ocsp.sectigo.com/
471 B IP
Hash 087d2025f598c26ffeef147159bbb2d9
c7dc30fb65121888d2ffe256bb6b6ec710cc6f94
bf3c7e57174b54646f9e665fe6086c9c2192048e0e6237600bf3d7988711b96b
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 25 Aug 2023 19:52:51 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 23 Aug 2023 10:49:33 GMT
Expires: Wed, 30 Aug 2023 10:49:32 GMT
Etag: "c7dc30fb65121888d2ffe256bb6b6ec710cc6f94"
Cache-Control: max-age=398837,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7fc660b8eed80b55-OSL
dirty.games/eg/vl16.php?clk=w06h7hvfs2dp4j4rinvj6m44&cid=ooc45c3T23XV00utmuotuundK5000rqZnSumrdK6V0rqKqbqqqKnVT2XU12uqnrqnntdK6Z0rpXSuldM6V0rpnO0mzm0rtu3lu3lo2uummn3zluuu1tmoq3dK4h_t6KY1KU5zpXSuldK6V0rpXSuldNXdPddRLXQ4Ps-&countryname=United%20States®ion=Oklahoma&os=Android&browser=Google%20App&brand=Google&campaign=c45e7a4e-3015-40b3-967a-41012b844bbf&SID=e-mg-r-native
200 OK 9.3 kB URL User Request GET HTTP/1.1 dirty.games/eg/vl16.php?clk=w06h7hvfs2dp4j4rinvj6m44&cid=ooc45c3T23XV00utmuotuundK5000rqZnSumrdK6V0rqKqbqqqKnVT2XU12uqnrqnntdK6Z0rpXSuldM6V0rpnO0mzm0rtu3lu3lo2uummn3zluuu1tmoq3dK4h_t6KY1KU5zpXSuldK6V0rpXSuldNXdPddRLXQ4Ps-&countryname=United%20States®ion=Oklahoma&os=Android&browser=Google%20App&brand=Google&campaign=c45e7a4e-3015-40b3-967a-41012b844bbf&SID=e-mg-r-native
IP
Certificate IssuerSectigo Limited
Subjectdirty.games
Fingerprint78:3D:8C:85:FF:F2:FD:1A:9F:F1:4E:03:57:57:CA:04:8C:6B:2D:EB
ValidityMon, 05 Dec 2022 00:00:00 GMT - Fri, 05 Jan 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (438), with CRLF line terminators
Hash ea31b4c5acba699e9f5d5046d678a10c
14986b6f8d9229c75c0fc840c8af26782aa309c8
a5bcd3c1cb45fc486748d1f9de506ab1e1e0066b80080d218e85a8f24b4c285e
GET /eg/vl16.php?clk=w06h7hvfs2dp4j4rinvj6m44&cid=ooc45c3T23XV00utmuotuundK5000rqZnSumrdK6V0rqKqbqqqKnVT2XU12uqnrqnntdK6Z0rpXSuldM6V0rpnO0mzm0rtu3lu3lo2uummn3zluuu1tmoq3dK4h_t6KY1KU5zpXSuldK6V0rpXSuldNXdPddRLXQ4Ps-&countryname=United%20States®ion=Oklahoma&os=Android&browser=Google%20App&brand=Google&campaign=c45e7a4e-3015-40b3-967a-41012b844bbf&SID=e-mg-r-native HTTP/1.1
Host: dirty.games
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 25 Aug 2023 19:52:51 GMT
Server: Apache/2.4.56 () OpenSSL/1.0.2k-fips PHP/8.0.28
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
X-Powered-By: PHP/8.0.28
Keep-Alive: timeout=5, max=100
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
ocsp.pki.goog/gts1c3
472 B IP
Hash 8e74102f303b0535c8587d521395cebe
936e529d5828ae70021800db8db848b3d632c4d6
068d6139df8cb1c07f39a092a7894b13d5683b6ce7017252f9b2359671794f1b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 25 Aug 2023 19:52:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
dirty.games/eg/bd_files/vd16z_new.css
200 OK 11 kB URL GET HTTP/1.1 dirty.games/eg/bd_files/vd16z_new.css
IP
Requested by https://dirty.games/eg/vl16.php?clk=w06h7hvfs2dp4j4rinvj6m44&cid=ooc45c3T23XV00utmuotuundK5000rqZnSumrdK6V0rqKqbqqqKnVT2XU12uqnrqnntdK6Z0rpXSuldM6V0rpnO0mzm0rtu3lu3lo2uummn3zluuu1tmoq3dK4h_t6KY1KU5zpXSuldK6V0rpXSuldNXdPddRLXQ4Ps-&countryname=United%20States®ion=Oklahoma&os=Android&browser=Google%20App&brand=Google&campaign=c45e7a4e-3015-40b3-967a-41012b844bbf&SID=e-mg-r-native
Certificate IssuerSectigo Limited
Subjectdirty.games
Fingerprint78:3D:8C:85:FF:F2:FD:1A:9F:F1:4E:03:57:57:CA:04:8C:6B:2D:EB
ValidityMon, 05 Dec 2022 00:00:00 GMT - Fri, 05 Jan 2024 23:59:59 GMT
File type ASCII text, with CRLF line terminators
Hash 94718c842d5301b251f68b7e6f8595d5
1a53f1bc4e3cf527f350690b0a8d363aedf6cabc
1b6e78b184e3d41d85ec692c2cae1e97fca5723c00d219007bbb64ce79447c27
GET /eg/bd_files/vd16z_new.css HTTP/1.1
Host: dirty.games
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dirty.games/eg/vl16.php?clk=w06h7hvfs2dp4j4rinvj6m44&cid=ooc45c3T23XV00utmuotuundK5000rqZnSumrdK6V0rqKqbqqqKnVT2XU12uqnrqnntdK6Z0rpXSuldM6V0rpnO0mzm0rtu3lu3lo2uummn3zluuu1tmoq3dK4h_t6KY1KU5zpXSuldK6V0rpXSuldNXdPddRLXQ4Ps-&countryname=United%20States®ion=Oklahoma&os=Android&browser=Google%20App&brand=Google&campaign=c45e7a4e-3015-40b3-967a-41012b844bbf&SID=e-mg-r-native
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 25 Aug 2023 19:52:51 GMT
Server: Apache/2.4.56 () OpenSSL/1.0.2k-fips PHP/8.0.28
Last-Modified: Thu, 13 Jul 2023 08:13:33 GMT
ETag: "2a9f-60059e880de1e"
Accept-Ranges: bytes
Content-Length: 10911
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
200 OK 31 kB URL GET HTTP/2 ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
IP
Requested by https://dirty.games/eg/vl16.php?clk=w06h7hvfs2dp4j4rinvj6m44&cid=ooc45c3T23XV00utmuotuundK5000rqZnSumrdK6V0rqKqbqqqKnVT2XU12uqnrqnntdK6Z0rpXSuldM6V0rpnO0mzm0rtu3lu3lo2uummn3zluuu1tmoq3dK4h_t6KY1KU5zpXSuldK6V0rpXSuldNXdPddRLXQ4Ps-&countryname=United%20States®ion=Oklahoma&os=Android&browser=Google%20App&brand=Google&campaign=c45e7a4e-3015-40b3-967a-41012b844bbf&SID=e-mg-r-native
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint94:C0:54:E4:BA:6C:E0:93:C6:8F:D9:27:1C:74:6F:E8:CE:6E:E2:BA
ValidityMon, 07 Aug 2023 12:21:56 GMT - Mon, 30 Oct 2023 12:21:55 GMT
File type ASCII text, with very long lines (65451)
Hash dc5e7f18c8d36ac1d3d4753a87c98d0a
c8e1c8b386dc5b7a9184c763c88d19a346eb3342
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dirty.games/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 31021
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 22 Aug 2023 04:21:34 GMT
expires: Wed, 21 Aug 2024 04:21:34 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Fri, 08 May 2020 07:05:03 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 315077
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
dirty.games/files/redirect3_1step.js
200 OK 633 B URL GET HTTP/1.1 dirty.games/files/redirect3_1step.js
IP
Requested by https://dirty.games/eg/vl16.php?clk=w06h7hvfs2dp4j4rinvj6m44&cid=ooc45c3T23XV00utmuotuundK5000rqZnSumrdK6V0rqKqbqqqKnVT2XU12uqnrqnntdK6Z0rpXSuldM6V0rpnO0mzm0rtu3lu3lo2uummn3zluuu1tmoq3dK4h_t6KY1KU5zpXSuldK6V0rpXSuldNXdPddRLXQ4Ps-&countryname=United%20States®ion=Oklahoma&os=Android&browser=Google%20App&brand=Google&campaign=c45e7a4e-3015-40b3-967a-41012b844bbf&SID=e-mg-r-native
Certificate IssuerSectigo Limited
Subjectdirty.games
Fingerprint78:3D:8C:85:FF:F2:FD:1A:9F:F1:4E:03:57:57:CA:04:8C:6B:2D:EB
ValidityMon, 05 Dec 2022 00:00:00 GMT - Fri, 05 Jan 2024 23:59:59 GMT
File type ASCII text, with CRLF line terminators
Hash cd68044c2e6688ac786b2f505fefa59e
fc9f094d358c5df1c2e6efc62de37bee8b8184ab
2cd14766b89f74025ca3c64c833dbdad8066543dfae0575f629008367168bedd
GET /files/redirect3_1step.js HTTP/1.1
Host: dirty.games
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dirty.games/eg/vl16.php?clk=w06h7hvfs2dp4j4rinvj6m44&cid=ooc45c3T23XV00utmuotuundK5000rqZnSumrdK6V0rqKqbqqqKnVT2XU12uqnrqnntdK6Z0rpXSuldM6V0rpnO0mzm0rtu3lu3lo2uummn3zluuu1tmoq3dK4h_t6KY1KU5zpXSuldK6V0rpXSuldNXdPddRLXQ4Ps-&countryname=United%20States®ion=Oklahoma&os=Android&browser=Google%20App&brand=Google&campaign=c45e7a4e-3015-40b3-967a-41012b844bbf&SID=e-mg-r-native
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 25 Aug 2023 19:52:51 GMT
Server: Apache/2.4.56 () OpenSSL/1.0.2k-fips PHP/8.0.28
Last-Modified: Fri, 21 May 2021 13:29:17 GMT
ETag: "279-5c2d70be70540"
Accept-Ranges: bytes
Content-Length: 633
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
ocsp.pki.goog/gts1c3
472 B IP
Hash 8e74102f303b0535c8587d521395cebe
936e529d5828ae70021800db8db848b3d632c4d6
068d6139df8cb1c07f39a092a7894b13d5683b6ce7017252f9b2359671794f1b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 25 Aug 2023 19:52:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
471 B IP
Hash eabedde19de92ba362e059f86a21228a
bb7d5fdb0dfc83d382342048727762c7ecbe9b65
