r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash b7407cc102d62a5acd5e61f8a79bed36
c2f4890a62454e514962b55b7fc14228339c8e90
be282de92da261128a7c8471f3067466aa9930fd0ab2a2cdda8cd2d6ce2bbd74
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BE282DE92DA261128A7C8471F3067466AA9930FD0AB2A2CDDA8CD2D6CE2BBD74"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6474
Expires: Thu, 09 Feb 2023 03:08:24 GMT
Date: Thu, 09 Feb 2023 01:20:30 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 565c1bbc5c1c40be1988b3bf6fd9dc1a
cfdba5bc597130461dd67bf6cda53183be592493
60ceb36a8329c92fc49a3caf50daf511a38e01eac21a07d7a0a838166bea058d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "60CEB36A8329C92FC49A3CAF50DAF511A38E01EAC21A07D7A0A838166BEA058D"
Last-Modified: Mon, 06 Feb 2023 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2830
Expires: Thu, 09 Feb 2023 02:07:40 GMT
Date: Thu, 09 Feb 2023 01:20:30 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash cc14b0d2f7c451f6431dc87ba54d1d60
bab8bfda6fa3e2f17125353f5147211787dc25d0
b58fe18a5cc8fe5aaf49ba7eadd0ef34692892e68e9c52eb5bb56ea27e1300ad
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B58FE18A5CC8FE5AAF49BA7EADD0EF34692892E68E9C52EB5BB56EA27E1300AD"
Last-Modified: Mon, 06 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20025
Expires: Thu, 09 Feb 2023 06:54:15 GMT
Date: Thu, 09 Feb 2023 01:20:30 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bf0c602d32b3c14606f22a86183b5e3c
6eabd8d83475eba731968abe1a05a8bfd272f160
6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Backoff, Alert, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 09 Feb 2023 00:34:15 GMT
content-type: application/json
age: 2775
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e76071a28ee566dababb3834f46d68ed
aebb4e68c1ba2de0f90025283e8ed8470944fde0
78b6df2627172e5b35476bc31020f02898cdc412aaf4337af2c3b049a60912b6
GET /chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: vI9zfdCf7mIYl65Zfp0Zjs8qYUMg2v8knp47Ufs0p5eD+bS0QhWlAyY9ILxJlb7Mmx9NyAmm44M=
x-amz-request-id: ATP4ZYPM9EAP5NS0
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 09 Feb 2023 00:46:10 GMT
age: 2060
last-modified: Sun, 29 Jan 2023 18:44:47 GMT
etag: "e76071a28ee566dababb3834f46d68ed"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 09 Feb 2023 01:20:30 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Content-Type, Expires, Pragma, Retry-After, Last-Modified, ETag, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 09 Feb 2023 00:51:21 GMT
age: 1749
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 248ce16379b12f11927ecc3142aec450
fa5b189f2d9182479170cb61cc1723571e437bd2
a8d259b331bdefb00625b9bf057d44d0b3290fda0734c57eda187b04e23d59d4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A8D259B331BDEFB00625B9BF057D44D0B3290FDA0734C57EDA187B04E23D59D4"
Last-Modified: Wed, 08 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5519
Expires: Thu, 09 Feb 2023 02:52:30 GMT
Date: Thu, 09 Feb 2023 01:20:31 GMT
Connection: keep-alive
push.services.mozilla.com/
44.238.238.191101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 44.238.238.191:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: RR2GMMxOC/scnqz4RFuzpQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: pNp+wbc24Fuxam7OXXpFrc/bMY0=
vaforensics.com/
160.153.59.228301 Moved Permanently 382 B IP 160.153.59.228:0
ASN #398101 GO-DADDY-COM-LLC
File type HTML document, ASCII text, with very long lines (382), with no line terminators
Hash 7b99e6b454b331c822f4c50cde934e54
73959382e12891517510839d91a618209e7af3d7
2290876813df6c5a19183f788d0b050bddcafb5444ee7827c7735b27a386b2a5
GET / HTTP/1.1
Host: vaforensics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Thu, 09 Feb 2023 01:20:30 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
X-Redirect-By: WordPress
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Location: https://vaforensics.com/
Vary: Accept-Encoding
Keep-Alive: timeout=5
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 68273225f74fbf7493f395610d7a73fc
5a8779ef5656aeeba23b365aad60b7901c5dd7fc
c83f285a1f3df0f7ac758a68ee95cc3d2671f80264c2e143cc0561cc574e3f19
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C83F285A1F3DF0F7AC758A68EE95CC3D2671F80264C2E143CC0561CC574E3F19"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6909
Expires: Thu, 09 Feb 2023 03:15:41 GMT
Date: Thu, 09 Feb 2023 01:20:32 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 68273225f74fbf7493f395610d7a73fc
5a8779ef5656aeeba23b365aad60b7901c5dd7fc
c83f285a1f3df0f7ac758a68ee95cc3d2671f80264c2e143cc0561cc574e3f19
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C83F285A1F3DF0F7AC758A68EE95CC3D2671F80264C2E143CC0561CC574E3F19"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6909
Expires: Thu, 09 Feb 2023 03:15:41 GMT
Date: Thu, 09 Feb 2023 01:20:32 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 68273225f74fbf7493f395610d7a73fc
5a8779ef5656aeeba23b365aad60b7901c5dd7fc
c83f285a1f3df0f7ac758a68ee95cc3d2671f80264c2e143cc0561cc574e3f19
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C83F285A1F3DF0F7AC758A68EE95CC3D2671F80264C2E143CC0561CC574E3F19"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6909
Expires: Thu, 09 Feb 2023 03:15:41 GMT
Date: Thu, 09 Feb 2023 01:20:32 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 68273225f74fbf7493f395610d7a73fc
5a8779ef5656aeeba23b365aad60b7901c5dd7fc
c83f285a1f3df0f7ac758a68ee95cc3d2671f80264c2e143cc0561cc574e3f19
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C83F285A1F3DF0F7AC758A68EE95CC3D2671F80264C2E143CC0561CC574E3F19"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6909
Expires: Thu, 09 Feb 2023 03:15:41 GMT
Date: Thu, 09 Feb 2023 01:20:32 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 68273225f74fbf7493f395610d7a73fc
5a8779ef5656aeeba23b365aad60b7901c5dd7fc
c83f285a1f3df0f7ac758a68ee95cc3d2671f80264c2e143cc0561cc574e3f19
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C83F285A1F3DF0F7AC758A68EE95CC3D2671F80264C2E143CC0561CC574E3F19"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6909
Expires: Thu, 09 Feb 2023 03:15:41 GMT
Date: Thu, 09 Feb 2023 01:20:32 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff8db31dc-3366-48e5-8c4b-ebe994dd40ef.jpeg
34.120.237.76200 OK 15 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff8db31dc-3366-48e5-8c4b-ebe994dd40ef.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 95081172f8e19d19921acc802488e019
8531c150cb11de44361a95624b11cf46b9e0ba02
7a2d8f012c7d590f3f39ad834d4f3f9fb729143b7395bc588bd608b5bdee039b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff8db31dc-3366-48e5-8c4b-ebe994dd40ef.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 15019
x-amzn-requestid: 574e3e2c-2fbe-4215-9500-021147338832
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f583LHiioAMFqkQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e0a82d-4f12aac524c39f822ca4f422;Sampled=0
x-amzn-remapped-date: Mon, 06 Feb 2023 07:11:41 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: _3jIo3Giw3zmTmnSkJArAllT6uigN7EEzLPfkGpd6168_mSdqdk_Cg==
via: 1.1 23206a1c229d8877bdd053c4b05f9d12.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 12:41:28 GMT
age: 45544
etag: "8531c150cb11de44361a95624b11cf46b9e0ba02"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F049f3f10-52dc-41ec-990c-719ee36485c7.jpeg
34.120.237.76200 OK 3.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F049f3f10-52dc-41ec-990c-719ee36485c7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 10fd2f55fa0cfb8616ded6ddc2bb511a
996ed68f1b9770a19a97f6c8d359e338b8c8b3ca
e552d31a5e531386b9830bb58486f09bfcb3400676f726f93fdbea08336a09da
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F049f3f10-52dc-41ec-990c-719ee36485c7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3599
x-amzn-requestid: 658f8678-b67d-4f98-b728-cf9cbad3aa86
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ABI38GUpIAMFY0Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e38832-2ab19d0f2345fc7515775298;Sampled=0
x-amzn-remapped-date: Wed, 08 Feb 2023 11:32:02 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: d8ZayLRkBd16PmZsswU0N4ZLVFphVFlgPRloMdqF_U6WMcyvZptmpA==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 21:45:46 GMT
etag: "996ed68f1b9770a19a97f6c8d359e338b8c8b3ca"
content-type: image/jpeg
age: 12886
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f087272-940e-484d-ad9d-2c67bcd6dccd.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f087272-940e-484d-ad9d-2c67bcd6dccd.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash bb7c8b758fe17f6c06ce2bebb5008495
032d747cf20951f6ca6fd51489fefd7c09c4948d
835d89e028ec4c85a845f2835cb5eddb9653937f6736e2713b671419474608ed
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f087272-940e-484d-ad9d-2c67bcd6dccd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12811
x-amzn-requestid: be33f9ef-31cb-4572-9f22-0a433423e195
