r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1cdc095521e9ee2606059be447d1fdd5
02b5d0a5b5823e2338daf7e144700babe2a213af
8bda3aabcf331c2bfcc4c7023cd797c760fd301dc353641bb95048e072f66c66
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8BDA3AABCF331C2BFCC4C7023CD797C760FD301DC353641BB95048E072F66C66"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7125
Expires: Mon, 06 Feb 2023 02:25:49 GMT
Date: Mon, 06 Feb 2023 00:27:04 GMT
Connection: keep-alive
ocsp.pki.goog/s/gts1p5/aJ5_o_MKP7Y
142.250.74.163200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/aJ5_o_MKP7Y
IP 142.250.74.163:0
Hash 61dc6feb03e0a1965014c14f52993fa4
11f92c73d015e9ab2d30767e3777b410cf8b7e69
1e6581665c7ed22ea5d23b4cec237c2844bc2b116086bab49c414c9911ec0ce1
POST /s/gts1p5/aJ5_o_MKP7Y HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 00:27:04 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c21ba65e44ac95470c314e068e49a9eb
17a13b13738993d889d4afa3d848dc63bf6eba64
9bd0795b30e84ce63b6e2a365ca91bbffc395dd955e112152066c31e63a4ab66
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9BD0795B30E84CE63B6E2A365CA91BBFFC395DD955E112152066C31E63A4AB66"
Last-Modified: Sat, 04 Feb 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4807
Expires: Mon, 06 Feb 2023 01:47:11 GMT
Date: Mon, 06 Feb 2023 00:27:04 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Backoff, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 05 Feb 2023 23:33:59 GMT
content-type: application/json
age: 3185
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash fb7b6b46e708ad73eaaa3c21e74569ae
950663c025acad81556af5aa3022ecc9d55097fe
763f58b9fb838378c92033b59907b036f4c33081f5103d9bcc2ca2a8de500d64
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "763F58B9FB838378C92033B59907B036F4C33081F5103D9BCC2CA2A8DE500D64"
Last-Modified: Sat, 04 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10941
Expires: Mon, 06 Feb 2023 03:29:26 GMT
Date: Mon, 06 Feb 2023 00:27:05 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: AgEvf24o3OnR7f9biJTAX0VLWrDp4z1aFj05kgG/LN7DgR5pjFlzUXTqIJ6BK3mS0LBTbF9nYAE=
x-amz-request-id: PFNB40YKPKQF5539
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 05 Feb 2023 23:53:29 GMT
age: 2016
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 06 Feb 2023 00:27:05 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/u.gif
104.26.1.51200 OK 42 B URL HTTP/2 ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/u.gif
IP 104.26.1.51:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/u.gif HTTP/1.1
Host: ntutdc1995.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/login.html?cmd=login_submit&id=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&session=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 00:27:05 GMT
content-type: image/gif
content-length: 42
cache-control: max-age=2592000
cf-bgj: imgq:100,h2pri
cf-polished: status=not_needed
etag: "63df4aac-2a"
expires: Tue, 07 Mar 2023 07:47:56 GMT
last-modified: Sun, 05 Feb 2023 06:20:28 GMT
strict-transport-security: max-age=15768000
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 41811
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uv63o6Oyn36sxqa2gX%2BqMexQvGNoNLSm1pN0vN%2BV70ONI5uZhGMMAcyeyZO%2FfR0F4BONQyZ2m9sTJmaf8WvvcpONB1u9tEJqoDjBZUh%2BhVDMdVf%2F84kUqavW3y1w%2BMih"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 794fc20f6c02b511-OSL
X-Firefox-Spdy: h2
ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/6d6e5a4b50313176614c77414143627a.gif
104.26.1.51200 OK 43 B URL HTTP/2 ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/6d6e5a4b50313176614c77414143627a.gif
IP 104.26.1.51:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash fc94fb0c3ed8a8f909dbc7630a0987ff
56d45f8a17f5078a20af9962c992ca4678450765
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
GET /wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/6d6e5a4b50313176614c77414143627a.gif HTTP/1.1
Host: ntutdc1995.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/login.html?cmd=login_submit&id=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&session=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 00:27:05 GMT
content-type: image/gif
content-length: 43
cache-control: max-age=2592000
cf-bgj: imgq:100,h2pri
cf-polished: status=not_needed
etag: "63df4aac-2b"
expires: Tue, 07 Mar 2023 07:47:54 GMT
last-modified: Sun, 05 Feb 2023 06:20:28 GMT
strict-transport-security: max-age=15768000
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 41811
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rTQaJiQTceWU7%2Fx4IrdGOdPTN4BOA1Dt8EHyybOqrT4TZy4%2Fx2gB2odEJNs2F1h7YikcH%2BpopQu3gO1WV7MTktDQ%2BAm5JuS2qHyyiluAIc6FuWh0J6XyphDjrOND5Usr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 794fc20f6c00b511-OSL
X-Firefox-Spdy: h2
ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/login.html?cmd=login_submit&id=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&session=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3
104.26.1.51200 OK 4.6 kB URL HTTP/2 ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/login.html?cmd=login_submit&id=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&session=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3
IP 104.26.1.51:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (1920)
Hash ca33e9ce8a6fcba9065ea203d3e32317
4ec9a503d95c28516ffa0dddbd3fed71f77dedbc
af09bec78973661bdff44abdee0272683aff57457d8fdbff18cce10e52bc0bf0
Analyzer Verdict Alert openphish Huntington Bank
GET /wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/login.html?cmd=login_submit&id=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&session=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3 HTTP/1.1
Host: ntutdc1995.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Mon, 06 Feb 2023 00:27:05 GMT
content-type: text/html; charset=utf-8
last-modified: Sun, 05 Feb 2023 06:20:28 GMT
vary: Accept-Encoding
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bRWv%2FOCo1R8KYxExm8pwC7eBbCYx3et%2BNe%2B49e37o99ymTSxZgKRx3zaBfmm9Xf9WG1tbSOZjjy1LkY1Raci5AbuOUR%2FI47FgfJnOyziTmjeJyv1ZGI02SFFg5WsN418"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 794fc20c091eb511-OSL
content-encoding: br
X-Firefox-Spdy: h2
ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/tracking-DTM.js
104.26.1.51200 OK 1.1 kB URL HTTP/2 ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/tracking-DTM.js
IP 104.26.1.51:0
File type ASCII text, with very long lines (1624), with no line terminators
Hash 015a27a0304d04900a8fff47c315c417
38e5141056667fd7dc32c52f615e7840f1548070
530844ef1a17f2413ec479d13b6bd804f42e8f14fafabbfb2132d5b527c08b4a
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/tracking-DTM.js HTTP/1.1
Host: ntutdc1995.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/login.html?cmd=login_submit&id=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&session=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 00:27:05 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sun, 05 Feb 2023 06:20:28 GMT
