r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 9955bda9c9ef64bc5700a14af0bae25e
8de7b7469e905af0374bdfcc3006bbb844f13e94
1f611155394fac39439b8ec8217d8cd493d6b588d372d264e0d66c03129c50c6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1F611155394FAC39439B8EC8217D8CD493D6B588D372D264E0D66C03129C50C6"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20257
Expires: Mon, 03 Oct 2022 03:03:10 GMT
Date: Sun, 02 Oct 2022 21:25:33 GMT
Connection: keep-alive
www.remembergirl.com/ALL-C2/index-en.htm
172.67.144.116200 OK 3.7 kB URL HTTP/1.1 www.remembergirl.com/ALL-C2/index-en.htm
IP 172.67.144.116:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3322), with CRLF line terminators
Hash 2cd7583eedf7adf172d471b13c72912d
e73c87fe1f644c3290b83b38215d2347661a39e8
5fc4b9f8b279ebe5a254f8920f947b08726ed46208562ad578ff6850d29e9a4a
Analyzer Verdict Alert fortinet Malware
GET /ALL-C2/index-en.htm HTTP/1.1
Host: www.remembergirl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 21:25:33 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 30 Jun 2022 15:40:57 GMT
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vldl19LPEW6oY3jYT8KZA%2BWOt6eI9zCgNpVTT%2Fk4ZBMJMz27wDIgD7cdgKbd7mLAAgJykdmZDFG%2B0GzaNmV4SYL4Wv%2F%2BFjiPOZ3zn495eURrUN1aIpb%2Fn5HjaWXz1WIYwsrLDbTdtg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 754082e55d55b511-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
firefox.settings.services.mozilla.com/v1/
65.9.86.127200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 65.9.86.127:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 1b3053fa528e28810f8a2cc9284cc921
cca9eb471d941881a6b9a1793aecb6c281908f6a
a2427848ba35575dda8a82cf88f104978234c05389deebc3fc8279d9075eff45
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Backoff, Content-Length, Retry-After
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sun, 02 Oct 2022 21:16:50 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 317b3418459e7cb903a13afaecea9340.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS1-C1
X-Amz-Cf-Id: YGroSCzTYCJwgpeAmGCqglxz7ExbPKmXWWswQz_jZ3ng4ALpyjBbLg==
Age: 523
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
65.9.86.7200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 65.9.86.7:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sun, 02 Oct 2022 05:28:28 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 bdba42cf1410fb617eeb4ffd3e0b9cb6.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-C1
x-amz-cf-id: fVOvgndViMfsUzRfB8d6MaM86nEYM-6iMrF3m76Bcy7_BJSsf0ewfw==
age: 57426
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 02 Oct 2022 21:25:33 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
www.remembergirl.com/ALL-C2/Javascript/error.1c4710d4434f595f8a835f40daa776b8.js
172.67.144.116200 OK 322 B URL HTTP/1.1 www.remembergirl.com/ALL-C2/Javascript/error.1c4710d4434f595f8a835f40daa776b8.js
IP 172.67.144.116:0
File type ASCII text, with very long lines (439), with no line terminators
Hash 9b6c5922e758dac061cdd2ac08a44dc6
76127f5cbaf8480d20025875d5b28352d0155f67
86b978adf36f936d31b58ebed5babf15754a0f3a9a5bda8b1abc125e34112794
Analyzer Verdict Alert fortinet Malware
GET /ALL-C2/Javascript/error.1c4710d4434f595f8a835f40daa776b8.js HTTP/1.1
Host: www.remembergirl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.remembergirl.com/ALL-C2/index-en.htm
HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 21:25:34 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 30 Jun 2022 15:42:03 GMT
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 5835
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zbF9DxdRlGmG%2FuMN8ayLJUycrJJDY6%2FYaKH9UZJz%2BgCS%2B8FY1mFoPaqT0Lm3RpLABAhG0bnyBjkFuKH%2BTOaJU42dxkCTnkrBR3ub48qEAIhamZndvEtzk0XqH2glP7er1jmB6MixqQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754082e7d812b511-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.remembergirl.com/ALL-C2/CSS/bootstrap.47407f28f6b047490b60b0854c97a929.css
172.67.144.116200 OK 18 kB URL HTTP/1.1 www.remembergirl.com/ALL-C2/CSS/bootstrap.47407f28f6b047490b60b0854c97a929.css
IP 172.67.144.116:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 79c64708a674ebd6c5838fe44f76812d
bdfafa7ae6fa3d27642dc67d0c322ad5ab9c75f6
9fe8a02c5a12a56fbe88d7bd9e041928044c12ed36342b3c039fce804b900608
GET /ALL-C2/CSS/bootstrap.47407f28f6b047490b60b0854c97a929.css HTTP/1.1
Host: www.remembergirl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.remembergirl.com/ALL-C2/index-en.htm
HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 21:25:34 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 30 Jun 2022 15:39:24 GMT
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 2891
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FZhq1ngwoM7oyPaNLZodvf5LrIG0MJUY8Ykk6CE4k6rTRzOzDbhyE5UAVogsB7ilw71R7KVrWdPWlUuQeqAnRMZt0IWpu%2Fy4Y%2FkrSQL9v4GYio4Q4YfgF%2B%2BH6HUeeljk0TCCQoHaUQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754082e7ed02b4e8-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.remembergirl.com/ALL-C2/CSS/css.e2f687a79a5c017217d9bc8f923fba6a.css
172.67.144.116200 OK 267 B URL HTTP/1.1 www.remembergirl.com/ALL-C2/CSS/css.e2f687a79a5c017217d9bc8f923fba6a.css
IP 172.67.144.116:0
File type ASCII text, with very long lines (500), with no line terminators
Hash 522cfdad76e76fe6c38bdf2e6960d3b0
c077b32e8907a1e07e3953312585dd317b4580d9
3f5483c750207966261ddcd5a6d403a947422af1594354c9705fe78a7dbf73ec
GET /ALL-C2/CSS/css.e2f687a79a5c017217d9bc8f923fba6a.css HTTP/1.1
Host: www.remembergirl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.remembergirl.com/ALL-C2/index-en.htm
HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 21:25:34 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 30 Jun 2022 15:39:25 GMT
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 6999
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I1ftyYPodqk5cfZ4b6IoUTpqvkl2RpqhLUW6Z2syPOFfNLWvV9%2BAtRCVjTXegZiE1%2BFZbavpfBuObtnoWDDG1leGiJm2%2BokcxsTGC4TI9hyhYgbx4qIi272dwozXaL%2BE41WVhZMb%2BA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754082e80d1fb4e8-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.remembergirl.com/ALL-C2/CSS/style.a699b1caf61e690ba1b00116d51c9269.css