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AChzZFiWIAMFgmA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e4167b-70ed2a756b8da4372ccc1f83;Sampled=0
x-amzn-remapped-date: Wed, 08 Feb 2023 21:39:07 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: JpeDqbyAp9qLkVVqTKxmVy96vqBfyK4-GDiWdgkAjQlUN4Fu160VLA==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 21:45:55 GMT
etag: "032d747cf20951f6ca6fd51489fefd7c09c4948d"
content-type: image/jpeg
age: 12877
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F844d5320-b850-4dd9-87c4-2b4f17eb895e.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F844d5320-b850-4dd9-87c4-2b4f17eb895e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 82ed633b05ccadc8b87e83413641f1ef
aafed39990cf6a3391d53355085d816167a500fa
c9202e36b231d0a9a9cba1ff8f570e5b0fbba215eb6b28e3989fd442ee7f5835
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F844d5320-b850-4dd9-87c4-2b4f17eb895e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8717
x-amzn-requestid: dbb8b5a2-d3f6-42e2-8778-da19de081cb8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f2c0LHaiIAMF5cA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63df41b4-309b6b1f651f68453dd52f55;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 05:42:12 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hBfl0rPzn_iOD9xRlc236_IEvyGlK5WteH1y4cd0aYxlFzd3RVfgkQ==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 21:34:46 GMT
age: 13546
etag: "aafed39990cf6a3391d53355085d816167a500fa"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4930c104-0ac3-49ae-9506-13702874f821.jpeg
34.120.237.76200 OK 3.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4930c104-0ac3-49ae-9506-13702874f821.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2c1f5626e7ff7e681468c3c5820f3633
a8bb267f929b734a53b3dab0283c717270f6eb43
38d81274cc9f71f149091f72494c74872d99909c69d612a595c930c4755c4da3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4930c104-0ac3-49ae-9506-13702874f821.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3474
x-amzn-requestid: 1b0f88cf-460b-4ed2-8235-86c9e3e3ff93
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ffW2uG3LIAMF3cg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d604f7-42e5c38315bdbd47615985b6;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 05:32:39 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: j7JqKdXPBH0hFdoy4Qj0ttGzX93CyNdiv6Tn5h1F_zwNhxwb4IYBTA==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 22:28:34 GMT
age: 10318
etag: "a8bb267f929b734a53b3dab0283c717270f6eb43"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F396748b7-25c0-4112-960c-9c86d5ad28f9.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F396748b7-25c0-4112-960c-9c86d5ad28f9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5fc553a8677d9c0bf4835a0c29a7345c
ec8541dd8ae32e1cf597d40cc1d9d04aefb46ba8
e821faf86e44f2b9c9d5bd8cd3575c0a99acfc58774077034c413e345a7c0c0c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F396748b7-25c0-4112-960c-9c86d5ad28f9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7451
x-amzn-requestid: a900a5b4-85cd-4817-8e70-2516eb33a0a9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fox8IHMuIAMFdHA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d9c9e7-1122726b315a7c5623d1ff3f;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 02:09:43 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: JFPF2xZJ9QIqJbOEjTi5gt2aflnM9HVaWp8FpRAIIeDf59cJzbp6kw==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 21:46:36 GMT
age: 12836
etag: "ec8541dd8ae32e1cf597d40cc1d9d04aefb46ba8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
vaforensics.com/
160.153.59.228200 OK 13 kB IP 160.153.59.228:0
ASN #398101 GO-DADDY-COM-LLC
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (9381), with CRLF, LF line terminators
Hash cdeb7729536da1dc6c9e5d4b8caf1708
dde62149c01597308f941867176b4b7079fe08c3
550faa41c3c4c7a85bdf1fe99e3d4bce78d450b3b11a5d9059354ef0c2cdc293
GET / HTTP/1.1
Host: vaforensics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
x-powered-by: PHP/7.4.33
link: <https://vaforensics.com/wp-json/>; rel="https://api.w.org/", <https://vaforensics.com/wp-json/wp/v2/pages/356>; rel="alternate"; type="application/json", <https://vaforensics.com/>; rel=shortlink
vary: Accept-Encoding
content-encoding: br
content-length: 13085
content-type: text/html; charset=UTF-8
date: Thu, 09 Feb 2023 01:20:32 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 472 B IP 142.250.74.163:0
Hash c99599d6628f41d54430edaa40f5c533
4bbd35fd1097784ae5e1e046ba35595eb49ac57f
3cb4e5c0f89f5e97bd7b4a11c25b6bae84bb5a1d55982c44719b76b3f852035e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 01:20:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 472 B IP 142.250.74.163:0
Hash c99599d6628f41d54430edaa40f5c533
4bbd35fd1097784ae5e1e046ba35595eb49ac57f
3cb4e5c0f89f5e97bd7b4a11c25b6bae84bb5a1d55982c44719b76b3f852035e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 01:20:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 0333fa3e34f17f01e9829bd8ee662c23
be4c7a8599038facc49c73d6d14451023bc919e7
8b4ad992549334395b268f43cf73150ed0dfe58801cf9595c3e245ea92dea7d9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 01:20:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=AW-705385039
142.250.74.168200 OK 51 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=AW-705385039
IP 142.250.74.168:0
File type ASCII text, with very long lines (1759)
Hash 4923b633a10b45aae50bf3e5bc22457e
d4ed8568c93fb7678aef25db515a606c77a48994
370c6ea2b9a04d5684b10e3d4b836a1def1e5a1a884bfaeef1ff5a7bae459afb
GET /gtag/js?id=AW-705385039 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vaforensics.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 09 Feb 2023 01:20:34 GMT
expires: Thu, 09 Feb 2023 01:20:34 GMT
cache-control: private, max-age=900
last-modified: Thu, 09 Feb 2023 00:33:39 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 50800
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=UA-148897317-1
142.250.74.168200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-148897317-1
IP 142.250.74.168:0
File type ASCII text, with very long lines (1759)
Hash a64cc405caf95ded5575a0d7e7333575
794bbe39cf11570cbbbce1a05bcb15b683c1eb47
1fc6a230e2999ab2c5bce72f6dcc41d9a69ad2b838697713acc46ac5321b7c9d
GET /gtag/js?id=UA-148897317-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vaforensics.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 09 Feb 2023 01:20:34 GMT
expires: Thu, 09 Feb 2023 01:20:34 GMT
cache-control: private, max-age=900
last-modified: Thu, 09 Feb 2023 00:33:39 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 44120
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
vaforensics.com/wp-includes/css/classic-themes.min.css?ver=1
160.153.59.228200 OK 145 B URL HTTP/2 vaforensics.com/wp-includes/css/classic-themes.min.css?ver=1
IP 160.153.59.228:0
ASN #398101 GO-DADDY-COM-LLC
Hash 2dfb9ddeabe846b150087876ceb22a74
c9e3350631e53855d04d6dce360a675c84b3131d
26ef5cb63a695419cf11c79a759b46c5568df3716e4f1d36e7612b3695d5b554
GET /wp-includes/css/classic-themes.min.css?ver=1 HTTP/1.1
Host: vaforensics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vaforensics.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 25 Oct 2022 13:45:16 GMT
etag: "1800e04-d9-5ebdc1e39f300-br"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 145
content-type: text/css
date: Thu, 09 Feb 2023 01:20:34 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 0333fa3e34f17f01e9829bd8ee662c23
be4c7a8599038facc49c73d6d14451023bc919e7
8b4ad992549334395b268f43cf73150ed0dfe58801cf9595c3e245ea92dea7d9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 01:20:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 472 B IP 142.250.74.163:0
Hash c99599d6628f41d54430edaa40f5c533
4bbd35fd1097784ae5e1e046ba35595eb49ac57f
3cb4e5c0f89f5e97bd7b4a11c25b6bae84bb5a1d55982c44719b76b3f852035e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 01:20:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 536669e7a42f9a0caa66f993134afada
bd94349a50f63096181dd4c07e535a54c486990e
d70e1f5479850840b8ea57c1e8c04a619e018f22f31373c625f8f548bae288d9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D70E1F5479850840B8EA57C1E8C04A619E018F22F31373C625F8F548BAE288D9"
Last-Modified: Wed, 08 Feb 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Thu, 09 Feb 2023 07:20:35 GMT
Date: Thu, 09 Feb 2023 01:20:35 GMT
Connection: keep-alive
dns.firstblackphase.com/scripts/start.js?vl=0.9.5
194.135.30.210200 OK 1.7 kB URL HTTP/1.1 dns.firstblackphase.com/scripts/start.js?vl=0.9.5
IP 194.135.30.210:0
ASN #2856 British Telecommunications PLC
File type ASCII text, with very long lines (1689), with no line terminators
Hash 7c8d8eef56d371eb832c66fa28ef77d1
bdd849c9e45e3ec327080ef38a8b1c066fb82f93
5871ebb448cd3ae351576eda3a4d9a1124180cb4f1fd31c729576ed700bd2127
GET /scripts/start.js?vl=0.9.5 HTTP/1.1
