Report - dratingmaject.com/6bf8e3d6-f784-434f-ad30-6b70120e9709

Report Overview

Submitted URL
dratingmaject.com/6bf8e3d6-f784-434f-ad30-6b70120e9709
IP
18.195.149.11
ASN
#16509 AMAZON-02
Submitted
2023-02-08 21:58:10
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
babesroulette.com	281754	2013-07-17T09:15:08Z	2023-03-13T06:31:41Z	959 B	652 B	188.114.97.1
fonts.googleapis.com	8877	2013-06-10T22:14:26Z	2023-03-13T08:14:31Z	459 B	630 B	142.250.74.106
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413 B	5.8 kB	34.160.144.191
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-13T05:09:47Z	1.7 kB	3.5 kB	142.250.74.163
deefauph.com	135892	2021-03-12T14:41:43Z	2023-03-13T06:45:57Z	1.1 kB	700 B	139.45.197.251
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	3.8 kB	70 kB	34.120.237.76
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606 B	127 B	54.148.70.121
dratingmaject.com	821761	2021-08-30T10:46:03Z	2023-03-13T06:31:28Z	1.4 kB	4.8 kB	18.195.149.11
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	3.4 kB	8.9 kB	23.36.77.32
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	782 B	2.4 kB	35.241.9.150
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-13T06:00:13Z	682 B	1.1 kB	93.184.220.29
fonts.gstatic.com	unknown	2014-09-09T02:40:21Z	2023-03-13T08:44:36Z	966 B	33 kB	216.58.207.227

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-02-08	medium	dratingmaject.com/6bf8e3d6-f784-434f-ad30-6b70120e9709	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (6)

	URL	Size	First Seen	Last Seen
	babesroulette.com/landers/lander18/?clickid=wg9sgkkfi9p3l5gmih6f1356&source=6bf8e3d6-f784-434f-ad30-6b70120e9709&cep=Pyjz2Df3Me6B5tWTt5IFfwfthtDpLk-f1zeXeYciuH_EG6mixtbUBZe0vRNKvXvVQTj62MOthVppBndv675nUxkCxBmMROuVBze1V7AVO0hW7ewmYN27CxNEcCcXHVQfZrOKqsLO4wAYT2rYA7-W09ZhQdafJyHOl8xOOKE68Svzq3eed64Vw-Z33MZaN7DBguwosAU3uTdNqRHGSLqPO54DVa6Jwuc1bOUunvJLm1TAPv6oirHPu2SgRUaWPEVE6ji5CgZvqAfd0Rj_gr7Wfnv-5rf91lAPg7B42ledzV1pz92C0pgYW9EjCqpHIBqzYZe1GzkSeL0icNdhM-MzEwlOl13faiuZhtP7NBETIoBaf1Js9JFFc1WUt1aKUC-v&lptoken=1629754e891852c07889	660 B	2023-03-07	2023-04-05
Pretty URL babesroulette.com/landers/lander18/?clickid=wg9sgkkfi9p3l5gmih6f1356&source=6bf8e3d6-f784-434f-ad30-6b70120e9709&cep=Pyjz2Df3Me6B5tWTt5IFfwfthtDpLk-f1zeXeYciuH_EG6mixtbUBZe0vRNKvXvVQTj62MOthVppBndv675nUxkCxBmMROuVBze1V7AVO0hW7ewmYN27CxNEcCcXHVQfZrOKqsLO4wAYT2rYA7-W09ZhQdafJyHOl8xOOKE68Svzq3eed64Vw-Z33MZaN7DBguwosAU3uTdNqRHGSLqPO54DVa6Jwuc1bOUunvJLm1TAPv6oirHPu2SgRUaWPEVE6ji5CgZvqAfd0Rj_gr7Wfnv-5rf91lAPg7B42ledzV1pz92C0pgYW9EjCqpHIBqzYZe1GzkSeL0icNdhM-MzEwlOl13faiuZhtP7NBETIoBaf1Js9JFFc1WUt1aKUC-v&lptoken=1629754e891852c07889 IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:00 Last Seen2023-04-05 01:55:44 Times Seen17 Hash 97441e7379ca32ad9f6044c50451ff13 80fb696604e2b6e293615725845d9642cc4171d7 976578c853ded099ba704b2fda49934f67dbbb03e53d81b589d332ffaa543fdc Loading...