4cd337791925978e75fba004c32ec1b38867aec24988be8802f46e102e3f76e1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 25 Aug 2023 19:52:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
471 B IP
Hash eabedde19de92ba362e059f86a21228a
bb7d5fdb0dfc83d382342048727762c7ecbe9b65
4cd337791925978e75fba004c32ec1b38867aec24988be8802f46e102e3f76e1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 25 Aug 2023 19:52:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.googleapis.com/css2?family=Raleway:ital,wght@0,400;0,500;0,600;0,700;0,800;0,900;1,400;1,500;1,600;1,700;1,800;1,900&display=swap
200 OK 47 kB URL GET HTTP/2 fonts.googleapis.com/css2?family=Raleway:ital,wght@0,400;0,500;0,600;0,700;0,800;0,900;1,400;1,500;1,600;1,700;1,800;1,900&display=swap
IP
Requested by https://dirty.games/eg/vl16.php?clk=w06h7hvfs2dp4j4rinvj6m44&cid=ooc45c3T23XV00utmuotuundK5000rqZnSumrdK6V0rqKqbqqqKnVT2XU12uqnrqnntdK6Z0rpXSuldM6V0rpnO0mzm0rtu3lu3lo2uummn3zluuu1tmoq3dK4h_t6KY1KU5zpXSuldK6V0rpXSuldNXdPddRLXQ4Ps-&countryname=United%20States®ion=Oklahoma&os=Android&browser=Google%20App&brand=Google&campaign=c45e7a4e-3015-40b3-967a-41012b844bbf&SID=e-mg-r-native
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint94:C0:54:E4:BA:6C:E0:93:C6:8F:D9:27:1C:74:6F:E8:CE:6E:E2:BA
ValidityMon, 07 Aug 2023 12:21:56 GMT - Mon, 30 Oct 2023 12:21:55 GMT
File type gzip compressed data, max compression\012- data
Hash f088b1052e16c63ef3e5175ee2cdb2a5
e7384de61dee3789745f55057a3061230a08ad7f
7dfd75cdf21a8e3ae14227bd15dd504a2b34fbe2cb3934ea5477848145d7d2bd
GET /css2?family=Raleway:ital,wght@0,400;0,500;0,600;0,700;0,800;0,900;1,400;1,500;1,600;1,700;1,800;1,900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dirty.games/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 25 Aug 2023 19:52:52 GMT
date: Fri, 25 Aug 2023 19:52:52 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/raleway/v28/1Ptug8zYS_SKggPNyC0ITw.woff2
200 OK 46 kB URL GET HTTP/2 fonts.gstatic.com/s/raleway/v28/1Ptug8zYS_SKggPNyC0ITw.woff2
IP
Requested by https://dirty.games/eg/vl16.php?clk=w06h7hvfs2dp4j4rinvj6m44&cid=ooc45c3T23XV00utmuotuundK5000rqZnSumrdK6V0rqKqbqqqKnVT2XU12uqnrqnntdK6Z0rpXSuldM6V0rpnO0mzm0rtu3lu3lo2uummn3zluuu1tmoq3dK4h_t6KY1KU5zpXSuldK6V0rpXSuldNXdPddRLXQ4Ps-&countryname=United%20States®ion=Oklahoma&os=Android&browser=Google%20App&brand=Google&campaign=c45e7a4e-3015-40b3-967a-41012b844bbf&SID=e-mg-r-native
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint1B:14:11:9F:49:14:C3:A3:7C:87:B0:E1:5B:18:75:10:3D:2A:B3:72
ValidityMon, 07 Aug 2023 12:21:56 GMT - Mon, 30 Oct 2023 12:21:55 GMT
File type Web Open Font Format (Version 2), TrueType, length 46524, version 1.0\012- data
Hash c1fd378f54921c75e4ae1821e7b8fff6
2ce96e97783b2f154d07f4464ca6f8eb2469f2c1
405ceee1c2f5c31f1cb94ebc63d49a43fddd1471c2c7401a01c7c11bb1d93826
GET /s/raleway/v28/1Ptug8zYS_SKggPNyC0ITw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://dirty.games
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 46524
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 25 Aug 2023 10:44:45 GMT
expires: Sat, 24 Aug 2024 10:44:45 GMT
cache-control: public, max-age=31536000
age: 32887
last-modified: Mon, 18 Jul 2022 19:58:01 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.sectigo.com/
472 B IP
Hash 3c4d6bc76a6405d19511dd5b6b0a29ed
a26053a969234c35ed59d2fb311fe8dc2d9a3677
f728bf5631b61a28cbec22e991393e4ce86deb5ed8280d925cffef691a692b39
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 25 Aug 2023 19:52:52 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 22 Aug 2023 15:10:11 GMT
Expires: Tue, 29 Aug 2023 15:10:10 GMT
Etag: "a26053a969234c35ed59d2fb311fe8dc2d9a3677"
Cache-Control: max-age=328959,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7fc660beef740b55-OSL
ocsp.pki.goog/gts1c3
471 B IP
Hash eabedde19de92ba362e059f86a21228a
bb7d5fdb0dfc83d382342048727762c7ecbe9b65
4cd337791925978e75fba004c32ec1b38867aec24988be8802f46e102e3f76e1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 25 Aug 2023 19:52:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
dg-videos.b-cdn.net/bg/img/1200x675_yyy13.jpg
200 OK 144 kB URL GET HTTP/2 dg-videos.b-cdn.net/bg/img/1200x675_yyy13.jpg
IP
ASN #60068 Datacamp Limited
Requested by https://dirty.games/eg/vl16.php?clk=w06h7hvfs2dp4j4rinvj6m44&cid=ooc45c3T23XV00utmuotuundK5000rqZnSumrdK6V0rqKqbqqqKnVT2XU12uqnrqnntdK6Z0rpXSuldM6V0rpnO0mzm0rtu3lu3lo2uummn3zluuu1tmoq3dK4h_t6KY1KU5zpXSuldK6V0rpXSuldNXdPddRLXQ4Ps-&countryname=United%20States®ion=Oklahoma&os=Android&browser=Google%20App&brand=Google&campaign=c45e7a4e-3015-40b3-967a-41012b844bbf&SID=e-mg-r-native
Certificate IssuerSectigo Limited
Subject*.b-cdn.net
Fingerprint29:87:92:15:49:79:2E:01:F4:40:4E:1C:A2:97:60:AA:56:45:88:1D
ValidityMon, 07 Nov 2022 00:00:00 GMT - Sat, 11 Nov 2023 23:59:59 GMT
File type JPEG image data, progressive, precision 8, 1200x675, components 3\012- data
Size 144 kB (144205 bytes)
Hash 39a0bc85297064426887d713546decda
371649fd3aa3a4dac3d1eab0ee554dd2c857c6fa
c0424e2cede0f205ee8c3b0ab8d579d02bb23c4b46bb66baee59f868d6915f52
GET /bg/img/1200x675_yyy13.jpg HTTP/1.1
Host: dg-videos.b-cdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dirty.games/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 25 Aug 2023 19:52:52 GMT
content-type: image/jpeg
content-length: 144205
server: BunnyCDN-DE1-722
cdn-pullzone: 197902
cdn-uid: 90afae06-e50c-4631-b9a4-06f4f476cba3
cdn-requestcountrycode: NO
cache-control: public, max-age=2592000
last-modified: Thu, 27 Jul 2023 16:43:34 GMT
cdn-storageserver: DE-665
cdn-fileserver: 640
cdn-proxyver: 1.04
cdn-requestpullsuccess: True
cdn-requestpullcode: 206
cdn-cachedat: 08/02/2023 06:17:07
cdn-edgestorageid: 755
cdn-status: 200
cdn-requestid: 2458380d75dcfcfc3d30fba18c20af3a
cdn-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.r2m02.amazontrust.com/
471 B URL ocsp.r2m02.amazontrust.com/
IP
Hash ecd82894d886f436a997659217f9468f
0e28ea3a39b04aa541f7f151572db8e0032cf8b0
a8bc1dbee1248a7b1dec7e1485d8b6e48b370aa598360073965fb59e723417c0
POST / HTTP/1.1
Host: ocsp.r2m02.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Fri, 25 Aug 2023 19:52:52 GMT
Last-Modified: Fri, 25 Aug 2023 19:11:59 GMT
Server: ECAcc (amb/6AD5)
X-Cache: Miss from cloudfront
Via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: EgwRgTKGFdAbF7CJ8C0b1A4YgOYvQi0z0w-LdlhI4_cqQst4nAWSDA==
Age: 2453
dirty.games/eg/bd_files/ico.png
200 OK 10 kB URL GET HTTP/1.1 dirty.games/eg/bd_files/ico.png
IP
Requested by https://dirty.games/eg/vl16.php?clk=w06h7hvfs2dp4j4rinvj6m44&cid=ooc45c3T23XV00utmuotuundK5000rqZnSumrdK6V0rqKqbqqqKnVT2XU12uqnrqnntdK6Z0rpXSuldM6V0rpnO0mzm0rtu3lu3lo2uummn3zluuu1tmoq3dK4h_t6KY1KU5zpXSuldK6V0rpXSuldNXdPddRLXQ4Ps-&countryname=United%20States®ion=Oklahoma&os=Android&browser=Google%20App&brand=Google&campaign=c45e7a4e-3015-40b3-967a-41012b844bbf&SID=e-mg-r-native
Certificate IssuerSectigo Limited
Subjectdirty.games
Fingerprint78:3D:8C:85:FF:F2:FD:1A:9F:F1:4E:03:57:57:CA:04:8C:6B:2D:EB
ValidityMon, 05 Dec 2022 00:00:00 GMT - Fri, 05 Jan 2024 23:59:59 GMT
File type PNG image data, 180 x 180, 8-bit colormap, non-interlaced\012- data
Hash 54e717c155073dca5e42d958465faf9a
9837b3ade6cc19fb204bb9495bacac3d57ed49c7
dd5985fa8dc6cfcedd786436db0800078b20fc5a23ea8af1ba56a0c1ce151152
GET /eg/bd_files/ico.png HTTP/1.1
Host: dirty.games
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dirty.games/eg/vl16.php?clk=w06h7hvfs2dp4j4rinvj6m44&cid=ooc45c3T23XV00utmuotuundK5000rqZnSumrdK6V0rqKqbqqqKnVT2XU12uqnrqnntdK6Z0rpXSuldM6V0rpnO0mzm0rtu3lu3lo2uummn3zluuu1tmoq3dK4h_t6KY1KU5zpXSuldK6V0rpXSuldNXdPddRLXQ4Ps-&countryname=United%20States®ion=Oklahoma&os=Android&browser=Google%20App&brand=Google&campaign=c45e7a4e-3015-40b3-967a-41012b844bbf&SID=e-mg-r-native