172.67.144.116200 OK 1.7 kB URL HTTP/1.1 www.remembergirl.com/ALL-C2/CSS/style.a699b1caf61e690ba1b00116d51c9269.css
IP 172.67.144.116:0
File type ASCII text, with very long lines (5562), with no line terminators
Hash 38698d62955ca07b93fc5cfb168fc5f6
d78be28c5f85d9d921a4590ca5a20243c56848a7
8c26570e736d8bfbc1ea1bbc1e27439681aadc096bf459dc16488860e3e0b389
GET /ALL-C2/CSS/style.a699b1caf61e690ba1b00116d51c9269.css HTTP/1.1
Host: www.remembergirl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.remembergirl.com/ALL-C2/index-en.htm
HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 21:25:34 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 30 Jun 2022 15:39:27 GMT
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 2891
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lDaI8QEj0JEQKIdpx%2FgBvw4qluiWrrDBDpVvDuQqO7u8vnB5Ra0scHp6mRqAASXY%2B5FtzTn60ez%2BKcdbgWd9lEH%2FBYrvhqXV7CNncYCt0bskC%2BkcemPLZlQaomlrUStYLG0yzQXm6A%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754082e80843b511-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.remembergirl.com/ALL-C2/Javascript/main.7d815901029a10bbd862c4f5e3ada540.js
172.67.144.116200 OK 205 B URL HTTP/1.1 www.remembergirl.com/ALL-C2/Javascript/main.7d815901029a10bbd862c4f5e3ada540.js
IP 172.67.144.116:0
File type CSV text\012- , ASCII text
Hash b9d267e43fd40d4fa658bc077d0da73a
5a2250a04febbd908b66bbdb239530ccc596b121
8c133670ebcebb885e9399642de66a5b4c76c5bdc004bb00efb3b425d1ea04ed
Analyzer Verdict Alert fortinet Malware
GET /ALL-C2/Javascript/main.7d815901029a10bbd862c4f5e3ada540.js HTTP/1.1
Host: www.remembergirl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.remembergirl.com/ALL-C2/index-en.htm
HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 21:25:34 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 30 Jun 2022 15:42:18 GMT
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 6457
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uo0O%2F%2BGLeABPic7%2FyIwbD2aLA1TZWl%2FIWEx3EUQC%2FqRkbokpsoqovcQRgiMo6rGzEE%2B0MryS1R3xal6mhfD7LKUe%2FpWBO7rTzk6C8bskf8RYvqFXjVpYhpirQO70zxomZjWr%2BQ9ZCQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754082e80849b511-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.remembergirl.com/ALL-C2/Javascript/jquery.695b55bf947b588e5fad6be1acfdc1f6.js
172.67.144.116200 OK 33 kB URL HTTP/1.1 www.remembergirl.com/ALL-C2/Javascript/jquery.695b55bf947b588e5fad6be1acfdc1f6.js
IP 172.67.144.116:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 84c729160ad9e60adc389245792e6f04
62b9403c82a581a8916abf1b42054e67fe9fd425
1ffa746356f90a62c9f59ee0b45ef39b230c440f4337295da00206a855f3888e
Analyzer Verdict Alert fortinet Malware
GET /ALL-C2/Javascript/jquery.695b55bf947b588e5fad6be1acfdc1f6.js HTTP/1.1
Host: www.remembergirl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.remembergirl.com/ALL-C2/index-en.htm
HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 21:25:34 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 30 Jun 2022 15:42:16 GMT
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 6457
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WS1NQ1hQGwx3lu%2FLBc6sjXdpXK56XiZdO%2FTjecd5OtJUoxGOi%2F8%2BGexEZasF0VdVWlIKvx1czRkNEkEfEyn1%2BYgFDWOs%2FFZG2V4qsJmk7%2BUIcgiv9faRZc33RE5fBPIhGnP6ZoxeNw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754082e80d8cb4eb-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.remembergirl.com/ALL-C2/Image/7.jpg
172.67.144.116200 OK 48 kB URL HTTP/1.1 www.remembergirl.com/ALL-C2/Image/7.jpg
IP 172.67.144.116:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 300x300, components 3\012- data
Hash 2547737234a33da21fba2f88ec0f36b8
0d5a5fe88bb8a6f0f3727e7b65da97a167b16c04
d78652aa5afade543add0eb499ed831b2d06f556d120c440fb54de4f74eee4d7
GET /ALL-C2/Image/7.jpg HTTP/1.1
Host: www.remembergirl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.remembergirl.com/ALL-C2/index-en.htm
HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 21:25:34 GMT
Content-Type: image/jpeg
Content-Length: 47477
Connection: keep-alive
Last-Modified: Thu, 30 Jun 2022 15:53:41 GMT
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 6981
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LmjFhmVp5aMcjvbRB6ZoQMKgGQuhBKVpffpXNtUTFdVkOlYIGPImavzmuIXZtRzz26oI63po6azY5Wy3XfOPpFBCXO6pylJcxrVwf9Oaqfg9iQAv%2F3jMefRILU8vSQuNhBDjDBku1g%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754082e8287eb511-OSL
alt-svc: h2=":443"; ma=60
www.remembergirl.com/ALL-C2/Image/3.jpg
172.67.144.116200 OK 32 kB URL HTTP/1.1 www.remembergirl.com/ALL-C2/Image/3.jpg
IP 172.67.144.116:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 300x300, components 3\012- data
Hash 9ef51dc2cbc00193eb3d513c98d15436
c718fc1640f344169064240b5cc2600c89a492ef
5aa3f92f1f9374582e20cbe092fcf070daa6b1859af688a1a516541c8f2aea46
GET /ALL-C2/Image/3.jpg HTTP/1.1
Host: www.remembergirl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.remembergirl.com/ALL-C2/index-en.htm
HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 21:25:34 GMT
Content-Type: image/jpeg
Content-Length: 31810
Connection: keep-alive
Last-Modified: Thu, 07 Jul 2022 06:36:26 GMT
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 7051
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vM0ETxiCSbA3ycN2YGdrz00DzoTOeDm8ZvfseSEREcPIqNDhJ9qY71phAOH85FCd8U2YB7OGfe7GxW%2Fz%2FIk%2F7RnGW75zM39nfIY5DlMFwDj4cJjxkanS7WKN8dMNTLSDqAImJPggSg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754082e8287fb511-OSL
alt-svc: h2=":443"; ma=60
www.remembergirl.com/ALL-C2/Image/2.jpg
172.67.144.116200 OK 34 kB URL HTTP/1.1 www.remembergirl.com/ALL-C2/Image/2.jpg
IP 172.67.144.116:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 300x300, components 3\012- data
Hash 11372c3024d634aeb250b4fffee6fdea
7639871286a3fec088f3691deda160ad3a06efec
aa61f4fcde676ac24703d6562718ddfce6f0850568191896d9c3ce71ed630be2
GET /ALL-C2/Image/2.jpg HTTP/1.1
Host: www.remembergirl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.remembergirl.com/ALL-C2/index-en.htm
HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 21:25:34 GMT
Content-Type: image/jpeg
Content-Length: 34231
Connection: keep-alive
Last-Modified: Thu, 30 Jun 2022 15:53:30 GMT
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 6457