	babesroulette.com/landers/lander18/?clickid=wg9sgkkfi9p3l5gmih6f1356&source=6bf8e3d6-f784-434f-ad30-6b70120e9709&cep=Pyjz2Df3Me6B5tWTt5IFfwfthtDpLk-f1zeXeYciuH_EG6mixtbUBZe0vRNKvXvVQTj62MOthVppBndv675nUxkCxBmMROuVBze1V7AVO0hW7ewmYN27CxNEcCcXHVQfZrOKqsLO4wAYT2rYA7-W09ZhQdafJyHOl8xOOKE68Svzq3eed64Vw-Z33MZaN7DBguwosAU3uTdNqRHGSLqPO54DVa6Jwuc1bOUunvJLm1TAPv6oirHPu2SgRUaWPEVE6ji5CgZvqAfd0Rj_gr7Wfnv-5rf91lAPg7B42ledzV1pz92C0pgYW9EjCqpHIBqzYZe1GzkSeL0icNdhM-MzEwlOl13faiuZhtP7NBETIoBaf1Js9JFFc1WUt1aKUC-v&lptoken=1629754e891852c07889	1.4 kB	2023-03-07	2023-04-05
Pretty URL babesroulette.com/landers/lander18/?clickid=wg9sgkkfi9p3l5gmih6f1356&source=6bf8e3d6-f784-434f-ad30-6b70120e9709&cep=Pyjz2Df3Me6B5tWTt5IFfwfthtDpLk-f1zeXeYciuH_EG6mixtbUBZe0vRNKvXvVQTj62MOthVppBndv675nUxkCxBmMROuVBze1V7AVO0hW7ewmYN27CxNEcCcXHVQfZrOKqsLO4wAYT2rYA7-W09ZhQdafJyHOl8xOOKE68Svzq3eed64Vw-Z33MZaN7DBguwosAU3uTdNqRHGSLqPO54DVa6Jwuc1bOUunvJLm1TAPv6oirHPu2SgRUaWPEVE6ji5CgZvqAfd0Rj_gr7Wfnv-5rf91lAPg7B42ledzV1pz92C0pgYW9EjCqpHIBqzYZe1GzkSeL0icNdhM-MzEwlOl13faiuZhtP7NBETIoBaf1Js9JFFc1WUt1aKUC-v&lptoken=1629754e891852c07889 IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:00 Last Seen2023-04-05 01:55:44 Times Seen17 Hash 8d9b1690a74f07a3810d671b838dd1bd 636798778433d0449d1a29d4a1dbdd1a23af8c46 185faac7437690399b751628e681b202ceb6f5dc205874483379a82cddd2e737 Loading...

	dratingmaject.com/d/.js?lpref=&lpurl=https%3A%2F%2Fbabesroulette.com%2Flanders%2Flander18%2F%3Fclickid%3Dwg9sgkkfi9p3l5gmih6f1356%26source%3D6bf8e3d6-f784-434f-ad30-6b70120e9709%26cep%3DPyjz2Df3Me6B5tWTt5IFfwfthtDpLk-f1zeXeYciuH_EG6mixtbUBZe0vRNKvXvVQTj62MOthVppBndv675nUxkCxBmMROuVBze1V7AVO0hW7ewmYN27CxNEcCcXHVQfZrOKqsLO4wAYT2rYA7-W09ZhQdafJyHOl8xOOKE68Svzq3eed64Vw-Z33MZaN7DBguwosAU3uTdNqRHGSLqPO54DVa6Jwuc1bOUunvJLm1TAPv6oirHPu2SgRUaWPEVE6ji5CgZvqAfd0Rj_gr7Wfnv-5rf91lAPg7B42ledzV1pz92C0pgYW9EjCqpHIBqzYZe1GzkSeL0icNdhM-MzEwlOl13faiuZhtP7NBETIoBaf1Js9JFFc1WUt1aKUC-v%26lptoken%3D1629754e891852c07889&lpt=Title%20here&t=1675893536010	3.0 kB	2023-03-13	2023-03-13
Pretty URL dratingmaject.com/d/.js?lpref=&lpurl=https%3A%2F%2Fbabesroulette.com%2Flanders%2Flander18%2F%3Fclickid%3Dwg9sgkkfi9p3l5gmih6f1356%26source%3D6bf8e3d6-f784-434f-ad30-6b70120e9709%26cep%3DPyjz2Df3Me6B5tWTt5IFfwfthtDpLk-f1zeXeYciuH_EG6mixtbUBZe0vRNKvXvVQTj62MOthVppBndv675nUxkCxBmMROuVBze1V7AVO0hW7ewmYN27CxNEcCcXHVQfZrOKqsLO4wAYT2rYA7-W09ZhQdafJyHOl8xOOKE68Svzq3eed64Vw-Z33MZaN7DBguwosAU3uTdNqRHGSLqPO54DVa6Jwuc1bOUunvJLm1TAPv6oirHPu2SgRUaWPEVE6ji5CgZvqAfd0Rj_gr7Wfnv-5rf91lAPg7B42ledzV1pz92C0pgYW9EjCqpHIBqzYZe1GzkSeL0icNdhM-MzEwlOl13faiuZhtP7NBETIoBaf1Js9JFFc1WUt1aKUC-v%26lptoken%3D1629754e891852c07889&lpt=Title%20here&t=1675893536010 IP 18.195.149.11 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 19:56:31 Last Seen2023-03-13 19:56:31 Times Seen1 Hash 8a563f3caee604900e58e3da38781f9b fa096d033e055c4fa7e07ad0cd9a34dbfc31fd63 69a34641f630da9b547223638ff720202eec3352256f22713a16dd26a49c8cd7 Loading...

	deefauph.com/pfe/current/micro.tag.min.js?z=4740019&ymid=wg9sgkkfi9p3l5gmih6f1356&var=6bf8e3d6-f784-434f-ad30-6b70120e9709&sw=/sw-check-permissions-2e801.js	41 kB	2023-03-13	2023-05-14
Pretty URL deefauph.com/pfe/current/micro.tag.min.js?z=4740019&ymid=wg9sgkkfi9p3l5gmih6f1356&var=6bf8e3d6-f784-434f-ad30-6b70120e9709&sw=/sw-check-permissions-2e801.js IP 139.45.197.251 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 19:13:04 Last Seen2023-05-14 06:23:55 Times Seen3 Hash c263b30009caf4d2a17f5a300c22b739 acc6e89ca7b5353b3ecd6d8c5e7fc8eba77b2274 4bf0d611a55a1560757297abe49be6f6588a406ca8ef4ce5f4ff885487c33ce9 Loading...