vary: Accept-Encoding
etag: W/"63df4aac-658"
expires: Sun, 05 Feb 2023 19:47:55 GMT
cache-control: max-age=43200
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cf-cache-status: HIT
age: 41810
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bNau7xZsV5L4DSHOPuw0sTk%2B0CIDbe0zijINO05jKAnsfA9AeG3vCgzm3v92uWK5nTNQxvBaddK8caU%2BXx2LJpvX%2BKCWX6%2BXSvuqRPssKfu%2BLg%2FSii4iR5jpxcOdt18o"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 794fc20f5bebb511-OSL
content-encoding: br
X-Firefox-Spdy: h2
ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/1011719316x32.js
104.26.1.51200 OK 1.2 kB URL HTTP/2 ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/1011719316x32.js
IP 104.26.1.51:0
File type HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (433)
Hash 66bcb2aeea773596370e490e3af47d36
80f4e77a83a3c17f061f2b943928597485b11f7e
d9d4ebae9cc08665daee3588e5c0e9a4bf48ddd42261db85411a9cd2bd2fa28e
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/1011719316x32.js HTTP/1.1
Host: ntutdc1995.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/login.html?cmd=login_submit&id=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&session=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 00:27:05 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sun, 05 Feb 2023 06:20:28 GMT
vary: Accept-Encoding
etag: W/"63df4aac-6bb"
expires: Sun, 05 Feb 2023 19:47:54 GMT
cache-control: max-age=43200
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cf-cache-status: HIT
age: 41810
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q2M%2FlPvJzwJXhtlp0XgtqU7fuLZlrvVC%2FhA1MmA8wdQ9G3FOO9zRKOp4oHZsvutc3q%2BF0bAAXaYiu3H%2FiAFpw3cQi26G3BqLOqc2T6%2BmfDP83fzFQ1xpBctD5rpREiCW"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 794fc20f6bf7b511-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 9ba49f1fc7f2f554049e6761ba03e37b
687a48ce650668c484bfda4b50fd202977bb85de
256310e4ec423d30bb346e06ff441daf493641a12ad9e208a2cdf90a0fcbf6f7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5586
Cache-Control: max-age=112390
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 00:27:05 GMT
Etag: "63df478d-1d7"
Expires: Tue, 07 Feb 2023 07:40:15 GMT
Last-Modified: Sun, 05 Feb 2023 06:07:09 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471
ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/vm-login-form-ad.js
104.26.1.51200 OK 3.6 kB URL HTTP/2 ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/vm-login-form-ad.js
IP 104.26.1.51:0
Hash f76b2c4726447eae22bd149c7e944364
f32e6700daffdeba3690a5d77c4caac8aa88c297
0477f246808b5be7391425d07e399419557286f14d1ad5df8ecb45c5537697ab
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/vm-login-form-ad.js HTTP/1.1
Host: ntutdc1995.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/login.html?cmd=login_submit&id=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&session=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 00:27:05 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sun, 05 Feb 2023 06:20:28 GMT
vary: Accept-Encoding
etag: W/"63df4aac-2247"
expires: Sun, 05 Feb 2023 19:47:55 GMT
cache-control: max-age=43200
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cf-cache-status: HIT
age: 41811
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=90cjiFRdfktljtdkY6FTpySkor5rQ%2F4RUKluVLoYFlt8NE%2BwV13%2FMIYVtH%2FIqrFEDMpW2KijhLhJC6jl2X2mx8M%2FQQnNBX%2Fp1R7BjpIoqeEwZjzc521guXM28Ddu8jlb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 794fc20f5bf5b511-OSL
content-encoding: br
X-Firefox-Spdy: h2
sdx.xfinity.com/fonts/latest/Xfinity_Standard/XfinityStandard-Regular.woff2
104.110.1.60200 OK 27 kB URL HTTP/2 sdx.xfinity.com/fonts/latest/Xfinity_Standard/XfinityStandard-Regular.woff2
IP 104.110.1.60:0
File type Web Open Font Format (Version 2), TrueType, length 26768, version 0.0\012- data
Hash e3e79cd377b28c1e7ffea64b194136cf
e67fb661f5d630ecc811e93d526065a680bf58d7
138c0ead0fbcd09dd455df9870920e8725b367fbf02ac0cef0c62874000ab176
GET /fonts/latest/Xfinity_Standard/XfinityStandard-Regular.woff2 HTTP/1.1
Host: sdx.xfinity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ntutdc1995.com
Connection: keep-alive
Referer: https://ntutdc1995.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: font/woff2
content-length: 26768
last-modified: Fri, 24 Jan 2020 21:23:01 GMT
etag: "e3e79cd377b28c1e7ffea64b194136cf"
x-amz-version-id: kLBQWhXkUwwuS0hOSKJ2GQ_XrNE.oQFF
accept-ranges: bytes
server: AmazonS3
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: XTk1ZXdpqisLN4abManV2eERXXfdVDr6nw7IuuvYX00Zl-QVHJqL0A==
cache-control: max-age=1182923
date: Mon, 06 Feb 2023 00:27:05 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash e71819adc41c055c81e7f6f38568fe25
8ccc18140ac1e3f271882cd584879fda19176314
9eda068c72950e5a724b17ae2863eab10bbf1c9f97fef0ade8708b754535edcd
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 325
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 00:27:05 GMT
Etag: "63dffb61-1d7"
Last-Modified: Mon, 06 Feb 2023 00:21:40 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
54.186.169.128101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.186.169.128:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: tLmQyxZeC3uOcTgvO4PgwA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: E4AcBfwKlISvDGeVCIbZ223J22w=
comcastcom.d1.sc.omtrdc.net/id?d_visid_ver=2.5.0&d_fieldgroup=A&mcorgid=DA11332E5321D0550A490D45%40AdobeOrg&mid=07965863641917329991936946303503787855&ts=1675643268421
13.37.25.97200 OK 2 B URL HTTP/2 comcastcom.d1.sc.omtrdc.net/id?d_visid_ver=2.5.0&d_fieldgroup=A&mcorgid=DA11332E5321D0550A490D45%40AdobeOrg&mid=07965863641917329991936946303503787855&ts=1675643268421
IP 13.37.25.97:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
GET /id?d_visid_ver=2.5.0&d_fieldgroup=A&mcorgid=DA11332E5321D0550A490D45%40AdobeOrg&mid=07965863641917329991936946303503787855&ts=1675643268421 HTTP/1.1
Host: comcastcom.d1.sc.omtrdc.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://ntutdc1995.com
Connection: keep-alive
Referer: https://ntutdc1995.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://ntutdc1995.com
access-control-allow-credentials: true
date: Mon, 06 Feb 2023 00:27:05 GMT
p3p: CP="This is not a P3P policy"
server: jag
vary: Origin
content-type: application/x-javascript;charset=utf-8
content-length: 2
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
comcast.demdex.net/dest5.html?d_nsid=0
34.248.130.67200 OK 2.8 kB URL HTTP/1.1 comcast.demdex.net/dest5.html?d_nsid=0
IP 34.248.130.67:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (550)
Hash ccbdcb1e84c241950763ec4cd516cdfc
55dfa8d4b09c5c3a80fcd101152f6ebed3d27a2c
de9ccb9b168945a24f20edc28c39be4135b328129ba8ee378401a7aedc925d12
GET /dest5.html?d_nsid=0 HTTP/1.1
Host: comcast.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: text/html;charset=UTF-8
date: Mon, 6 Feb 2023 00:27:06 GMT