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fvcZBbMIqhJ%2B%2FlxYqfURkqqFO3629QPcjG%2BkcSuiXSh94mcE6TYN2XWWpc0Dhbcsm%2BPqF4Mt6l2F2RMCCYUfV%2Bca5GkEglYbj5cTzSVKEu54aSZviQww3sYAdX9rq%2BBHHbsxtYtnFA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754082e82da8b4eb-OSL
alt-svc: h2=":443"; ma=60
www.remembergirl.com/ALL-C2/Image/8.jpg
172.67.144.116200 OK 34 kB URL HTTP/1.1 www.remembergirl.com/ALL-C2/Image/8.jpg
IP 172.67.144.116:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 300x300, components 3\012- data
Hash ad047e5458e605126d282fd4888f61f1
23c3c0c25957e8041e4a5726513d59a62a94a12c
f8614fba335c92e0e4ff4398b056a32bbd5ef8f91930bf9e81d3b5a7bc6f272d
GET /ALL-C2/Image/8.jpg HTTP/1.1
Host: www.remembergirl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.remembergirl.com/ALL-C2/index-en.htm
HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 21:25:34 GMT
Content-Type: image/jpeg
Content-Length: 34489
Connection: keep-alive
Last-Modified: Thu, 30 Jun 2022 15:53:44 GMT
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 6981
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c%2FQSsCO75%2FrZAXccMVgmBhKs95u0XU8kfyRFc48vonz8RulWFDUoUAHt%2FI2RrHODTraKlgV5J%2BWvH5x6n7V1NCbHqxO4AawfvZP1zm1SSWFRxKAIPnp05J21D0nJEfpqoP0528GWzg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754082e828590af6-OSL
alt-svc: h2=":443"; ma=60
www.remembergirl.com/ALL-C2/Image/1.jpg
172.67.144.116200 OK 48 kB URL HTTP/1.1 www.remembergirl.com/ALL-C2/Image/1.jpg
IP 172.67.144.116:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 300x300, components 3\012- data
Hash b152be0956362bbad0ebfdbdba60b1be
558696b0241df958d48acf3d4804d5351e8e1eb8
3ce95f76ae780b85f5216f7b8f95e655e5f4a736a7bbb0b8530799790f2587de
GET /ALL-C2/Image/1.jpg HTTP/1.1
Host: www.remembergirl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.remembergirl.com/ALL-C2/index-en.htm
HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 21:25:34 GMT
Content-Type: image/jpeg
Content-Length: 47588
Connection: keep-alive
Last-Modified: Thu, 07 Jul 2022 06:36:24 GMT
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 7051
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bdDhQgUaJWIpumOfmSqIpA3lBfVExIHSi5%2BFbwlHbt%2F91VahXmq2E9o8uaMGhSqzl57tr1%2BnJwCEDztA2rgSpJeEiRbOeoStKmxZhNRhc%2BkpnjpGdWuTHs3d04zUomntL8TOwAjdDQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754082e82daf0b55-OSL
alt-svc: h2=":443"; ma=60
www.remembergirl.com/ALL-C2/Image/6.jpg
172.67.144.116200 OK 37 kB URL HTTP/1.1 www.remembergirl.com/ALL-C2/Image/6.jpg
IP 172.67.144.116:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 300x300, components 3\012- data
Hash 0d7b0104dc0b2f33912840c78f6f61b1
679f5ce4dfe2d5398498d535cb5b699bb50a0f7a
674286f04be08e39556e3953faf4de85aaf9c8e812e36b78254d034af2e2349a
GET /ALL-C2/Image/6.jpg HTTP/1.1
Host: www.remembergirl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.remembergirl.com/ALL-C2/index-en.htm
HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 21:25:34 GMT
Content-Type: image/jpeg
Content-Length: 37095
Connection: keep-alive
Last-Modified: Thu, 30 Jun 2022 15:53:39 GMT
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 7009
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kkCejSCDbIBX%2BkISZtG6tz6hs99C%2FuFhY%2FJAUNXklTeZ7mmmdmhCRQvMON9Jf2KK6aYLhLQiHFwAUzUcseNGW9NvM2XtiXaODo9a%2BOM6N2MnLhOG5a9uelUdFl6sh74Y3uDFqn7Bug%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754082e83d91b4e8-OSL
alt-svc: h2=":443"; ma=60
www.remembergirl.com/ALL-C2/Image/4.jpg
172.67.144.116200 OK 31 kB URL HTTP/1.1 www.remembergirl.com/ALL-C2/Image/4.jpg
IP 172.67.144.116:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 300x300, components 3\012- data
Hash c15c058edd96dee7520a5aaf47462e45
4843225c4968ac429d7b430aa2e66fc87a1536f3
aec5378784728ab5ccfb3fd6d996693f923c8553dfa73f8215ef8bb3f245fed9
GET /ALL-C2/Image/4.jpg HTTP/1.1
Host: www.remembergirl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.remembergirl.com/ALL-C2/index-en.htm
HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 21:25:34 GMT
Content-Type: image/jpeg
Content-Length: 31108
Connection: keep-alive
Last-Modified: Thu, 30 Jun 2022 15:53:36 GMT
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 7009
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5rOK07BTdYNXyOq7TuDkaN8DQb%2BP2lA%2BMz0PfV7jrvMsx09m%2BHBehvmbSSY5v3%2B%2BpahkJKvcLLJHfZxRHQS81YDQ1QcoTQhCla0tg9ViM3frlY0zIow22MGVcdjDEkootLLknRJkuQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754082e83890b511-OSL
alt-svc: h2=":443"; ma=60
www.remembergirl.com/ALL-C2/Image/5.jpg
172.67.144.116200 OK 21 kB URL HTTP/1.1 www.remembergirl.com/ALL-C2/Image/5.jpg
IP 172.67.144.116:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 300x300, components 3\012- data
Hash c42e3a485021ecdabe6d4104fbdbb403
fdc6858cb6e66b6b97c6b02f4c8ec6edae622f3b
a54f494b3dea99baa8b37119a06bacb3a2d56b79569f08dc6952be8a0e840691
GET /ALL-C2/Image/5.jpg HTTP/1.1
Host: www.remembergirl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.remembergirl.com/ALL-C2/index-en.htm
HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 21:25:34 GMT
Content-Type: image/jpeg
Content-Length: 21170
Connection: keep-alive
Last-Modified: Thu, 30 Jun 2022 15:53:37 GMT
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 6457
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=10fGEVeej3ZiBXnHz0%2BDay4C1nJyNpAVY0bQHacEte9cyUtIpx9FdRlZYT6TQHI8QuFnYe7XKhEJw8jSVmzGSxaPVwc%2FC%2B1vRxD%2B0P6Jk9xD7lmAT8XECxHC9AYHjPMfHXa5l0Ot0w%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754082e84898b511-OSL
alt-svc: h2=":443"; ma=60
www.remembergirl.com/ALL-C2/Image/maincontainerPicture1.jpg
172.67.144.116200 OK 61 kB URL HTTP/1.1 www.remembergirl.com/ALL-C2/Image/maincontainerPicture1.jpg
IP 172.67.144.116:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 792x1103, components 3\012- data
Hash 926894b12cfdf2cd3f04ebe2b25800c0
3b9a12994076ec004248e64f93a9d1697b07d98f
be01e5eafebe629f566093af14700274b908f7f4d572b2e3e5a1fa3b43bba6fe
GET /ALL-C2/Image/maincontainerPicture1.jpg HTTP/1.1
Host: www.remembergirl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.remembergirl.com/ALL-C2/CSS/style.a699b1caf61e690ba1b00116d51c9269.css
HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 21:25:34 GMT
Content-Type: image/jpeg
Content-Length: 61278
Connection: keep-alive
Last-Modified: Thu, 30 Jun 2022 15:53:48 GMT
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 4808
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VdPt1lZS%2BQuDEmtTibnRS9jVFgzXWIPGrYBhl2KZ3SEprDuPkeF%2BWdN5oSMvg2Ngka475Ip6v9R%2FdNFewqJODFsFXks03w55ztg1M%2FgcTfntF0jlBYFe2ziNxsUw0HPUkF0WDHUFeQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754082e88e200b55-OSL
alt-svc: h2=":443"; ma=60
www.remembergirl.com/ALL-C2/Image/CWB0XYA8bzo0kSThX0UTuA.woff2
172.67.144.116404 Not Found 315 B URL HTTP/1.1 www.remembergirl.com/ALL-C2/Image/CWB0XYA8bzo0kSThX0UTuA.woff2
IP 172.67.144.116:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert fortinet Malware
GET /ALL-C2/Image/CWB0XYA8bzo0kSThX0UTuA.woff2 HTTP/1.1
Host: www.remembergirl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://www.remembergirl.com/ALL-C2/CSS/css.e2f687a79a5c017217d9bc8f923fba6a.css
HTTP/1.1 404 Not Found
Date: Sun, 02 Oct 2022 21:25:34 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 128
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RB3LJe4fLSqvCz0ReFEQucKzZYj5%2FRKwqH29zYLzPUL2wpo7NmfupvErpkCPe%2BSuE5u7pb2NZRfWyRESTIQofzpmN6gWuYVBdhyur3ROLn7ymZXM29WifLXGEpWvNBldr0P8f9wUhg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754082e898e4b511-OSL
alt-svc: h2=":443"; ma=60
www.remembergirl.com/ALL-C2/Image/mnpfi9pxYH-Go5UiibESIltXRa8TVwTICgirnJhmVJw.woff2
172.67.144.116404 Not Found 315 B URL HTTP/1.1 www.remembergirl.com/ALL-C2/Image/mnpfi9pxYH-Go5UiibESIltXRa8TVwTICgirnJhmVJw.woff2
IP 172.67.144.116:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert fortinet Malware
GET /ALL-C2/Image/mnpfi9pxYH-Go5UiibESIltXRa8TVwTICgirnJhmVJw.woff2 HTTP/1.1
Host: www.remembergirl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://www.remembergirl.com/ALL-C2/CSS/css.e2f687a79a5c017217d9bc8f923fba6a.css
HTTP/1.1 404 Not Found
Date: Sun, 02 Oct 2022 21:25:34 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 127
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GhO231VP%2FetRaR9Xys9NC9Di88WAiPcrniWfqRcx%2BMpfKMUaIvyTzKpuWbhegfEYsgCjFCUIZ2B%2FhXr321ifmqPltnyScOr%2BJxg6F8q7cdm4SJmnrSds9INmwjm4krB2Kh4LK8HsRQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754082e89e02b4e8-OSL
alt-svc: h2=":443"; ma=60
www.remembergirl.com/ALL-C2/Image/mnpfi9pxYH-Go5UiibESIj8E0i7KZn-EPnyo3HZu7kw.woff
172.67.144.116404 Not Found 315 B URL HTTP/1.1 www.remembergirl.com/ALL-C2/Image/mnpfi9pxYH-Go5UiibESIj8E0i7KZn-EPnyo3HZu7kw.woff
IP 172.67.144.116:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert fortinet Malware
GET /ALL-C2/Image/mnpfi9pxYH-Go5UiibESIj8E0i7KZn-EPnyo3HZu7kw.woff HTTP/1.1
Host: www.remembergirl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://www.remembergirl.com/ALL-C2/CSS/css.e2f687a79a5c017217d9bc8f923fba6a.css
HTTP/1.1 404 Not Found
Date: Sun, 02 Oct 2022 21:25:34 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 173
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OQx4MBmaKMJijMxBUWJNz2UWwdPDg%2FmWAl9LjxwDk3egyikI4sXylXxBnbrmfIew6ySw1wV9Fk5JYEoTiwI%2FlGQobONY1tA3v8baaCV8R0Xgyx%2BilA2TrsT8sdbAVJa9SyKT%2Bq%2FmHg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754082e8b906b511-OSL
alt-svc: h2=":443"; ma=60
www.remembergirl.com/ALL-C2/Image/2UX7WLTfW3W8TclTUvlFyQ.woff
172.67.144.116404 Not Found 315 B URL HTTP/1.1 www.remembergirl.com/ALL-C2/Image/2UX7WLTfW3W8TclTUvlFyQ.woff
IP 172.67.144.116:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert fortinet Malware
GET /ALL-C2/Image/2UX7WLTfW3W8TclTUvlFyQ.woff HTTP/1.1
Host: www.remembergirl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://www.remembergirl.com/ALL-C2/CSS/css.e2f687a79a5c017217d9bc8f923fba6a.css
HTTP/1.1 404 Not Found
Date: Sun, 02 Oct 2022 21:25:34 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 173
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CobAy72yHjLRlTjIEZD7Vn3E%2F6%2BvLbgQ5clsf1Mrzn9%2FOXZ1N6SwBU3S9w7SB6Kv64Sx6B4eeLPbCYMT2f8uos7jCmx5Uwg%2F%2FJlMhnAw6UZmacIPiSFmE2D7%2BeBSNEb2TLSDg%2BEhHg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754082e8be3f0b55-OSL
alt-svc: h2=":443"; ma=60
www.googletagmanager.com/gtm.js?id=GTM-TMR4NP
142.250.74.168302 Found 250 B URL HTTP/1.1 www.googletagmanager.com/gtm.js?id=GTM-TMR4NP
IP 142.250.74.168:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 5ae78957676cab7159ea2f4a5ea54e50
41a97e656e0281bc7b301c65ba50a2fee8b9032d
0fb531b56a49775ee90eca4a92bd63cc65bb650daafb649424fffd928fe195c6
GET /gtm.js?id=GTM-TMR4NP HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.remembergirl.com/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtm.js?id=GTM-TMR4NP
Cross-Origin-Resource-Policy: cross-origin
Date: Sun, 02 Oct 2022 21:25:34 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 250
X-XSS-Protection: 0
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 6abe76ca28fe176c44e7475b1d5c93fb
a4a87a771c6f081e5dae3499c090551c6dd31acb
451a8f3a3e654355467b434976022b84820c25b54f7b78472635c7dc3241423f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 02 Oct 2022 21:25:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtm.js?id=GTM-TMR4NP
142.250.74.168200 OK 41 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-TMR4NP
IP 142.250.74.168:0
File type ASCII text, with very long lines (14188)
Hash 14230c9b26bfd1729a8b10345bcc1d49
8fe78679f569b51fa0e2c32f410d0554c4145dba
6bfbcb48b6409feb1fb518105b7bbedbce6675dc9d24b8e69bb2ecf5cd65cbbf
GET /gtm.js?id=GTM-TMR4NP HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.remembergirl.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 02 Oct 2022 21:25:34 GMT
expires: Sun, 02 Oct 2022 21:25:34 GMT
cache-control: private, max-age=900
last-modified: Sun, 02 Oct 2022 21:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 41375
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
65.9.86.127200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 65.9.86.127:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Pragma, Content-Length, Backoff, Last-Modified, Cache-Control, Content-Type, Retry-After, ETag, Expires, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
X-Content-Type-Options: nosniff