	babesroulette.com/landers/lander18/?clickid=wg9sgkkfi9p3l5gmih6f1356&source=6bf8e3d6-f784-434f-ad30-6b70120e9709&cep=Pyjz2Df3Me6B5tWTt5IFfwfthtDpLk-f1zeXeYciuH_EG6mixtbUBZe0vRNKvXvVQTj62MOthVppBndv675nUxkCxBmMROuVBze1V7AVO0hW7ewmYN27CxNEcCcXHVQfZrOKqsLO4wAYT2rYA7-W09ZhQdafJyHOl8xOOKE68Svzq3eed64Vw-Z33MZaN7DBguwosAU3uTdNqRHGSLqPO54DVa6Jwuc1bOUunvJLm1TAPv6oirHPu2SgRUaWPEVE6ji5CgZvqAfd0Rj_gr7Wfnv-5rf91lAPg7B42ledzV1pz92C0pgYW9EjCqpHIBqzYZe1GzkSeL0icNdhM-MzEwlOl13faiuZhtP7NBETIoBaf1Js9JFFc1WUt1aKUC-v&lptoken=1629754e891852c07889	103 B	2023-03-13	2023-03-13
Pretty URL babesroulette.com/landers/lander18/?clickid=wg9sgkkfi9p3l5gmih6f1356&source=6bf8e3d6-f784-434f-ad30-6b70120e9709&cep=Pyjz2Df3Me6B5tWTt5IFfwfthtDpLk-f1zeXeYciuH_EG6mixtbUBZe0vRNKvXvVQTj62MOthVppBndv675nUxkCxBmMROuVBze1V7AVO0hW7ewmYN27CxNEcCcXHVQfZrOKqsLO4wAYT2rYA7-W09ZhQdafJyHOl8xOOKE68Svzq3eed64Vw-Z33MZaN7DBguwosAU3uTdNqRHGSLqPO54DVa6Jwuc1bOUunvJLm1TAPv6oirHPu2SgRUaWPEVE6ji5CgZvqAfd0Rj_gr7Wfnv-5rf91lAPg7B42ledzV1pz92C0pgYW9EjCqpHIBqzYZe1GzkSeL0icNdhM-MzEwlOl13faiuZhtP7NBETIoBaf1Js9JFFc1WUt1aKUC-v&lptoken=1629754e891852c07889 IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 19:56:31 Last Seen2023-03-13 19:56:31 Times Seen1 Hash 0694883b8de877146efae68d32bcf537 3571093f9f69c1963a4d1f4e7d34519a20a207a9 7d358bee7729c07541189cb226b0086a4a5248dd8091a1bf15e69bc9e02abee0 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 01dd0f074a7900791bf4946bee142bf6	80 B	2023-03-13	2023-03-13
Pretty Observations First Seen2023-03-13 19:56:31 Last Seen2023-03-13 19:56:31 Times Seen1 Hash 01dd0f074a7900791bf4946bee142bf6 95c5f56d837c665991504279411125a53afdc244 320f586bd87f3749232815981f325ce20f6bc46325a5d31ac2fbb74231078a5a Loading...

HTTP Transactions (37)

URL IP Response Size

dratingmaject.com/6bf8e3d6-f784-434f-ad30-6b70120e9709

18.195.149.11

302

0 B

URL HTTP/1.1
dratingmaject.com/6bf8e3d6-f784-434f-ad30-6b70120e9709
IP
18.195.149.11:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /6bf8e3d6-f784-434f-ad30-6b70120e9709 HTTP/1.1
Host: dratingmaject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 
Server: nginx
Date: Wed, 08 Feb 2023 21:57:58 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://babesroulette.com/landers/lander18/?clickid=wg9sgkkfi9p3l5gmih6f1356&source=6bf8e3d6-f784-434f-ad30-6b70120e9709&cep=Pyjz2Df3Me6B5tWTt5IFfwfthtDpLk-f1zeXeYciuH_EG6mixtbUBZe0vRNKvXvVQTj62MOthVppBndv675nUxkCxBmMROuVBze1V7AVO0hW7ewmYN27CxNEcCcXHVQfZrOKqsLO4wAYT2rYA7-W09ZhQdafJyHOl8xOOKE68Svzq3eed64Vw-Z33MZaN7DBguwosAU3uTdNqRHGSLqPO54DVa6Jwuc1bOUunvJLm1TAPv6oirHPu2SgRUaWPEVE6ji5CgZvqAfd0Rj_gr7Wfnv-5rf91lAPg7B42ledzV1pz92C0pgYW9EjCqpHIBqzYZe1GzkSeL0icNdhM-MzEwlOl13faiuZhtP7NBETIoBaf1Js9JFFc1WUt1aKUC-v&lptoken=1629754e891852c07889
Pragma: no-cache
Set-Cookie: 6bf8e3d6-f784-434f-ad30-6b70120e9709-v4=lumyi7gT_WkWn1kvaU-87vhzRR1uLNbOO4b9PvBhJ3I; Max-Age=86400; Expires=Thu, 09-Feb-2023 21:57:58 GMT; Domain=dratingmaject.com; Path=/; HttpOnly
cep-v4=XobcLLNtwWPNr92hi7BoS-z2UF13sSjhiUcL247AUyFP2i99w--a7l9C8WaPa38undM8Y-_tp7qfNANjDViTY3DjppYz-sJmp23E9l-R7hxWpKRBZDg0v09fF1-Nqt0KlIYM0wZJIDg2YtPCBujCucv3PT1LwuMl9O5BhAIKupSMwLOfnFuKJQZKkpXt67lZofPHpyT8tUHimugNQPjTwblpNRJblOBR6IJDm8Zw3AwYPzSBJsJ5UBf1WWmY5pNEB6D-_VQYNR7oMMfFUoDFKLOSS84mphhkNgdUX3sE-vSokQtExBxqYfCoJ1t3OWNB1C0fVHVMYzuC7HSiznyCofI_IkfxXXOL2eTZtch0u26_Arg7Iatx0D0LgUbO_MIK; Max-Age=86400; Expires=Thu, 09-Feb-2023 21:57:58 GMT; Domain=dratingmaject.com; Path=/; HttpOnly

