK 917 B URL HTTP/2 app.api-push.com/get-keys
IP 172.64.162.28:0
File type JSON data\012- , ASCII text, with very long lines (2116), with no line terminators
Hash 513e2d6f7c4afa7a467e568b61c21860
ac4f6c25cdb7c39831cb5fbb29145329a81abee4
a1d29eaf84ca426460dada1ebf6d4d2c709ad23201f8bc53d4f9dbdc65aa4d20
POST /get-keys HTTP/1.1
Host: app.api-push.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
x-referer: https://mycasualhookups.com/sl/html/032107/n.php?cep=e_5Rkou81B8W_PfhJRNowwcebT-_DOw1uLWpq9Xc_aigD8gWA3_38n-llJi3UcFFlptSNLbpjhHBCcCtp6CSmCXsot1TkDWt_QqmLzhQSgpBzDqJf9qcVudQt46U8M4JkkCa3c4A8HnogJqiaq0NajF2HA1rCyIh37_ppXt-C9bjP_RgzSiBYLLXOb2j4ouG23FShdX2vSX_2BVyoJMn6ZQy86bQgqlwsOnjabN0Mv9QoETg0tRWFnoKtUTTg-dY0BGmPwRLk07JhzW3yAPl3FoC13puRoqKsj18bIbSNhzPQmV-3hZFe0t4ucOhiJs-26xVtnb1J4LdCn-IS1NbT4t08K_Diyus5gEJPuDAY_Sy3GyMNv4MeUY4UWjVY4cMWKhJnjkFJhElfQ5pcUNafN1JreVjVS_goKvtZ6nojW8&lptoken=169574d882863412379e&external_id=36197-742559630&source=16295&sum=#p#
Content-Length: 89
Origin: https://mycasualhookups.com
Connection: keep-alive
Referer: https://mycasualhookups.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 27 Jan 2023 12:13:58 GMT
content-type: application/json; charset=utf-8
vary: Origin
access-control-allow-origin: *
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE,PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=15724800; includeSubDomains
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WbOyRliNhGbdm5BsXmOCzgpE52xdhwYUqqDgNvY9%2B5XKzaorluGPyTwRRnWKd1W1OrLp7hNZnG5Xr5byBUcCYiDCw7czn%2BMBX9duNTwkJvtNc1podQ52uyHtqGLusSH0WWmL"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 790167c969b288b0-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
mycasualhookups.com/sl/common/css/style.css?1674821638
104.26.13.87200 OK 51 kB URL HTTP/2 mycasualhookups.com/sl/common/css/style.css?1674821638
IP 104.26.13.87:0
Hash bfded1da8cca0cfb961e0aa5e1abb7ed
9118c3ee8853f979ce6ddb161c57014d350a2ace
a2879a8a0f9f2773d61cfebbe8d35c99d9ac1f6aab86be6cbc944afdd611c361
Analyzer Verdict Alert fortinet Phishing
GET /sl/common/css/style.css?1674821638 HTTP/1.1
Host: mycasualhookups.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mycasualhookups.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 27 Jan 2023 12:13:58 GMT
content-type: text/css
last-modified: Mon, 26 Sep 2022 15:53:06 GMT
cache-control: max-age=86400
expires: Sat, 28 Jan 2023 12:13:58 GMT
vary: Accept-Encoding
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 2
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6Ehb965B%2F82vrs3GWfd%2FaM5bHgjry%2BMBpcma5FaOAFQxK6plnRXWYlvooPI0WZn4Qd3Nw2rdqi9yGGBsb9RuNMl5KaWva%2FGZi0PZvzKJUVNrNxFIO%2BWULJ%2BJI7F5ET77XZTjCOA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 790167c78866b50c-OSL
content-encoding: br
X-Firefox-Spdy: h2
mycasualhookups.com/sl/html/032107/js/config.js
104.26.13.87200 OK 3.2 kB URL HTTP/2 mycasualhookups.com/sl/html/032107/js/config.js
IP 104.26.13.87:0
File type ASCII text, with very long lines (332)
Hash 205abf7b4ed1f7edcdf259470222c0ad
799b452bce8539e58576425cf87216825404a862
4b77d36a70450e7214fbaaeed15e66231cc9542af3948bb438c48f7a7c1ef221
Analyzer Verdict Alert fortinet Phishing
GET /sl/html/032107/js/config.js HTTP/1.1
Host: mycasualhookups.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mycasualhookups.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 27 Jan 2023 12:13:58 GMT
content-type: application/javascript
cache-control: max-age=86400
cf-bgj: minify
cf-polished: origSize=701
expires: Sat, 28 Jan 2023 10:03:31 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