Date: Sun, 02 Oct 2022 20:29:34 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Sun, 02 Oct 2022 20:57:58 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 b9394c80294503e08bddf2381e55e810.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS1-C1
X-Amz-Cf-Id: AWkq_oa0kdtlN42A-eCQxVLeE8xIu-RI_hFtPYWJZwulKgRJV2I6Hw==
Age: 3361
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 6abe76ca28fe176c44e7475b1d5c93fb
a4a87a771c6f081e5dae3499c090551c6dd31acb
451a8f3a3e654355467b434976022b84820c25b54f7b78472635c7dc3241423f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 02 Oct 2022 21:25:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.remembergirl.com/ALL-C2/favicon.html
172.67.144.116404 Not Found 245 B URL HTTP/1.1 www.remembergirl.com/ALL-C2/favicon.html
IP 172.67.144.116:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash bb58045e693f1b3dee82b8d743307e01
f32e2fc403bf9f1c5d0bb2c06ca9e2c0f8af8252
856d35da5931d2f04d36b9d4367a7868d106cfc8a59edf17f511ff5dd25aed82
Analyzer Verdict Alert fortinet Malware
GET /ALL-C2/favicon.html HTTP/1.1
Host: www.remembergirl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.remembergirl.com/ALL-C2/index-en.htm
HTTP/1.1 404 Not Found
Date: Sun, 02 Oct 2022 21:25:34 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a1MGGezmc%2BoCt4kowl6elfIfCtLnpCAe0BAgKipUAn0Etmmp%2BuooV3FVWlrw9oaNtUwobt0N4F9b1CddPYxbDZeQkDvfUyH4lAoYGwFm0Sk%2FZ0p7o7xtb5yFEmmGWfiioaWuuRq%2BTw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 754082e97eea0b55-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
tsyndicate.com/api/v1/retargeting/set/06eb0705-463f-4b96-836b-64bf3cfa8631?gtmcb=296277642
136.243.51.205200 OK 35 B URL HTTP/1.1 tsyndicate.com/api/v1/retargeting/set/06eb0705-463f-4b96-836b-64bf3cfa8631?gtmcb=296277642
IP 136.243.51.205:0
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 1 x 1\012- data
Hash c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
GET /api/v1/retargeting/set/06eb0705-463f-4b96-836b-64bf3cfa8631?gtmcb=296277642 HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.remembergirl.com/
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 02 Oct 2022 21:25:34 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 35
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: *
X-Api-Version: 1
X-Request-Id: ecba41cee811f977
Set-Cookie: ts_rt_06eb0705-463f-4b96-836b-64bf3cfa8631=AM_QaTNGTA8ZOWzIuHHDBg0ZAQE=; expires=Mon, 02 Oct 2023 21:25:34 GMT; path=/; HttpOnly; secure; SameSite=None
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
tsyndicate.com/api/v1/retargeting/set/e61f38d1-37ba-4a3d-9474-c0d9e0d9ea70?gtmcb=1281863812
136.243.51.205200 OK 35 B URL HTTP/1.1 tsyndicate.com/api/v1/retargeting/set/e61f38d1-37ba-4a3d-9474-c0d9e0d9ea70?gtmcb=1281863812
IP 136.243.51.205:0
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 1 x 1\012- data
Hash c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
GET /api/v1/retargeting/set/e61f38d1-37ba-4a3d-9474-c0d9e0d9ea70?gtmcb=1281863812 HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.remembergirl.com/
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 02 Oct 2022 21:25:34 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 35
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: *
X-Api-Version: 1
X-Request-Id: ba0fc6797f772a55
Set-Cookie: ts_rt_e61f38d1-37ba-4a3d-9474-c0d9e0d9ea70=AM_QaTNGTI8YMnDEwGFjhkIZAQE=; expires=Mon, 02 Oct 2023 21:25:34 GMT; path=/; HttpOnly; secure; SameSite=None
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 76e5f4da7f5e23bbc4a69594e4ec82cb
9d0ccf01040a25bbc83c6d6bc52defe0f39c74fa
8cd7b4283267ae6f44b7a6615eaaa021a1dab592d841d02308222f222054720c
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 21:25:34 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 02 Oct 2022 19:26:58 GMT
Expires: Sun, 09 Oct 2022 19:26:57 GMT
Etag: "9d0ccf01040a25bbc83c6d6bc52defe0f39c74fa"
Cache-Control: max-age=597082,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 754082eb5b11b505-OSL
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 4eb30b4a4234809cf7d5f89fa1f6ceeb
797242aab2f13c820050aa9accd11b7b950cd177
ce9d833a0ac321a908184b655d6632c481f758a04a9c936a7c303bb253444146
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6421
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 02 Oct 2022 21:25:34 GMT
Last-Modified: Sun, 02 Oct 2022 19:38:33 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
ocsp.sca1b.amazontrust.com/
65.9.84.225200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 65.9.84.225:0
Hash d991e6f99a956e3e3d1c0f03963a9625
979ca154dec150faabfdcdf874cb618f0e682740
a75dfeb8d54dedf418a1741b921fdb4f9f64314143300551d3c67997b58bf19a
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sun, 02 Oct 2022 21:25:34 GMT
Last-Modified: Sun, 02 Oct 2022 20:56:34 GMT
Server: ECS (bsa/EB15)
X-Cache: Miss from cloudfront
Via: 1.1 0f65f9aac16e53eeb77d85b7c23a21c2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS1-C1
X-Amz-Cf-Id: 9Uj3hJm3-ETE4Ou4oNB1VEqHhnwIpt26mKOnVm6jRlqUCqVfi8YECg==
Age: 1741
js-agent.newrelic.com/nr-768.min.js
151.101.86.137200 OK 8.6 kB URL HTTP/1.1 js-agent.newrelic.com/nr-768.min.js
IP 151.101.86.137:0
File type ASCII text, with very long lines (22625), with no line terminators
Hash f609b011c4024aa0568283a441571094
994180dd4c0201a5d4c016a05617d344e3a30db3
e89e8dbcfbf23828890914f8ba633693f3ac5582770e16fde88bfc1baddea9aa
GET /nr-768.min.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.remembergirl.com/
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 8634
x-amz-id-2: dmXezA0qxssYn/E1lcszbz74ofMDQRDe5mJADr/ZeHAS4Nv6Od4/sePCStFoUpbsHpMfa4X1Dl8=
x-amz-request-id: Q97K9MJD03F15ATG
Last-Modified: Wed, 28 Feb 2018 23:33:43 GMT
ETag: "b4b84a4b4f36d13ffaa93c062b2d3e17"
x-amz-version-id: null
Content-Type: application/javascript
Server: AmazonS3
Cache-Control: public, max-age=7200, stale-if-error=604800
Content-Encoding: gzip
Accept-Ranges: bytes
Date: Sun, 02 Oct 2022 21:25:34 GMT
Via: 1.1 varnish
X-Served-By: cache-bma1680-BMA
X-Cache: HIT
X-Cache-Hits: 31
X-Timer: S1664745935.905913,VS0,VE0
Vary: Accept-Encoding
Cross-Origin-Resource-Policy: cross-origin
main.exoclick.com/tag.php?goal=68831a8833a4917ff6b2c530dc3a4c1f>mcb=1586267591