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
dca68db7aea32f6683ce8d542c078f04
19c495238df74fca680e21f18627ff94de5dd2e5
35cab3987fc0e4a41b305cb208c1e33fa38ce8bdfd9f386c3dc0411dd4d5ac61

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "35CAB3987FC0E4A41B305CB208C1E33FA38CE8BDFD9F386C3DC0411DD4D5AC61"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16120
Expires: Thu, 09 Feb 2023 02:26:39 GMT
Date: Wed, 08 Feb 2023 21:57:59 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
565c1bbc5c1c40be1988b3bf6fd9dc1a
cfdba5bc597130461dd67bf6cda53183be592493
60ceb36a8329c92fc49a3caf50daf511a38e01eac21a07d7a0a838166bea058d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "60CEB36A8329C92FC49A3CAF50DAF511A38E01EAC21A07D7A0A838166BEA058D"
Last-Modified: Mon, 06 Feb 2023 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12339
Expires: Thu, 09 Feb 2023 01:23:38 GMT
Date: Wed, 08 Feb 2023 21:57:59 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
cc14b0d2f7c451f6431dc87ba54d1d60
bab8bfda6fa3e2f17125353f5147211787dc25d0
b58fe18a5cc8fe5aaf49ba7eadd0ef34692892e68e9c52eb5bb56ea27e1300ad

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B58FE18A5CC8FE5AAF49BA7EADD0EF34692892E68E9C52EB5BB56EA27E1300AD"
Last-Modified: Mon, 06 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14289
Expires: Thu, 09 Feb 2023 01:56:08 GMT
Date: Wed, 08 Feb 2023 21:57:59 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Content-Type, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 08 Feb 2023 21:34:13 GMT
content-type: application/json
age: 1426
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
e76071a28ee566dababb3834f46d68ed
aebb4e68c1ba2de0f90025283e8ed8470944fde0
78b6df2627172e5b35476bc31020f02898cdc412aaf4337af2c3b049a60912b6

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: yHirCzDNevTsxCw9MuBSCqG0p9uqtF0TwywwakYqsOpkpXgTZqa8ktmkmgDFuEq4mNLfXZBV5rY=
x-amz-request-id: 2KDPBNEGR57EJ1TJ
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 08 Feb 2023 21:46:07 GMT
age: 712
last-modified: Sun, 29 Jan 2023 18:44:47 GMT
etag: "e76071a28ee566dababb3834f46d68ed"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
99dc12ea11ff4c42e281a6677452bfa7
9e43cfd65e70768a38b97636c8a912bc34fe9bb0
adf3bf342679bdf8bc84a4eebbc0c52cb3df7fb50f2361f52d33203534c19b27

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6366
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 21:57:59 GMT
Etag: "63e291e2-117"
Last-Modified: Wed, 08 Feb 2023 20:11:54 GMT
Server: ECS (amb/6B86)
X-Cache: HIT
Content-Length: 280

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 21:57:59 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
99dc12ea11ff4c42e281a6677452bfa7
9e43cfd65e70768a38b97636c8a912bc34fe9bb0
adf3bf342679bdf8bc84a4eebbc0c52cb3df7fb50f2361f52d33203534c19b27

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6366
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 21:57:59 GMT
Last-Modified: Wed, 08 Feb 2023 20:11:54 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 280

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
0333fa3e34f17f01e9829bd8ee662c23
be4c7a8599038facc49c73d6d14451023bc919e7
8b4ad992549334395b268f43cf73150ed0dfe58801cf9595c3e245ea92dea7d9

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 21:57:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Retry-After, Content-Length, Content-Type, ETag, Cache-Control, Alert, Pragma, Backoff, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 08 Feb 2023 21:51:20 GMT
age: 399
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
0333fa3e34f17f01e9829bd8ee662c23
be4c7a8599038facc49c73d6d14451023bc919e7
8b4ad992549334395b268f43cf73150ed0dfe58801cf9595c3e245ea92dea7d9

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 21:57:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
986afab4bad851da3c4a2b8db670c876
c58b7142ce3bebda918b77649973715dbd71b4d2
24e4025e6576d86e781fd0861a0a87338b7b5d52b9e559ae76ca52755cc3a865

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 21:57:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
986afab4bad851da3c4a2b8db670c876
c58b7142ce3bebda918b77649973715dbd71b4d2
24e4025e6576d86e781fd0861a0a87338b7b5d52b9e559ae76ca52755cc3a865

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 21:57:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3a4d32e09a048c13b025f2fc8c27e450
3e0f979efcb7e9703514a3e8c36961f7b4341abf
2b670dfc2c08e67709b9da349b1de7b8cc67e5c5be9e695e6754048986ed6597