last-modified: Tue, 27 Sep 2022 14:19:29 GMT
vary: Accept-Encoding
x-endurance-cache-level: 2
cf-cache-status: HIT
age: 7826
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oqaqazZJU9fzB8pbNAh6IW%2BvUyXXQbDme1lwHCtdHVTPVjVYbptAVq%2BTXsOwhX%2F3DVnLufnDZCwNyZHzAYRJT590zpy2arDTK6BafDsRcGON0kJMaoT8k81UhoUY9wcPvpK8uJs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 790167c7886fb50c-OSL
content-encoding: br
X-Firefox-Spdy: h2
mycasualhookups.com/sl/common/js/lib/jquery-3.3.1.min.js
104.26.13.87200 OK 32 kB URL HTTP/2 mycasualhookups.com/sl/common/js/lib/jquery-3.3.1.min.js
IP 104.26.13.87:0
File type ASCII text, with very long lines (65451)
Hash e6a4038e3b0e67a43221a441015ce749
0d5497948869ef4914c9f47b865c0cd12e70b6a3
356bce2f17c27e94604fcce598df4c6f686df72d5dcbe00d52f4983936e00135
Analyzer Verdict Alert fortinet Phishing
GET /sl/common/js/lib/jquery-3.3.1.min.js HTTP/1.1
Host: mycasualhookups.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mycasualhookups.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 27 Jan 2023 12:13:58 GMT
content-type: application/javascript
last-modified: Mon, 26 Sep 2022 15:53:06 GMT
cache-control: max-age=86400
expires: Sat, 28 Jan 2023 06:02:42 GMT
vary: Accept-Encoding
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 2
cf-cache-status: HIT
age: 22276
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RSWM8QW%2B4faAorqYctL%2BM9X0LejYV5%2FHCdxludbedhutGYoGIuGDhqwRc%2Flzy%2F9gKttLpG0OLfBET4bSqYr7cfevNy7cfMwiqGmP%2BrauC7GO9Il2Ra%2F6%2BhYC%2Bau9hx%2Bx%2FTeoekA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 790167c78869b50c-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash c6c64fc014f993e296f124e4b2f0f175
68d3e62fcd25c05d19894a28f4490cf1d04a44c1
7cee6b4b9234d595e6abd78d1bc14febaf314cdab54cc18e07f92e0b24fe1e79
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 12:13:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash c6c64fc014f993e296f124e4b2f0f175
68d3e62fcd25c05d19894a28f4490cf1d04a44c1
7cee6b4b9234d595e6abd78d1bc14febaf314cdab54cc18e07f92e0b24fe1e79
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 12:13:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash c6c64fc014f993e296f124e4b2f0f175
68d3e62fcd25c05d19894a28f4490cf1d04a44c1
7cee6b4b9234d595e6abd78d1bc14febaf314cdab54cc18e07f92e0b24fe1e79
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 12:13:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
mycasualhookups.com/sl/common/js/main.js?1674821638
104.26.13.87200 OK 47 kB URL HTTP/2 mycasualhookups.com/sl/common/js/main.js?1674821638
IP 104.26.13.87:0
Hash 7977c9fdcb0b8b6d844a8ac2d3f91fc9
85b9464764885abb26bd899e76a4693b77002a75
d30a0617c149918581859ba43026a292463c5a04752e39405d762a5e6efdc5c7
Analyzer Verdict Alert fortinet Phishing
GET /sl/common/js/main.js?1674821638 HTTP/1.1
Host: mycasualhookups.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mycasualhookups.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 27 Jan 2023 12:13:58 GMT
content-type: application/javascript
last-modified: Mon, 26 Sep 2022 15:53:06 GMT
cache-control: max-age=86400
expires: Sat, 28 Jan 2023 12:13:58 GMT
vary: Accept-Encoding
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 2
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a4q5cu9WfTnhcowR3LSEeOSvb4JioNygox2o7kJhexMbTBwGFTumy33exCS64Fw88eKhs7Y27ZwVaY32ohy0ntVe36gjjWAdnz%2FXrjdtq%2FeK4hEfGBS4lM9kcY6J8beZy8EUTqY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 790167c78875b50c-OSL
content-encoding: br
X-Firefox-Spdy: h2