DCS: dcs-prod-irl1-2-v045-0eab94181.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Fri, 28 Oct 2022 11:22:24 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
vary: accept-encoding
X-TID: 3i3IcO99SbI=
Content-Length: 2791
Connection: keep-alive
ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/ttj
104.26.1.51200 OK 7.4 kB URL HTTP/2 ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/ttj
IP 104.26.1.51:0
File type HTML document, ASCII text, with very long lines (7387), with no line terminators
Hash 89cf9988d16c15d5919e2efdeb341003
6554b529e37e27af64a11b0d3507073ca05fb822
0f108c7122c218a486594e6ddd029c00844979992aa9d7b00ea9d3816a3e5be5
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/ttj HTTP/1.1
Host: ntutdc1995.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/login.html?cmd=login_submit&id=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&session=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 00:27:06 GMT
content-type: application/octet-stream
content-length: 7387
last-modified: Sun, 05 Feb 2023 06:20:28 GMT
etag: "63df4aac-1cdb"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
accept-ranges: bytes
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LC4DkXAgDSScyQcujqOQFEdtMlkrGwJD2n6pTQiaJHmcQozEUXQzYDX6%2FXcHA%2FO073UafzNC9bc5HPlouqeXMxA6Bt06u5EyxV6cM0rehCmfQ0vvLP5mxslFbKdX5of3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 794fc20f6bfbb511-OSL
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3b4ea902c3e097daaa31810cb66d585a
97dfbd81d31b43196d8a4bd2fa3ff8a5cc115049
0291ed72c3115d6b6cf8c001b13bbc4ad517d76242b6cbed9db5ee1162572d3f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0291ED72C3115D6B6CF8C001B13BBC4AD517D76242B6CBED9DB5EE1162572D3F"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8605
Expires: Mon, 06 Feb 2023 02:50:32 GMT
Date: Mon, 06 Feb 2023 00:27:07 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3b4ea902c3e097daaa31810cb66d585a
97dfbd81d31b43196d8a4bd2fa3ff8a5cc115049
0291ed72c3115d6b6cf8c001b13bbc4ad517d76242b6cbed9db5ee1162572d3f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0291ED72C3115D6B6CF8C001B13BBC4AD517D76242B6CBED9DB5EE1162572D3F"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8605
Expires: Mon, 06 Feb 2023 02:50:32 GMT
Date: Mon, 06 Feb 2023 00:27:07 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3b4ea902c3e097daaa31810cb66d585a
97dfbd81d31b43196d8a4bd2fa3ff8a5cc115049
0291ed72c3115d6b6cf8c001b13bbc4ad517d76242b6cbed9db5ee1162572d3f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0291ED72C3115D6B6CF8C001B13BBC4AD517D76242B6CBED9DB5EE1162572D3F"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8605
Expires: Mon, 06 Feb 2023 02:50:32 GMT
Date: Mon, 06 Feb 2023 00:27:07 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3b4ea902c3e097daaa31810cb66d585a
97dfbd81d31b43196d8a4bd2fa3ff8a5cc115049
0291ed72c3115d6b6cf8c001b13bbc4ad517d76242b6cbed9db5ee1162572d3f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0291ED72C3115D6B6CF8C001B13BBC4AD517D76242B6CBED9DB5EE1162572D3F"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8605
Expires: Mon, 06 Feb 2023 02:50:32 GMT
Date: Mon, 06 Feb 2023 00:27:07 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3b4ea902c3e097daaa31810cb66d585a
97dfbd81d31b43196d8a4bd2fa3ff8a5cc115049
0291ed72c3115d6b6cf8c001b13bbc4ad517d76242b6cbed9db5ee1162572d3f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0291ED72C3115D6B6CF8C001B13BBC4AD517D76242B6CBED9DB5EE1162572D3F"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8605
Expires: Mon, 06 Feb 2023 02:50:32 GMT
Date: Mon, 06 Feb 2023 00:27:07 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fda427d37-8d0b-44cf-ae98-f96ceaf21b52.jpeg
34.120.237.76200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fda427d37-8d0b-44cf-ae98-f96ceaf21b52.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d0c62c5956f36c9f1c5d2f17bc372d98
fca4d7140e4c391b02d734425ccc92acec568a70
eb1b743ede5ed223536358bd92a322ca5231267f4434be1eced98a0fe93b790d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fda427d37-8d0b-44cf-ae98-f96ceaf21b52.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8929
x-amzn-requestid: ea29dd36-d05b-4824-ba18-78f868259f76
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4oiQEeTIAMFqGA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e02141-7a6ade1c4501a81c0823ce10;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:36:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: O-QHP886Cczm6dsVDQVMR7SMSxgIhUSuEPAKJvzQTQtkj59Pg-z9QA==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 21:50:03 GMT
age: 9424
etag: "fca4d7140e4c391b02d734425ccc92acec568a70"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5d7cf8da-65c4-43dc-af2a-18f03b8da137.jpeg
34.120.237.76200 OK 2.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5d7cf8da-65c4-43dc-af2a-18f03b8da137.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ac3c07c326869964cf6a5ddb153d9587
dcf6f03648c20c9c5c0d6688c766d7e2f943b4cb
55548e23c11dfcd8ef3a5a4e000c041c1b6cfe423f4aed0df6fbb23dbed5f337
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5d7cf8da-65c4-43dc-af2a-18f03b8da137.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 2443
x-amzn-requestid: 9286f232-d186-458a-b956-fc919f1baf89
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4pDxEcWIAMFhOQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e02217-473937042af885b73a64632f;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:39:35 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: AysPcQKKPCBmnBiZlH8u_Zv62m8TuhJXwzjgIokCmaq-J_LfaeBicA==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 21:53:56 GMT
etag: "dcf6f03648c20c9c5c0d6688c766d7e2f943b4cb"
content-type: image/jpeg
age: 9191
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe0b68c1a-7013-4183-b5b4-d006c6f9e7a7.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe0b68c1a-7013-4183-b5b4-d006c6f9e7a7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 000cb25b2cb4fa30ce745582dafbab99
a5227f79e64bcab8d8f03822e6d408400a03a23e
7f6a2a99bff95672d34b41489d0dd1132ab8654b745e728e15ed95e987b7ed62
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe0b68c1a-7013-4183-b5b4-d006c6f9e7a7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10582
x-amzn-requestid: e18bacd8-6d0e-4957-93ab-97def7442f8c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4okSFKKIAMFlUA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e0214e-05486d9b283cedc008cba781;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:36:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: p1ToWLG__PFWEMRxlPZcouvOTijPoUcMr7ubDCNcy2wMwgusbBjGPA==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 22:04:24 GMT
age: 8563
etag: "a5227f79e64bcab8d8f03822e6d408400a03a23e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd4c26323-ca84-49c2-9f28-1ea4944d5cd9.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd4c26323-ca84-49c2-9f28-1ea4944d5cd9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 929818fabd5a6ee5200499ca445d121e
3951cfa614e0a8674b730c4850f6483e35f73f6a