Host: dns.firstblackphase.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vaforensics.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 09 Feb 2023 01:20:35 GMT
Content-Type: application/javascript
Content-Length: 1689
Last-Modified: Fri, 03 Feb 2023 15:54:07 GMT
Connection: keep-alive
ETag: "63dd2e1f-699"
Expires: Sun, 19 Feb 2023 01:20:35 GMT
Cache-Control: max-age=864000
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
vaforensics.com/wp-includes/css/dashicons.min.css?ver=6.1.1
160.153.59.228200 OK 35 kB URL HTTP/2 vaforensics.com/wp-includes/css/dashicons.min.css?ver=6.1.1
IP 160.153.59.228:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (58981)
Hash 7fbcc041be6ad8d6c01df3697646add7
cd0d65c3a45063f698a57cc71a8ee2ddd55514d6
0711b72619b3527b17a64dfb69e3141e29d3aae5d1a02c8bf9c06b710d30f900
GET /wp-includes/css/dashicons.min.css?ver=6.1.1 HTTP/1.1
Host: vaforensics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vaforensics.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 03 Mar 2021 21:16:22 GMT
etag: "1800e90-e688-5bca85cdbf580-br"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 35109
content-type: text/css
date: Thu, 09 Feb 2023 01:20:34 GMT
server: Apache
X-Firefox-Spdy: h2
vaforensics.com/wp-content/themes/divi-master/style.css?ver=3.0.93
160.153.59.228200 OK 1.8 kB URL HTTP/2 vaforensics.com/wp-content/themes/divi-master/style.css?ver=3.0.93
IP 160.153.59.228:0
ASN #398101 GO-DADDY-COM-LLC
File type assembler source, ASCII text, with very long lines (748)
Hash f406df614ad83a4efa6452a260faf28f
c4b867aa0b95b5c1041a1dd13a012b66b602aa0f
ae95faf5efb3fe81b455dafdaa037d61d029925487b12a3e0bcfbe0d6ac2922b
GET /wp-content/themes/divi-master/style.css?ver=3.0.93 HTTP/1.1
Host: vaforensics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vaforensics.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 11 Feb 2021 08:53:11 GMT
etag: "17836ae-17ce-5bb0ba633cbc0-br"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 1761
content-type: text/css
date: Thu, 09 Feb 2023 01:20:34 GMT
server: Apache
X-Firefox-Spdy: h2
vaforensics.com/wp-content/plugins/easy-fancybox/fancybox/1.5.4/jquery.fancybox.min.css?ver=6.1.1
160.153.59.228200 OK 1.2 kB URL HTTP/2 vaforensics.com/wp-content/plugins/easy-fancybox/fancybox/1.5.4/jquery.fancybox.min.css?ver=6.1.1
IP 160.153.59.228:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (5396), with no line terminators
Hash 5c746b08d9411c9882970f9a2f5eff7f
81c8f9a576b4d9d3f791c9c8c0558e3c528852b8
682540989b0adeceee617a655a7e8ca45cb48c0101b8e59f6f7bff4f590cc8ec
GET /wp-content/plugins/easy-fancybox/fancybox/1.5.4/jquery.fancybox.min.css?ver=6.1.1 HTTP/1.1
Host: vaforensics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vaforensics.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 16 Dec 2022 11:05:56 GMT
etag: "1780aea-1514-5efeff4362c7c-br"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 1217
content-type: text/css
date: Thu, 09 Feb 2023 01:20:34 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash b8ad5b23aac490c2e9ccbac5a9dbcc6b
ef73076be963061b44563356cb33201e401f65e8
92d2469a14b9fe0eb637029f9f2782228441a65c44feb1a37b73ccc606e2b55d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5740
Cache-Control: max-age=160809
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 01:20:35 GMT
Etag: "63e40520-117"
Expires: Fri, 10 Feb 2023 22:00:44 GMT
Last-Modified: Wed, 08 Feb 2023 20:25:04 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 279
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
104.17.24.14200 OK 5.6 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
IP 104.17.24.14:0
File type ASCII text, with very long lines (30837)
Hash 109d1ed85cd01f9cdab73a4cac5bf80d
d6c6498ad46de2d8e2008a8ff68e364ae7f16b32
8b3a74fe462f5b3c0635995fd721a60eb640e237680b0b532b96711f2823e8bc
GET /ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vaforensics.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 09 Feb 2023 01:20:35 GMT
content-type: text/css; charset=utf-8
content-length: 5631
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e5f-7918"
last-modified: Mon, 04 May 2020 16:10:07 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 438727
expires: Tue, 30 Jan 2024 01:20:35 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UAaLeaV5mpIehUMdrgv%2Bk0MHUTsIsxxZciJ4U%2BJ8xvemp%2B3VCgyvFI%2FV%2BE0Tk9rPs54fnmbS3vozUNhv6G5NEL9uRmFz6jffRNqJpN3P2LmdWWZ9ZT2KLKrgYRLvkByyVxv4vtvG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7968c88c1c7a0b31-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash b8ad5b23aac490c2e9ccbac5a9dbcc6b
ef73076be963061b44563356cb33201e401f65e8
92d2469a14b9fe0eb637029f9f2782228441a65c44feb1a37b73ccc606e2b55d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5740
Cache-Control: max-age=160809
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 01:20:35 GMT
Etag: "63e40520-117"
Expires: Fri, 10 Feb 2023 22:00:44 GMT
Last-Modified: Wed, 08 Feb 2023 20:25:04 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 279
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash e78581d791f6d4e3da33e61386fa6594
b66a4f4a920698a30f40f515d012fc7021221a19
0a0f432068c62a96e3710f3ee96628d076ee40f9ae6ccabfe61450636296aae8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0A0F432068C62A96E3710F3EE96628D076EE40F9AE6CCABFE61450636296AAE8"
Last-Modified: Wed, 08 Feb 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20394
Expires: Thu, 09 Feb 2023 07:00:29 GMT
Date: Thu, 09 Feb 2023 01:20:35 GMT
Connection: keep-alive
vaforensics.com/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1
160.153.59.228200 OK 12 kB URL HTTP/2 vaforensics.com/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1
IP 160.153.59.228:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (47826)
Hash 5e3752655a7a33c049db06c0edf386e6
573c51b0de413f30a220c9261506635f9daf2b81
d6571c641370e9bb83b25b5a493fca6ae3109ae384f7a8a9507ccdfb9067627d
GET /wp-includes/css/dist/block-library/style.min.css?ver=6.1.1 HTTP/1.1
Host: vaforensics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vaforensics.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 11 Nov 2022 14:56:45 GMT
etag: "1800e2e-172a9-5ed33192c4540-br"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 11590
content-type: text/css
date: Thu, 09 Feb 2023 01:20:34 GMT
server: Apache
X-Firefox-Spdy: h2
vaforensics.com/wp-content/uploads/useanyfont/uaf.css?ver=1675295000
160.153.59.228200 OK 152 B URL HTTP/2 vaforensics.com/wp-content/uploads/useanyfont/uaf.css?ver=1675295000
IP 160.153.59.228:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with CRLF line terminators
Hash 6bd3e9f102386143848ffb3fbb7b4786
dc59139c8f8d5dd6b864e21f575a762fc31f8702
4c87af4869643dd555cadbc50a7d8604302ffbfb7ee509f27c868607de69c054
GET /wp-content/uploads/useanyfont/uaf.css?ver=1675295000 HTTP/1.1
Host: vaforensics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vaforensics.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 01 Feb 2023 23:43:20 GMT
etag: "17c0890-141-5f3ac0362b4b7-br"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 152
content-type: text/css
date: Thu, 09 Feb 2023 01:20:34 GMT
server: Apache
X-Firefox-Spdy: h2
vaforensics.com/wp-content/plugins/easy-social-icons/css/cnss.css?ver=1.0
160.153.59.228200 OK 1.5 kB URL HTTP/2 vaforensics.com/wp-content/plugins/easy-social-icons/css/cnss.css?ver=1.0
IP 160.153.59.228:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with CRLF line terminators
Hash aef0453d6a0469ec2bc9f0efbca5f2d2
2ae32f82653575bd802679a8958a3ccd5c39456d
62193c718aed020cb2c3697ebdbdc1a6bf2dcade5b09196c10a1d964e279df54
GET /wp-content/plugins/easy-social-icons/css/cnss.css?ver=1.0 HTTP/1.1
Host: vaforensics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vaforensics.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 16 Dec 2022 11:05:59 GMT
etag: "1780b3c-2b11-5efeff463958a-br"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 1504
content-type: text/css
date: Thu, 09 Feb 2023 01:20:34 GMT
server: Apache
X-Firefox-Spdy: h2
vaforensics.com/wp-content/plugins/ApertureOverlay/assets/css/aperture-overlay.css?ver=6.1.1
160.153.59.228200 OK 1.0 kB URL HTTP/2 vaforensics.com/wp-content/plugins/ApertureOverlay/assets/css/aperture-overlay.css?ver=6.1.1
IP 160.153.59.228:0
ASN #398101 GO-DADDY-COM-LLC
Hash 3aa640efffe024dc86663e23fdf0112c
90099418aef221cfd314748bb8a1ff8e4155343e
be8991e911c863759e5874ba366774494c41a2fad886eeaf4027407e39a910e4
GET /wp-content/plugins/ApertureOverlay/assets/css/aperture-overlay.css?ver=6.1.1 HTTP/1.1
Host: vaforensics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vaforensics.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 04 Mar 2022 23:20:44 GMT
etag: "178067d-1008-5d96cc38c4b00-br"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 1000
content-type: text/css
date: Thu, 09 Feb 2023 01:20:34 GMT
server: Apache
X-Firefox-Spdy: h2
track.violetlovelines.com/src/back.js?v=2.0.5