95.211.229.248200 OK 20 B URL HTTP/1.1 main.exoclick.com/tag.php?goal=68831a8833a4917ff6b2c530dc3a4c1f>mcb=1586267591
IP 95.211.229.248:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /tag.php?goal=68831a8833a4917ff6b2c530dc3a4c1f>mcb=1586267591 HTTP/1.1
Host: main.exoclick.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.remembergirl.com/
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 02 Oct 2022 21:25:34 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: goals=a%3A1%3A%7Bi%3A71475%3Ba%3A1%3A%7Bs%3A4%3A%22date%22%3Bs%3A10%3A%222022-10-02%22%3B%7D%7D; expires=Mon, 02 Oct 2023 21:25:34 GMT; path=/; domain=.exoclick.com;
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
main.exoclick.com/tag.php?goal=5ca8b60d120434a1134c010ca6272da6>mcb=1942366944
95.211.229.248200 OK 20 B URL HTTP/1.1 main.exoclick.com/tag.php?goal=5ca8b60d120434a1134c010ca6272da6>mcb=1942366944
IP 95.211.229.248:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /tag.php?goal=5ca8b60d120434a1134c010ca6272da6>mcb=1942366944 HTTP/1.1
Host: main.exoclick.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.remembergirl.com/
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 02 Oct 2022 21:25:34 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: goals=a%3A1%3A%7Bi%3A83337%3Ba%3A1%3A%7Bs%3A4%3A%22date%22%3Bs%3A10%3A%222022-10-02%22%3B%7D%7D; expires=Mon, 02 Oct 2023 21:25:34 GMT; path=/; domain=.exoclick.com;
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
main.exoclick.com/tag.php?goal=33d8e6a4225d77ae914dff110feef000>mcb=140400348
95.211.229.248200 OK 20 B URL HTTP/1.1 main.exoclick.com/tag.php?goal=33d8e6a4225d77ae914dff110feef000>mcb=140400348
IP 95.211.229.248:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /tag.php?goal=33d8e6a4225d77ae914dff110feef000>mcb=140400348 HTTP/1.1
Host: main.exoclick.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.remembergirl.com/
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 02 Oct 2022 21:25:34 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: goals=a%3A1%3A%7Bi%3A80305%3Ba%3A1%3A%7Bs%3A4%3A%22date%22%3Bs%3A10%3A%222022-10-02%22%3B%7D%7D; expires=Mon, 02 Oct 2023 21:25:34 GMT; path=/; domain=.exoclick.com;
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
push.services.mozilla.com/
34.217.237.91101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.217.237.91:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 2TrnQew6CGW8X78Uq9IRRA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: UZl+WN67+fv4456M8aHsFm/nXfs=
bam.nr-data.net/1/bcc61c6f3d?a=6702766&pl=1664745933377&v=768.2acc9fa&to=clwKRhdcCFhVR0k3W19SEEAEHEtzdWFG&ap=10&be=377&fe=487&dc=213&f=%5B%5D&perf=%7B%22timing%22:%7B%22of%22:1664745933377,%22n%22:0,%22dl%22:361,%22di%22:573,%22ds%22:589,%22de%22:594,%22dc%22:862,%22l%22:862,%22le%22:863,%22f%22:-5,%22dn%22:-5,%22dne%22:-3,%22c%22:-2,%22ce%22:-2,%22rq%22:68,%22rp%22:337,%22rpe%22:338%7D,%22navigation%22:%7B%7D%7D&jsonp=NREUM.setToken
162.247.241.14301 Moved Permanently 0 B URL HTTP/1.1 bam.nr-data.net/1/bcc61c6f3d?a=6702766&pl=1664745933377&v=768.2acc9fa&to=clwKRhdcCFhVR0k3W19SEEAEHEtzdWFG&ap=10&be=377&fe=487&dc=213&f=%5B%5D&perf=%7B%22timing%22:%7B%22of%22:1664745933377,%22n%22:0,%22dl%22:361,%22di%22:573,%22ds%22:589,%22de%22:594,%22dc%22:862,%22l%22:862,%22le%22:863,%22f%22:-5,%22dn%22:-5,%22dne%22:-3,%22c%22:-2,%22ce%22:-2,%22rq%22:68,%22rp%22:337,%22rpe%22:338%7D,%22navigation%22:%7B%7D%7D&jsonp=NREUM.setToken
IP 162.247.241.14:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /1/bcc61c6f3d?a=6702766&pl=1664745933377&v=768.2acc9fa&to=clwKRhdcCFhVR0k3W19SEEAEHEtzdWFG&ap=10&be=377&fe=487&dc=213&f=%5B%5D&perf=%7B%22timing%22:%7B%22of%22:1664745933377,%22n%22:0,%22dl%22:361,%22di%22:573,%22ds%22:589,%22de%22:594,%22dc%22:862,%22l%22:862,%22le%22:863,%22f%22:-5,%22dn%22:-5,%22dne%22:-3,%22c%22:-2,%22ce%22:-2,%22rq%22:68,%22rp%22:337,%22rpe%22:338%7D,%22navigation%22:%7B%7D%7D&jsonp=NREUM.setToken HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.remembergirl.com/
HTTP/1.1 301 Moved Permanently
Date: Sun, 02 Oct 2022 21:25:35 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sun, 02 Oct 2022 22:25:35 GMT
Location: https://bam.nr-data.net/1/bcc61c6f3d?a=6702766&pl=1664745933377&v=768.2acc9fa&to=clwKRhdcCFhVR0k3W19SEEAEHEtzdWFG&ap=10&be=377&fe=487&dc=213&f=%5B%5D&perf=%7B%22timing%22:%7B%22of%22:1664745933377,%22n%22:0,%22dl%22:361,%22di%22:573,%22ds%22:589,%22de%22:594,%22dc%22:862,%22l%22:862,%22le%22:863,%22f%22:-5,%22dn%22:-5,%22dne%22:-3,%22c%22:-2,%22ce%22:-2,%22rq%22:68,%22rp%22:337,%22rpe%22:338%7D,%22navigation%22:%7B%7D%7D&jsonp=NREUM.setToken
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754082ee3c95b4f3-OSL
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash b072ceb5d6fd4fa88604c7ef3b0142a1
b28c48e0c2a222b3f21d510917dc58942d937023
f5cc8fc827327f8a182de4986e8594895a71309a250da9c34be27892a81158d8
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5796
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 02 Oct 2022 21:25:35 GMT
Last-Modified: Sun, 02 Oct 2022 19:48:59 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
bam.nr-data.net/1/bcc61c6f3d?a=6702766&pl=1664745933377&v=768.2acc9fa&to=clwKRhdcCFhVR0k3W19SEEAEHEtzdWFG&ap=10&be=377&fe=487&dc=213&f=%5B%5D&perf=%7B%22timing%22:%7B%22of%22:1664745933377,%22n%22:0,%22dl%22:361,%22di%22:573,%22ds%22:589,%22de%22:594,%22dc%22:862,%22l%22:862,%22le%22:863,%22f%22:-5,%22dn%22:-5,%22dne%22:-3,%22c%22:-2,%22ce%22:-2,%22rq%22:68,%22rp%22:337,%22rpe%22:338%7D,%22navigation%22:%7B%7D%7D&jsonp=NREUM.setToken
162.247.241.14403 Forbidden 2 B URL HTTP/1.1 bam.nr-data.net/1/bcc61c6f3d?a=6702766&pl=1664745933377&v=768.2acc9fa&to=clwKRhdcCFhVR0k3W19SEEAEHEtzdWFG&ap=10&be=377&fe=487&dc=213&f=%5B%5D&perf=%7B%22timing%22:%7B%22of%22:1664745933377,%22n%22:0,%22dl%22:361,%22di%22:573,%22ds%22:589,%22de%22:594,%22dc%22:862,%22l%22:862,%22le%22:863,%22f%22:-5,%22dn%22:-5,%22dne%22:-3,%22c%22:-2,%22ce%22:-2,%22rq%22:68,%22rp%22:337,%22rpe%22:338%7D,%22navigation%22:%7B%7D%7D&jsonp=NREUM.setToken
IP 162.247.241.14:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