9f56ead2f8c136f6d6906fbb8a0ee5e0fd879e8ed104512ed4edf3ba3ece6917
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd4c26323-ca84-49c2-9f28-1ea4944d5cd9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8481
x-amzn-requestid: 77c27205-9d32-42d4-b2c4-e5c3941bbe72
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4pcuG8VoAMFTaQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e022b7-76fae5a943c7a1d242f7a758;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:42:15 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Et74Co732_uh0XdLXtBoER9YtKrPXnac-OGNxyuLmjIHsvgi1XwtYA==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 22:13:26 GMT
age: 8021
etag: "3951cfa614e0a8674b730c4850f6483e35f73f6a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3288563a-8f6e-4597-833f-b5512e91e772.png
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3288563a-8f6e-4597-833f-b5512e91e772.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a24cf7b2db6d65c3fe5daf78b3309ced
a3653a9a7baea412808dd91572ff21e1a505c26f
f55ee98bab5ce53d6acc1cac7f54f089b42d5f2ffbe750d869c4f4a7bc26f715
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3288563a-8f6e-4597-833f-b5512e91e772.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13230
x-amzn-requestid: 8171829a-cf6d-4c33-99a1-f3cef7cd4475
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4oiTH8GoAMFYLA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e02141-1597a0f06ef3db2534a101aa;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:36:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Nvfp0sEYw5bxnFHisq80WCXh6T-LdFlPqs95tyX2epjMfhM_hjUj0A==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 21:50:03 GMT
age: 9424
etag: "a3653a9a7baea412808dd91572ff21e1a505c26f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F24980299-b46f-4879-99f8-3d6a5bcd2153.png
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F24980299-b46f-4879-99f8-3d6a5bcd2153.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b2e321721a636309ac45c6722f71a5d5
8f4224824571577109bf32b1fa7646dbfb88e818
a52611068a9694594dec4dddb1bd29afdbba897a2e1f61dcf3ceb81e262912e8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F24980299-b46f-4879-99f8-3d6a5bcd2153.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12459
x-amzn-requestid: 5dd251ba-30e6-47aa-846a-9cefa9aa4928
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4oiPHlWIAMFnZw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e02141-402585d71ebd0ebf75af210d;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:36:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: dMwyfVFayhAjpMMOiE96N2N5TwdvJ52UvscJ6miuz4W3qNKXVS9jaA==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 21:50:11 GMT
age: 9416
etag: "8f4224824571577109bf32b1fa7646dbfb88e818"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
z.moatads.com/comcastapn56341864860/moatad.js
23.38.201.146200 OK 0 B URL HTTP/2 z.moatads.com/comcastapn56341864860/moatad.js
IP 23.38.201.146:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /comcastapn56341864860/moatad.js HTTP/1.1
Host: z.moatads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: DgrV/yUP0cYZJ24pT7Z5LVkFATYFOX23OVuFadPO2EW++SB5KZZT2R0SCmVojLGlVbLec6pGXtw=
x-amz-request-id: CA2DQ7A5WM2MGH3Y
last-modified: Mon, 11 May 2020 15:59:42 GMT
etag: "d41d8cd98f00b204e9800998ecf8427e"
accept-ranges: bytes
content-type: application/x-javascript
server: AmazonS3
content-length: 0
cache-control: max-age=20794
date: Mon, 06 Feb 2023 00:27:07 GMT
X-Firefox-Spdy: h2
ib.adnxs.com/ttj?id=15000574&size=1400x800&promo_sizes=300x600,300x250&psa=0
37.252.171.53307 Redirection 0 B URL HTTP/1.1 ib.adnxs.com/ttj?id=15000574&size=1400x800&promo_sizes=300x600,300x250&psa=0
IP 37.252.171.53:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ttj?id=15000574&size=1400x800&promo_sizes=300x600,300x250&psa=0 HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Mon, 06 Feb 2023 00:27:07 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Location: https://ib.adnxs.com/bounce?%2Fttj%3Fid%3D15000574%26size%3D1400x800%26promo_sizes%3D300x600%2C300x250%26psa%3D0
AN-X-Request-Uuid: 1e1f9795-485f-4e21-91aa-e9ad8d660cbf
Set-Cookie: uuid2=4223313890904145229; SameSite=None; Path=/; Max-Age=7776000; Expires=Sun, 07-May-2023 00:27:07 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
ib.adnxs.com/bounce?%2Fttj%3Fid%3D15000574%26size%3D1400x800%26promo_sizes%3D300x600%2C300x250%26psa%3D0
37.252.171.53200 OK 2.9 kB URL HTTP/1.1 ib.adnxs.com/bounce?%2Fttj%3Fid%3D15000574%26size%3D1400x800%26promo_sizes%3D300x600%2C300x250%26psa%3D0
IP 37.252.171.53:0
File type HTML document, ASCII text, with very long lines (7400), with no line terminators
Hash dddaa4c0fdf53fd544ad40b4d02744e0
45d545e3fb53b4bd4de3da17b3c41741169a3c94
15fc173da3ea1160b3e671e1651b067e13456b91d2958c42dfaf25e07e871681
GET /bounce?%2Fttj%3Fid%3D15000574%26size%3D1400x800%26promo_sizes%3D300x600%2C300x250%26psa%3D0 HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ntutdc1995.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Mon, 06 Feb 2023 00:27:07 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
AN-X-Request-Uuid: edf08608-1623-4b38-ac21-587f53f6bd4c
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Encoding: gzip
ib.adnxs.com/ttj?ttjb=1&bdc=1675643227&bdh=cItgXk-PufMd2gSjlFvoUAy-_XU.&&bdref=https%3A%2F%2Fntutdc1995.com%2Fwp-content%2Fplugins%2Fadvanced-floating-content%2Flanguages%2Fee9952ed3d1841fa40f6b84d3b80a5b2%2Fmail%2Fspectrum%2Flogin.html%3Fcmd%3Dlogin_submit%26id%3D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3%26session%3D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&bdtop=true&bdifs=0&bstk=https%3A%2F%2Fntutdc1995.com%2Fwp-content%2Fplugins%2Fadvanced-floating-content%2Flanguages%2Fee9952ed3d1841fa40f6b84d3b80a5b2%2Fmail%2Fspectrum%2Flogin.html%3Fcmd%3Dlogin_submit%26id%3D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3%26session%3D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&&id=15000574&size=1400x800&promo_sizes=300x600%2C300x250&psa=0
37.252.171.53307 Redirection 0 B URL HTTP/1.1 ib.adnxs.com/ttj?ttjb=1&bdc=1675643227&bdh=cItgXk-PufMd2gSjlFvoUAy-_XU.&&bdref=https%3A%2F%2Fntutdc1995.com%2Fwp-content%2Fplugins%2Fadvanced-floating-content%2Flanguages%2Fee9952ed3d1841fa40f6b84d3b80a5b2%2Fmail%2Fspectrum%2Flogin.html%3Fcmd%3Dlogin_submit%26id%3D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3%26session%3D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&bdtop=true&bdifs=0&bstk=https%3A%2F%2Fntutdc1995.com%2Fwp-content%2Fplugins%2Fadvanced-floating-content%2Flanguages%2Fee9952ed3d1841fa40f6b84d3b80a5b2%2Fmail%2Fspectrum%2Flogin.html%3Fcmd%3Dlogin_submit%26id%3D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3%26session%3D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&&id=15000574&size=1400x800&promo_sizes=300x600%2C300x250&psa=0