194.135.30.210200 OK 1.5 kB URL HTTP/1.1 track.violetlovelines.com/src/back.js?v=2.0.5
IP 194.135.30.210:0
ASN #2856 British Telecommunications PLC
File type ASCII text, with very long lines (1529), with no line terminators
Hash c8f444abeae63526432814d5b3d2b9e9
9affe304a4c92e9a479267b1ed537c137c67eaf6
d600330103ed806c00d33be51fd34ade559398d56d280f8df331b57dd4918a19
Analyzer Verdict Alert mnemonic_dns Sinkholed
GET /src/back.js?v=2.0.5 HTTP/1.1
Host: track.violetlovelines.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vaforensics.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 09 Feb 2023 01:20:35 GMT
Content-Type: application/javascript
Content-Length: 1529
Last-Modified: Fri, 03 Feb 2023 15:50:16 GMT
Connection: keep-alive
ETag: "63dd2d38-5f9"
Expires: Sun, 19 Feb 2023 01:20:35 GMT
Cache-Control: max-age=864000
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
vaforensics.com/wp-content/plugins/easy-social-icons/css/font-awesome/css/v4-shims.min.css?ver=5.7.2
160.153.59.228200 OK 3.8 kB URL HTTP/2 vaforensics.com/wp-content/plugins/easy-social-icons/css/font-awesome/css/v4-shims.min.css?ver=5.7.2
IP 160.153.59.228:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (26440), with no line terminators
Hash cd7dcb99b7f1f2d1c39b1820fa9e701c
37a8974245b3e2f7ca1c8a808996a4ec9ff80dbd
886dfd402045199ed72f41208bd521babd49d2b86a8aed0503cce4f6a1084e5c
GET /wp-content/plugins/easy-social-icons/css/font-awesome/css/v4-shims.min.css?ver=5.7.2 HTTP/1.1
Host: vaforensics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vaforensics.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 16 Dec 2022 11:05:59 GMT
etag: "1780b43-6748-5efeff4639972-br"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 3843
content-type: text/css
date: Thu, 09 Feb 2023 01:20:34 GMT
server: Apache
X-Firefox-Spdy: h2
vaforensics.com/wp-content/plugins/easy-social-icons/css/font-awesome/css/all.min.css?ver=5.7.2
160.153.59.228200 OK 11 kB URL HTTP/2 vaforensics.com/wp-content/plugins/easy-social-icons/css/font-awesome/css/all.min.css?ver=5.7.2
IP 160.153.59.228:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (54456), with no line terminators
Hash d319f8a8fa600639e49c321a98a11403
40542962236bc3b7500adc67019e1b45ecc92d8a
03cffe4dfd34e5d96bec06ff6d622b1fa821c80bf04cc844c765eca06a774ca3
GET /wp-content/plugins/easy-social-icons/css/font-awesome/css/all.min.css?ver=5.7.2 HTTP/1.1
Host: vaforensics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vaforensics.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 16 Dec 2022 11:05:59 GMT
etag: "1780b45-d4b8-5efeff4639d5a-br"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 11379
content-type: text/css
date: Thu, 09 Feb 2023 01:20:34 GMT
server: Apache
X-Firefox-Spdy: h2
vaforensics.com/wp-content/uploads/2021/10/VA-Horizontal-_1_.png
160.153.59.228200 OK 124 kB URL HTTP/2 vaforensics.com/wp-content/uploads/2021/10/VA-Horizontal-_1_.png
IP 160.153.59.228:0
ASN #398101 GO-DADDY-COM-LLC
File type PNG image data, 4066 x 757, 8-bit/color RGBA, non-interlaced\012- data
Size 124 kB (123894 bytes)
Hash f82d71edd78e2a1e78a79f530d2ad2ad
8ca498da53e72e0e59810d0623d3ea26332efa20
d27e31fc0dea75dea7c05d2e8d9f09c63e50a18677a3ef406b39f53fb4284a71
GET /wp-content/uploads/2021/10/VA-Horizontal-_1_.png HTTP/1.1
Host: vaforensics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vaforensics.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 07 Oct 2021 05:44:00 GMT
etag: "17c04af-1e3f6-5cdbcbfdc8800"
accept-ranges: bytes
content-length: 123894
content-type: image/png
date: Thu, 09 Feb 2023 01:20:35 GMT
server: Apache
X-Firefox-Spdy: h2
vaforensics.com/wp-includes/js/jquery/ui/mouse.min.js?ver=1.13.2
160.153.59.228200 OK 1.0 kB URL HTTP/2 vaforensics.com/wp-includes/js/jquery/ui/mouse.min.js?ver=1.13.2
IP 160.153.59.228:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (3224)
Hash 70fa8e4e20665205c1503b15c9f78e64
74e98e2636557de7e2fdba8ff2e017f2c8b7a7d4
968694bc3a3f0b9ee66d05da689c6bb85831f8eb4786efb9c26ff3c0bdd6222b
GET /wp-includes/js/jquery/ui/mouse.min.js?ver=1.13.2 HTTP/1.1
Host: vaforensics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vaforensics.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 23 Sep 2022 19:55:30 GMT
etag: "18014c9-d4a-5e95d8f5cb080-br"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 1001
content-type: application/javascript
date: Thu, 09 Feb 2023 01:20:35 GMT
server: Apache
X-Firefox-Spdy: h2
vaforensics.com/wp-content/plugins/ApertureOverlay/assets/js/aperture-overlay.js?ver=1
160.153.59.228200 OK 332 B URL HTTP/2 vaforensics.com/wp-content/plugins/ApertureOverlay/assets/js/aperture-overlay.js?ver=1
IP 160.153.59.228:0
ASN #398101 GO-DADDY-COM-LLC
Hash acf02bd9785774c5aaf59474bb97cd2e
c6fa9c35b1863d8d44f00f656800a9bab53d8e36
23a51ec3998d4418d630b3df3e0a4fc413c5829ced33b8c3419750f4faa41f98
GET /wp-content/plugins/ApertureOverlay/assets/js/aperture-overlay.js?ver=1 HTTP/1.1
Host: vaforensics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vaforensics.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 08 Mar 2022 22:02:31 GMT
etag: "178069f-348-5d9bc23304bc0-br"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 332
content-type: application/javascript
date: Thu, 09 Feb 2023 01:20:35 GMT
server: Apache
X-Firefox-Spdy: h2
vaforensics.com/wp-content/plugins/easy-fancybox/fancybox/1.5.4/jquery.fancybox.min.js?ver=6.1.1
160.153.59.228200 OK 5.3 kB URL HTTP/2 vaforensics.com/wp-content/plugins/easy-fancybox/fancybox/1.5.4/jquery.fancybox.min.js?ver=6.1.1
IP 160.153.59.228:0
ASN #398101 GO-DADDY-COM-LLC
File type HTML document text\012- exported SGML document, ASCII text, with very long lines (17738), with no line terminators
Hash 7fb43b9f4e75ef2851c8f82125fdc4c6
7f2e3098ecd2f836a5bc0383bf987ac9f9c5e611
54f92430a585855ee66d8f4fa4bcd8a4839dcdeb1351b795257b56e4c26dbb08
GET /wp-content/plugins/easy-fancybox/fancybox/1.5.4/jquery.fancybox.min.js?ver=6.1.1 HTTP/1.1
Host: vaforensics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vaforensics.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 16 Dec 2022 11:05:56 GMT
etag: "1780ae6-454a-5efeff4362c7c-br"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 5343
content-type: application/javascript
date: Thu, 09 Feb 2023 01:20:35 GMT
server: Apache
X-Firefox-Spdy: h2
vaforensics.com/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1
160.153.59.228200 OK 5.2 kB URL HTTP/2 vaforensics.com/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1
IP 160.153.59.228:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (15660)
Hash a6c2111d3612f1a90c33288d1b5c8601
8051c6314fd79a33f99dd9a0da428f3e507a3ce2
0fdc13654d13fa25430a0ae8f3befa1e677a4f0b954a0a460beabcdad81f7ab0
GET /wp-includes/js/wp-emoji-release.min.js?ver=6.1.1 HTTP/1.1
Host: vaforensics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vaforensics.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 20 Jan 2023 08:40:21 GMT
etag: "180154f-5345-5f2adfffa4236-br"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 5241
content-type: application/javascript
date: Thu, 09 Feb 2023 01:20:35 GMT
server: Apache
X-Firefox-Spdy: h2
vaforensics.com/wp-content/plugins/easy-social-icons/js/cnss.js?ver=1.0
160.153.59.228200 OK 141 B URL HTTP/2 vaforensics.com/wp-content/plugins/easy-social-icons/js/cnss.js?ver=1.0
IP 160.153.59.228:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with CRLF line terminators
Hash 14bfcd2177fdaab89d4c5e71d3c06459
ce6e74dc9dfae426173970c14ad972835c5c49d6
dbae59cbc4b352b39aac5bf8e593284b4f9f163da00edd565ba89511d00b3ef1
GET /wp-content/plugins/easy-social-icons/js/cnss.js?ver=1.0 HTTP/1.1
Host: vaforensics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vaforensics.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 16 Dec 2022 11:06:00 GMT
etag: "1780bb1-17b-5efeff4649f2a-br"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 141
content-type: application/javascript
date: Thu, 09 Feb 2023 01:20:35 GMT
server: Apache
X-Firefox-Spdy: h2
vaforensics.com/wp-content/plugins/divi_extended_column_layouts/style.css?ver=6.1.1
160.153.59.228200 OK 1.1 kB URL HTTP/2 vaforensics.com/wp-content/plugins/divi_extended_column_layouts/style.css?ver=6.1.1
IP 160.153.59.228:0
ASN #398101 GO-DADDY-COM-LLC
Hash df11d1a7a4e323686772e3a7accfc725
dedac4688bbf6a993d034ce016272e09e5121e39
9991576154a4e340cbb9da626a5d469fb1387ed1884862be87b04a26faa13764
GET /wp-content/plugins/divi_extended_column_layouts/style.css?ver=6.1.1 HTTP/1.1
Host: vaforensics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vaforensics.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 10 Jan 2018 06:40:46 GMT
etag: "1780eba-3937-562664fa5b780-br"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 1074
content-type: text/css
date: Thu, 09 Feb 2023 01:20:35 GMT
server: Apache
X-Firefox-Spdy: h2
vaforensics.com/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.5.5
160.153.59.228200 OK 12 kB URL HTTP/2 vaforensics.com/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.5.5