subscribe.api-push.com/subscriber/null/4e027e5d-4862-46c4-9cb6-ae024d88181b
172.64.162.28200 OK 5 B URL HTTP/2 subscribe.api-push.com/subscriber/null/4e027e5d-4862-46c4-9cb6-ae024d88181b
IP 172.64.162.28:0
File type ASCII text, with no line terminators
Hash 68934a3e9455fa72420237eb05902327
7cb6efb98ba5972a9b5090dc2e517fe14d12cb04
fcbcf165908dd18a9e49f7ff27810176db8e9f63b4352213741664245224f8aa
GET /subscriber/null/4e027e5d-4862-46c4-9cb6-ae024d88181b HTTP/1.1
Host: subscribe.api-push.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mycasualhookups.com/
Content-Type: application/json
x-referer: https://mycasualhookups.com/sl/html/032107/n.php?cep=e_5Rkou81B8W_PfhJRNowwcebT-_DOw1uLWpq9Xc_aigD8gWA3_38n-llJi3UcFFlptSNLbpjhHBCcCtp6CSmCXsot1TkDWt_QqmLzhQSgpBzDqJf9qcVudQt46U8M4JkkCa3c4A8HnogJqiaq0NajF2HA1rCyIh37_ppXt-C9bjP_RgzSiBYLLXOb2j4ouG23FShdX2vSX_2BVyoJMn6ZQy86bQgqlwsOnjabN0Mv9QoETg0tRWFnoKtUTTg-dY0BGmPwRLk07JhzW3yAPl3FoC13puRoqKsj18bIbSNhzPQmV-3hZFe0t4ucOhiJs-26xVtnb1J4LdCn-IS1NbT4t08K_Diyus5gEJPuDAY_Sy3GyMNv4MeUY4UWjVY4cMWKhJnjkFJhElfQ5pcUNafN1JreVjVS_goKvtZ6nojW8&lptoken=169574d882863412379e&external_id=36197-742559630&source=16295&sum=#p#
Origin: https://mycasualhookups.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 27 Jan 2023 12:13:59 GMT
content-type: application/json; charset=utf-8
content-length: 5
vary: Origin
access-control-allow-origin: *
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE,PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=15724800; includeSubDomains
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l46exFY2q%2BOKZS1yvnTegtgIyCZo9xiZO8kkV0oGOV816MRdrLG5oqG8wuwQGpkvUdRzh%2Fi9xV3BF5PR5sDR9xQFxaQ3GSPDEaq8aqMRk3F6cCN28Bz08%2BCXhDJF%2FKVDVJAY6WUFWBPl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 790167cb3c9388b0-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash c6c64fc014f993e296f124e4b2f0f175
68d3e62fcd25c05d19894a28f4490cf1d04a44c1
7cee6b4b9234d595e6abd78d1bc14febaf314cdab54cc18e07f92e0b24fe1e79
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 12:13:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
mycasualhookups.com/sl/html/032107/videos/video1.webm
104.26.13.87206 Partial Content 1.8 MB URL HTTP/2 mycasualhookups.com/sl/html/032107/videos/video1.webm
IP 104.26.13.87:0
File type WebM\012- EBML file, creator webmB\20\012- data
Size 1.8 MB (1787154 bytes)
Hash 275783ec04582836653aefff2ea6644c
c33c6cc9494ea3789cdfc22b925916164aee4253
cd69ec1ee91bec9876983cd47b3381838aaee8be56ef467400d55bf1f5f758fd
Analyzer Verdict Alert fortinet Phishing
GET /sl/html/032107/videos/video1.webm HTTP/1.1
Host: mycasualhookups.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Referer: https://mycasualhookups.com/
Range: bytes=0-
Connection: keep-alive
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 206 Partial Content
date: Fri, 27 Jan 2023 12:13:59 GMT
content-type: video/webm
content-length: 1787154
last-modified: Mon, 26 Sep 2022 15:53:08 GMT
cache-control: max-age=86400
expires: Sat, 28 Jan 2023 12:13:59 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 2
cf-cache-status: REVALIDATED
content-range: bytes 0-1787153/1787154
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FYMfGhjwfodtRN8jfoAPMI800ixGMgXFcGcEptu%2F0nA%2FtipfhGriRtHj62WOA9qSLJuFqEwZz03wujBXob%2BZ4l8H6FyPOn4qAFF2vAxp2I1wWnhRPeb67HQhGV5uoKemOvLgV6M%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 790167cb5dd5b50c-OSL
X-Firefox-Spdy: h2
mycasualhookups.com/sl/html/032107/css/style.css
104.26.13.87200 OK 0 B URL HTTP/2 mycasualhookups.com/sl/html/032107/css/style.css
IP 104.26.13.87:0