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2B670DFC2C08E67709B9DA349B1DE7B8CC67E5C5BE9E695E6754048986ED6597"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4709
Expires: Wed, 08 Feb 2023 23:16:28 GMT
Date: Wed, 08 Feb 2023 21:57:59 GMT
Connection: keep-alive

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://babesroulette.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 05 Feb 2023 22:02:00 GMT
expires: Mon, 05 Feb 2024 22:02:00 GMT
cache-control: public, max-age=31536000
age: 258959
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

216.58.207.227

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://babesroulette.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 07 Feb 2023 13:09:06 GMT
expires: Wed, 07 Feb 2024 13:09:06 GMT
cache-control: public, max-age=31536000
age: 118133
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

dratingmaject.com/d/.js?lpref=&lpurl=https%3A%2F%2Fbabesroulette.com%2Flanders%2Flander18%2F%3Fclickid%3Dwg9sgkkfi9p3l5gmih6f1356%26source%3D6bf8e3d6-f784-434f-ad30-6b70120e9709%26cep%3DPyjz2Df3Me6B5tWTt5IFfwfthtDpLk-f1zeXeYciuH_EG6mixtbUBZe0vRNKvXvVQTj62MOthVppBndv675nUxkCxBmMROuVBze1V7AVO0hW7ewmYN27CxNEcCcXHVQfZrOKqsLO4wAYT2rYA7-W09ZhQdafJyHOl8xOOKE68Svzq3eed64Vw-Z33MZaN7DBguwosAU3uTdNqRHGSLqPO54DVa6Jwuc1bOUunvJLm1TAPv6oirHPu2SgRUaWPEVE6ji5CgZvqAfd0Rj_gr7Wfnv-5rf91lAPg7B42ledzV1pz92C0pgYW9EjCqpHIBqzYZe1GzkSeL0icNdhM-MzEwlOl13faiuZhtP7NBETIoBaf1Js9JFFc1WUt1aKUC-v%26lptoken%3D1629754e891852c07889&lpt=Title%20here&t=1675893536010

18.195.149.11

200 OK

3.0 kB

URL HTTP/2
dratingmaject.com/d/.js?lpref=&lpurl=https%3A%2F%2Fbabesroulette.com%2Flanders%2Flander18%2F%3Fclickid%3Dwg9sgkkfi9p3l5gmih6f1356%26source%3D6bf8e3d6-f784-434f-ad30-6b70120e9709%26cep%3DPyjz2Df3Me6B5tWTt5IFfwfthtDpLk-f1zeXeYciuH_EG6mixtbUBZe0vRNKvXvVQTj62MOthVppBndv675nUxkCxBmMROuVBze1V7AVO0hW7ewmYN27CxNEcCcXHVQfZrOKqsLO4wAYT2rYA7-W09ZhQdafJyHOl8xOOKE68Svzq3eed64Vw-Z33MZaN7DBguwosAU3uTdNqRHGSLqPO54DVa6Jwuc1bOUunvJLm1TAPv6oirHPu2SgRUaWPEVE6ji5CgZvqAfd0Rj_gr7Wfnv-5rf91lAPg7B42ledzV1pz92C0pgYW9EjCqpHIBqzYZe1GzkSeL0icNdhM-MzEwlOl13faiuZhtP7NBETIoBaf1Js9JFFc1WUt1aKUC-v%26lptoken%3D1629754e891852c07889&lpt=Title%20here&t=1675893536010
IP
18.195.149.11:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (961)
Size
3.0 kB (2989 bytes)
Hash
8a563f3caee604900e58e3da38781f9b
fa096d033e055c4fa7e07ad0cd9a34dbfc31fd63
69a34641f630da9b547223638ff720202eec3352256f22713a16dd26a49c8cd7

HTTP Headers

GET /d/.js?lpref=&lpurl=https%3A%2F%2Fbabesroulette.com%2Flanders%2Flander18%2F%3Fclickid%3Dwg9sgkkfi9p3l5gmih6f1356%26source%3D6bf8e3d6-f784-434f-ad30-6b70120e9709%26cep%3DPyjz2Df3Me6B5tWTt5IFfwfthtDpLk-f1zeXeYciuH_EG6mixtbUBZe0vRNKvXvVQTj62MOthVppBndv675nUxkCxBmMROuVBze1V7AVO0hW7ewmYN27CxNEcCcXHVQfZrOKqsLO4wAYT2rYA7-W09ZhQdafJyHOl8xOOKE68Svzq3eed64Vw-Z33MZaN7DBguwosAU3uTdNqRHGSLqPO54DVa6Jwuc1bOUunvJLm1TAPv6oirHPu2SgRUaWPEVE6ji5CgZvqAfd0Rj_gr7Wfnv-5rf91lAPg7B42ledzV1pz92C0pgYW9EjCqpHIBqzYZe1GzkSeL0icNdhM-MzEwlOl13faiuZhtP7NBETIoBaf1Js9JFFc1WUt1aKUC-v%26lptoken%3D1629754e891852c07889&lpt=Title%20here&t=1675893536010 HTTP/1.1
Host: dratingmaject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://babesroulette.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 21:57:59 GMT
content-type: application/javascript;charset=UTF-8
content-length: 2989
access-control-allow-origin: *
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
986afab4bad851da3c4a2b8db670c876
c58b7142ce3bebda918b77649973715dbd71b4d2
24e4025e6576d86e781fd0861a0a87338b7b5d52b9e559ae76ca52755cc3a865