IP 160.153.59.228:0
ASN #398101 GO-DADDY-COM-LLC
File type Unicode text, UTF-8 text, with very long lines (12602), with CRLF line terminators
Hash a0603afb0266f311cb53b8ebc4f38348
01cc06e6acee68f43f15bb92ddd7cd9f5294102b
c44dfe29991950c3f5f6f0453caa99a1d616946a55aee54095b4b988ae2c3898
GET /wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.5.5 HTTP/1.1
Host: vaforensics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vaforensics.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 02 Aug 2021 04:28:06 GMT
etag: "1781d5d-e6df-5c88bfee54180-br"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 11863
content-type: text/css
date: Thu, 09 Feb 2023 01:20:35 GMT
server: Apache
X-Firefox-Spdy: h2
vaforensics.com/wp-includes/js/jquery/ui/core.min.js?ver=1.13.2
160.153.59.228200 OK 6.8 kB URL HTTP/2 vaforensics.com/wp-includes/js/jquery/ui/core.min.js?ver=1.13.2
IP 160.153.59.228:0
ASN #398101 GO-DADDY-COM-LLC
File type Unicode text, UTF-8 text, with very long lines (8189)
Hash fcaa8987fae3c9c571ec0eef98c6476c
48ecee4ad6cc641d9a97f2c3dc3460a85e65ec2a
53b64ba30e018b23c555163577085c8171555d6e879ad2eb1b3a28baff8281cf
GET /wp-includes/js/jquery/ui/core.min.js?ver=1.13.2 HTTP/1.1
Host: vaforensics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vaforensics.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 23 Sep 2022 19:55:30 GMT
etag: "18014c7-53c0-5e95d8f5cb080-br"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 6809
content-type: application/javascript
date: Thu, 09 Feb 2023 01:20:35 GMT
server: Apache
X-Firefox-Spdy: h2
vaforensics.com/wp-content/cache/et/356/et-core-unified-16750790252643.min.css
160.153.59.228200 OK 3.0 kB URL HTTP/2 vaforensics.com/wp-content/cache/et/356/et-core-unified-16750790252643.min.css
IP 160.153.59.228:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (16513), with no line terminators
Hash 6d285c813760c2bc49ca6684d1985ccd
bfe87bba2419e9631e411b1517274cdf2d59a809
fa5a439036a014629cad28bfc46a6939e10f4a8093f1ce288fced2eb2ac43cdf
GET /wp-content/cache/et/356/et-core-unified-16750790252643.min.css HTTP/1.1
Host: vaforensics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vaforensics.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 30 Jan 2023 11:43:47 GMT
etag: "17c0007-4081-5f379ba6053c6-br"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 2952
content-type: text/css
date: Thu, 09 Feb 2023 01:20:35 GMT
server: Apache
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 62f4ab86307bb9083cbeef8cae3add9d
1536b78b0ae0ff02c9e3c11e3cb8301b0f771a0f
0303f7217011da5a9ecd8ece8e67d97fe0c0940cc35450f0da67058e85446cc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0303F7217011DA5A9ECD8ECE8E67D97FE0C0940CC35450F0DA67058E85446CC9"
Last-Modified: Wed, 08 Feb 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3561
Expires: Thu, 09 Feb 2023 02:19:56 GMT
Date: Thu, 09 Feb 2023 01:20:35 GMT
Connection: keep-alive
back.firstblackphase.com/mbRB96
194.135.30.210200 OK 1.2 kB URL HTTP/1.1 back.firstblackphase.com/mbRB96
IP 194.135.30.210:0
ASN #2856 British Telecommunications PLC
File type ASCII text, with very long lines (3022), with no line terminators
Hash eb02d53f0152c5c871ed775e2caf9250
ebd44170acd88dc736ea779f6ab8f8ff7caa5c6d
2a005b344967b5d077e8c2fa6f3290cd3c97442b58ef79cc8050df763f448683
GET /mbRB96 HTTP/1.1
Host: back.firstblackphase.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vaforensics.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 09 Feb 2023 01:20:35 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 1176
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Content-Encoding: gzip
Expires: 0
Pragma: no-cache
Set-Cookie: _subid=s8hnpan4j4m;Expires=Sunday, 12-Mar-2023 01:20:35 GMT;Max-Age=2678400;Path=/
3936f=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjdcIjoxNjc1OTA1NjM1fSxcImNhbXBhaWduc1wiOntcIjNcIjoxNjc1OTA1NjM1fSxcInRpbWVcIjoxNjc1OTA1NjM1fSJ9.ScIbW_oo5zHQmWLLeiy6pBMosbi-7UIHpHxOc8imY3s;Expires=Friday, 20-Mar-2076 02:41:10 GMT;Max-Age=1675992035;Path=/
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
vaforensics.com/wp-content/plugins/ApertureOverlay/assets/img/aperature-logo@2x.png
160.153.59.228200 OK 8.7 kB URL HTTP/2 vaforensics.com/wp-content/plugins/ApertureOverlay/assets/img/aperature-logo@2x.png
IP 160.153.59.228:0
ASN #398101 GO-DADDY-COM-LLC
File type PNG image data, 719 x 180, 8-bit/color RGBA, non-interlaced\012- data
Hash 8c3c8098d88a82f5cc712951bf073f3e
a4aa6297e4cfea02da60577c18a9f9613da8f99f
8f60b6f4cf9e350a34c60c32d27c0740aa7cac5390a0bef9a969e7a1d952048c
GET /wp-content/plugins/ApertureOverlay/assets/img/aperature-logo@2x.png HTTP/1.1
Host: vaforensics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vaforensics.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 04 Mar 2022 23:20:44 GMT
etag: "1780697-21eb-5d96cc38c4b00"
accept-ranges: bytes
content-length: 8683
content-type: image/png
date: Thu, 09 Feb 2023 01:20:35 GMT
server: Apache
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash b7b4608a169626af998c9425bb1dee45
ddff4c1aa6ababe8f54ed273f426c27e78570f5c
d84bc06039c946eb3c02acd901df1d57d5fd618814ccca1ec9cfb6cdef844dec
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D84BC06039C946EB3C02ACD901DF1D57D5FD618814CCCA1EC9CFB6CDEF844DEC"
Last-Modified: Mon, 06 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2548
Expires: Thu, 09 Feb 2023 02:03:04 GMT
Date: Thu, 09 Feb 2023 01:20:36 GMT
Connection: keep-alive
goaway.dofollowgreenline.com/follow/finish.php?pid=658745-22-658734323
194.135.30.210302 Found 0 B URL HTTP/1.1 goaway.dofollowgreenline.com/follow/finish.php?pid=658745-22-658734323
IP 194.135.30.210:0
ASN #2856 British Telecommunications PLC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET /follow/finish.php?pid=658745-22-658734323 HTTP/1.1
Host: goaway.dofollowgreenline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vaforensics.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Thu, 09 Feb 2023 01:20:36 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://goaway.dofollowgreenline.com/follow/finish.php?mid=8678670756767
Access-Control-Allow-Origin: *
goaway.dofollowgreenline.com/follow/finish.php?mid=8678670756767
194.135.30.210200 OK 468 B URL HTTP/1.1 goaway.dofollowgreenline.com/follow/finish.php?mid=8678670756767
IP 194.135.30.210:0
ASN #2856 British Telecommunications PLC
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash b5a5307d9ab9831a566f0d3ff7e38494
73bd511114fa273e663499455b44a69a9083f534
c4cbd80786f04154ebf81fe67ff21e47d3e108f3907ada92ef9bf98e2cdaf9dc
GET /follow/finish.php?mid=8678670756767 HTTP/1.1
Host: goaway.dofollowgreenline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://vaforensics.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 09 Feb 2023 01:20:36 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Content-Encoding: gzip
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 09acb3adf79ea3b84bc52699a78d581b
d362c9d23a8e2d36f78796a82da6f3b235dfbe5a
4b4e63bb98c8324dae07a1618c71e785b2168289b1bfe8df5d8b76e2b8bc8eb0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4B4E63BB98C8324DAE07A1618C71E785B2168289B1BFE8DF5D8B76E2B8BC8EB0"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14596
Expires: Thu, 09 Feb 2023 05:23:52 GMT
Date: Thu, 09 Feb 2023 01:20:36 GMT
Connection: keep-alive
n6h12.haxbyq.com/images/bot-detect/arrow.png
185.56.234.205200 OK 7.6 kB URL HTTP/2 n6h12.haxbyq.com/images/bot-detect/arrow.png
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 165 x 240, 8-bit colormap, non-interlaced\012- data
Hash c85fd6ebd323d92d7732361fc081825b
e26fed63250540abfa1ea99c45d623bcf6ce89c5
1e33356964f2769244bb45448d9b0680582b69f344b4f09fa85231efaf05adc2
GET /images/bot-detect/arrow.png HTTP/1.1
Host: n6h12.haxbyq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://n6h12.haxbyq.com/bot-detect?h=waWQiOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MDgsInNyYyI6Mn0=eyJ&si1=beef0&i=1
Cookie: truniq=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.1
date: Thu, 09 Feb 2023 01:20:37 GMT
content-type: image/png
content-length: 7572
last-modified: Fri, 25 Nov 2022 08:33:14 GMT
etag: "63807dca-1d94"
x-zone: eu
accept-ranges: bytes
X-Firefox-Spdy: h2
vaforensics.com/wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.5.5
160.153.59.228200 OK 36 kB URL HTTP/2 vaforensics.com/wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.5.5
IP 160.153.59.228:0
ASN #398101 GO-DADDY-COM-LLC
Hash 21f1fa07743566e74fb49e80cec41062
b53b22884745bca5623beb59c5acdd5ce8368b2d
5c3c942fb9cd53092d8fffd0b3fac34138146959b4febc788be7e919232008b9
GET /wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.5.5 HTTP/1.1
Host: vaforensics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vaforensics.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 02 Aug 2021 04:28:10 GMT
etag: "1781da8-5bc43-5c88bff224a80-br"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 92140