GET /1/bcc61c6f3d?a=6702766&pl=1664745933377&v=768.2acc9fa&to=clwKRhdcCFhVR0k3W19SEEAEHEtzdWFG&ap=10&be=377&fe=487&dc=213&f=%5B%5D&perf=%7B%22timing%22:%7B%22of%22:1664745933377,%22n%22:0,%22dl%22:361,%22di%22:573,%22ds%22:589,%22de%22:594,%22dc%22:862,%22l%22:862,%22le%22:863,%22f%22:-5,%22dn%22:-5,%22dne%22:-3,%22c%22:-2,%22ce%22:-2,%22rq%22:68,%22rp%22:337,%22rpe%22:338%7D,%22navigation%22:%7B%7D%7D&jsonp=NREUM.setToken HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.remembergirl.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 403 Forbidden
Date: Sun, 02 Oct 2022 21:25:35 GMT
Content-Type: text/plain;charset=UTF-8
Content-Length: 2
Connection: keep-alive
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754082ee6a8bb512-OSL
nextgencounter.com/index.min.js?pk=d22e6e1bbef67e016bac3e7555dfcf6d>mcb=1297828652
209.208.78.145302 Found 246 B URL HTTP/1.1 nextgencounter.com/index.min.js?pk=d22e6e1bbef67e016bac3e7555dfcf6d>mcb=1297828652
IP 209.208.78.145:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 8c9f67bbb92d518eeba8a1bedf0905bf
f6a56dbff5f1f2e80f300adf0b618b8ee2e3f67a
feeeff35eafbc774ae056a63c30bf5d253acc43bad06356ed91cb49aaf4c6296
GET /index.min.js?pk=d22e6e1bbef67e016bac3e7555dfcf6d>mcb=1297828652 HTTP/1.1
Host: nextgencounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.remembergirl.com/
HTTP/1.1 302 Found
Date: Sun, 02 Oct 2022 21:25:35 GMT
Server: Apache
Location: https://nextgencounter.com/index.min.js?pk=d22e6e1bbef67e016bac3e7555dfcf6d>mcb=1297828652
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 246
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8d59ee7b197f347e30ac793231158927
3316937f84c08ad1857d2f663dca353e250815f0
c17a343ceb786a421f8c3abfffae350e12c92271a69fc88eb8e8bab568877d6b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C17A343CEB786A421F8C3ABFFFAE350E12C92271A69FC88EB8E8BAB568877D6B"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8100
Expires: Sun, 02 Oct 2022 23:40:35 GMT
Date: Sun, 02 Oct 2022 21:25:35 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8d59ee7b197f347e30ac793231158927
3316937f84c08ad1857d2f663dca353e250815f0
c17a343ceb786a421f8c3abfffae350e12c92271a69fc88eb8e8bab568877d6b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C17A343CEB786A421F8C3ABFFFAE350E12C92271A69FC88EB8E8BAB568877D6B"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8100
Expires: Sun, 02 Oct 2022 23:40:35 GMT
Date: Sun, 02 Oct 2022 21:25:35 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8d59ee7b197f347e30ac793231158927
3316937f84c08ad1857d2f663dca353e250815f0
c17a343ceb786a421f8c3abfffae350e12c92271a69fc88eb8e8bab568877d6b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C17A343CEB786A421F8C3ABFFFAE350E12C92271A69FC88EB8E8BAB568877D6B"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8100
Expires: Sun, 02 Oct 2022 23:40:35 GMT
Date: Sun, 02 Oct 2022 21:25:35 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8d59ee7b197f347e30ac793231158927
3316937f84c08ad1857d2f663dca353e250815f0
c17a343ceb786a421f8c3abfffae350e12c92271a69fc88eb8e8bab568877d6b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C17A343CEB786A421F8C3ABFFFAE350E12C92271A69FC88EB8E8BAB568877D6B"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8100
Expires: Sun, 02 Oct 2022 23:40:35 GMT
Date: Sun, 02 Oct 2022 21:25:35 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F589e050c-3794-45f2-a218-269b944ae739.jpeg
34.120.237.76200 OK 9.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F589e050c-3794-45f2-a218-269b944ae739.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 11f2e40823827b62bca89d18ee279cb2
fa7e61b4f2864b8e51acb2cc887c15d5cb41ef38
c7811cb947483a033f31ff1e93b813f1bbc49b03ed78fcedab2090c71e5c4d1f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F589e050c-3794-45f2-a218-269b944ae739.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9600
x-amzn-requestid: e83a86d3-f5ab-4645-92df-4b2da3d4afa3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZWDgmFdlIAMFzQA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6338b2d0-48c3fa150800475c790b95bd;Sampled=0
x-amzn-remapped-date: Sat, 01 Oct 2022 21:36:16 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: f1aqkuvCub_vq9gBDgA4VL8hNf16FXzXhQjSHC1yDLISm85uOqJF9w==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Oct 2022 22:17:57 GMT
etag: "fa7e61b4f2864b8e51acb2cc887c15d5cb41ef38"
content-type: image/jpeg
age: 83258
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F180dee10-1cde-4fbe-8a74-62b7b3bdb1e2.jpeg
34.120.237.76200 OK 6.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F180dee10-1cde-4fbe-8a74-62b7b3bdb1e2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 206fb65e75dbadf119512f71e0b78402
58ff0bf8ce7528b303d28bab01a80ad721705569
56c8d5f3b3060ee54bf81995269b86c070855d8c33bf437161339a45b309703f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F180dee10-1cde-4fbe-8a74-62b7b3bdb1e2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6315
x-amzn-requestid: 6aa75b16-32e4-48a7-9fb0-9e3d5528c2d5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZWSdsHUnIAMFXtw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6338cabd-742d8a436403683e0cd9368f;Sampled=0
x-amzn-remapped-date: Sat, 01 Oct 2022 23:18:21 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 5sAzc5Ewv4g6Wqq6JJiLylG3Jyy_nlWrr5Oteeo6ebEgq7Rvss4XaQ==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Sun, 02 Oct 2022 04:41:00 GMT
age: 60275
etag: "58ff0bf8ce7528b303d28bab01a80ad721705569"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
tfosrv.com/retargeting.js?id=981>mcb=804539824
216.18.168.29200 OK 28 kB URL HTTP/1.1 tfosrv.com/retargeting.js?id=981>mcb=804539824
IP 216.18.168.29:0
Hash c6bae02f712a3b881947aece99dff0f8
47e25fb684d6274a830c4ad730d4b8d48d465a88
0be152073904fcc3702d2fd992d4c72d813fe0b6c28deae636dab0225da8979c
GET /retargeting.js?id=981>mcb=804539824 HTTP/1.1
Host: tfosrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.remembergirl.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
server: nginx
date: Sun, 02 Oct 2022 21:25:34 GMT
content-type: text/javascript
transfer-encoding: chunked
vary: Accept-Encoding
cache-control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
expires: 0
p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
content-encoding: gzip
x-request-id: 633A01CE-D812A81D01BBA865-44C03399