GET /sl/html/032107/css/style.css HTTP/1.1
Host: mycasualhookups.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mycasualhookups.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 27 Jan 2023 12:13:58 GMT
content-type: text/css
cache-control: max-age=86400
cf-bgj: minify
cf-polished: origSize=4300
expires: Sat, 28 Jan 2023 06:02:41 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
last-modified: Mon, 26 Sep 2022 15:53:08 GMT
vary: Accept-Encoding
x-endurance-cache-level: 2
cf-cache-status: HIT
age: 22276
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bwMSUgfJd7rE3L6YCNdtxcasXvwbZ1wdq8K3%2B79urLNLlkBWcr5rj7q1vMTe2zdBiWwTDAVoRcquqq40VQIJTrKQ67KsRxTENw0U9Azd2IcfR1aSLHvWyR25NTcZJOC25undmIQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 790167c77857b50c-OSL
content-encoding: br
X-Firefox-Spdy: h2
mycasualhookups.com/sl/common/js/common-langs.js
104.26.13.87200 OK 0 B URL HTTP/2 mycasualhookups.com/sl/common/js/common-langs.js
IP 104.26.13.87:0
Analyzer Verdict Alert fortinet Phishing
GET /sl/common/js/common-langs.js HTTP/1.1
Host: mycasualhookups.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mycasualhookups.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 27 Jan 2023 12:13:58 GMT
content-type: application/javascript
cache-control: max-age=86400
cf-bgj: minify
cf-polished: origSize=19528
expires: Sat, 28 Jan 2023 06:02:43 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
last-modified: Mon, 26 Sep 2022 15:53:06 GMT
vary: Accept-Encoding
x-endurance-cache-level: 2
cf-cache-status: HIT
age: 22275
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PQYq6dmNOaUux6oBD60Nd9pMiOrNM%2FhTAKL9kvP4TLtbZnnBvmgrDOmR5R2lPpHBGRr0edztZBHv84oOtKb%2BTNBFp9oTQ17deA1UqeiYkysalJI%2FPsYP%2FSQ1eQxar8uU78u5wCY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 790167c78873b50c-OSL
content-encoding: br
X-Firefox-Spdy: h2
mycasualhookups.com/sl/html/032107/js/main.js
104.26.13.87404 Not Found 0 B URL HTTP/2 mycasualhookups.com/sl/html/032107/js/main.js
IP 104.26.13.87:0
Analyzer Verdict Alert fortinet Phishing
GET /sl/html/032107/js/main.js HTTP/1.1
Host: mycasualhookups.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mycasualhookups.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Fri, 27 Jan 2023 12:13:58 GMT
content-type: text/html; charset=iso-8859-1
cache-control: max-age=7200
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R0ouMLmt89tw6PXl1JhYkIhodCHxP1JIbxJN9iAkfv4lEjAcR3DVnG1vqvSv5JzKf%2Fjr4C681E60SmDSEsYVyMNXApwsq6M7CkybcYmiSpcb930l1Oblh%2BQ6kQPG%2F9qsICFIxY0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 790167c78860b50c-OSL
content-encoding: br
X-Firefox-Spdy: h2
winandlove.com/Mtnb3wf8?aid=bgzzbzgkdk&kid=dghhfxfxgbx&clickid=w76e02otim9t7s6mi08e7a0i
104.21.76.186302 Found 0 B URL HTTP/2 winandlove.com/Mtnb3wf8?aid=bgzzbzgkdk&kid=dghhfxfxgbx&clickid=w76e02otim9t7s6mi08e7a0i
IP 104.21.76.186:0
GET /Mtnb3wf8?aid=bgzzbzgkdk&kid=dghhfxfxgbx&clickid=w76e02otim9t7s6mi08e7a0i HTTP/1.1
Host: winandlove.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://orest-vlv.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Fri, 27 Jan 2023 12:13:56 GMT
content-type: text/html; charset=UTF-8
location: https://hotloveland.com/btB7xg2S?aid=bbzkkpgabx&kid=ggb&clickid=s8hnpa6l95h&sub1=38577&sub2=156696&sub3=frd
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
set-cookie: _subid=s8hnpa6l95h;Expires=Monday, 27-Feb-2023 12:13:55 GMT;Max-Age=2678400;Path=/