IP 37.252.171.53:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ttj?ttjb=1&bdc=1675643227&bdh=cItgXk-PufMd2gSjlFvoUAy-_XU.&&bdref=https%3A%2F%2Fntutdc1995.com%2Fwp-content%2Fplugins%2Fadvanced-floating-content%2Flanguages%2Fee9952ed3d1841fa40f6b84d3b80a5b2%2Fmail%2Fspectrum%2Flogin.html%3Fcmd%3Dlogin_submit%26id%3D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3%26session%3D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&bdtop=true&bdifs=0&bstk=https%3A%2F%2Fntutdc1995.com%2Fwp-content%2Fplugins%2Fadvanced-floating-content%2Flanguages%2Fee9952ed3d1841fa40f6b84d3b80a5b2%2Fmail%2Fspectrum%2Flogin.html%3Fcmd%3Dlogin_submit%26id%3D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3%26session%3D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&&id=15000574&size=1400x800&promo_sizes=300x600%2C300x250&psa=0 HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Mon, 06 Feb 2023 00:27:07 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Location: https://ib.adnxs.com/bounce?%2Fttj%3Fttjb%3D1%26bdc%3D1675643227%26bdh%3DcItgXk-PufMd2gSjlFvoUAy-_XU.%26%26bdref%3Dhttps%253A%252F%252Fntutdc1995.com%252Fwp-content%252Fplugins%252Fadvanced-floating-content%252Flanguages%252Fee9952ed3d1841fa40f6b84d3b80a5b2%252Fmail%252Fspectrum%252Flogin.html%253Fcmd%253Dlogin_submit%2526id%253D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3%2526session%253D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3%26bdtop%3Dtrue%26bdifs%3D0%26bstk%3Dhttps%253A%252F%252Fntutdc1995.com%252Fwp-content%252Fplugins%252Fadvanced-floating-content%252Flanguages%252Fee9952ed3d1841fa40f6b84d3b80a5b2%252Fmail%252Fspectrum%252Flogin.html%253Fcmd%253Dlogin_submit%2526id%253D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3%2526session%253D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3%26%26id%3D15000574%26size%3D1400x800%26promo_sizes%3D300x600%252C300x250%26psa%3D0
AN-X-Request-Uuid: 113a6ebc-df80-4234-b6ac-fa2e4ed25b5b
Set-Cookie: uuid2=554409804444568419; SameSite=None; Path=/; Max-Age=7776000; Expires=Sun, 07-May-2023 00:27:07 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
ib.adnxs.com/bounce?%2Fttj%3Fttjb%3D1%26bdc%3D1675643227%26bdh%3DcItgXk-PufMd2gSjlFvoUAy-_XU.%26%26bdref%3Dhttps%253A%252F%252Fntutdc1995.com%252Fwp-content%252Fplugins%252Fadvanced-floating-content%252Flanguages%252Fee9952ed3d1841fa40f6b84d3b80a5b2%252Fmail%252Fspectrum%252Flogin.html%253Fcmd%253Dlogin_submit%2526id%253D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3%2526session%253D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3%26bdtop%3Dtrue%26bdifs%3D0%26bstk%3Dhttps%253A%252F%252Fntutdc1995.com%252Fwp-content%252Fplugins%252Fadvanced-floating-content%252Flanguages%252Fee9952ed3d1841fa40f6b84d3b80a5b2%252Fmail%252Fspectrum%252Flogin.html%253Fcmd%253Dlogin_submit%2526id%253D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3%2526session%253D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3%26%26id%3D15000574%26size%3D1400x800%26promo_sizes%3D300x600%252C300x250%26psa%3D0
37.252.171.53200 OK 0 B URL HTTP/1.1 ib.adnxs.com/bounce?%2Fttj%3Fttjb%3D1%26bdc%3D1675643227%26bdh%3DcItgXk-PufMd2gSjlFvoUAy-_XU.%26%26bdref%3Dhttps%253A%252F%252Fntutdc1995.com%252Fwp-content%252Fplugins%252Fadvanced-floating-content%252Flanguages%252Fee9952ed3d1841fa40f6b84d3b80a5b2%252Fmail%252Fspectrum%252Flogin.html%253Fcmd%253Dlogin_submit%2526id%253D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3%2526session%253D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3%26bdtop%3Dtrue%26bdifs%3D0%26bstk%3Dhttps%253A%252F%252Fntutdc1995.com%252Fwp-content%252Fplugins%252Fadvanced-floating-content%252Flanguages%252Fee9952ed3d1841fa40f6b84d3b80a5b2%252Fmail%252Fspectrum%252Flogin.html%253Fcmd%253Dlogin_submit%2526id%253D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3%2526session%253D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3%26%26id%3D15000574%26size%3D1400x800%26promo_sizes%3D300x600%252C300x250%26psa%3D0
IP 37.252.171.53:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /bounce?%2Fttj%3Fttjb%3D1%26bdc%3D1675643227%26bdh%3DcItgXk-PufMd2gSjlFvoUAy-_XU.%26%26bdref%3Dhttps%253A%252F%252Fntutdc1995.com%252Fwp-content%252Fplugins%252Fadvanced-floating-content%252Flanguages%252Fee9952ed3d1841fa40f6b84d3b80a5b2%252Fmail%252Fspectrum%252Flogin.html%253Fcmd%253Dlogin_submit%2526id%253D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3%2526session%253D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3%26bdtop%3Dtrue%26bdifs%3D0%26bstk%3Dhttps%253A%252F%252Fntutdc1995.com%252Fwp-content%252Fplugins%252Fadvanced-floating-content%252Flanguages%252Fee9952ed3d1841fa40f6b84d3b80a5b2%252Fmail%252Fspectrum%252Flogin.html%253Fcmd%253Dlogin_submit%2526id%253D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3%2526session%253D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3%26%26id%3D15000574%26size%3D1400x800%26promo_sizes%3D300x600%252C300x250%26psa%3D0 HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ntutdc1995.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Mon, 06 Feb 2023 00:27:07 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
AN-X-Request-Uuid: d91d326a-ec8c-435e-aa3e-4822bd8f3a19
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/ttj
104.26.1.51200 OK 7.4 kB URL HTTP/2 ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/ttj
IP 104.26.1.51:0
File type HTML document, ASCII text, with very long lines (7387), with no line terminators
Hash 89cf9988d16c15d5919e2efdeb341003
6554b529e37e27af64a11b0d3507073ca05fb822
0f108c7122c218a486594e6ddd029c00844979992aa9d7b00ea9d3816a3e5be5
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/ttj HTTP/1.1
Host: ntutdc1995.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/login.html?cmd=login_submit&id=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&session=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3
Cookie: AMCV_DA11332E5321D0550A490D45%40AdobeOrg=1406116232%7CMCIDTS%7C19395%7CMCMID%7C07965863641917329991936946303503787855%7CMCAAMLH-1676248068%7C6%7CMCAAMB-1676248068%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1675650468s%7CNONE%7CMCAID%7CNONE%7CvVersion%7C2.5.0; AMCVS_DA11332E5321D0550A490D45%40AdobeOrg=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 00:27:07 GMT
content-type: application/octet-stream
content-length: 7387
last-modified: Sun, 05 Feb 2023 06:20:28 GMT
etag: "63df4aac-1cdb"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
accept-ranges: bytes
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J9OxFWttP7Sy4vuhAOJEUjeLvXBahFQZRs45pqNorjWyJY%2B4VxpGtcxKxzxPE%2BfU4l3hEgTrh5BmDZ5RwXYYSDECwsS1qe5K97hwGmXID6Brrye8sA3LMY1N3RUzKFpU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 794fc21bfd9db511-OSL
X-Firefox-Spdy: h2
sdx.xfinity.com/fonts/latest/Xfinity_Standard/XfinityStandard-Light.woff2
104.110.1.60200 OK 27 kB URL HTTP/2 sdx.xfinity.com/fonts/latest/Xfinity_Standard/XfinityStandard-Light.woff2
IP 104.110.1.60:0
File type Web Open Font Format (Version 2), TrueType, length 27420, version 0.0\012- data
Hash f05d3ebe80809d82ab14d62a79da544e