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 25 Aug 2023 19:52:52 GMT
Server: Apache/2.4.56 () OpenSSL/1.0.2k-fips PHP/8.0.28
Last-Modified: Tue, 17 Nov 2020 00:14:14 GMT
ETag: "283e-5b4425ff0a180"
Accept-Ranges: bytes
Content-Length: 10302
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png
dg-videos.b-cdn.net/bg/1280x720_sx_bg60.mp4
206 Partial Content 171 kB URL GET HTTP/2 dg-videos.b-cdn.net/bg/1280x720_sx_bg60.mp4
IP
ASN #60068 Datacamp Limited
Requested by https://dirty.games/eg/vl16.php?clk=w06h7hvfs2dp4j4rinvj6m44&cid=ooc45c3T23XV00utmuotuundK5000rqZnSumrdK6V0rqKqbqqqKnVT2XU12uqnrqnntdK6Z0rpXSuldM6V0rpnO0mzm0rtu3lu3lo2uummn3zluuu1tmoq3dK4h_t6KY1KU5zpXSuldK6V0rpXSuldNXdPddRLXQ4Ps-&countryname=United%20States®ion=Oklahoma&os=Android&browser=Google%20App&brand=Google&campaign=c45e7a4e-3015-40b3-967a-41012b844bbf&SID=e-mg-r-native
Certificate IssuerSectigo Limited
Subject*.b-cdn.net
Fingerprint29:87:92:15:49:79:2E:01:F4:40:4E:1C:A2:97:60:AA:56:45:88:1D
ValidityMon, 07 Nov 2022 00:00:00 GMT - Sat, 11 Nov 2023 23:59:59 GMT
File type ISO Media, MP4 v2 [ISO 14496-14]\012- data
Size 171 kB (171404 bytes)
Hash 184eeca3fa00b39c0700ea17b65bee31
1661d8949e64a38f78a86e1689d2d0f7edef37a1
c3ce16d819086c495fa4a98f3fc121297f59db4f6b03fa49734f5750dac7beaa
GET /bg/1280x720_sx_bg60.mp4 HTTP/1.1
Host: dg-videos.b-cdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://dirty.games/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 206 Partial Content
date: Fri, 25 Aug 2023 19:52:52 GMT
content-type: video/mp4
content-length: 5024381
server: BunnyCDN-DE1-722
cdn-pullzone: 197902
cdn-uid: 90afae06-e50c-4631-b9a4-06f4f476cba3
cdn-requestcountrycode: NO
cache-control: public, max-age=2592000
last-modified: Mon, 31 Jul 2023 14:21:05 GMT
cdn-storageserver: DE-679
cdn-fileserver: 653
cdn-proxyver: 1.04
cdn-requestpullsuccess: True
cdn-requestpullcode: 206
cdn-cachedat: 07/31/2023 14:24:08
cdn-edgestorageid: 1077
cdn-status: 200
cdn-requestid: 2efe3ed46bb465cbc31c0c93fe1eaf57
cdn-cache: HIT
content-range: bytes 0-5024380/5024381
X-Firefox-Spdy: h2
qkaccess.com/ep.php/LA-prmagms:80353/69778:e9eed925-a936-483f-9c2b-051fd1ace933.w06h7hvfs2dp4j4rinvj6m44
302 Found 31 kB URL GET HTTP/2 qkaccess.com/ep.php/LA-prmagms:80353/69778:e9eed925-a936-483f-9c2b-051fd1ace933.w06h7hvfs2dp4j4rinvj6m44
IP
Requested by https://dirty.games/eg/vl16.php?clk=w06h7hvfs2dp4j4rinvj6m44&cid=ooc45c3T23XV00utmuotuundK5000rqZnSumrdK6V0rqKqbqqqKnVT2XU12uqnrqnntdK6Z0rpXSuldM6V0rpnO0mzm0rtu3lu3lo2uummn3zluuu1tmoq3dK4h_t6KY1KU5zpXSuldK6V0rpXSuldNXdPddRLXQ4Ps-&countryname=United%20States®ion=Oklahoma&os=Android&browser=Google%20App&brand=Google&campaign=c45e7a4e-3015-40b3-967a-41012b844bbf&SID=e-mg-r-native
Certificate IssuerAmazon
Subjectlnkaccess.com
Fingerprint3C:F6:E0:37:77:22:4A:29:A8:02:0D:BC:DA:83:26:F0:7F:5A:54:32
ValidityTue, 07 Feb 2023 00:00:00 GMT - Tue, 05 Dec 2023 23:59:59 GMT
File type gzip compressed data, max compression\012- data
Hash 81182f4b684635f6bdcbdd907ee66f25
a1f2f151df72ede41397c8131bd47a3ce85575b3
be40946c98d9a78a3c7c9ad097d379ab12549a195bd7a4766919a1d3fd987396
GET /ep.php/LA-prmagms:80353/69778:e9eed925-a936-483f-9c2b-051fd1ace933.w06h7hvfs2dp4j4rinvj6m44 HTTP/1.1
Host: qkaccess.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dirty.games/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Fri, 25 Aug 2023 19:52:52 GMT
content-type: text/html; charset=UTF-8
location: https://admitjoin.com/signup/?epcVIP=73.1066.g114er&tbc=66c2e9&theme=drtygg&email=&password=&firstname=&lastname=&zip=&net=1&act=epc69778.47636-458656.e9eed925-a936-483f-9c2b-051fd1ace933.w06h7hvfs2dp4j4rinvj6m44&f_color=ffffff
set-cookie: AWSALB=6s0Qe41u3wlZTKDHgskN5CjtOiZxx2Wd6RmifIh1WVA1mnbE5KhH6DBlJxNKiS37zbYJ20iAH6Kahsxnkibb0YW+IWE46rF2YtX46RfKRA4LJoagE+mhT3rV+dhc; Expires=Fri, 01 Sep 2023 19:52:52 GMT; Path=/
AWSALBCORS=6s0Qe41u3wlZTKDHgskN5CjtOiZxx2Wd6RmifIh1WVA1mnbE5KhH6DBlJxNKiS37zbYJ20iAH6Kahsxnkibb0YW+IWE46rF2YtX46RfKRA4LJoagE+mhT3rV+dhc; Expires=Fri, 01 Sep 2023 19:52:52 GMT; Path=/; SameSite=None; Secure
vip_id=69778.47636-458656; expires=Mon, 28-Aug-2023 19:52:52 GMT; Max-Age=259200; path=/
server: Apache
X-Firefox-Spdy: h2
ajax.aspnetcdn.com/ajax/bootstrap/3.3.7/css/bootstrap.min.css
200 OK 20 kB URL GET HTTP/2 ajax.aspnetcdn.com/ajax/bootstrap/3.3.7/css/bootstrap.min.css
IP
Requested by https://rfdcxz.com/5e4e14a7116f1f53/?epcVIP=73.1066.g114er&tbc=66c2e9&theme=drtygg&email=&password=&firstname=&lastname=&zip=&net=1&act=epc69778.47636-458656.e9eed925-a936-483f-9c2b-051fd1ace933.w06h7hvfs2dp4j4rinvj6m44&f_color=ffffff&epcCID=B2u3obddXfU7Rfzd0cS0G4Ye4fI2V3d5D&rtid=72258225245
Certificate IssuerDigiCert Inc
Subject*.vo.msecnd.net
Fingerprint0E:7D:A8:CD:FE:61:1E:46:97:A3:57:99:70:DA:E0:59:1D:34:04:80
ValidityFri, 05 May 2023 00:00:00 GMT - Sun, 28 Apr 2024 23:59:59 GMT
File type ASCII text, with very long lines (65371)
Hash ec3bb52a00e176a7181d454dffaea219
6527d8bf3e1e9368bab8c7b60f56bc01fa3afd68
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c
GET /ajax/bootstrap/3.3.7/css/bootstrap.min.css HTTP/1.1
Host: ajax.aspnetcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rfdcxz.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
age: 12179855
cache-control: public,max-age=31536000
content-type: text/css
date: Fri, 25 Aug 2023 19:52:54 GMT
etag: "0e914f2cb33d21:0"
last-modified: Mon, 31 Oct 2016 23:10:18 GMT
server: ECAcc (ska/F740)
timing-allow-origin: *
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 19629
X-Firefox-Spdy: h2
ajax.aspnetcdn.com/ajax/bootstrap/3.3.7/bootstrap.min.js
200 OK 9.8 kB URL GET HTTP/2 ajax.aspnetcdn.com/ajax/bootstrap/3.3.7/bootstrap.min.js
IP
Requested by https://rfdcxz.com/5e4e14a7116f1f53/?epcVIP=73.1066.g114er&tbc=66c2e9&theme=drtygg&email=&password=&firstname=&lastname=&zip=&net=1&act=epc69778.47636-458656.e9eed925-a936-483f-9c2b-051fd1ace933.w06h7hvfs2dp4j4rinvj6m44&f_color=ffffff&epcCID=B2u3obddXfU7Rfzd0cS0G4Ye4fI2V3d5D&rtid=72258225245
Certificate IssuerDigiCert Inc
Subject*.vo.msecnd.net
Fingerprint0E:7D:A8:CD:FE:61:1E:46:97:A3:57:99:70:DA:E0:59:1D:34:04:80
ValidityFri, 05 May 2023 00:00:00 GMT - Sun, 28 Apr 2024 23:59:59 GMT
File type ASCII text, with very long lines (32033)
Hash 5869c96cc8f19086aee625d670d741f9
430a443d74830fe9be26efca431f448c1b3740f9
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef
GET /ajax/bootstrap/3.3.7/bootstrap.min.js HTTP/1.1
Host: ajax.aspnetcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://rfdcxz.com
DNT: 1
Connection: keep-alive
Referer: https://rfdcxz.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
age: 3089707
cache-control: public,max-age=31536000
content-type: application/javascript
date: Fri, 25 Aug 2023 19:52:54 GMT
etag: "80bdc1e6cb33d21:0"
last-modified: Mon, 31 Oct 2016 23:09:59 GMT
server: ECAcc (ska/F6C5)
timing-allow-origin: *
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 9839
X-Firefox-Spdy: h2
rfdcxz.com/common_tpls/compactML/css/epcgg4dyg.css
200 OK 7.7 kB URL GET HTTP/2 rfdcxz.com/common_tpls/compactML/css/epcgg4dyg.css
IP
Requested by https://rfdcxz.com/5e4e14a7116f1f53/?epcVIP=73.1066.g114er&tbc=66c2e9&theme=drtygg&email=&password=&firstname=&lastname=&zip=&net=1&act=epc69778.47636-458656.e9eed925-a936-483f-9c2b-051fd1ace933.w06h7hvfs2dp4j4rinvj6m44&f_color=ffffff&epcCID=B2u3obddXfU7Rfzd0cS0G4Ye4fI2V3d5D&rtid=72258225245
Certificate IssuerLet's Encrypt
Subjectrfdcxz.com
Fingerprint92:52:19:63:3A:2E:8E:52:21:82:9F:60:78:9B:5A:B3:EF:92:75:3F
ValiditySat, 08 Jul 2023 00:07:59 GMT - Fri, 06 Oct 2023 00:07:58 GMT
File type ASCII text, with very long lines (41436), with no line terminators
Hash 769830abae7c5ed79b8903c1bccc7a2a