b0608=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjQwODI5NFwiOjE2NzQ4MjE2MzUsXCIzMFwiOjE2NzQ4MjE2MzV9LFwiY2FtcGFpZ25zXCI6e1wiMTU2Njk2XCI6MTY3NDgyMTYzNSxcIjFcIjoxNjc0ODIxNjM1fSxcInRpbWVcIjoxNjc0ODIxNjM1fSJ9.9fUveRVjD1PQcruXLOMWIpvZhAUNjHFsV_WqThk898Q;Expires=Monday, 24-Feb-2076 00:27:50 GMT;Max-Age=1674908035;Path=/
_token=uuid_s8hnpa6l95h_s8hnpa6l95h63d3c003ef4c99.14065415;Expires=Monday, 27-Feb-2023 12:13:55 GMT;Max-Age=2678400;Path=/
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hdmB4PTJay43UkZ0%2F0O%2FkfOSaHPOVHLODTEXZd9BHX0fRuZRbvj89NvsWp%2BQ88zZRPAheT1uuKxZiDSLx79t60J%2BWY9ORmlMo3yZ8BSbcJ9QclQLyE0yib6teMDye8VZ5A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 790167b85c35b4ee-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
mycasualhookups.com/sl/html/032107/css/css.css
104.26.13.87200 OK 0 B URL HTTP/2 mycasualhookups.com/sl/html/032107/css/css.css
IP 104.26.13.87:0
GET /sl/html/032107/css/css.css HTTP/1.1
Host: mycasualhookups.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mycasualhookups.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 27 Jan 2023 12:13:58 GMT
content-type: text/css
cache-control: max-age=86400
cf-bgj: minify
cf-polished: origSize=9103
expires: Sat, 28 Jan 2023 06:02:42 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
last-modified: Mon, 26 Sep 2022 15:53:08 GMT
vary: Accept-Encoding
x-endurance-cache-level: 2
cf-cache-status: HIT
age: 22276
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wKc9as5kuL%2FfEmOGm3Z%2FD%2FPD%2BLwh%2FD5UPxVfmQ8guRsaGGyRUKuLmWKHdKqJyUSjg7lt5HiEui7GY%2FsbdXKVskezMgJLuB3QRPFokJso4wp1uAf2UnT%2BqvZ%2B4qLQHvP8D0H0ACY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 790167c77858b50c-OSL
content-encoding: br
X-Firefox-Spdy: h2
cdn-dt.fcdn.info/swpush.min.js
104.21.234.87200 OK 0 B URL HTTP/2 cdn-dt.fcdn.info/swpush.min.js
IP 104.21.234.87:0
GET /swpush.min.js HTTP/1.1
Host: cdn-dt.fcdn.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mycasualhookups.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 27 Jan 2023 12:13:58 GMT
content-type: application/javascript
last-modified: Sat, 07 May 2022 08:23:17 GMT
etag: W/"62762c75-8692"
cache-control: max-age=31536000
cf-cache-status: HIT
age: 80611
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RgddPHzvMSSWT9mgJyZbgiw1YpUzRUqG4ZDDiNlz4b%2BEfskngNbp3KLytZ%2BoVk8YnOz2ECJffqY5r%2BnDZ3Vm2AuQ1gmUnx3S%2BvCCos81rMUgBZSYciIR6Hw86lkmiIglQ6Xj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 790167c8286d7737-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
mycasualhookups.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
104.26.13.87200 OK 0 B URL HTTP/2 mycasualhookups.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
IP 104.26.13.87:0
Analyzer Verdict Alert fortinet Phishing
GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1
Host: mycasualhookups.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mycasualhookups.com/sl/common/privacy-policy.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 27 Jan 2023 12:13:59 GMT
content-type: application/javascript
last-modified: Mon, 23 Jan 2023 11:05:52 GMT
etag: W/"63ce6a10-4d7"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cP9J9QL%2BH2IGwQelQMlXsX46bqKzOQFjCuoii%2FXJf9Vc9WY6vr9h3rafWjvSZf%2FPW7hv49uyN5Xa1zmJChCXO06%2BDciYuNvCjw8qT6L7Ox5hvmDKKy9o%2FFg3w6jeqJ9evXftqLs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 790167cc5f41b50c-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Sun, 29 Jan 2023 12:13:59 GMT
cache-control: max-age=172800, public
content-encoding: gzip
X-Firefox-Spdy: h2
hotloveland.com/btB7xg2S?aid=bbzkkpgabx&kid=ggb&clickid=s8hnpa6l95h&sub1=38577&sub2=156696&sub3=frd