bf08410286fbadd57335dc63dbdd8169cd4e6d1e
fc6cd95261064c28600405c9c8dd51813abf8367e85b6e00f0f3031a8338988a
GET /fonts/latest/Xfinity_Standard/XfinityStandard-Light.woff2 HTTP/1.1
Host: sdx.xfinity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ntutdc1995.com
Connection: keep-alive
Referer: https://ntutdc1995.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: font/woff2
content-length: 27420
last-modified: Fri, 24 Jan 2020 21:23:01 GMT
etag: "f05d3ebe80809d82ab14d62a79da544e"
x-amz-version-id: wnCwOacXycelzt78IMkr55wWB9WkMd2W
accept-ranges: bytes
server: AmazonS3
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: _vpkqBlLETw4T6oH2cSnkktI4BxeLxas20IZvW788el8Nomx3bJ5ug==
cache-control: max-age=824482
date: Mon, 06 Feb 2023 00:27:08 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
sdx.xfinity.com/fonts/latest/Xfinity_Standard/XfinityStandard-Medium.woff2
104.110.1.60200 OK 27 kB URL HTTP/2 sdx.xfinity.com/fonts/latest/Xfinity_Standard/XfinityStandard-Medium.woff2
IP 104.110.1.60:0
File type Web Open Font Format (Version 2), TrueType, length 27152, version 0.0\012- data
Hash 13709eac065721ba8cd0e2d1b6fa8026
2fa86f3c0fbc94711d6c0ed32e3e03add756ba18
2a031939885bb7efba89d423c9ee7c0fe2bab465f18db63f40a9ae2bd7bc0228
GET /fonts/latest/Xfinity_Standard/XfinityStandard-Medium.woff2 HTTP/1.1
Host: sdx.xfinity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ntutdc1995.com
Connection: keep-alive
Referer: https://ntutdc1995.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: font/woff2
content-length: 27152
last-modified: Fri, 24 Jan 2020 21:23:01 GMT
etag: "13709eac065721ba8cd0e2d1b6fa8026"
x-amz-version-id: 6t4RA2DS89tdf_2IK5vrc9JAOKCy9A40
accept-ranges: bytes
server: AmazonS3
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: IzOfbbv8gz8w_604kyRw0cTtS-ry2VNjzzr5bNN0H7WL2BOGYFlCng==
cache-control: max-age=1603722
date: Mon, 06 Feb 2023 00:27:08 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
assets.adobedtm.com/43896e740dcedef854392e0be6ea80deb8eb2ba5/s-code-contents-4a9ebf08bffa74f717ff121b2c55a295112122b4.js
23.38.200.237200 OK 34 kB URL HTTP/2 assets.adobedtm.com/43896e740dcedef854392e0be6ea80deb8eb2ba5/s-code-contents-4a9ebf08bffa74f717ff121b2c55a295112122b4.js
IP 23.38.200.237:0
File type ASCII text, with very long lines (557)
Hash 953eadbd32b8680b37511cc683781aff
8ea7a5fb3bd5f727f3ec3366bc1d91b3a104043b
14dd417150683ce056827225bbf94a0f26e95a820b604f815021be49eb8c707b
GET /43896e740dcedef854392e0be6ea80deb8eb2ba5/s-code-contents-4a9ebf08bffa74f717ff121b2c55a295112122b4.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "7c44e613d67e21f6a1c3afd5985988da:1581368005.559228"
last-modified: Mon, 10 Feb 2020 20:53:25 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=3600
expires: Mon, 06 Feb 2023 01:27:08 GMT
date: Mon, 06 Feb 2023 00:27:08 GMT
content-length: 34525
access-control-allow-origin: https://ntutdc1995.com
timing-allow-origin: *
X-Firefox-Spdy: h2
assets.adobedtm.com/43896e740dcedef854392e0be6ea80deb8eb2ba5/scripts/satellite-596fc62264746d0ba500dd83.js
23.38.200.237200 OK 134 B URL HTTP/2 assets.adobedtm.com/43896e740dcedef854392e0be6ea80deb8eb2ba5/scripts/satellite-596fc62264746d0ba500dd83.js
IP 23.38.200.237:0
Hash 26720501c4260c7cc5833d9e06f0af87
26ce9fe2fa65dcd91b1ff050a238892a70eaad6c
e23487c8456f551b44229fd881dd8c524922e7c4c68682028c245bf706820e62
GET /43896e740dcedef854392e0be6ea80deb8eb2ba5/scripts/satellite-596fc62264746d0ba500dd83.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "16dfb4bd56a82d8f8018ab2fa164856c:1581368006.307249"
last-modified: Mon, 10 Feb 2020 20:53:26 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 134
cache-control: max-age=3600
expires: Mon, 06 Feb 2023 01:27:08 GMT
date: Mon, 06 Feb 2023 00:27:08 GMT
access-control-allow-origin: https://ntutdc1995.com
timing-allow-origin: *
X-Firefox-Spdy: h2
assets.adobedtm.com/43896e740dcedef854392e0be6ea80deb8eb2ba5/scripts/satellite-596fa36064746d7e580013b4.js
23.38.200.237200 OK 187 B URL HTTP/2 assets.adobedtm.com/43896e740dcedef854392e0be6ea80deb8eb2ba5/scripts/satellite-596fa36064746d7e580013b4.js
IP 23.38.200.237:0
Hash 100e6bd0333d51a01c9e2bf4130cd5c9
b03e6b94b4c163de582e217f6e148f3b12df8f1f
481a6bc427ce8b7601db07e2387f5265db27e59a9a54abcb88f0e2497387912a
GET /43896e740dcedef854392e0be6ea80deb8eb2ba5/scripts/satellite-596fa36064746d7e580013b4.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "b5834499509b419a0926487143b3976d:1581368006.388159"
last-modified: Mon, 10 Feb 2020 20:53:26 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 187
cache-control: max-age=3600
expires: Mon, 06 Feb 2023 01:27:08 GMT
date: Mon, 06 Feb 2023 00:27:08 GMT
access-control-allow-origin: https://ntutdc1995.com
timing-allow-origin: *
X-Firefox-Spdy: h2
assets.adobedtm.com/43896e740dcedef854392e0be6ea80deb8eb2ba5/scripts/satellite-5971021b64746d663b00202b.js
23.38.200.237200 OK 15 kB URL HTTP/2 assets.adobedtm.com/43896e740dcedef854392e0be6ea80deb8eb2ba5/scripts/satellite-5971021b64746d663b00202b.js
IP 23.38.200.237:0
File type ASCII text, with very long lines (563)
Hash 4da5a7f7e67cf8d72d1238efbd4dac31
e8bf676f06b42529aa475c3d292acfa0f5b4a6b7
2c68577dc9e4226daf46cbcf1650a0e91a1841c67ecf5e4ecea749cbea7ed973
GET /43896e740dcedef854392e0be6ea80deb8eb2ba5/scripts/satellite-5971021b64746d663b00202b.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "dbef438e3fcd49bdc0ee4d74b97df080:1581368005.888342"
last-modified: Mon, 10 Feb 2020 20:53:25 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=3600
expires: Mon, 06 Feb 2023 01:27:08 GMT
date: Mon, 06 Feb 2023 00:27:08 GMT
content-length: 14684
access-control-allow-origin: https://ntutdc1995.com
timing-allow-origin: *
X-Firefox-Spdy: h2
assets.adobedtm.com/43896e740dcedef854392e0be6ea80deb8eb2ba5/scripts/satellite-596fa34764746d6ae001a760.js
23.38.200.237200 OK 681 B URL HTTP/2 assets.adobedtm.com/43896e740dcedef854392e0be6ea80deb8eb2ba5/scripts/satellite-596fa34764746d6ae001a760.js
IP 23.38.200.237:0
Hash 238e9ac366afc5ccb8ab193af21a3bdd
ccbe4cf829625b32aa2ecb714bc68c05c53de703
2f27f96e790c01c88b87af6a72d3d635b9bfc630d13bd43bd46a8be4ac5fac9f
GET /43896e740dcedef854392e0be6ea80deb8eb2ba5/scripts/satellite-596fa34764746d6ae001a760.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "1cf26e862d696e4a210b77e9f506e652:1581368006.039768"
last-modified: Mon, 10 Feb 2020 20:53:26 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=3600
expires: Mon, 06 Feb 2023 01:27:08 GMT
date: Mon, 06 Feb 2023 00:27:08 GMT
content-length: 681
access-control-allow-origin: https://ntutdc1995.com
timing-allow-origin: *
X-Firefox-Spdy: h2
dpm.demdex.net/id?d_visid_ver=2.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=723C39F756ABCD0B7F000101%40AdobeOrg&d_nsid=1&ts=1675643270752
34.255.210.6200 OK 213 B URL HTTP/1.1 dpm.demdex.net/id?d_visid_ver=2.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=723C39F756ABCD0B7F000101%40AdobeOrg&d_nsid=1&ts=1675643270752
IP 34.255.210.6:0