content-type: application/javascript
date: Thu, 09 Feb 2023 01:20:35 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 05c4874833cba85392a442de4f1d6ba2
9c8537531052a8a3081851a1a7858f19676eb61f
709c87ceacbe5353db87a3f781965a9aaba595380927e97fc288ea77a50f47e5
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4117
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 01:20:37 GMT
Etag: "63e39d0c-117"
Last-Modified: Thu, 09 Feb 2023 00:12:00 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 279
vaforensics.com/wp-content/uploads/2018/02/thumb-FVA.jpg
160.153.59.228200 OK 279 B URL HTTP/2 vaforensics.com/wp-content/uploads/2018/02/thumb-FVA.jpg
IP 160.153.59.228:0
ASN #398101 GO-DADDY-COM-LLC
Hash 05c4874833cba85392a442de4f1d6ba2
9c8537531052a8a3081851a1a7858f19676eb61f
709c87ceacbe5353db87a3f781965a9aaba595380927e97fc288ea77a50f47e5
GET /wp-content/uploads/2018/02/thumb-FVA.jpg HTTP/1.1
Host: vaforensics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vaforensics.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 15 Feb 2018 00:57:20 GMT
etag: "17c019c-32b1c-56535b5b89c00"
accept-ranges: bytes
content-length: 207644
content-type: image/jpeg
date: Thu, 09 Feb 2023 01:20:35 GMT
server: Apache
X-Firefox-Spdy: h2
n6h12.haxbyq.com/bot-detect?h=waWQiOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MDgsInNyYyI6Mn0=eyJ&si1=beef0&i=1
185.56.234.205200 OK 30 kB URL HTTP/2 n6h12.haxbyq.com/bot-detect?h=waWQiOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MDgsInNyYyI6Mn0=eyJ&si1=beef0&i=1
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
Hash bc04a4489ae4b69a883ff486f0fc5dd0
c18dbc137d8ca4fd4d7f0ba800cdf32c6d8702de
b50ed88e918d0f6e980c795a2b88cc8b9670a52c2e12d601144a3616c46420b1
GET /bot-detect?h=waWQiOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MDgsInNyYyI6Mn0=eyJ&si1=beef0&i=1 HTTP/1.1
Host: n6h12.haxbyq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://haxbyq.com/
Cookie: truniq=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.1
date: Thu, 09 Feb 2023 01:20:37 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-zone: eu3
content-encoding: gzip
X-Firefox-Spdy: h2
vaforensics.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
160.153.59.228200 OK 36 kB URL HTTP/2 vaforensics.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP 160.153.59.228:0
ASN #398101 GO-DADDY-COM-LLC
Hash 21f1fa07743566e74fb49e80cec41062
b53b22884745bca5623beb59c5acdd5ce8368b2d
5c3c942fb9cd53092d8fffd0b3fac34138146959b4febc788be7e919232008b9
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: vaforensics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vaforensics.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 27 Jan 2023 08:55:03 GMT
etag: "18014af-414d-5f33b05718126-br"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 5533
content-type: application/javascript
date: Thu, 09 Feb 2023 01:20:35 GMT
server: Apache
X-Firefox-Spdy: h2
9a6mn.haxbyq.com/bot-detect?h=waWQiOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MDgsInNyYyI6Mn0=eyJ&si1=beef0&i=3
185.56.234.205200 OK 19 kB URL HTTP/2 9a6mn.haxbyq.com/bot-detect?h=waWQiOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MDgsInNyYyI6Mn0=eyJ&si1=beef0&i=3
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
Hash f4f2f5a8cb7f90da55b0d42a7d501c57
93df79718fe8e5727c8678d764af1a633b4f1ff5
0d43ca9de193fb96ed7a23df238c2c3e893577ed003a75354448e224665818c6
GET /bot-detect?h=waWQiOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MDgsInNyYyI6Mn0=eyJ&si1=beef0&i=3 HTTP/1.1
Host: 9a6mn.haxbyq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cetgd.haxbyq.com/
Cookie: truniq=1; ufp2=1c498d49971e81296d7cc42eb7d06038344be745
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.1
date: Thu, 09 Feb 2023 01:20:37 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-zone: eu
content-encoding: gzip
X-Firefox-Spdy: h2
9a6mn.haxbyq.com/images/bot-detect/robot-men.png
185.56.234.205200 OK 36 kB URL HTTP/2 9a6mn.haxbyq.com/images/bot-detect/robot-men.png
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 700 x 500, 8-bit colormap, non-interlaced\012- data
Hash 21f1fa07743566e74fb49e80cec41062
b53b22884745bca5623beb59c5acdd5ce8368b2d
5c3c942fb9cd53092d8fffd0b3fac34138146959b4febc788be7e919232008b9
GET /images/bot-detect/robot-men.png HTTP/1.1
Host: 9a6mn.haxbyq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://9a6mn.haxbyq.com/bot-detect?h=waWQiOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MDgsInNyYyI6Mn0=eyJ&si1=beef0&i=3
Cookie: truniq=1; ufp2=1c498d49971e81296d7cc42eb7d06038344be745
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.1
date: Thu, 09 Feb 2023 01:20:37 GMT
content-type: image/png
content-length: 35511
last-modified: Fri, 25 Nov 2022 08:33:14 GMT
etag: "63807dca-8ab7"
x-zone: eu
accept-ranges: bytes
X-Firefox-Spdy: h2
st6ja.haxbyq.com/images/bot-detect/arrow.png
185.56.234.205200 OK 7.6 kB URL HTTP/2 st6ja.haxbyq.com/images/bot-detect/arrow.png
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 165 x 240, 8-bit colormap, non-interlaced\012- data
Hash c85fd6ebd323d92d7732361fc081825b
e26fed63250540abfa1ea99c45d623bcf6ce89c5
1e33356964f2769244bb45448d9b0680582b69f344b4f09fa85231efaf05adc2
GET /images/bot-detect/arrow.png HTTP/1.1
Host: st6ja.haxbyq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://st6ja.haxbyq.com/bot-detect?h=waWQiOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MDgsInNyYyI6Mn0=eyJ&si1=beef0&i=4
Cookie: truniq=1; ufp2=1c498d49971e81296d7cc42eb7d06038344be745
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.1
date: Thu, 09 Feb 2023 01:20:38 GMT
content-type: image/png
content-length: 7572
last-modified: Fri, 25 Nov 2022 08:33:14 GMT
etag: "63807dca-1d94"
x-zone: eu
accept-ranges: bytes
X-Firefox-Spdy: h2
st6ja.haxbyq.com/images/bot-detect/robot-men.png
185.56.234.205200 OK 36 kB URL HTTP/2 st6ja.haxbyq.com/images/bot-detect/robot-men.png
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 700 x 500, 8-bit colormap, non-interlaced\012- data
Hash 21f1fa07743566e74fb49e80cec41062
b53b22884745bca5623beb59c5acdd5ce8368b2d
5c3c942fb9cd53092d8fffd0b3fac34138146959b4febc788be7e919232008b9
GET /images/bot-detect/robot-men.png HTTP/1.1
Host: st6ja.haxbyq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://st6ja.haxbyq.com/bot-detect?h=waWQiOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MDgsInNyYyI6Mn0=eyJ&si1=beef0&i=4
Cookie: truniq=1; ufp2=1c498d49971e81296d7cc42eb7d06038344be745
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.1
date: Thu, 09 Feb 2023 01:20:38 GMT
content-type: image/png
content-length: 35511
last-modified: Fri, 25 Nov 2022 08:33:14 GMT
etag: "63807dca-8ab7"
x-zone: eu
accept-ranges: bytes
X-Firefox-Spdy: h2
oyv5r.haxbyq.com/images/bot-detect/arrow.png
185.56.234.205200 OK 11 kB URL HTTP/2 oyv5r.haxbyq.com/images/bot-detect/arrow.png
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
Hash ccaeb0e7b86892da40e54cfedb9da948
c8633fd3ee9b56467e85809291ad41842fd72cbd
d42384045a232034b79aea69fbdfba5a381f66107d9406fcd7405eb7dd8d93c7
GET /images/bot-detect/arrow.png HTTP/1.1
Host: oyv5r.haxbyq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oyv5r.haxbyq.com/bot-detect?h=waWQiOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MDgsInNyYyI6Mn0=eyJ&si1=beef0&i=5
Cookie: truniq=1; ufp2=1c498d49971e81296d7cc42eb7d06038344be745
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.1
date: Thu, 09 Feb 2023 01:20:38 GMT
content-type: image/png
content-length: 7572
last-modified: Fri, 25 Nov 2022 08:33:14 GMT
etag: "63807dca-1d94"
x-zone: eu4
accept-ranges: bytes
X-Firefox-Spdy: h2
oyv5r.haxbyq.com/images/bot-detect/robot-men.png
185.56.234.205200 OK 36 kB URL HTTP/2 oyv5r.haxbyq.com/images/bot-detect/robot-men.png
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 700 x 500, 8-bit colormap, non-interlaced\012- data
Hash 21f1fa07743566e74fb49e80cec41062
b53b22884745bca5623beb59c5acdd5ce8368b2d
5c3c942fb9cd53092d8fffd0b3fac34138146959b4febc788be7e919232008b9
GET /images/bot-detect/robot-men.png HTTP/1.1
Host: oyv5r.haxbyq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oyv5r.haxbyq.com/bot-detect?h=waWQiOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MDgsInNyYyI6Mn0=eyJ&si1=beef0&i=5
Cookie: truniq=1; ufp2=1c498d49971e81296d7cc42eb7d06038344be745
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.1
date: Thu, 09 Feb 2023 01:20:38 GMT
content-type: image/png
content-length: 35511
last-modified: Fri, 25 Nov 2022 08:33:14 GMT
etag: "63807dca-8ab7"
x-zone: eu3
accept-ranges: bytes
X-Firefox-Spdy: h2
uzk51.haxbyq.com/images/bot-detect/arrow.png
185.56.234.205200 OK 11 kB URL HTTP/2 uzk51.haxbyq.com/images/bot-detect/arrow.png
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
Hash e0bd2d6d6ae40ffe6a651072d113e14d
75c6a150388b07aeee738ec4b4dcc22b61d78f4f
42b3a06e690aa44888555bd4f4427ab87db4363e81f399dfe472c4ba4251c0ea
GET /images/bot-detect/arrow.png HTTP/1.1