172.67.165.105302 Found 0 B URL HTTP/2 hotloveland.com/btB7xg2S?aid=bbzkkpgabx&kid=ggb&clickid=s8hnpa6l95h&sub1=38577&sub2=156696&sub3=frd
IP 172.67.165.105:0
GET /btB7xg2S?aid=bbzkkpgabx&kid=ggb&clickid=s8hnpa6l95h&sub1=38577&sub2=156696&sub3=frd HTTP/1.1
Host: hotloveland.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://orest-vlv.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Fri, 27 Jan 2023 12:13:56 GMT
content-type: text/html; charset=UTF-8
location: https://m.luvmenow.com/click?pid=34496&offer_id=5246&sub1=s8hnpa6l95k&sub2=34496&sub3=21&sub4=s8hnpa6l95h&sub5=38577&sub6=156696&sub7=frd&sub8=
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
set-cookie: _subid=s8hnpa6l95k;Expires=Monday, 27-Feb-2023 12:13:56 GMT;Max-Age=2678400;Path=/
b0608=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjE0NVwiOjE2NzQ4MjE2MzZ9LFwiY2FtcGFpZ25zXCI6e1wiMjFcIjoxNjc0ODIxNjM2fSxcInRpbWVcIjoxNjc0ODIxNjM2fSJ9.6jtwwDbR-_7LZHRhdt49bEJab5-CkfKgg8FBpD6kPns;Expires=Monday, 24-Feb-2076 00:27:52 GMT;Max-Age=1674908036;Path=/
_token=uuid_s8hnpa6l95k_s8hnpa6l95k63d3c00453bc39.16440224;Expires=Monday, 27-Feb-2023 12:13:56 GMT;Max-Age=2678400;Path=/
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7DRq7KSexI983xO%2BPSYK%2BFSEEEnele41PlHhH5IZ3YaKkNSO3heRqHY2fv6gEtDmBue0bzWQ2wl0e9LZHC4H5zksIOIaU0PwnOkGWIKB6a%2B%2B6PokQL2tdft%2FZWcEYYnSiTY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 790167ba7dc4b4e8-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
mycasualhookups.com/sl/html/032107/js/jquery.min.js
104.26.13.87200 OK 0 B URL HTTP/2 mycasualhookups.com/sl/html/032107/js/jquery.min.js
IP 104.26.13.87:0
Analyzer Verdict Alert fortinet Phishing
GET /sl/html/032107/js/jquery.min.js HTTP/1.1
Host: mycasualhookups.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mycasualhookups.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 27 Jan 2023 12:13:58 GMT
content-type: application/javascript
last-modified: Mon, 26 Sep 2022 15:53:08 GMT
cache-control: max-age=86400
expires: Sat, 28 Jan 2023 06:02:42 GMT
vary: Accept-Encoding
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 2
cf-cache-status: HIT
age: 22276
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=79IGOVIlw31LdRSgFqlhkPPalulHO%2Bzbqu0qI0Me439r%2FEUGV85FgieHoWOyaVREzRupon6%2BvBZ70B9WDtwAWh5I0VM6%2BY7codKqig4mDM%2BAWMGLOICXfxX9W5KuWzjobj6alAM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 790167c7785db50c-OSL
content-encoding: br
X-Firefox-Spdy: h2
mycasualhookups.com/sl/common/unsubscribe.html
104.26.13.87200 OK 0 B URL HTTP/2 mycasualhookups.com/sl/common/unsubscribe.html
IP 104.26.13.87:0
Analyzer Verdict Alert fortinet Phishing
GET /sl/common/unsubscribe.html HTTP/1.1
Host: mycasualhookups.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mycasualhookups.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 27 Jan 2023 12:13:59 GMT
content-type: text/html
last-modified: Mon, 26 Sep 2022 15:53:06 GMT
cache-control: max-age=300
expires: Fri, 27 Jan 2023 12:18:59 GMT
vary: Accept-Encoding
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 2
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4LeXPKYbwmEFsVWfNOXFzyzqztEw7hRqZiMSYzEozXZg8n%2BERT0ke8LDDN52gB6WzjkmF%2B%2Bg07TOqK4AIk9%2BBzrjY3L7U7%2BH%2FXMbassN4z85kksU9nVUBQ%2FdoVfry7t9b%2BBTues%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 790167cb2d9ab50c-OSL
content-encoding: br
X-Firefox-Spdy: h2
cdnjam.com/cdn/sdialog.min.css?_=4
188.114.97.1200 OK 0 B URL HTTP/2 cdnjam.com/cdn/sdialog.min.css?_=4
IP 188.114.97.1:0
GET /cdn/sdialog.min.css?_=4 HTTP/1.1