cf1169cf2f8f26d9a4d810e5b80aef30ff696b1a
bd819cd13e7b2cbafe11cb1356efa2a4e4e514ebffd5f370945cb6917f7ca170
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /common_tpls/compactML/css/epcgg4dyg.css HTTP/1.1
Host: rfdcxz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rfdcxz.com/5e4e14a7116f1f53/?epcVIP=73.1066.g114er&tbc=66c2e9&theme=drtygg&email=&password=&firstname=&lastname=&zip=&net=1&act=epc69778.47636-458656.e9eed925-a936-483f-9c2b-051fd1ace933.w06h7hvfs2dp4j4rinvj6m44&f_color=ffffff&epcCID=B2u3obddXfU7Rfzd0cS0G4Ye4fI2V3d5D&rtid=72258225245
Cookie: PHPSESSID=504428afd27be695af92ae2d6f7e58ef
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Aug 2023 19:52:54 GMT
content-type: text/css
content-length: 7666
last-modified: Thu, 17 Feb 2022 20:33:08 GMT
etag: W/"620eb104-a1dc"
content-encoding: gzip
section-io-cache-id: e6a241b49fcdd41fa5ff74fef9eabc36
vary: Accept-Encoding
x-varnish: 12309388 11617366
age: 20886
via: 1.1 varnish-65c66bdb8c-7ffsz (Varnish/7.2)
accept-ranges: bytes
section-io-cache: Hit
section-io-id: 6bae732cb028e7ce133b23aaa49d03a6
X-Firefox-Spdy: h2
rfdcxz.com/common_tpls/images/icons/email.png
200 OK 1.3 kB URL GET HTTP/2 rfdcxz.com/common_tpls/images/icons/email.png
IP
Requested by https://rfdcxz.com/5e4e14a7116f1f53/?epcVIP=73.1066.g114er&tbc=66c2e9&theme=drtygg&email=&password=&firstname=&lastname=&zip=&net=1&act=epc69778.47636-458656.e9eed925-a936-483f-9c2b-051fd1ace933.w06h7hvfs2dp4j4rinvj6m44&f_color=ffffff&epcCID=B2u3obddXfU7Rfzd0cS0G4Ye4fI2V3d5D&rtid=72258225245
Certificate IssuerLet's Encrypt
Subjectrfdcxz.com
Fingerprint92:52:19:63:3A:2E:8E:52:21:82:9F:60:78:9B:5A:B3:EF:92:75:3F
ValiditySat, 08 Jul 2023 00:07:59 GMT - Fri, 06 Oct 2023 00:07:58 GMT
File type PNG image data, 26 x 26, 8-bit/color RGB, non-interlaced\012- data
Hash a86d99b9176d82a211cfa29b2f0b353f
62947ddfd87e3a21869818885e4bfa4e55ad0c11
f8e82194c97e2a11a8c77fcd55d1ded51a1943b78eefac8475890f665dc620f1
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /common_tpls/images/icons/email.png HTTP/1.1
Host: rfdcxz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rfdcxz.com/5e4e14a7116f1f53/?epcVIP=73.1066.g114er&tbc=66c2e9&theme=drtygg&email=&password=&firstname=&lastname=&zip=&net=1&act=epc69778.47636-458656.e9eed925-a936-483f-9c2b-051fd1ace933.w06h7hvfs2dp4j4rinvj6m44&f_color=ffffff&epcCID=B2u3obddXfU7Rfzd0cS0G4Ye4fI2V3d5D&rtid=72258225245
Cookie: PHPSESSID=504428afd27be695af92ae2d6f7e58ef
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Aug 2023 19:52:54 GMT
content-type: image/png
content-length: 1254
last-modified: Mon, 21 Aug 2017 19:32:05 GMT
etag: "599b3535-4e6"
section-io-cache-id: 77d59ed8c5d07cf51977b46e0f0ff4d0
x-varnish: 12599213 11873406
age: 20903
via: 1.1 varnish-65c66bdb8c-bcwfl (Varnish/7.2)
accept-ranges: bytes
section-io-cache: Hit
section-io-id: 6e5ca505f430baa44f8a5dedef1d29a0
X-Firefox-Spdy: h2
rfdcxz.com/common_tpls/images/icons/password.png
200 OK 1.5 kB URL GET HTTP/2 rfdcxz.com/common_tpls/images/icons/password.png
IP
Requested by https://rfdcxz.com/5e4e14a7116f1f53/?epcVIP=73.1066.g114er&tbc=66c2e9&theme=drtygg&email=&password=&firstname=&lastname=&zip=&net=1&act=epc69778.47636-458656.e9eed925-a936-483f-9c2b-051fd1ace933.w06h7hvfs2dp4j4rinvj6m44&f_color=ffffff&epcCID=B2u3obddXfU7Rfzd0cS0G4Ye4fI2V3d5D&rtid=72258225245
Certificate IssuerLet's Encrypt
Subjectrfdcxz.com
Fingerprint92:52:19:63:3A:2E:8E:52:21:82:9F:60:78:9B:5A:B3:EF:92:75:3F
ValiditySat, 08 Jul 2023 00:07:59 GMT - Fri, 06 Oct 2023 00:07:58 GMT
File type PNG image data, 26 x 26, 8-bit/color RGB, non-interlaced\012- data
Hash 6f100f1cdbdce928118ffa4c9293ca5b
6b1a3593e792d4c00187d60560dd03fb42df1156
8c1a6b9e0c63edc7fa86898148dc6493cd56113fabbf85d901f7af4c180fce74
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /common_tpls/images/icons/password.png HTTP/1.1
Host: rfdcxz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rfdcxz.com/5e4e14a7116f1f53/?epcVIP=73.1066.g114er&tbc=66c2e9&theme=drtygg&email=&password=&firstname=&lastname=&zip=&net=1&act=epc69778.47636-458656.e9eed925-a936-483f-9c2b-051fd1ace933.w06h7hvfs2dp4j4rinvj6m44&f_color=ffffff&epcCID=B2u3obddXfU7Rfzd0cS0G4Ye4fI2V3d5D&rtid=72258225245
Cookie: PHPSESSID=504428afd27be695af92ae2d6f7e58ef
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Aug 2023 19:52:54 GMT
content-type: image/png
content-length: 1452
last-modified: Tue, 22 Aug 2017 16:34:59 GMT
etag: "599c5d33-5ac"
section-io-cache-id: a5fb63723a02139938fc08a6e18f5e2b
x-varnish: 12309390 11690410
age: 20900
via: 1.1 varnish-65c66bdb8c-7ffsz (Varnish/7.2)
accept-ranges: bytes
section-io-cache: Hit
section-io-id: f5aa4be3b0f72e046e2cbe03607a8594
X-Firefox-Spdy: h2
rfdcxz.com/common_tpls/images/icons/fname.png
200 OK 1.6 kB URL GET HTTP/2 rfdcxz.com/common_tpls/images/icons/fname.png
IP
Requested by https://rfdcxz.com/5e4e14a7116f1f53/?epcVIP=73.1066.g114er&tbc=66c2e9&theme=drtygg&email=&password=&firstname=&lastname=&zip=&net=1&act=epc69778.47636-458656.e9eed925-a936-483f-9c2b-051fd1ace933.w06h7hvfs2dp4j4rinvj6m44&f_color=ffffff&epcCID=B2u3obddXfU7Rfzd0cS0G4Ye4fI2V3d5D&rtid=72258225245
Certificate IssuerLet's Encrypt
Subjectrfdcxz.com
Fingerprint92:52:19:63:3A:2E:8E:52:21:82:9F:60:78:9B:5A:B3:EF:92:75:3F
ValiditySat, 08 Jul 2023 00:07:59 GMT - Fri, 06 Oct 2023 00:07:58 GMT
File type PNG image data, 26 x 26, 8-bit/color RGBA, non-interlaced\012- data
Hash 5c846870756544f39604e671d4111b9d
304938c74246e228fa82d8ca40201c3db6098074
d43abf8c5665519a3fe3f7e90298fc17b62e06d8ada1b90a44ea9985a62abb4d
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /common_tpls/images/icons/fname.png HTTP/1.1
Host: rfdcxz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rfdcxz.com/5e4e14a7116f1f53/?epcVIP=73.1066.g114er&tbc=66c2e9&theme=drtygg&email=&password=&firstname=&lastname=&zip=&net=1&act=epc69778.47636-458656.e9eed925-a936-483f-9c2b-051fd1ace933.w06h7hvfs2dp4j4rinvj6m44&f_color=ffffff&epcCID=B2u3obddXfU7Rfzd0cS0G4Ye4fI2V3d5D&rtid=72258225245
Cookie: PHPSESSID=504428afd27be695af92ae2d6f7e58ef
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Aug 2023 19:52:54 GMT
content-type: image/png
content-length: 1649
last-modified: Tue, 28 Nov 2017 20:52:02 GMT
etag: "5a1dcc72-671"
section-io-cache-id: b3683d430edcb6a04a3db1027ce08dd7
x-varnish: 12599214 10868893
age: 20884
via: 1.1 varnish-65c66bdb8c-bcwfl (Varnish/7.2)
accept-ranges: bytes
section-io-cache: Hit
section-io-id: 0c59d18e01f0ddbed8c638a5fe54702e
X-Firefox-Spdy: h2
rfdcxz.com/common_tpls/images/icons/address.png
200 OK 1.2 kB URL GET HTTP/2 rfdcxz.com/common_tpls/images/icons/address.png
IP
Requested by https://rfdcxz.com/5e4e14a7116f1f53/?epcVIP=73.1066.g114er&tbc=66c2e9&theme=drtygg&email=&password=&firstname=&lastname=&zip=&net=1&act=epc69778.47636-458656.e9eed925-a936-483f-9c2b-051fd1ace933.w06h7hvfs2dp4j4rinvj6m44&f_color=ffffff&epcCID=B2u3obddXfU7Rfzd0cS0G4Ye4fI2V3d5D&rtid=72258225245
Certificate IssuerLet's Encrypt
Subjectrfdcxz.com
Fingerprint92:52:19:63:3A:2E:8E:52:21:82:9F:60:78:9B:5A:B3:EF:92:75:3F
ValiditySat, 08 Jul 2023 00:07:59 GMT - Fri, 06 Oct 2023 00:07:58 GMT
File type PNG image data, 26 x 26, 8-bit/color RGB, non-interlaced\012- data
Hash b579e9868402d708e54e1a980166c444
1c58e2890b934c0b1ab057f3ac28bedd2a082d19
67756f8b542c7823bcdba421219c3b8e1ee472748d8c3463534f667271356dfb
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /common_tpls/images/icons/address.png HTTP/1.1
Host: rfdcxz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rfdcxz.com/5e4e14a7116f1f53/?epcVIP=73.1066.g114er&tbc=66c2e9&theme=drtygg&email=&password=&firstname=&lastname=&zip=&net=1&act=epc69778.47636-458656.e9eed925-a936-483f-9c2b-051fd1ace933.w06h7hvfs2dp4j4rinvj6m44&f_color=ffffff&epcCID=B2u3obddXfU7Rfzd0cS0G4Ye4fI2V3d5D&rtid=72258225245