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F59054e54-a013-42c5-98a5-abe2b6af4fc6.jpeg
34.120.237.76200 OK 5.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F59054e54-a013-42c5-98a5-abe2b6af4fc6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 463bdcfbec5426e18ecef83b1c373b71
2e533332ee5c49143e58dad32ee3717a39179532
2c40befd28781482b9be249a792571612d68d7045324083d2c832fa5ec42f04b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F59054e54-a013-42c5-98a5-abe2b6af4fc6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4987
x-amzn-requestid: 763edd04-7f8d-42ae-8864-482be3549958
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZWEHpFs4oAMFbqg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6338b3ca-2f7b67e85aa83b69183e62b5;Sampled=0
x-amzn-remapped-date: Sat, 01 Oct 2022 21:40:26 GMT
x-amz-cf-pop: SFO5-P2, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 2Zoggf30lA-Kvt5QYa-IdhGePHCNiphR7pfFiOaFvL8ZkWZIaiK4pA==
via: 1.1 f4367b41311e3e9a490d7461b7b85490.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Oct 2022 21:48:37 GMT
etag: "2e533332ee5c49143e58dad32ee3717a39179532"
content-type: image/jpeg
age: 85018
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0d5b1efd-2ddc-4e8a-b89c-c9601bfeba68.jpeg
34.120.237.76200 OK 7.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0d5b1efd-2ddc-4e8a-b89c-c9601bfeba68.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ef85af3ef63e35a54bc15fbca5d7236b
e06bd8868eff8c42f5d2e2deec9a361170c8d3ea
0291104bb66ac4849ac5fd433fdf9cbbc7f4a2fcaa1f137aca08be2a4878f54c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0d5b1efd-2ddc-4e8a-b89c-c9601bfeba68.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7314
x-amzn-requestid: ba9e3b47-d9dd-49c1-9645-bac582351957
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZWDpnGqOoAMFUTA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6338b30a-0604dff004a5f6364f0fe11c;Sampled=0
x-amzn-remapped-date: Sat, 01 Oct 2022 21:37:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ss4zz6K56bzf1oFauX5_GUyy77r5gwLUcEy2GHrxSbBlwaYNjPZuYA==
via: 1.1 95b0ac620fa3a80ee590ecf1cda1c698.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Oct 2022 21:58:03 GMT
age: 84452
etag: "e06bd8868eff8c42f5d2e2deec9a361170c8d3ea"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd4280e4-6b15-45b7-9469-d13ba14c37db.jpeg
34.120.237.76200 OK 6.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd4280e4-6b15-45b7-9469-d13ba14c37db.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9dddb9d84a16a3004821d89836b83dc3
087521979efd5936416fd7f030779fa5725f0a8f
a6251ac43958031d765b5743d43e14bc04b1e465bed81f757c3609ee6f2bea66
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd4280e4-6b15-45b7-9469-d13ba14c37db.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6871
x-amzn-requestid: e1fdb2ee-c0e7-4a0c-ae26-d968aef00503
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZWEIOGp2IAMFxSQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6338b3ce-24b26a8048ffd84071a2ad57;Sampled=0
x-amzn-remapped-date: Sat, 01 Oct 2022 21:40:30 GMT
x-amz-cf-pop: SFO5-P2, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: -svKnYBuiMSdWObzJyNah9TDIi6IuPP6VMzEJWmn0zxoZbFmwpzkJw==
via: 1.1 c07670802688417c8b871124c547eb0a.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Oct 2022 21:48:33 GMT
age: 85022
etag: "087521979efd5936416fd7f030779fa5725f0a8f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.godaddy.com/
192.124.249.36200 OK 1.8 kB IP 192.124.249.36:0
Hash a23aacaf9bb97889673234f3b64c7114
231c65bcd985a32a43823b72531a40ff6d636cbf
5cce08b75169e7350f2ffafea85a905792741c1d7c9f60c8e2256b83cab4590f
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sun, 02 Oct 2022 21:25:36 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19036
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sun, 02 Oct 2022 00:16:45 GMT
Expires: Mon, 03 Oct 2022 00:16:45 GMT
ETag: "231c65bcd985a32a43823b72531a40ff6d636cbf"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1526ec30-d948-4741-bb43-1e4c0afdc4d7.jpeg
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1526ec30-d948-4741-bb43-1e4c0afdc4d7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash fbddbe1f7958f13b80e50ab39094b9ab
f73cabc101017a4af09e675ca9262774c177d16a
ebbe6a54e5c390f49452d0afd55899f4dec3836451906945c79bbf165e4e0724
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1526ec30-d948-4741-bb43-1e4c0afdc4d7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 14117
x-amzn-requestid: adb8a06b-48c2-4805-90ed-1db82d873d49
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZWDpmFdjoAMFY_A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6338b30a-7f09d2c748de72ca663022df;Sampled=0
x-amzn-remapped-date: Sat, 01 Oct 2022 21:37:14 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: i_uJRH1xyKKv7z4fxzFua4sXX5__sOm8GHbOUuln6Eoo_ddRWgtAaQ==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 9c675215120a4ade8754c4357ef2f3ea.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Oct 2022 21:45:35 GMT
age: 85207
etag: "f73cabc101017a4af09e675ca9262774c177d16a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ads.traffichunt.com/adv_ret/?adv_pixel_id=861&nid=3>mcb=1032761146
34.193.186.63200 OK 0 B URL HTTP/2 ads.traffichunt.com/adv_ret/?adv_pixel_id=861&nid=3>mcb=1032761146
IP 34.193.186.63:0
GET /adv_ret/?adv_pixel_id=861&nid=3>mcb=1032761146 HTTP/1.1
Host: ads.traffichunt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.remembergirl.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 02 Oct 2022 21:25:34 GMT
server: nginx
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
set-cookie: new_adx_profile_guid=2c44b507-3ea9-4591-973d-c0ec931a2620;Max-Age=7776000;Path=/;SameSite=None; Secure
new_3.adx_rt_0=861;Max-Age=7776000;Path=/;SameSite=None; Secure
new_3.adx_daily_rt_0=861;Max-Age=9265;Path=/;SameSite=None; Secure
new_3.adx_rt_0=861;Max-Age=7776000;Path=/;SameSite=None; Secure
3.adx_rt_0=861; Max-Age=7776000; Expires=Sat, 31 Dec 2022 21:25:34 GMT; Path=/
adx_profile_guid=2c44b507-3ea9-4591-973d-c0ec931a2620; Max-Age=7776000; Expires=Sat, 31 Dec 2022 21:25:34 GMT; Path=/
3.adx_daily_rt_0=861; Max-Age=9265; Expires=Sun, 02 Oct 2022 23:59:59 GMT; Path=/
X-Firefox-Spdy: h2