Host: cdnjam.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mycasualhookups.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 27 Jan 2023 12:14:00 GMT
content-type: text/css
content-security-policy: block-all-mixed-content
etag: W/"1d16caacad4ad6c40a99319a5d183947"
last-modified: Mon, 22 Nov 2021 08:00:52 GMT
strict-transport-security: max-age=15724800; includeSubDomains
vary: Origin, Accept-Encoding
x-amz-request-id: 16F5E342988C7B8C
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=14400
cf-cache-status: HIT
age: 687
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hA4bfkC93Yk8%2B7N9nhXgQkTIq77LoYp%2FYlTABc7MSpq6SzNLC%2Fa1P8fQRqolzm%2FRaBAOgNDWqKs15livFAQTpJzChWlK%2BCxXvkAPomGN2ZXUHzFpNM3WhCXUbIOb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 790167d2fc07b509-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
mycasualhookups.com/sl/html/032107/n.php?cep=e_5Rkou81B8W_PfhJRNowwcebT-_DOw1uLWpq9Xc_aigD8gWA3_38n-llJi3UcFFlptSNLbpjhHBCcCtp6CSmCXsot1TkDWt_QqmLzhQSgpBzDqJf9qcVudQt46U8M4JkkCa3c4A8HnogJqiaq0NajF2HA1rCyIh37_ppXt-C9bjP_RgzSiBYLLXOb2j4ouG23FShdX2vSX_2BVyoJMn6ZQy86bQgqlwsOnjabN0Mv9QoETg0tRWFnoKtUTTg-dY0BGmPwRLk07JhzW3yAPl3FoC13puRoqKsj18bIbSNhzPQmV-3hZFe0t4ucOhiJs-26xVtnb1J4LdCn-IS1NbT4t08K_Diyus5gEJPuDAY_Sy3GyMNv4MeUY4UWjVY4cMWKhJnjkFJhElfQ5pcUNafN1JreVjVS_goKvtZ6nojW8&lptoken=169574d882863412379e&external_id=36197-742559630&source=16295&sum=
104.26.13.87200 OK 0 B URL HTTP/2 mycasualhookups.com/sl/html/032107/n.php?cep=e_5Rkou81B8W_PfhJRNowwcebT-_DOw1uLWpq9Xc_aigD8gWA3_38n-llJi3UcFFlptSNLbpjhHBCcCtp6CSmCXsot1TkDWt_QqmLzhQSgpBzDqJf9qcVudQt46U8M4JkkCa3c4A8HnogJqiaq0NajF2HA1rCyIh37_ppXt-C9bjP_RgzSiBYLLXOb2j4ouG23FShdX2vSX_2BVyoJMn6ZQy86bQgqlwsOnjabN0Mv9QoETg0tRWFnoKtUTTg-dY0BGmPwRLk07JhzW3yAPl3FoC13puRoqKsj18bIbSNhzPQmV-3hZFe0t4ucOhiJs-26xVtnb1J4LdCn-IS1NbT4t08K_Diyus5gEJPuDAY_Sy3GyMNv4MeUY4UWjVY4cMWKhJnjkFJhElfQ5pcUNafN1JreVjVS_goKvtZ6nojW8&lptoken=169574d882863412379e&external_id=36197-742559630&source=16295&sum=
IP 104.26.13.87:0
GET /sl/html/032107/n.php?cep=e_5Rkou81B8W_PfhJRNowwcebT-_DOw1uLWpq9Xc_aigD8gWA3_38n-llJi3UcFFlptSNLbpjhHBCcCtp6CSmCXsot1TkDWt_QqmLzhQSgpBzDqJf9qcVudQt46U8M4JkkCa3c4A8HnogJqiaq0NajF2HA1rCyIh37_ppXt-C9bjP_RgzSiBYLLXOb2j4ouG23FShdX2vSX_2BVyoJMn6ZQy86bQgqlwsOnjabN0Mv9QoETg0tRWFnoKtUTTg-dY0BGmPwRLk07JhzW3yAPl3FoC13puRoqKsj18bIbSNhzPQmV-3hZFe0t4ucOhiJs-26xVtnb1J4LdCn-IS1NbT4t08K_Diyus5gEJPuDAY_Sy3GyMNv4MeUY4UWjVY4cMWKhJnjkFJhElfQ5pcUNafN1JreVjVS_goKvtZ6nojW8&lptoken=169574d882863412379e&external_id=36197-742559630&source=16295&sum= HTTP/1.1
Host: mycasualhookups.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://orest-vlv.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 27 Jan 2023 12:13:58 GMT
content-type: text/html; charset=UTF-8
cache-control: max-age=300
expires: Fri, 27 Jan 2023 12:18:58 GMT
vary: Accept-Encoding
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 2
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2CYRmG3bxGERvAbLxCqKuM8O2MQYZ0MbmA8NdRxQszKWIy3VPnDDkvnl8XEXsetNDMKJvoZ7579GyuHxK2644sDEljyJcqmJh6HKyyXgYITJIDEXULLgL%2BcBOeC2VuqHq%2BqBUaU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 790167c3cbc4b50c-OSL
content-encoding: br
X-Firefox-Spdy: h2
mycasualhookups.com/sl/common/js/lib/jquery.validate.min.js
104.26.13.87200 OK 0 B URL HTTP/2 mycasualhookups.com/sl/common/js/lib/jquery.validate.min.js
IP 104.26.13.87:0
Analyzer Verdict Alert fortinet Phishing
GET /sl/common/js/lib/jquery.validate.min.js HTTP/1.1
Host: mycasualhookups.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mycasualhookups.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 27 Jan 2023 12:13:58 GMT