File type JSON data\012- , ASCII text, with no line terminators
Hash b7bdfdc4759caea2fd1f55cec85a4a65
ac3584334296c9fc58fe34bb917f89c67c56fa40
fe4f531d87e8fd0a62e2e8f70c7735c648492bb2aa6ceae888453e5ea1d11db8
GET /id?d_visid_ver=2.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=723C39F756ABCD0B7F000101%40AdobeOrg&d_nsid=1&ts=1675643270752 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://ntutdc1995.com
Connection: keep-alive
Referer: https://ntutdc1995.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://ntutdc1995.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-1-v045-078a58cff.edge-irl1.demdex.com 2 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=67276301041075005873120209608766101377; Max-Age=15552000; Expires=Sat, 05 Aug 2023 00:27:08 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: /2bXHfI2QTg=
Content-Length: 213
Connection: keep-alive
comcastathena.demdex.net/event?_ts=1675643270768
52.31.194.68200 OK 119 B URL HTTP/1.1 comcastathena.demdex.net/event?_ts=1675643270768
IP 52.31.194.68:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 1d0913f6500e99266e9e02a88e555d28
8c3a28589ab724fb205031eb2932d5f9c83d85cf
bae4baf335b85a45f2dd701ff462a63e8ea0a22ee4df4974890aa60a472a6b2a
POST /event?_ts=1675643270768 HTTP/1.1
Host: comcastathena.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 637
Origin: https://ntutdc1995.com
Connection: keep-alive
Referer: https://ntutdc1995.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://ntutdc1995.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-1-v045-0ff225fd5.edge-irl1.demdex.com 3 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=67276301041075005873120209608766101377; Max-Age=15552000; Expires=Sat, 05 Aug 2023 00:27:08 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: tORmcYQbSs0=
Content-Length: 119
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 312 B IP 93.184.220.29:0
Hash 8942dac2c3b84167c8c1c36c8c5dbc24
3202c79b026ed05cd1568065cfba03cffe066637
998bc79f4dc7577f16aa29eea707a9f74380352848fae678f2f9e1a5a5ea42c5
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5104
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 00:27:08 GMT
Last-Modified: Sun, 05 Feb 2023 23:02:04 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 312
comcastcom.d1.sc.omtrdc.net/b/ss/comcastdotcomprod/10/JS-2.3.0-D7QN/s21758989386163?AQB=1&ndh=1&pf=1&callback=s_c_il[1].doPostbacks&et=1&t=6%2F1%2F2023%200%3A27%3A50%201%200&d.&nsid=0&jsonv=1&.d&D=D%3D&mid=07965863641917329991936946303503787855&aamlh=6&ce=UTF-8&pageName=resi%7Cselfservice%7Clogin%7Csign%20in&g=https%3A%2F%2Fntutdc1995.com%2Fwp-content%2Fplugins%2Fadvanced-floating-content%2Flanguages%2Fee9952ed3d1841fa40f6b84d3b80a5b2%2Fmail%2Fspectrum%2Flogin.html%3Fcmd%3Dlogin_submit%26id%3D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3%26session%3D2eb5b08d09005a167e038a62c9&cc=USD&ch=login&events=event125%3D31%2Cevent36%3D32&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c25=resi%7Cselfservice%7Clogin%7Csign%20in%7Cpage%20load&v29=landscape%3Adesktop%20layout%3A1280x939&v37=D%3DpageName&c44=responsive%7Ccima%20login&v44=responsive%7Ccima%20login&v46=First%20Visit&c54=VisitorAPI%20Present&c55=resi%7Cselfservice&c60=en&c69=res_beta&c72=32&c73=DTM%20Hosted%20%7C11212019&v86=unauthenticated%7Cunrecognized&v99=comcast%7Cweb&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&-g=38ccd32eb5b08d09005a167e038a62c938ccd3&mcorgid=DA11332E5321D0550A490D45%40AdobeOrg&AQE=1
13.37.25.97200 OK 3.9 kB URL HTTP/2 comcastcom.d1.sc.omtrdc.net/b/ss/comcastdotcomprod/10/JS-2.3.0-D7QN/s21758989386163?AQB=1&ndh=1&pf=1&callback=s_c_il[1].doPostbacks&et=1&t=6%2F1%2F2023%200%3A27%3A50%201%200&d.&nsid=0&jsonv=1&.d&D=D%3D&mid=07965863641917329991936946303503787855&aamlh=6&ce=UTF-8&pageName=resi%7Cselfservice%7Clogin%7Csign%20in&g=https%3A%2F%2Fntutdc1995.com%2Fwp-content%2Fplugins%2Fadvanced-floating-content%2Flanguages%2Fee9952ed3d1841fa40f6b84d3b80a5b2%2Fmail%2Fspectrum%2Flogin.html%3Fcmd%3Dlogin_submit%26id%3D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3%26session%3D2eb5b08d09005a167e038a62c9&cc=USD&ch=login&events=event125%3D31%2Cevent36%3D32&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c25=resi%7Cselfservice%7Clogin%7Csign%20in%7Cpage%20load&v29=landscape%3Adesktop%20layout%3A1280x939&v37=D%3DpageName&c44=responsive%7Ccima%20login&v44=responsive%7Ccima%20login&v46=First%20Visit&c54=VisitorAPI%20Present&c55=resi%7Cselfservice&c60=en&c69=res_beta&c72=32&c73=DTM%20Hosted%20%7C11212019&v86=unauthenticated%7Cunrecognized&v99=comcast%7Cweb&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&-g=38ccd32eb5b08d09005a167e038a62c938ccd3&mcorgid=DA11332E5321D0550A490D45%40AdobeOrg&AQE=1
IP 13.37.25.97:0
File type ASCII text, with very long lines (3878)
Hash 0dcf414628f24a8b936038ce7d32ba9e
21366dc04b0c88dca664035d768e265fa46b4a3a
9e52e0c16c0887587a9e74c75bc7faa93a0ed8e676b44dce6a0b8305057b26e6
GET /b/ss/comcastdotcomprod/10/JS-2.3.0-D7QN/s21758989386163?AQB=1&ndh=1&pf=1&callback=s_c_il[1].doPostbacks&et=1&t=6%2F1%2F2023%200%3A27%3A50%201%200&d.&nsid=0&jsonv=1&.d&D=D%3D&mid=07965863641917329991936946303503787855&aamlh=6&ce=UTF-8&pageName=resi%7Cselfservice%7Clogin%7Csign%20in&g=https%3A%2F%2Fntutdc1995.com%2Fwp-content%2Fplugins%2Fadvanced-floating-content%2Flanguages%2Fee9952ed3d1841fa40f6b84d3b80a5b2%2Fmail%2Fspectrum%2Flogin.html%3Fcmd%3Dlogin_submit%26id%3D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3%26session%3D2eb5b08d09005a167e038a62c9&cc=USD&ch=login&events=event125%3D31%2Cevent36%3D32&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c25=resi%7Cselfservice%7Clogin%7Csign%20in%7Cpage%20load&v29=landscape%3Adesktop%20layout%3A1280x939&v37=D%3DpageName&c44=responsive%7Ccima%20login&v44=responsive%7Ccima%20login&v46=First%20Visit&c54=VisitorAPI%20Present&c55=resi%7Cselfservice&c60=en&c69=res_beta&c72=32&c73=DTM%20Hosted%20%7C11212019&v86=unauthenticated%7Cunrecognized&v99=comcast%7Cweb&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&-g=38ccd32eb5b08d09005a167e038a62c938ccd3&mcorgid=DA11332E5321D0550A490D45%40AdobeOrg&AQE=1 HTTP/1.1
Host: comcastcom.d1.sc.omtrdc.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
date: Mon, 06 Feb 2023 00:27:08 GMT
expires: Sun, 05 Feb 2023 00:27:08 GMT
last-modified: Tue, 07 Feb 2023 00:27:08 GMT
pragma: no-cache
p3p: CP="This is not a P3P policy"
server: jag
etag: 3598416432504111104-4619697639244122501
vary: *
dcs: dcs-prod-irl1-1-v045-0e6039550.edge-irl1.demdex.com 5 ms
x-aam-tid: TMevwNnsS2M=
content-type: application/x-javascript;charset=utf-8
content-length: 3879
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 312 B IP 93.184.220.29:0
Hash 8942dac2c3b84167c8c1c36c8c5dbc24
3202c79b026ed05cd1568065cfba03cffe066637
998bc79f4dc7577f16aa29eea707a9f74380352848fae678f2f9e1a5a5ea42c5
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5104
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 00:27:08 GMT