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 21:57:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
9b88bae61bca33aba8aa99f6128db8d9
a07b61fb2458917699613fcae68710941b595416
54915c2f79822732e06a592d027da421ad1e7a6458c545f98333db25612b3dea

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "54915C2F79822732E06A592D027DA421AD1E7A6458C545F98333DB25612B3DEA"
Last-Modified: Mon, 06 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5105
Expires: Wed, 08 Feb 2023 23:23:05 GMT
Date: Wed, 08 Feb 2023 21:58:00 GMT
Connection: keep-alive

deefauph.com/zone?&pub=0&zone_id=4740019&is_mobile=false&domain=babesroulette.com&var=6bf8e3d6-f784-434f-ad30-6b70120e9709&ymid=wg9sgkkfi9p3l5gmih6f1356&var_3=&dsig=&action=prerequest

139.45.197.251

200 OK

0 B

URL HTTP/2
deefauph.com/zone?&pub=0&zone_id=4740019&is_mobile=false&domain=babesroulette.com&var=6bf8e3d6-f784-434f-ad30-6b70120e9709&ymid=wg9sgkkfi9p3l5gmih6f1356&var_3=&dsig=&action=prerequest
IP
139.45.197.251:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /zone?&pub=0&zone_id=4740019&is_mobile=false&domain=babesroulette.com&var=6bf8e3d6-f784-434f-ad30-6b70120e9709&ymid=wg9sgkkfi9p3l5gmih6f1356&var_3=&dsig=&action=prerequest HTTP/1.1
Host: deefauph.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://babesroulette.com
Connection: keep-alive
Referer: https://babesroulette.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 21:58:00 GMT
content-length: 0
x-trace-id: 72241050cac3b5f4b877327ddc298709
access-control-allow-origin: https://babesroulette.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

push.services.mozilla.com/

54.148.70.121

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.148.70.121:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: ZuDwYZK78hi+QyT9z02sLw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: fHMAWyANBL7zh+n4awxojrMch30=

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
68273225f74fbf7493f395610d7a73fc
5a8779ef5656aeeba23b365aad60b7901c5dd7fc
c83f285a1f3df0f7ac758a68ee95cc3d2671f80264c2e143cc0561cc574e3f19

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C83F285A1F3DF0F7AC758A68EE95CC3D2671F80264C2E143CC0561CC574E3F19"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3701
Expires: Wed, 08 Feb 2023 22:59:42 GMT
Date: Wed, 08 Feb 2023 21:58:01 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
68273225f74fbf7493f395610d7a73fc
5a8779ef5656aeeba23b365aad60b7901c5dd7fc
c83f285a1f3df0f7ac758a68ee95cc3d2671f80264c2e143cc0561cc574e3f19

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C83F285A1F3DF0F7AC758A68EE95CC3D2671F80264C2E143CC0561CC574E3F19"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3701
Expires: Wed, 08 Feb 2023 22:59:42 GMT
Date: Wed, 08 Feb 2023 21:58:01 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
68273225f74fbf7493f395610d7a73fc
5a8779ef5656aeeba23b365aad60b7901c5dd7fc
c83f285a1f3df0f7ac758a68ee95cc3d2671f80264c2e143cc0561cc574e3f19

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C83F285A1F3DF0F7AC758A68EE95CC3D2671F80264C2E143CC0561CC574E3F19"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3701
Expires: Wed, 08 Feb 2023 22:59:42 GMT
Date: Wed, 08 Feb 2023 21:58:01 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
68273225f74fbf7493f395610d7a73fc
5a8779ef5656aeeba23b365aad60b7901c5dd7fc
c83f285a1f3df0f7ac758a68ee95cc3d2671f80264c2e143cc0561cc574e3f19

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C83F285A1F3DF0F7AC758A68EE95CC3D2671F80264C2E143CC0561CC574E3F19"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3701
Expires: Wed, 08 Feb 2023 22:59:42 GMT
Date: Wed, 08 Feb 2023 21:58:01 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
68273225f74fbf7493f395610d7a73fc
5a8779ef5656aeeba23b365aad60b7901c5dd7fc
c83f285a1f3df0f7ac758a68ee95cc3d2671f80264c2e143cc0561cc574e3f19

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C83F285A1F3DF0F7AC758A68EE95CC3D2671F80264C2E143CC0561CC574E3F19"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3701
Expires: Wed, 08 Feb 2023 22:59:42 GMT
Date: Wed, 08 Feb 2023 21:58:01 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbcb27041-48b2-474f-b9d5-f88e9e662723.jpeg

34.120.237.76

200 OK

6.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbcb27041-48b2-474f-b9d5-f88e9e662723.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.3 kB (6342 bytes)
Hash
d8a3fa4f1ec82d501942f9db3de2cb7d
b91c2aea7f2fb26131c8929b254c5596a1bb25ff
9d246eeab8ba04c775a03fd960c8859934a0accb737e845e89aba40bc573fdaa

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbcb27041-48b2-474f-b9d5-f88e9e662723.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6342
x-amzn-requestid: b2b61a71-5326-4fc6-baba-7baad29cf7c5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_OkbHfDIAMF5AQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c482-5cc4028d01d05305637af317;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:37:06 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Ladt7WYN7SIJ42nshsT0ewNBre8_C8DHi_-JbR37KM57MA9lkq5Anw==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 21:52:28 GMT
age: 333
etag: "b91c2aea7f2fb26131c8929b254c5596a1bb25ff"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5708e132-62b1-4b5b-aa88-fe22e522eb0e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.8 kB (6838 bytes)
Hash
4b327816bc2c6fd7291c75c693685d54
771070be61d0724b1c90ca86ea34c804bd7e501a
d45188239cacc7b228bc75ccc95afb48914aaa434c418cd5b786533e8b9cb983