Host: uzk51.haxbyq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uzk51.haxbyq.com/bot-detect?h=waWQiOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MDgsInNyYyI6Mn0=eyJ&si1=beef0&i=6
Cookie: truniq=1; ufp2=1c498d49971e81296d7cc42eb7d06038344be745
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.1
date: Thu, 09 Feb 2023 01:20:38 GMT
content-type: image/png
content-length: 7572
last-modified: Fri, 25 Nov 2022 08:33:14 GMT
etag: "63807dca-1d94"
x-zone: eu4
accept-ranges: bytes
X-Firefox-Spdy: h2
uzk51.haxbyq.com/images/bot-detect/robot-men.png
185.56.234.205200 OK 36 kB URL HTTP/2 uzk51.haxbyq.com/images/bot-detect/robot-men.png
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 700 x 500, 8-bit colormap, non-interlaced\012- data
Hash 21f1fa07743566e74fb49e80cec41062
b53b22884745bca5623beb59c5acdd5ce8368b2d
5c3c942fb9cd53092d8fffd0b3fac34138146959b4febc788be7e919232008b9
GET /images/bot-detect/robot-men.png HTTP/1.1
Host: uzk51.haxbyq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uzk51.haxbyq.com/bot-detect?h=waWQiOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MDgsInNyYyI6Mn0=eyJ&si1=beef0&i=6
Cookie: truniq=1; ufp2=1c498d49971e81296d7cc42eb7d06038344be745
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.1
date: Thu, 09 Feb 2023 01:20:38 GMT
content-type: image/png
content-length: 35511
last-modified: Fri, 25 Nov 2022 08:33:14 GMT
etag: "63807dca-8ab7"
x-zone: eu3
accept-ranges: bytes
X-Firefox-Spdy: h2
uzk51.haxbyq.com/bot-detect?h=waWQiOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MDgsInNyYyI6Mn0=eyJ&si1=beef0&i=6
185.56.234.205200 OK 30 kB URL HTTP/2 uzk51.haxbyq.com/bot-detect?h=waWQiOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MDgsInNyYyI6Mn0=eyJ&si1=beef0&i=6
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
Hash 646c21e67730a304cce1786dee2ec1a0
e40f82982f48989a54becea8e8e16216c74a3f19
a24873fa52f9fda5007c57510d7177a232965071e521e5ad7437095ac3cecea9
GET /bot-detect?h=waWQiOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MDgsInNyYyI6Mn0=eyJ&si1=beef0&i=6 HTTP/1.1
Host: uzk51.haxbyq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oyv5r.haxbyq.com/
Cookie: truniq=1; ufp2=1c498d49971e81296d7cc42eb7d06038344be745
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.1
date: Thu, 09 Feb 2023 01:20:38 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-zone: eu
content-encoding: gzip
X-Firefox-Spdy: h2
a6h31.haxbyq.com/images/bot-detect/robot-men.png
185.56.234.205200 OK 36 kB URL HTTP/2 a6h31.haxbyq.com/images/bot-detect/robot-men.png
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 700 x 500, 8-bit colormap, non-interlaced\012- data
Hash 21f1fa07743566e74fb49e80cec41062
b53b22884745bca5623beb59c5acdd5ce8368b2d
5c3c942fb9cd53092d8fffd0b3fac34138146959b4febc788be7e919232008b9
GET /images/bot-detect/robot-men.png HTTP/1.1
Host: a6h31.haxbyq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a6h31.haxbyq.com/bot-detect?h=waWQiOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MDgsInNyYyI6Mn0=eyJ&si1=beef0&i=7
Cookie: truniq=1; ufp2=1c498d49971e81296d7cc42eb7d06038344be745
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.1
date: Thu, 09 Feb 2023 01:20:38 GMT
content-type: image/png
content-length: 35511
last-modified: Fri, 25 Nov 2022 08:33:14 GMT
etag: "63807dca-8ab7"
x-zone: eu4
accept-ranges: bytes
X-Firefox-Spdy: h2
vaforensics.com/wp-content/uploads/2018/02/thumb-ARA.jpg
160.153.59.228200 OK 0 B URL HTTP/2 vaforensics.com/wp-content/uploads/2018/02/thumb-ARA.jpg
IP 160.153.59.228:0
ASN #398101 GO-DADDY-COM-LLC
GET /wp-content/uploads/2018/02/thumb-ARA.jpg HTTP/1.1
Host: vaforensics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vaforensics.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 15 Feb 2018 00:15:07 GMT
etag: "17c0170-37c0e-565351ebe18c0"
accept-ranges: bytes
content-length: 228366
content-type: image/jpeg
date: Thu, 09 Feb 2023 01:20:35 GMT
server: Apache
X-Firefox-Spdy: h2
vaforensics.com/wp-content/uploads/2018/02/thumb-LS.jpg
160.153.59.228200 OK 0 B URL HTTP/2 vaforensics.com/wp-content/uploads/2018/02/thumb-LS.jpg
IP 160.153.59.228:0
ASN #398101 GO-DADDY-COM-LLC
GET /wp-content/uploads/2018/02/thumb-LS.jpg HTTP/1.1
Host: vaforensics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vaforensics.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 15 Feb 2018 00:57:13 GMT
etag: "17c01a7-20ea8-56535b54dcc40"
accept-ranges: bytes
content-length: 134824
content-type: image/jpeg
date: Thu, 09 Feb 2023 01:20:35 GMT
server: Apache
X-Firefox-Spdy: h2
cqwajn.com/gosl/InNpZCI6MTE4NDYwMiwic21hcnRsaW5rIjp0cnVlfQ==eyJwaWQiOjEwNTQwMzAs?si1=beef0
104.21.58.35302 Found 0 B URL HTTP/2 cqwajn.com/gosl/InNpZCI6MTE4NDYwMiwic21hcnRsaW5rIjp0cnVlfQ==eyJwaWQiOjEwNTQwMzAs?si1=beef0
IP 104.21.58.35:0
GET /gosl/InNpZCI6MTE4NDYwMiwic21hcnRsaW5rIjp0cnVlfQ==eyJwaWQiOjEwNTQwMzAs?si1=beef0 HTTP/1.1
Host: cqwajn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goaway.dofollowgreenline.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Thu, 09 Feb 2023 01:20:36 GMT
content-type: text/html; charset=UTF-8
location: https://haxbyq.com/bot-detect?h=waWQiOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MDgsInNyYyI6Mn0=eyJ&si1=beef0&si2=
cache-control: no-cache
max-age: 0
x-zone: eu
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=np8x%2Fr7lDIo%2FgxvYg5scAaiQn%2F3NRnItbndhKE%2F7s%2BMhHcylbJALMUB5K%2BjgaAcWxeJmU8Q10t0fwJCR7WD%2BExHMl3Us8NN7V7np0hdnrxLnzqQI%2FHyQMYfn%2BeHr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7968c894beabb4f3-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
vaforensics.com/wp-content/themes/Divi/js/custom.min.js?ver=3.0.93
160.153.59.228200 OK 0 B URL HTTP/2 vaforensics.com/wp-content/themes/Divi/js/custom.min.js?ver=3.0.93
IP 160.153.59.228:0
ASN #398101 GO-DADDY-COM-LLC
GET /wp-content/themes/Divi/js/custom.min.js?ver=3.0.93 HTTP/1.1
Host: vaforensics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vaforensics.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 03 Jan 2018 20:13:18 GMT
etag: "178366f-3c217-561e4d89a9380-br"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 55182
content-type: application/javascript
date: Thu, 09 Feb 2023 01:20:35 GMT
server: Apache
X-Firefox-Spdy: h2
vaforensics.com/wp-content/uploads/2018/02/thumb-BEA.jpg
160.153.59.228200 OK 0 B URL HTTP/2 vaforensics.com/wp-content/uploads/2018/02/thumb-BEA.jpg
IP 160.153.59.228:0
ASN #398101 GO-DADDY-COM-LLC
GET /wp-content/uploads/2018/02/thumb-BEA.jpg HTTP/1.1
Host: vaforensics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vaforensics.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 15 Feb 2018 00:57:24 GMT
etag: "17c017b-2364c-56535b5f5a500"
accept-ranges: bytes
content-length: 144972
content-type: image/jpeg
date: Thu, 09 Feb 2023 01:20:35 GMT
server: Apache
X-Firefox-Spdy: h2
vaforensics.com/wp-content/uploads/2018/02/861086778.jpg
160.153.59.228200 OK 0 B URL HTTP/2 vaforensics.com/wp-content/uploads/2018/02/861086778.jpg
IP 160.153.59.228:0
ASN #398101 GO-DADDY-COM-LLC
GET /wp-content/uploads/2018/02/861086778.jpg HTTP/1.1
Host: vaforensics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vaforensics.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 05 Feb 2018 20:41:19 GMT
etag: "17c0137-5701d-5647d158ff9c0"
accept-ranges: bytes
content-length: 356381
content-type: image/jpeg
date: Thu, 09 Feb 2023 01:20:35 GMT
server: Apache
X-Firefox-Spdy: h2
vaforensics.com/wp-content/uploads/2018/02/thumb-EMP.jpg
160.153.59.228200 OK 0 B URL HTTP/2 vaforensics.com/wp-content/uploads/2018/02/thumb-EMP.jpg
IP 160.153.59.228:0
ASN #398101 GO-DADDY-COM-LLC
GET /wp-content/uploads/2018/02/thumb-EMP.jpg HTTP/1.1
Host: vaforensics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vaforensics.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 15 Feb 2018 00:57:22 GMT
etag: "17c0186-2a66f-56535b5d72080"
accept-ranges: bytes
content-length: 173679
content-type: image/jpeg
date: Thu, 09 Feb 2023 01:20:35 GMT
server: Apache
X-Firefox-Spdy: h2
ulmoyc.com/v1/sdk.js?h=waWQiOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MDgsInNyYyI6MiwicG0iOjJ9eyJ&d=haxbyq.com&tpl=4&pbd=iOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MDgsInNpMSI6ImJlZWYwIiwiaSI6IjEifQ==eyJwaWQ
172.67.197.128200 OK 0 B URL HTTP/2 ulmoyc.com/v1/sdk.js?h=waWQiOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MDgsInNyYyI6MiwicG0iOjJ9eyJ&d=haxbyq.com&tpl=4&pbd=iOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MDgsInNpMSI6ImJlZWYwIiwiaSI6IjEifQ==eyJwaWQ
IP 172.67.197.128:0
GET /v1/sdk.js?h=waWQiOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MDgsInNyYyI6MiwicG0iOjJ9eyJ&d=haxbyq.com&tpl=4&pbd=iOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MDgsInNpMSI6ImJlZWYwIiwiaSI6IjEifQ==eyJwaWQ HTTP/1.1
Host: ulmoyc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://n6h12.haxbyq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 09 Feb 2023 01:20:37 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=14400