Cookie: PHPSESSID=504428afd27be695af92ae2d6f7e58ef
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Aug 2023 19:52:54 GMT
content-type: image/png
content-length: 1167
last-modified: Mon, 21 Aug 2017 19:32:05 GMT
etag: "599b3535-48f"
section-io-cache-id: e1369398cdd7f960749b3d63e1f32a06
x-varnish: 12309391 11690414
age: 20900
via: 1.1 varnish-65c66bdb8c-7ffsz (Varnish/7.2)
accept-ranges: bytes
section-io-cache: Hit
section-io-id: e931f3aeda4c4dcf0dfc776cccfc45fc
X-Firefox-Spdy: h2
ka-p.fontawesome.com/releases/v5.15.4/css/pro-v4-font-face.min.css?token=b314bdf1b3
200 OK 2.6 kB URL GET HTTP/2 ka-p.fontawesome.com/releases/v5.15.4/css/pro-v4-font-face.min.css?token=b314bdf1b3
IP
Requested by https://rfdcxz.com/5e4e14a7116f1f53/?epcVIP=73.1066.g114er&tbc=66c2e9&theme=drtygg&email=&password=&firstname=&lastname=&zip=&net=1&act=epc69778.47636-458656.e9eed925-a936-483f-9c2b-051fd1ace933.w06h7hvfs2dp4j4rinvj6m44&f_color=ffffff&epcCID=B2u3obddXfU7Rfzd0cS0G4Ye4fI2V3d5D&rtid=72258225245
Certificate IssuerDigiCert Inc
Subject*.fontawesome.com
Fingerprint6C:69:02:A7:9B:07:84:8E:D0:3D:0A:10:61:8E:01:80:88:37:EF:5E
ValidityTue, 22 Nov 2022 00:00:00 GMT - Sat, 23 Dec 2023 23:59:59 GMT
File type ASCII text, with very long lines (27832)
Hash 1cb05a2f9541200e1fa0a2cd0abc7663
fdf3292a6db22945eb79e08d847834205b749c6f
a8a00b576cc9fad532a52ecdf8024724ddaa83cb0f5ca5d1b1d6eb8841103d60
GET /releases/v5.15.4/css/pro-v4-font-face.min.css?token=b314bdf1b3 HTTP/1.1
Host: ka-p.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rfdcxz.com/
Origin: https://rfdcxz.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Aug 2023 19:52:54 GMT
content-type: text/css
content-length: 2603
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
etag: "610ae215-a2b"
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
cf-cache-status: HIT
age: 3632190
accept-ranges: bytes
server: cloudflare
cf-ray: 7fc660ccdb25b50c-OSL
X-Firefox-Spdy: h2
kit.fontawesome.com/b314bdf1b3/110588222/kit-upload.css
200 OK 0 B URL GET HTTP/2 kit.fontawesome.com/b314bdf1b3/110588222/kit-upload.css
IP
Requested by https://rfdcxz.com/5e4e14a7116f1f53/?epcVIP=73.1066.g114er&tbc=66c2e9&theme=drtygg&email=&password=&firstname=&lastname=&zip=&net=1&act=epc69778.47636-458656.e9eed925-a936-483f-9c2b-051fd1ace933.w06h7hvfs2dp4j4rinvj6m44&f_color=ffffff&epcCID=B2u3obddXfU7Rfzd0cS0G4Ye4fI2V3d5D&rtid=72258225245
Certificate IssuerDigiCert Inc
Subject*.fontawesome.com
Fingerprint6C:69:02:A7:9B:07:84:8E:D0:3D:0A:10:61:8E:01:80:88:37:EF:5E
ValidityTue, 22 Nov 2022 00:00:00 GMT - Sat, 23 Dec 2023 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /b314bdf1b3/110588222/kit-upload.css HTTP/1.1
Host: kit.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rfdcxz.com/
Origin: https://rfdcxz.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Aug 2023 19:52:54 GMT
content-type: text/css
content-length: 0
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=31556926, public, must-revalidate
etag: 54af53b207eef226d6511e0a88e3038e
strict-transport-security: max-age=31536000; preload
vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
x-request-id: F3HEz91sxmKZH5yginzj
cf-cache-status: HIT
age: 2531487
accept-ranges: bytes
server: cloudflare
cf-ray: 7fc660ccdb26b50c-OSL
X-Firefox-Spdy: h2
ka-p.fontawesome.com/releases/v5.15.4/css/pro-v4-shims.min.css?token=b314bdf1b3
200 OK 4.2 kB URL GET HTTP/2 ka-p.fontawesome.com/releases/v5.15.4/css/pro-v4-shims.min.css?token=b314bdf1b3
IP
Requested by https://rfdcxz.com/5e4e14a7116f1f53/?epcVIP=73.1066.g114er&tbc=66c2e9&theme=drtygg&email=&password=&firstname=&lastname=&zip=&net=1&act=epc69778.47636-458656.e9eed925-a936-483f-9c2b-051fd1ace933.w06h7hvfs2dp4j4rinvj6m44&f_color=ffffff&epcCID=B2u3obddXfU7Rfzd0cS0G4Ye4fI2V3d5D&rtid=72258225245
Certificate IssuerDigiCert Inc
Subject*.fontawesome.com
Fingerprint6C:69:02:A7:9B:07:84:8E:D0:3D:0A:10:61:8E:01:80:88:37:EF:5E
ValidityTue, 22 Nov 2022 00:00:00 GMT - Sat, 23 Dec 2023 23:59:59 GMT
File type ASCII text, with very long lines (26366)
Hash 715826d7cea0f100c00238e5e5dc92b4
ea2a076f73ed3826287a726f35ae5e54136f2cee
4245ecca2a4b50d7fd9adc9a965ed1f9b4ec24e9935e34c80efafc0f856d54c6
GET /releases/v5.15.4/css/pro-v4-shims.min.css?token=b314bdf1b3 HTTP/1.1
Host: ka-p.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rfdcxz.com/
Origin: https://rfdcxz.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Aug 2023 19:52:54 GMT
content-type: text/css
content-length: 4194
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
etag: "610ae215-1062"
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
cf-cache-status: HIT
age: 3632190
accept-ranges: bytes
server: cloudflare
cf-ray: 7fc660ccdb24b50c-OSL
X-Firefox-Spdy: h2
ka-p.fontawesome.com/releases/v5.15.4/css/pro.min.css?token=b314bdf1b3
200 OK 54 kB URL GET HTTP/2 ka-p.fontawesome.com/releases/v5.15.4/css/pro.min.css?token=b314bdf1b3
IP
Requested by https://rfdcxz.com/5e4e14a7116f1f53/?epcVIP=73.1066.g114er&tbc=66c2e9&theme=drtygg&email=&password=&firstname=&lastname=&zip=&net=1&act=epc69778.47636-458656.e9eed925-a936-483f-9c2b-051fd1ace933.w06h7hvfs2dp4j4rinvj6m44&f_color=ffffff&epcCID=B2u3obddXfU7Rfzd0cS0G4Ye4fI2V3d5D&rtid=72258225245
Certificate IssuerDigiCert Inc
Subject*.fontawesome.com
Fingerprint6C:69:02:A7:9B:07:84:8E:D0:3D:0A:10:61:8E:01:80:88:37:EF:5E
ValidityTue, 22 Nov 2022 00:00:00 GMT - Sat, 23 Dec 2023 23:59:59 GMT
File type ASCII text, with very long lines (65397)
Hash 486b13730aafe2a39cdaf1666679fa5b
aa0f52f048688ada20d921fef78cf15684a25f04
37c65071f378cc9582aabdda3b52979ef901f2925e3f3c3dc597f41eac0f1b6d
GET /releases/v5.15.4/css/pro.min.css?token=b314bdf1b3 HTTP/1.1
Host: ka-p.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rfdcxz.com/
Origin: https://rfdcxz.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Aug 2023 19:52:54 GMT
content-type: text/css
content-length: 54194
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
etag: "610ae215-d3b2"
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
cf-cache-status: HIT
age: 3632190
accept-ranges: bytes
server: cloudflare
cf-ray: 7fc660ccdb20b50c-OSL
X-Firefox-Spdy: h2
ka-p.fontawesome.com/releases/v5.15.4/css/pro.min.css?token=b314bdf1b3
200 OK 54 kB URL GET HTTP/2 ka-p.fontawesome.com/releases/v5.15.4/css/pro.min.css?token=b314bdf1b3
IP
Requested by https://rfdcxz.com/5e4e14a7116f1f53/?epcVIP=73.1066.g114er&tbc=66c2e9&theme=drtygg&email=&password=&firstname=&lastname=&zip=&net=1&act=epc69778.47636-458656.e9eed925-a936-483f-9c2b-051fd1ace933.w06h7hvfs2dp4j4rinvj6m44&f_color=ffffff&epcCID=B2u3obddXfU7Rfzd0cS0G4Ye4fI2V3d5D&rtid=72258225245
Certificate IssuerDigiCert Inc
Subject*.fontawesome.com
Fingerprint6C:69:02:A7:9B:07:84:8E:D0:3D:0A:10:61:8E:01:80:88:37:EF:5E
ValidityTue, 22 Nov 2022 00:00:00 GMT - Sat, 23 Dec 2023 23:59:59 GMT
File type ASCII text, with very long lines (65397)
Hash 486b13730aafe2a39cdaf1666679fa5b
aa0f52f048688ada20d921fef78cf15684a25f04
37c65071f378cc9582aabdda3b52979ef901f2925e3f3c3dc597f41eac0f1b6d
GET /releases/v5.15.4/css/pro.min.css?token=b314bdf1b3 HTTP/1.1
Host: ka-p.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rfdcxz.com/
Origin: https://rfdcxz.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Aug 2023 19:52:54 GMT
content-type: text/css
content-length: 54194
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
etag: "610ae215-d3b2"
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
cf-cache-status: HIT
age: 3632190
accept-ranges: bytes
server: cloudflare
cf-ray: 7fc660cd4c23b50c-OSL
X-Firefox-Spdy: h2
kit.fontawesome.com/b314bdf1b3/110588222/kit-upload.css
200 OK 0 B URL GET HTTP/2 kit.fontawesome.com/b314bdf1b3/110588222/kit-upload.css
IP