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5708e132-62b1-4b5b-aa88-fe22e522eb0e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6838
x-amzn-requestid: 54fc5ae9-d37a-46cf-97e0-d05de1417cfb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_O7QEsCoAMFY1w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c514-40de6212468fcd0e78a93708;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:39:32 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: HKB4N2wyEkDOCHrcPmb2SW-T48udtqtgj-SITdLi1HxcsmUFDxERfA==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 ee8246c5442dace7525c74f6a799bb46.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 21:52:43 GMT
age: 318
etag: "771070be61d0724b1c90ca86ea34c804bd7e501a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc93fe33d-3033-473c-8315-95eb00ba319e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (12401 bytes)
Hash
ed10868ea9554510e43f77dfb8c43877
df0d86c2c53bdec7b8935912e42dc7f82f87aa61
751e95e7dd20802cc4e0b6f208bf5559b0b73efd3ca22a9abafd86cf83ab6420

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc93fe33d-3033-473c-8315-95eb00ba319e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12401
x-amzn-requestid: 7bfa8a84-c348-4f55-8e8e-befcdd24f026
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_OjPG-eIAMFccA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c47a-06eedb3c7396825f77360755;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:36:58 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ZHGp073QTcSjtcva36Y9sBKwRU6R8MdAxdTf8DQ_ugzAkDgWingxXg==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 21:50:14 GMT
age: 467
etag: "df0d86c2c53bdec7b8935912e42dc7f82f87aa61"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7f728fd1-646b-418a-ab1a-194a7bf42969.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.8 kB (6805 bytes)
Hash
c8f31c82179856e39ee5fc43d7f0b685
5b37f807a19ffc80c0b9334e6d24d5bb717496ce
c099c91c6f2125a8a89ee6e9dc0e37e2c2c9914adadb2c8b77795063baa62037

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7f728fd1-646b-418a-ab1a-194a7bf42969.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6805
x-amzn-requestid: ef7a879d-25be-42b0-a5c5-df6ad8f1482c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_R2FFv5IAMFZ7g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c9c0-2f8fa7ef41b70de04cfb5ac6;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:59:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: JxJrYYY7fMm_DCBcuC4OEdR62HL5VMvJbt_a6TWp4QfqN0qxgFgj-A==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 22:06:50 GMT
etag: "5b37f807a19ffc80c0b9334e6d24d5bb717496ce"
content-type: image/jpeg
age: 85871
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5abcabc9-1cda-4d86-8630-67943159604b.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.7 kB (6679 bytes)
Hash
4bb0e725719ac378134b01b6473a6581
a8a1780c88e8ae219048bed28ecfbd8019d9af35
187d4e83edc0af857334f84bd6853234193d4654d06c43367f39b4e125defe08

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5abcabc9-1cda-4d86-8630-67943159604b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6679
x-amzn-requestid: 97c19ad5-c127-4dc1-b529-1eca84645316
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f59MzHgloAMFwow=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e0a8b8-79d6b8d31b69153d4929b7b7;Sampled=0
x-amzn-remapped-date: Mon, 06 Feb 2023 07:14:00 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: x_tr-xummuF51PvAM4y3DgvLWuJOwxgquKO8baQfcoN6ta5M3ll7ug==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 06:24:59 GMT
age: 55982
etag: "a8a1780c88e8ae219048bed28ecfbd8019d9af35"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe56753b9-ced9-4038-88f6-9ea3a7bc9f04.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (11205 bytes)
Hash
aa6c416b3a87ded887c9dcf7c51e5dd0
45f4ef9e68591c00669043abe96959bead8f17ae
9e10394b387916e40c44d4e02fbc1ea72214d870df189ce16d24015de00682bf

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe56753b9-ced9-4038-88f6-9ea3a7bc9f04.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11205
x-amzn-requestid: abdf9c40-a2b7-49ae-bea1-ff5abfcea781
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fvszZFOZoAMFkNg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dc8e7b-6e508da05ff6f33e691de130;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 04:33:00 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: c7epaBUnG5cmbx_dT8BnEXw8JEOHyEnVEavRV6dSAExVbmdYLRMUzA==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 21:56:04 GMT
age: 117
etag: "45f4ef9e68591c00669043abe96959bead8f17ae"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

13 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F308abacb-8d5b-49bf-9e2b-59b6b40157cb.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
13 kB (12772 bytes)
Hash
2bf626b824fefec1ecaceb9243f2e5ec
f222976d76d889a0cd767bfd73075ee114c531ce
3f981850c6e6628245be7f7e26418d8b945dbeaf45e06492d8e2ee9409245195