access-control-allow-origin: https://haxbyq.com
etag: W/"50qlkqukyBePkDAwgf5oeXdRhDI"
x-zone: eu
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HJu3aRuj7mta6SsUI%2BJSC%2F%2BGNZSn8NI6Zy0PkD3jeB%2BO%2BmkXKQ5RmKrCRUm2Ac2my75VzTjlE%2FBI2JyZIZTeEbO%2By9pPYg%2F5Ei2IlVjXxdMd52RcpsQjRmctlTCU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7968c8982c85b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
vaforensics.com/wp-content/uploads/2018/02/thumb-FA.jpg
160.153.59.228200 OK 0 B URL HTTP/2 vaforensics.com/wp-content/uploads/2018/02/thumb-FA.jpg
IP 160.153.59.228:0
ASN #398101 GO-DADDY-COM-LLC
GET /wp-content/uploads/2018/02/thumb-FA.jpg HTTP/1.1
Host: vaforensics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vaforensics.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 15 Feb 2018 00:57:15 GMT
etag: "17c0191-28fdf-56535b56c50c0"
accept-ranges: bytes
content-length: 167903
content-type: image/jpeg
date: Thu, 09 Feb 2023 01:20:35 GMT
server: Apache
X-Firefox-Spdy: h2
oyv5r.haxbyq.com/bot-detect?h=waWQiOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MDgsInNyYyI6Mn0=eyJ&si1=beef0&i=5
185.56.234.205200 OK 0 B URL HTTP/2 oyv5r.haxbyq.com/bot-detect?h=waWQiOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MDgsInNyYyI6Mn0=eyJ&si1=beef0&i=5
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
GET /bot-detect?h=waWQiOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MDgsInNyYyI6Mn0=eyJ&si1=beef0&i=5 HTTP/1.1
Host: oyv5r.haxbyq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://st6ja.haxbyq.com/
Cookie: truniq=1; ufp2=1c498d49971e81296d7cc42eb7d06038344be745
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.1
date: Thu, 09 Feb 2023 01:20:38 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-zone: eu3
content-encoding: gzip
X-Firefox-Spdy: h2
vaforensics.com/wp-content/uploads/2018/02/667032328-1.jpg
160.153.59.228200 OK 0 B URL HTTP/2 vaforensics.com/wp-content/uploads/2018/02/667032328-1.jpg
IP 160.153.59.228:0
ASN #398101 GO-DADDY-COM-LLC
GET /wp-content/uploads/2018/02/667032328-1.jpg HTTP/1.1
Host: vaforensics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vaforensics.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 05 Feb 2018 20:43:14 GMT
etag: "17c0121-3469a-5647d1c6abc80"
accept-ranges: bytes
content-length: 214682
content-type: image/jpeg
date: Thu, 09 Feb 2023 01:20:35 GMT
server: Apache
X-Firefox-Spdy: h2
vaforensics.com/wp-content/themes/Divi/core/admin/js/common.js?ver=3.0.93
160.153.59.228200 OK 0 B URL HTTP/2 vaforensics.com/wp-content/themes/Divi/core/admin/js/common.js?ver=3.0.93
IP 160.153.59.228:0
ASN #398101 GO-DADDY-COM-LLC
GET /wp-content/themes/Divi/core/admin/js/common.js?ver=3.0.93 HTTP/1.1
Host: vaforensics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vaforensics.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 20 Dec 2017 19:49:12 GMT
etag: "17833ee-4c4-560cae0a31e00-br"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 452
content-type: application/javascript
date: Thu, 09 Feb 2023 01:20:35 GMT
server: Apache
X-Firefox-Spdy: h2
vaforensics.com/wp-content/plugins/revslider/public/assets/assets/dummy.png
160.153.59.228200 OK 0 B URL HTTP/2 vaforensics.com/wp-content/plugins/revslider/public/assets/assets/dummy.png
IP 160.153.59.228:0
ASN #398101 GO-DADDY-COM-LLC
GET /wp-content/plugins/revslider/public/assets/assets/dummy.png HTTP/1.1
Host: vaforensics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vaforensics.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 02 Aug 2021 04:28:18 GMT
etag: "17817e8-44-5c88bff9c5c80"
accept-ranges: bytes
content-length: 68
content-type: image/png
date: Thu, 09 Feb 2023 01:20:35 GMT
server: Apache
X-Firefox-Spdy: h2
haxbyq.com/bot-detect?h=waWQiOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MDgsInNyYyI6Mn0=eyJ&si1=beef0&si2=
185.56.234.205200 OK 0 B URL HTTP/2 haxbyq.com/bot-detect?h=waWQiOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MDgsInNyYyI6Mn0=eyJ&si1=beef0&si2=
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
GET /bot-detect?h=waWQiOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MDgsInNyYyI6Mn0=eyJ&si1=beef0&si2= HTTP/1.1
Host: haxbyq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://goaway.dofollowgreenline.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.21.1
date: Thu, 09 Feb 2023 01:20:36 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: truniq=1; expires=Fri, 10-Feb-2023 01:20:36 GMT; Max-Age=86400; path=/; domain=haxbyq.com
x-zone: eu
content-encoding: gzip
X-Firefox-Spdy: h2
st6ja.haxbyq.com/bot-detect?h=waWQiOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MDgsInNyYyI6Mn0=eyJ&si1=beef0&i=4
185.56.234.205200 OK 0 B URL HTTP/2 st6ja.haxbyq.com/bot-detect?h=waWQiOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MDgsInNyYyI6Mn0=eyJ&si1=beef0&i=4
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
GET /bot-detect?h=waWQiOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MDgsInNyYyI6Mn0=eyJ&si1=beef0&i=4 HTTP/1.1
Host: st6ja.haxbyq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://9a6mn.haxbyq.com/
Cookie: truniq=1; ufp2=1c498d49971e81296d7cc42eb7d06038344be745
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.1
date: Thu, 09 Feb 2023 01:20:37 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-zone: eu
content-encoding: gzip
X-Firefox-Spdy: h2
vaforensics.com/wp-content/uploads/2019/12/humanfactors.jpg
160.153.59.228200 OK 0 B URL HTTP/2 vaforensics.com/wp-content/uploads/2019/12/humanfactors.jpg
IP 160.153.59.228:0
ASN #398101 GO-DADDY-COM-LLC
GET /wp-content/uploads/2019/12/humanfactors.jpg HTTP/1.1
Host: vaforensics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vaforensics.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 23 Dec 2019 21:51:16 GMT
etag: "17c0201-f59f-59a6606dc5d00"
accept-ranges: bytes
content-length: 62879
content-type: image/jpeg
date: Thu, 09 Feb 2023 01:20:35 GMT
server: Apache
X-Firefox-Spdy: h2
vaforensics.com/wp-includes/js/jquery/ui/sortable.min.js?ver=1.13.2
160.153.59.228200 OK 0 B URL HTTP/2 vaforensics.com/wp-includes/js/jquery/ui/sortable.min.js?ver=1.13.2
IP 160.153.59.228:0
ASN #398101 GO-DADDY-COM-LLC
GET /wp-includes/js/jquery/ui/sortable.min.js?ver=1.13.2 HTTP/1.1
Host: vaforensics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vaforensics.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 19 Sep 2022 18:04:09 GMT
etag: "18014e1-636f-5e90b89c73840-br"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 6336
content-type: application/javascript
date: Thu, 09 Feb 2023 01:20:35 GMT
server: Apache
X-Firefox-Spdy: h2
vaforensics.com/wp-content/uploads/2019/12/surveillance.jpg
160.153.59.228200 OK 0 B URL HTTP/2 vaforensics.com/wp-content/uploads/2019/12/surveillance.jpg
IP 160.153.59.228:0
ASN #398101 GO-DADDY-COM-LLC
GET /wp-content/uploads/2019/12/surveillance.jpg HTTP/1.1
Host: vaforensics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vaforensics.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 23 Dec 2019 21:50:54 GMT
etag: "17c0209-138b4-59a66058cab80"
accept-ranges: bytes
content-length: 80052
content-type: image/jpeg
date: Thu, 09 Feb 2023 01:20:35 GMT
server: Apache
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto:400
142.250.74.106200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Roboto:400
IP 142.250.74.106:0
GET /css?family=Roboto:400 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vaforensics.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 09 Feb 2023 01:20:34 GMT
date: Thu, 09 Feb 2023 01:20:34 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
vaforensics.com/wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.5.5
160.153.59.228200 OK 0 B URL HTTP/2 vaforensics.com/wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.5.5
IP 160.153.59.228:0
ASN #398101 GO-DADDY-COM-LLC
GET /wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.5.5 HTTP/1.1
Host: vaforensics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vaforensics.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 02 Aug 2021 04:28:10 GMT
etag: "1781da6-1e570-5c88bff224a80-br"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 45524
content-type: application/javascript
date: Thu, 09 Feb 2023 01:20:35 GMT
server: Apache
X-Firefox-Spdy: h2
vaforensics.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
160.153.59.228200 OK 0 B URL HTTP/2 vaforensics.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
IP 160.153.59.228:0
ASN #398101 GO-DADDY-COM-LLC
GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.1 HTTP/1.1
Host: vaforensics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vaforensics.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 27 Jan 2023 08:55:03 GMT
etag: "18014b7-1693d-5f33b0573425f-br"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 31244
content-type: application/javascript
date: Thu, 09 Feb 2023 01:20:35 GMT
server: Apache
X-Firefox-Spdy: h2