Requested by https://rfdcxz.com/5e4e14a7116f1f53/?epcVIP=73.1066.g114er&tbc=66c2e9&theme=drtygg&email=&password=&firstname=&lastname=&zip=&net=1&act=epc69778.47636-458656.e9eed925-a936-483f-9c2b-051fd1ace933.w06h7hvfs2dp4j4rinvj6m44&f_color=ffffff&epcCID=B2u3obddXfU7Rfzd0cS0G4Ye4fI2V3d5D&rtid=72258225245
Certificate IssuerDigiCert Inc
Subject*.fontawesome.com
Fingerprint6C:69:02:A7:9B:07:84:8E:D0:3D:0A:10:61:8E:01:80:88:37:EF:5E
ValidityTue, 22 Nov 2022 00:00:00 GMT - Sat, 23 Dec 2023 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /b314bdf1b3/110588222/kit-upload.css HTTP/1.1
Host: kit.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rfdcxz.com/
Origin: https://rfdcxz.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Aug 2023 19:52:54 GMT
content-type: text/css
content-length: 0
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=31556926, public, must-revalidate
etag: 54af53b207eef226d6511e0a88e3038e
strict-transport-security: max-age=31536000; preload
vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
x-request-id: F3HEz91sxmKZH5yginzj
cf-cache-status: HIT
age: 2531487
accept-ranges: bytes
server: cloudflare
cf-ray: 7fc660cd4c2bb50c-OSL
X-Firefox-Spdy: h2
ka-p.fontawesome.com/releases/v5.15.4/css/pro-v4-font-face.min.css?token=b314bdf1b3
200 OK 2.6 kB URL GET HTTP/2 ka-p.fontawesome.com/releases/v5.15.4/css/pro-v4-font-face.min.css?token=b314bdf1b3
IP
Requested by https://rfdcxz.com/5e4e14a7116f1f53/?epcVIP=73.1066.g114er&tbc=66c2e9&theme=drtygg&email=&password=&firstname=&lastname=&zip=&net=1&act=epc69778.47636-458656.e9eed925-a936-483f-9c2b-051fd1ace933.w06h7hvfs2dp4j4rinvj6m44&f_color=ffffff&epcCID=B2u3obddXfU7Rfzd0cS0G4Ye4fI2V3d5D&rtid=72258225245
Certificate IssuerDigiCert Inc
Subject*.fontawesome.com
Fingerprint6C:69:02:A7:9B:07:84:8E:D0:3D:0A:10:61:8E:01:80:88:37:EF:5E
ValidityTue, 22 Nov 2022 00:00:00 GMT - Sat, 23 Dec 2023 23:59:59 GMT
File type ASCII text, with very long lines (27832)
Hash 1cb05a2f9541200e1fa0a2cd0abc7663
fdf3292a6db22945eb79e08d847834205b749c6f
a8a00b576cc9fad532a52ecdf8024724ddaa83cb0f5ca5d1b1d6eb8841103d60
GET /releases/v5.15.4/css/pro-v4-font-face.min.css?token=b314bdf1b3 HTTP/1.1
Host: ka-p.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rfdcxz.com/
Origin: https://rfdcxz.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Aug 2023 19:52:54 GMT
content-type: text/css
content-length: 2603
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
etag: "610ae215-a2b"
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
cf-cache-status: HIT
age: 3632190
accept-ranges: bytes
server: cloudflare
cf-ray: 7fc660cd4c28b50c-OSL
X-Firefox-Spdy: h2
kit.fontawesome.com/b314bdf1b3.js
200 OK 8.5 kB URL GET HTTP/2 kit.fontawesome.com/b314bdf1b3.js
IP
Requested by https://rfdcxz.com/5e4e14a7116f1f53/?epcVIP=73.1066.g114er&tbc=66c2e9&theme=drtygg&email=&password=&firstname=&lastname=&zip=&net=1&act=epc69778.47636-458656.e9eed925-a936-483f-9c2b-051fd1ace933.w06h7hvfs2dp4j4rinvj6m44&f_color=ffffff&epcCID=B2u3obddXfU7Rfzd0cS0G4Ye4fI2V3d5D&rtid=72258225245
Certificate IssuerDigiCert Inc
Subject*.fontawesome.com
Fingerprint6C:69:02:A7:9B:07:84:8E:D0:3D:0A:10:61:8E:01:80:88:37:EF:5E
ValidityTue, 22 Nov 2022 00:00:00 GMT - Sat, 23 Dec 2023 23:59:59 GMT
File type ASCII text, with very long lines (26366)
Hash e1d49d5125581f1ffb732cc8b77341b6
b583c0b7a063ec226d6e54c7853c6bfd04be461a
08c4081d2e6e418912cf2b033c26f88c917cd36e65eb11c3199e658916958c45
GET /b314bdf1b3.js HTTP/1.1
Host: kit.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://rfdcxz.com
DNT: 1
Connection: keep-alive
Referer: https://rfdcxz.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Aug 2023 19:52:54 GMT
content-type: text/javascript
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=60, public, must-revalidate
strict-transport-security: max-age=31536000; preload
vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
x-request-id: F3a06yrBdhpxMJgACU0C
cf-cache-status: HIT
age: 0
server: cloudflare
cf-ray: 7fc660cceb34b50c-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2
200 OK 7.9 kB URL GET HTTP/2 fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2
IP
Requested by https://rfdcxz.com/5e4e14a7116f1f53/?epcVIP=73.1066.g114er&tbc=66c2e9&theme=drtygg&email=&password=&firstname=&lastname=&zip=&net=1&act=epc69778.47636-458656.e9eed925-a936-483f-9c2b-051fd1ace933.w06h7hvfs2dp4j4rinvj6m44&f_color=ffffff&epcCID=B2u3obddXfU7Rfzd0cS0G4Ye4fI2V3d5D&rtid=72258225245
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint1B:14:11:9F:49:14:C3:A3:7C:87:B0:E1:5B:18:75:10:3D:2A:B3:72
ValidityMon, 07 Aug 2023 12:21:56 GMT - Mon, 30 Oct 2023 12:21:55 GMT
File type Web Open Font Format (Version 2), TrueType, length 7884, version 1.0\012- data
Hash 9212f6f9860f9fc6c69b02fedf6db8c3
ac6d71b4d5fdd2b3dabc9a06ff6c001e4251da0b
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
GET /s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://rfdcxz.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7884
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 24 Aug 2023 15:18:26 GMT
expires: Fri, 23 Aug 2024 15:18:26 GMT
cache-control: public, max-age=31536000
age: 102868
last-modified: Wed, 27 Apr 2022 17:03:52 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ka-p.fontawesome.com/releases/v5.15.4/webfonts/pro-fa-brands-400-5.0.0.woff2
200 OK 38 kB URL GET HTTP/2 ka-p.fontawesome.com/releases/v5.15.4/webfonts/pro-fa-brands-400-5.0.0.woff2
IP
Requested by https://rfdcxz.com/5e4e14a7116f1f53/?epcVIP=73.1066.g114er&tbc=66c2e9&theme=drtygg&email=&password=&firstname=&lastname=&zip=&net=1&act=epc69778.47636-458656.e9eed925-a936-483f-9c2b-051fd1ace933.w06h7hvfs2dp4j4rinvj6m44&f_color=ffffff&epcCID=B2u3obddXfU7Rfzd0cS0G4Ye4fI2V3d5D&rtid=72258225245
Certificate IssuerDigiCert Inc
Subject*.fontawesome.com
Fingerprint6C:69:02:A7:9B:07:84:8E:D0:3D:0A:10:61:8E:01:80:88:37:EF:5E
ValidityTue, 22 Nov 2022 00:00:00 GMT - Sat, 23 Dec 2023 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 37796, version 331.-31196\012- data
Hash 6cdf281bc8af0068561fe6aa361a6a0b
4b11f830ee1b852b8aa46ea7e4cfe709a327bf58
49fd3e0c64f247cf56cb828bc37b88cf139df6e5c7bb4c3a4507f740e9a52c17
GET /releases/v5.15.4/webfonts/pro-fa-brands-400-5.0.0.woff2 HTTP/1.1
Host: ka-p.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://rfdcxz.com
DNT: 1
Connection: keep-alive
Referer: https://rfdcxz.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Aug 2023 19:52:54 GMT
content-type: font/woff2
content-length: 37796
access-control-allow-origin: *
cache-control: max-age=31556926
etag: "610ae351-93a4"
last-modified: Wed, 04 Aug 2021 18:58:25 GMT
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
cf-cache-status: HIT
age: 102266
accept-ranges: bytes
server: cloudflare
cf-ray: 7fc660cebed3b50c-OSL
X-Firefox-Spdy: h2
rfdcxz.com/acct/trk/?rtid=72258225245
200 OK 21 B URL GET HTTP/2 rfdcxz.com/acct/trk/?rtid=72258225245
IP
Requested by https://rfdcxz.com/5e4e14a7116f1f53/?epcVIP=73.1066.g114er&tbc=66c2e9&theme=drtygg&email=&password=&firstname=&lastname=&zip=&net=1&act=epc69778.47636-458656.e9eed925-a936-483f-9c2b-051fd1ace933.w06h7hvfs2dp4j4rinvj6m44&f_color=ffffff&epcCID=B2u3obddXfU7Rfzd0cS0G4Ye4fI2V3d5D&rtid=72258225245
Certificate IssuerLet's Encrypt
Subjectrfdcxz.com
Fingerprint92:52:19:63:3A:2E:8E:52:21:82:9F:60:78:9B:5A:B3:EF:92:75:3F
ValiditySat, 08 Jul 2023 00:07:59 GMT - Fri, 06 Oct 2023 00:07:58 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash 9b411ac2edbbe99397ee540b405bdad4
c2d839ec2d0b83362b04431ab0f43bc069bbab24
6eb3bfe73ed3b4b33c965a587efca2fad9dfda925b6bd68fc42c7f0b6ac0478c
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /acct/trk/?rtid=72258225245 HTTP/1.1