content-type: application/javascript
last-modified: Mon, 26 Sep 2022 15:53:06 GMT
cache-control: max-age=86400
expires: Sat, 28 Jan 2023 06:02:42 GMT
vary: Accept-Encoding
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 2
cf-cache-status: HIT
age: 22276
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qAfonKIVeHaGKjjAIpEthSFUnaYmsidrs51N851DRBlesTCi%2Fv%2F%2BZsiay7pKAr2MCMnqDFPPCZJ592oHbKMvdU40%2BbqwZvxuXozfthhNIJ6E3EhNfU7He9Hs3MihrsUHjsvy4dE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 790167c7886ab50c-OSL
content-encoding: br
X-Firefox-Spdy: h2
mycasualhookups.com/sl/html/032107/js/langs.js
104.26.13.87200 OK 0 B URL HTTP/2 mycasualhookups.com/sl/html/032107/js/langs.js
IP 104.26.13.87:0
Analyzer Verdict Alert fortinet Phishing
GET /sl/html/032107/js/langs.js HTTP/1.1
Host: mycasualhookups.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mycasualhookups.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 27 Jan 2023 12:13:58 GMT
content-type: application/javascript
cache-control: max-age=86400
cf-bgj: minify
cf-polished: origSize=7419
expires: Sat, 28 Jan 2023 10:03:31 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
last-modified: Mon, 26 Sep 2022 15:53:08 GMT
vary: Accept-Encoding
x-endurance-cache-level: 2
cf-cache-status: HIT
age: 7827
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h6S09Nl4TsFigbGTWZ0rYoz4gGaGo8l5oNuBJQKJFT4gbT4oGFg1t4QmvAF21OWokpDsYC3As8SNwOSFSGOagwwC5dFYOAri2%2BHZfKx3Rq2tMoLUmLLcnMQ2gb4N1Pt%2BalDRcSE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 790167c7886db50c-OSL
content-encoding: br
X-Firefox-Spdy: h2
mycasualhookups.com/sl/common/js/lib/additional-methods.min.js
104.26.13.87200 OK 0 B URL HTTP/2 mycasualhookups.com/sl/common/js/lib/additional-methods.min.js
IP 104.26.13.87:0
Analyzer Verdict Alert fortinet Phishing
GET /sl/common/js/lib/additional-methods.min.js HTTP/1.1
Host: mycasualhookups.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mycasualhookups.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 27 Jan 2023 12:13:58 GMT
content-type: application/javascript
last-modified: Mon, 26 Sep 2022 15:53:06 GMT
cache-control: max-age=86400
expires: Sat, 28 Jan 2023 06:02:42 GMT
vary: Accept-Encoding
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 2
cf-cache-status: HIT
age: 22276
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Xn8Ky344x%2BXzBCbskxSVk%2FX5QfkQMm%2BV1Vrka9r8IhqEkTfP2FwM6jy0C7QTl9bPmqaNR6R065j5dLUoyWiO3YLFRqHHTD5niFxBH9Unh1xsVcGxHvft%2BEvQSLxIWqGIC2Gs5YI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 790167c7886bb50c-OSL
content-encoding: br
X-Firefox-Spdy: h2
mycasualhookups.com/sl/common/favicon.ico
104.26.13.87200 OK 0 B URL HTTP/2 mycasualhookups.com/sl/common/favicon.ico
IP 104.26.13.87:0
GET /sl/common/favicon.ico HTTP/1.1
Host: mycasualhookups.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mycasualhookups.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 27 Jan 2023 12:13:59 GMT
content-type: image/x-icon
last-modified: Mon, 26 Sep 2022 15:53:06 GMT
cache-control: max-age=31536000
expires: Thu, 28 Sep 2023 08:42:02 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 2
cf-cache-status: HIT
age: 10467117
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IwVc2RHvTtdMtmi30vKJqaU7%2FnzPhqIY6EyUfMFPWnbojTPMhZKqlvPqRm7oRt%2Bt%2B0Nyli%2FvU%2FqIvj3sUOw3rFKHwJDC7sfrbfNxFvZOJBOirXghq%2B2NusfFiDQ9Fi9YabnhJUg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 790167cc8f98b50c-OSL
content-encoding: br
X-Firefox-Spdy: h2