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F308abacb-8d5b-49bf-9e2b-59b6b40157cb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-length: 12772
x-amzn-requestid: a4603c5c-c842-4a1d-bf09-550f160e1082
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_O7OEz8oAMFbOg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c514-763b7ecf50411a4d13dd8a25;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:39:32 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: TC5kFF-W-6W2tDvoCEHi9opfid8-g5RHD6R22zYTpB_Rz-HsyGxR5A==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 21:54:52 GMT
age: 196
etag: "f222976d76d889a0cd767bfd73075ee114c531ce"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

babesroulette.com/landers/lander18/?clickid=wg9sgkkfi9p3l5gmih6f1356&source=6bf8e3d6-f784-434f-ad30-6b70120e9709&cep=Pyjz2Df3Me6B5tWTt5IFfwfthtDpLk-f1zeXeYciuH_EG6mixtbUBZe0vRNKvXvVQTj62MOthVppBndv675nUxkCxBmMROuVBze1V7AVO0hW7ewmYN27CxNEcCcXHVQfZrOKqsLO4wAYT2rYA7-W09ZhQdafJyHOl8xOOKE68Svzq3eed64Vw-Z33MZaN7DBguwosAU3uTdNqRHGSLqPO54DVa6Jwuc1bOUunvJLm1TAPv6oirHPu2SgRUaWPEVE6ji5CgZvqAfd0Rj_gr7Wfnv-5rf91lAPg7B42ledzV1pz92C0pgYW9EjCqpHIBqzYZe1GzkSeL0icNdhM-MzEwlOl13faiuZhtP7NBETIoBaf1Js9JFFc1WUt1aKUC-v&lptoken=1629754e891852c07889

188.114.97.1

200 OK

0 B

URL HTTP/2
babesroulette.com/landers/lander18/?clickid=wg9sgkkfi9p3l5gmih6f1356&source=6bf8e3d6-f784-434f-ad30-6b70120e9709&cep=Pyjz2Df3Me6B5tWTt5IFfwfthtDpLk-f1zeXeYciuH_EG6mixtbUBZe0vRNKvXvVQTj62MOthVppBndv675nUxkCxBmMROuVBze1V7AVO0hW7ewmYN27CxNEcCcXHVQfZrOKqsLO4wAYT2rYA7-W09ZhQdafJyHOl8xOOKE68Svzq3eed64Vw-Z33MZaN7DBguwosAU3uTdNqRHGSLqPO54DVa6Jwuc1bOUunvJLm1TAPv6oirHPu2SgRUaWPEVE6ji5CgZvqAfd0Rj_gr7Wfnv-5rf91lAPg7B42ledzV1pz92C0pgYW9EjCqpHIBqzYZe1GzkSeL0icNdhM-MzEwlOl13faiuZhtP7NBETIoBaf1Js9JFFc1WUt1aKUC-v&lptoken=1629754e891852c07889
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /landers/lander18/?clickid=wg9sgkkfi9p3l5gmih6f1356&source=6bf8e3d6-f784-434f-ad30-6b70120e9709&cep=Pyjz2Df3Me6B5tWTt5IFfwfthtDpLk-f1zeXeYciuH_EG6mixtbUBZe0vRNKvXvVQTj62MOthVppBndv675nUxkCxBmMROuVBze1V7AVO0hW7ewmYN27CxNEcCcXHVQfZrOKqsLO4wAYT2rYA7-W09ZhQdafJyHOl8xOOKE68Svzq3eed64Vw-Z33MZaN7DBguwosAU3uTdNqRHGSLqPO54DVa6Jwuc1bOUunvJLm1TAPv6oirHPu2SgRUaWPEVE6ji5CgZvqAfd0Rj_gr7Wfnv-5rf91lAPg7B42ledzV1pz92C0pgYW9EjCqpHIBqzYZe1GzkSeL0icNdhM-MzEwlOl13faiuZhtP7NBETIoBaf1Js9JFFc1WUt1aKUC-v&lptoken=1629754e891852c07889 HTTP/1.1
Host: babesroulette.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
date: Wed, 08 Feb 2023 21:57:59 GMT
content-type: text/html
last-modified: Thu, 25 Aug 2022 23:06:49 GMT
x-powered-by: PleskLin
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h9m%2F871Y0oSJzihfJjq3hN6fwCoTZ9GIaAYbgWJfb0U%2FeDLHPgCHtS5zJxjvSHf%2FxCqP%2BBAEGFLeEEOcMGCxlybun8FlRl5xMNW9ECQAlFwvVHUazjlm77cdlg2tI17sswbRLQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79679fc57c190b02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Roboto:100,100italic,300,400,400italic,300italic,500,500italic,700,700italic

142.250.74.106

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css?family=Roboto:100,100italic,300,400,400italic,300italic,500,500italic,700,700italic
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css?family=Roboto:100,100italic,300,400,400italic,300italic,500,500italic,700,700italic HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://babesroulette.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 08 Feb 2023 21:57:59 GMT
date: Wed, 08 Feb 2023 21:57:59 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

deefauph.com/pfe/current/micro.tag.min.js?z=4740019&ymid=wg9sgkkfi9p3l5gmih6f1356&var=6bf8e3d6-f784-434f-ad30-6b70120e9709&sw=/sw-check-permissions-2e801.js

139.45.197.251

200 OK

0 B

URL HTTP/2
deefauph.com/pfe/current/micro.tag.min.js?z=4740019&ymid=wg9sgkkfi9p3l5gmih6f1356&var=6bf8e3d6-f784-434f-ad30-6b70120e9709&sw=/sw-check-permissions-2e801.js
IP
139.45.197.251:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /pfe/current/micro.tag.min.js?z=4740019&ymid=wg9sgkkfi9p3l5gmih6f1356&var=6bf8e3d6-f784-434f-ad30-6b70120e9709&sw=/sw-check-permissions-2e801.js HTTP/1.1
Host: deefauph.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://babesroulette.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 21:57:59 GMT
content-type: application/javascript
last-modified: Tue, 07 Feb 2023 14:32:42 GMT
etag: W/"63e2610a-a083"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (6)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

HTTP Transactions (37)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1