Host: rfdcxz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://rfdcxz.com/5e4e14a7116f1f53/?epcVIP=73.1066.g114er&tbc=66c2e9&theme=drtygg&email=&password=&firstname=&lastname=&zip=&net=1&act=epc69778.47636-458656.e9eed925-a936-483f-9c2b-051fd1ace933.w06h7hvfs2dp4j4rinvj6m44&f_color=ffffff&epcCID=B2u3obddXfU7Rfzd0cS0G4Ye4fI2V3d5D&rtid=72258225245
Cookie: PHPSESSID=504428afd27be695af92ae2d6f7e58ef
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Aug 2023 19:52:54 GMT
content-type: text/json;charset=UTF-8
content-length: 21
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
x-varnish: 12006095
age: 0
via: 1.1 varnish-65c66bdb8c-7ffsz (Varnish/7.2)
section-io-cache: Miss
section-io-id: 895901fc6e4123b06fdf9761d837ae9d
X-Firefox-Spdy: h2
ka-p.fontawesome.com/releases/v5.15.4/webfonts/pro-fa-solid-900-5.0.0.woff2
200 OK 20 kB URL GET HTTP/2 ka-p.fontawesome.com/releases/v5.15.4/webfonts/pro-fa-solid-900-5.0.0.woff2
IP
Requested by https://rfdcxz.com/5e4e14a7116f1f53/?epcVIP=73.1066.g114er&tbc=66c2e9&theme=drtygg&email=&password=&firstname=&lastname=&zip=&net=1&act=epc69778.47636-458656.e9eed925-a936-483f-9c2b-051fd1ace933.w06h7hvfs2dp4j4rinvj6m44&f_color=ffffff&epcCID=B2u3obddXfU7Rfzd0cS0G4Ye4fI2V3d5D&rtid=72258225245
Certificate IssuerDigiCert Inc
Subject*.fontawesome.com
Fingerprint6C:69:02:A7:9B:07:84:8E:D0:3D:0A:10:61:8E:01:80:88:37:EF:5E
ValidityTue, 22 Nov 2022 00:00:00 GMT - Sat, 23 Dec 2023 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 19784, version 331.-31196\012- data
Hash c7682b8035fc1d1672d6455631813794
9e2955e5e55b3073e229c218724406425862d4a1
1b50aa1d36ea249991fb44f8f6ad2aa74fe360df9cc04c564b5edf3b053b739c
GET /releases/v5.15.4/webfonts/pro-fa-solid-900-5.0.0.woff2 HTTP/1.1
Host: ka-p.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://rfdcxz.com
DNT: 1
Connection: keep-alive
Referer: https://rfdcxz.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Aug 2023 19:52:54 GMT
content-type: font/woff2
content-length: 19784
access-control-allow-origin: *
cache-control: max-age=31556926
etag: "610ae35f-4d48"
last-modified: Wed, 04 Aug 2021 18:58:39 GMT
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
cf-cache-status: HIT
age: 758649
accept-ranges: bytes
server: cloudflare
cf-ray: 7fc660cf5836b50c-OSL
X-Firefox-Spdy: h2
rfdcxz.com/common_tpls/js/form_support.js?v=1101202201
200 OK 3.8 kB URL GET HTTP/2 rfdcxz.com/common_tpls/js/form_support.js?v=1101202201
IP
Requested by https://rfdcxz.com/5e4e14a7116f1f53/?epcVIP=73.1066.g114er&tbc=66c2e9&theme=drtygg&email=&password=&firstname=&lastname=&zip=&net=1&act=epc69778.47636-458656.e9eed925-a936-483f-9c2b-051fd1ace933.w06h7hvfs2dp4j4rinvj6m44&f_color=ffffff&epcCID=B2u3obddXfU7Rfzd0cS0G4Ye4fI2V3d5D&rtid=72258225245
Certificate IssuerLet's Encrypt
Subjectrfdcxz.com
Fingerprint92:52:19:63:3A:2E:8E:52:21:82:9F:60:78:9B:5A:B3:EF:92:75:3F
ValiditySat, 08 Jul 2023 00:07:59 GMT - Fri, 06 Oct 2023 00:07:58 GMT
File type ASCII text, with very long lines (4261), with no line terminators
Hash bd72340aa5a6ac08cf9a0fdbd650579c
c0550503cbb35b4abcc5618fc78a0cb18c26c89c
783abe18fe8132421d19b383088f95e95a9ee6ac64b85bd2e2b178b481ab2ca4
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /common_tpls/js/form_support.js?v=1101202201 HTTP/1.1
Host: rfdcxz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rfdcxz.com/5e4e14a7116f1f53/?epcVIP=73.1066.g114er&tbc=66c2e9&theme=drtygg&email=&password=&firstname=&lastname=&zip=&net=1&act=epc69778.47636-458656.e9eed925-a936-483f-9c2b-051fd1ace933.w06h7hvfs2dp4j4rinvj6m44&f_color=ffffff&epcCID=B2u3obddXfU7Rfzd0cS0G4Ye4fI2V3d5D&rtid=72258225245
Cookie: PHPSESSID=504428afd27be695af92ae2d6f7e58ef
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 25 Aug 2023 19:52:54 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Fri, 18 Nov 2022 21:23:38 GMT
etag: W/"6377f7da-ed7"
section-io-cache-id: 979ace693dec5afd2cfff0b593308fcc
x-varnish: 12006094 11463355
age: 20904
via: 1.1 varnish-65c66bdb8c-7ffsz (Varnish/7.2)
section-io-cache: Hit
content-encoding: gzip
section-io-id: 65f0dfee224a1c6c98e5c56b9933e8ae
X-Firefox-Spdy: h2
fonts.googleapis.com/css2?family=Poppins:wght@300;400;600&display=swap
200 OK 3.4 kB URL GET HTTP/3 fonts.googleapis.com/css2?family=Poppins:wght@300;400;600&display=swap
IP
Requested by https://rfdcxz.com/5e4e14a7116f1f53/?epcVIP=73.1066.g114er&tbc=66c2e9&theme=drtygg&email=&password=&firstname=&lastname=&zip=&net=1&act=epc69778.47636-458656.e9eed925-a936-483f-9c2b-051fd1ace933.w06h7hvfs2dp4j4rinvj6m44&f_color=ffffff&epcCID=B2u3obddXfU7Rfzd0cS0G4Ye4fI2V3d5D&rtid=72258225245
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint94:C0:54:E4:BA:6C:E0:93:C6:8F:D9:27:1C:74:6F:E8:CE:6E:E2:BA
ValidityMon, 07 Aug 2023 12:21:56 GMT - Mon, 30 Oct 2023 12:21:55 GMT
File type ASCII text, with very long lines (3432), with no line terminators
Hash 10120de20c1d2fa917f6e5d5002038b2
30fbcaf43c8d096506490ce94ab8419a59bbb86b
fa5ebaea60aa8df1d4bb7f58bf19072c1b7a70879905bb780e640dcb8628d6bc
GET /css2?family=Poppins:wght@300;400;600&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rfdcxz.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 25 Aug 2023 19:52:54 GMT
date: Fri, 25 Aug 2023 19:52:54 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
rfdcxz.com/common_tpls/js/iframeResizer.contentWindow.min.js
200 OK 13 kB URL GET HTTP/2 rfdcxz.com/common_tpls/js/iframeResizer.contentWindow.min.js
IP
Requested by https://rfdcxz.com/5e4e14a7116f1f53/?epcVIP=73.1066.g114er&tbc=66c2e9&theme=drtygg&email=&password=&firstname=&lastname=&zip=&net=1&act=epc69778.47636-458656.e9eed925-a936-483f-9c2b-051fd1ace933.w06h7hvfs2dp4j4rinvj6m44&f_color=ffffff&epcCID=B2u3obddXfU7Rfzd0cS0G4Ye4fI2V3d5D&rtid=72258225245
Certificate IssuerLet's Encrypt
Subjectrfdcxz.com
Fingerprint92:52:19:63:3A:2E:8E:52:21:82:9F:60:78:9B:5A:B3:EF:92:75:3F
ValiditySat, 08 Jul 2023 00:07:59 GMT - Fri, 06 Oct 2023 00:07:58 GMT
File type ASCII text, with very long lines (12990)
Hash 2cf9df789476bc39b9906030f639660d
de708b4a0fe32f3d77505675eb119b671327a6b4
7d5f5d0fe842536e512b4ca0cac0b48a66577ea091f3a6840365ff6124be034b
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /common_tpls/js/iframeResizer.contentWindow.min.js HTTP/1.1
Host: rfdcxz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rfdcxz.com/5e4e14a7116f1f53/?epcVIP=73.1066.g114er&tbc=66c2e9&theme=drtygg&email=&password=&firstname=&lastname=&zip=&net=1&act=epc69778.47636-458656.e9eed925-a936-483f-9c2b-051fd1ace933.w06h7hvfs2dp4j4rinvj6m44&f_color=ffffff&epcCID=B2u3obddXfU7Rfzd0cS0G4Ye4fI2V3d5D&rtid=72258225245
Cookie: PHPSESSID=504428afd27be695af92ae2d6f7e58ef
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 25 Aug 2023 19:52:54 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 04 Feb 2016 15:06:03 GMT
etag: W/"56b368db-3445"
section-io-cache-id: 2117751e243bbe2e34816b1a4466d556
x-varnish: 12599215 10892972
age: 20904
via: 1.1 varnish-65c66bdb8c-bcwfl (Varnish/7.2)
section-io-cache: Hit
content-encoding: gzip
section-io-id: 48b39ef0ece2ad6442423a2b55a9a4fe
X-Firefox-Spdy: h2
rfdcxz.com/common_tpls/js/validate_form_v2.js?jsv=33
200 OK 26 kB URL GET HTTP/2 rfdcxz.com/common_tpls/js/validate_form_v2.js?jsv=33
IP
Requested by https://rfdcxz.com/5e4e14a7116f1f53/?epcVIP=73.1066.g114er&tbc=66c2e9&theme=drtygg&email=&password=&firstname=&lastname=&zip=&net=1&act=epc69778.47636-458656.e9eed925-a936-483f-9c2b-051fd1ace933.w06h7hvfs2dp4j4rinvj6m44&f_color=ffffff&epcCID=B2u3obddXfU7Rfzd0cS0G4Ye4fI2V3d5D&rtid=72258225245
Certificate IssuerLet's Encrypt
Subjectrfdcxz.com
Fingerprint92:52:19:63:3A:2E:8E:52:21:82:9F:60:78:9B:5A:B3:EF:92:75:3F
ValiditySat, 08 Jul 2023 00:07:59 GMT - Fri, 06 Oct 2023 00:07:58 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /common_tpls/js/validate_form_v2.js?jsv=33 HTTP/1.1
Host: rfdcxz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rfdcxz.com/5e4e14a7116f1f53/?epcVIP=73.1066.g114er&tbc=66c2e9&theme=drtygg&email=&password=&firstname=&lastname=&zip=&net=1&act=epc69778.47636-458656.e9eed925-a936-483f-9c2b-051fd1ace933.w06h7hvfs2dp4j4rinvj6m44&f_color=ffffff&epcCID=B2u3obddXfU7Rfzd0cS0G4Ye4fI2V3d5D&rtid=72258225245
Cookie: PHPSESSID=504428afd27be695af92ae2d6f7e58ef
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 25 Aug 2023 19:52:54 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Mon, 13 Feb 2023 23:40:03 GMT
etag: W/"63eaca53-63ed"
section-io-cache-id: f9aa1bbb837c0ec8641584f209cf97aa
x-varnish: 12309389 12164998
age: 20897
via: 1.1 varnish-65c66bdb8c-7ffsz (Varnish/7.2)
section-io-cache: Hit
content-encoding: gzip
section-io-id: 6fa23dcf56ee6fd0956a98aa302fc45e
X-Firefox-Spdy: h2
fonts.googleapis.com/icon?family=Material+Icons
200 OK 565 B URL GET HTTP/3 fonts.googleapis.com/icon?family=Material+Icons
IP
Requested by https://rfdcxz.com/5e4e14a7116f1f53/?epcVIP=73.1066.g114er&tbc=66c2e9&theme=drtygg&email=&password=&firstname=&lastname=&zip=&net=1&act=epc69778.47636-458656.e9eed925-a936-483f-9c2b-051fd1ace933.w06h7hvfs2dp4j4rinvj6m44&f_color=ffffff&epcCID=B2u3obddXfU7Rfzd0cS0G4Ye4fI2V3d5D&rtid=72258225245
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint94:C0:54:E4:BA:6C:E0:93:C6:8F:D9:27:1C:74:6F:E8:CE:6E:E2:BA
ValidityMon, 07 Aug 2023 12:21:56 GMT - Mon, 30 Oct 2023 12:21:55 GMT
File type ASCII text, with very long lines (588), with no line terminators
Hash bdcf60bde5544e1017e1f2e60888a9c7
6fb24309b7ff90c1c99d19c0c7a127a16508840e
d701601406acfca6bfc0c58b411446e3e0e96c659f35c143355d3dd72c390952
GET /icon?family=Material+Icons HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rfdcxz.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 25 Aug 2023 19:52:54 GMT
date: Fri, 25 Aug 2023 19:52:54 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
admitjoin.com/signup/?epcVIP=73.1066.g114er&tbc=66c2e9&theme=drtygg&email=&password=&firstname=&lastname=&zip=&net=1&act=epc69778.47636-458656.e9eed925-a936-483f-9c2b-051fd1ace933.w06h7hvfs2dp4j4rinvj6m44&f_color=ffffff
302 Found 31 kB URL GET HTTP/2 admitjoin.com/signup/?epcVIP=73.1066.g114er&tbc=66c2e9&theme=drtygg&email=&password=&firstname=&lastname=&zip=&net=1&act=epc69778.47636-458656.e9eed925-a936-483f-9c2b-051fd1ace933.w06h7hvfs2dp4j4rinvj6m44&f_color=ffffff
IP
ASN #54994 QUANTILNETWORKS
Requested by https://dirty.games/eg/vl16.php?clk=w06h7hvfs2dp4j4rinvj6m44&cid=ooc45c3T23XV00utmuotuundK5000rqZnSumrdK6V0rqKqbqqqKnVT2XU12uqnrqnntdK6Z0rpXSuldM6V0rpnO0mzm0rtu3lu3lo2uummn3zluuu1tmoq3dK4h_t6KY1KU5zpXSuldK6V0rpXSuldNXdPddRLXQ4Ps-&countryname=United%20States®ion=Oklahoma&os=Android&browser=Google%20App&brand=Google&campaign=c45e7a4e-3015-40b3-967a-41012b844bbf&SID=e-mg-r-native
Certificate IssuerGlobalSign nv-sa
Subject*.admitjoin.com
FingerprintF6:D7:CD:32:74:52:1E:02:1E:4D:C8:DD:4F:CE:6F:B2:6D:10:0F:98
ValidityThu, 23 Feb 2023 21:19:26 GMT - Tue, 26 Mar 2024 21:19:25 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /signup/?epcVIP=73.1066.g114er&tbc=66c2e9&theme=drtygg&email=&password=&firstname=&lastname=&zip=&net=1&act=epc69778.47636-458656.e9eed925-a936-483f-9c2b-051fd1ace933.w06h7hvfs2dp4j4rinvj6m44&f_color=ffffff HTTP/1.1
Host: admitjoin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dirty.games/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Fri, 25 Aug 2023 19:52:53 GMT
content-type: text/html; charset=UTF-8
server: PWS/8.3.1.0.8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=4c5c437cadefb6243786ca357d042ca4; path=/; secure; SameSite=None
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
location: https://rfdcxz.com/5e4e14a7116f1f53/?epcVIP=73.1066.g114er&tbc=66c2e9&theme=drtygg&email=&password=&firstname=&lastname=&zip=&net=1&act=epc69778.47636-458656.e9eed925-a936-483f-9c2b-051fd1ace933.w06h7hvfs2dp4j4rinvj6m44&f_color=ffffff&epcCID=B2u3obddXfU7Rfzd0cS0G4Ye4fI2V3d5D&rtid=72258225245
via: 1.1 PS-FRA-018SR149:9 (W), 1.1 PSygldLON2ew56:12 (W)
x-px: ms PSygldLON2ew56LHR,ms PS-FRA-018SR149FRA(origin)
x-ws-request-id: 64e90695_PS-LHR-01q9k95_15587-19787
X-Firefox-Spdy: h2
rfdcxz.com/5e4e14a7116f1f53/?epcVIP=73.1066.g114er&tbc=66c2e9&theme=drtygg&email=&password=&firstname=&lastname=&zip=&net=1&act=epc69778.47636-458656.e9eed925-a936-483f-9c2b-051fd1ace933.w06h7hvfs2dp4j4rinvj6m44&f_color=ffffff&epcCID=B2u3obddXfU7Rfzd0cS0G4Ye4fI2V3d5D&rtid=72258225245
200 OK 31 kB URL GET HTTP/2 rfdcxz.com/5e4e14a7116f1f53/?epcVIP=73.1066.g114er&tbc=66c2e9&theme=drtygg&email=&password=&firstname=&lastname=&zip=&net=1&act=epc69778.47636-458656.e9eed925-a936-483f-9c2b-051fd1ace933.w06h7hvfs2dp4j4rinvj6m44&f_color=ffffff&epcCID=B2u3obddXfU7Rfzd0cS0G4Ye4fI2V3d5D&rtid=72258225245
IP
Requested by https://dirty.games/eg/vl16.php?clk=w06h7hvfs2dp4j4rinvj6m44&cid=ooc45c3T23XV00utmuotuundK5000rqZnSumrdK6V0rqKqbqqqKnVT2XU12uqnrqnntdK6Z0rpXSuldM6V0rpnO0mzm0rtu3lu3lo2uummn3zluuu1tmoq3dK4h_t6KY1KU5zpXSuldK6V0rpXSuldNXdPddRLXQ4Ps-&countryname=United%20States®ion=Oklahoma&os=Android&browser=Google%20App&brand=Google&campaign=c45e7a4e-3015-40b3-967a-41012b844bbf&SID=e-mg-r-native
Certificate IssuerLet's Encrypt
Subjectrfdcxz.com
Fingerprint92:52:19:63:3A:2E:8E:52:21:82:9F:60:78:9B:5A:B3:EF:92:75:3F
ValiditySat, 08 Jul 2023 00:07:59 GMT - Fri, 06 Oct 2023 00:07:58 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /5e4e14a7116f1f53/?epcVIP=73.1066.g114er&tbc=66c2e9&theme=drtygg&email=&password=&firstname=&lastname=&zip=&net=1&act=epc69778.47636-458656.e9eed925-a936-483f-9c2b-051fd1ace933.w06h7hvfs2dp4j4rinvj6m44&f_color=ffffff&epcCID=B2u3obddXfU7Rfzd0cS0G4Ye4fI2V3d5D&rtid=72258225245 HTTP/1.1
Host: rfdcxz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dirty.games/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 25 Aug 2023 19:52:54 GMT
content-type: text/html; charset=UTF-8
content-length: 9388
set-cookie: PHPSESSID=504428afd27be695af92ae2d6f7e58ef; path=/; secure; SameSite=None
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-encoding: gzip
vary: Accept-Encoding
x-varnish: 11783420
age: 0
via: 1.1 varnish-65c66bdb8c-bcwfl (Varnish/7.2)
accept-ranges: bytes
section-io-cache: Miss
section-io-id: 3f7982b48817135c2f44e5a469fbc21b
X-Firefox-Spdy: h2
ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js
200 OK 88 kB URL GET HTTP/3 ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js
IP
Requested by https://rfdcxz.com/5e4e14a7116f1f53/?epcVIP=73.1066.g114er&tbc=66c2e9&theme=drtygg&email=&password=&firstname=&lastname=&zip=&net=1&act=epc69778.47636-458656.e9eed925-a936-483f-9c2b-051fd1ace933.w06h7hvfs2dp4j4rinvj6m44&f_color=ffffff&epcCID=B2u3obddXfU7Rfzd0cS0G4Ye4fI2V3d5D&rtid=72258225245
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint94:C0:54:E4:BA:6C:E0:93:C6:8F:D9:27:1C:74:6F:E8:CE:6E:E2:BA
ValidityMon, 07 Aug 2023 12:21:56 GMT - Mon, 30 Oct 2023 12:21:55 GMT
File type ASCII text, with very long lines (65451)
Hash 220afd743d9e9643852e31a135a9f3ae
88523924351bac0b5d560fe0c5781e2556e7693d
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
GET /ajax/libs/jquery/3.4.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://rfdcxz.com
DNT: 1
Connection: keep-alive
Referer: https://rfdcxz.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30774
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Aug 2023 12:20:02 GMT
expires: Thu, 22 Aug 2024 12:20:02 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Mon, 13 May 2019 14:37:17 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 199972
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
34.192.98.156
185.59.220.199
104.18.23.52
163.171.129.207