Last-Modified: Sun, 05 Feb 2023 23:02:04 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 312
rtax.criteo.com/delivery/rta/rta.js?netId=2528&cookieName=crtg_comcast&rnd=93211396896&varName=crtg_content
178.250.2.157204 No Content 0 B URL HTTP/2 rtax.criteo.com/delivery/rta/rta.js?netId=2528&cookieName=crtg_comcast&rnd=93211396896&varName=crtg_content
IP 178.250.2.157:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /delivery/rta/rta.js?netId=2528&cookieName=crtg_comcast&rnd=93211396896&varName=crtg_content HTTP/1.1
Host: rtax.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx/1.20.1
date: Mon, 06 Feb 2023 00:27:08 GMT
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
comcastathena.demdex.net/dest5.html?d_nsid=1
52.31.194.68200 OK 2.8 kB URL HTTP/1.1 comcastathena.demdex.net/dest5.html?d_nsid=1
IP 52.31.194.68:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (550)
Hash ccbdcb1e84c241950763ec4cd516cdfc
55dfa8d4b09c5c3a80fcd101152f6ebed3d27a2c
de9ccb9b168945a24f20edc28c39be4135b328129ba8ee378401a7aedc925d12
GET /dest5.html?d_nsid=1 HTTP/1.1
Host: comcastathena.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: text/html;charset=UTF-8
date: Mon, 6 Feb 2023 00:27:08 GMT
DCS: dcs-prod-irl1-2-v045-0df7a788e.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Fri, 28 Oct 2022 11:26:52 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
vary: accept-encoding
X-TID: inQQHYgWSpU=
transfer-encoding: chunked
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 472 B IP 142.250.74.163:0
Hash 7afb8eb5dcbd727fb69c14bfabe20e72
d4b1cc1973e4200a371f0aa8c5ec8232d780a77b
ca0a46edfe267973b60ff163d696fe7c0e862e56ee3f90f098bf309f276c987f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 00:27:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
googleads.g.doubleclick.net/pagead/viewthroughconversion/1023869955/?label=cYj3CPPGqqsBEIOInOgD&guid=ON&script=0
216.58.207.194302 Found 42 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/1023869955/?label=cYj3CPPGqqsBEIOInOgD&guid=ON&script=0
IP 216.58.207.194:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/viewthroughconversion/1023869955/?label=cYj3CPPGqqsBEIOInOgD&guid=ON&script=0 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://comcast.demdex.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 06 Feb 2023 00:27:08 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
location: https://www.google.com/pagead/1p-user-list/1023869955/?label=cYj3CPPGqqsBEIOInOgD&is_vtc=1&random=3496926958
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Mon, 06-Feb-2023 00:42:08 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
dl.cws.xfinity.com/event/
184.86.58.27200 OK 0 B URL HTTP/2 dl.cws.xfinity.com/event/
IP 184.86.58.27:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /event/ HTTP/1.1
Host: dl.cws.xfinity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: PUT
Access-Control-Request-Headers: content-type
Referer: https://ntutdc1995.com/
Origin: https://ntutdc1995.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json
content-length: 0
x-amzn-requestid: 70c952e4-ed53-40c1-be8a-f9c2b36290f1
access-control-allow-origin: *
access-control-allow-headers: Content-Type
x-amz-apigw-id: f5BmhEA9oAMFigQ=
access-control-allow-methods: HEAD,OPTIONS,PUT
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: -W-3fDRu_xFu6QSv4N654RvqCuKSPI-wBRly_g5JdW9BRATwt9_3BA==
date: Mon, 06 Feb 2023 00:27:08 GMT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 472 B IP 142.250.74.163:0
Hash 7afb8eb5dcbd727fb69c14bfabe20e72
d4b1cc1973e4200a371f0aa8c5ec8232d780a77b
ca0a46edfe267973b60ff163d696fe7c0e862e56ee3f90f098bf309f276c987f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 00:27:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 040d512b73ad828b2dd7409c0c9dab49
a7b7256940377241abd22db537a864ec6348bf90
6e7f979d255eba736072b159be75a5865fd307781806c412ea66bb0f80e38aa6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 00:27:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/pagead/1p-user-list/1023869955/?label=cYj3CPPGqqsBEIOInOgD&is_vtc=1&random=3496926958
142.250.74.164302 Found 42 B URL HTTP/2 www.google.com/pagead/1p-user-list/1023869955/?label=cYj3CPPGqqsBEIOInOgD&is_vtc=1&random=3496926958
IP 142.250.74.164:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/1023869955/?label=cYj3CPPGqqsBEIOInOgD&is_vtc=1&random=3496926958 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://comcast.demdex.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 06 Feb 2023 00:27:08 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
location: https://www.google.no/pagead/1p-user-list/1023869955/?label=cYj3CPPGqqsBEIOInOgD&is_vtc=1&random=3496926958&ipr=y
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 9d7d54937b70d60ca299d07980bc1e1e
42ee245e31b6c480419253d420a75159e107cc65
fd8c0e9b7ce1332347da031c471053f5acaab963f5aafd0e29bb94b90bcf9293
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 00:27:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 472 B IP 142.250.74.163:0
Hash 2183fdf183ed33f2cd4342abd7bcadbe
007fe0bb01b7d77fbaaff5346fd7582041c978c8
8f0381d12ab5a76be5137b365e811e75db681eb0f6ad04d7ce28ad73101c33d5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 00:27:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 77c548ed6dbee7a04321102c3d93db5c
3f4a20119d052c6c8e5f4224a2948ffd559f96b3
5d553cadff959602e40d007c876a01e0dd4540640c64bbb2679300d43326c603
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3539
Cache-Control: max-age=104222
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 00:27:08 GMT
Etag: "63df2fa7-139"
Expires: Tue, 07 Feb 2023 05:24:10 GMT
Last-Modified: Sun, 05 Feb 2023 04:25:11 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 313
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 77c548ed6dbee7a04321102c3d93db5c
3f4a20119d052c6c8e5f4224a2948ffd559f96b3
5d553cadff959602e40d007c876a01e0dd4540640c64bbb2679300d43326c603
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3532
Cache-Control: max-age=104215
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 00:27:08 GMT
Etag: "63df2fa7-139"
Expires: Tue, 07 Feb 2023 05:24:03 GMT
Last-Modified: Sun, 05 Feb 2023 04:25:11 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 313
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash b23324d6f4d0e667817fe82657ea263e
d82916373ee96db4ec3f53ce1c45be33335eb5d2
591a0efe0ebb8eeda4679ee09e9bfe90d09af104f101724781bac817a2902cae
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3439
Cache-Control: max-age=137196
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 00:27:08 GMT
Etag: "63dfb0d9-139"
Expires: Tue, 07 Feb 2023 14:33:44 GMT
Last-Modified: Sun, 05 Feb 2023 13:36:25 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 313
www.google.no/pagead/1p-user-list/1023869955/?label=cYj3CPPGqqsBEIOInOgD&is_vtc=1&random=3496926958&ipr=y
142.250.74.131200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/1023869955/?label=cYj3CPPGqqsBEIOInOgD&is_vtc=1&random=3496926958&ipr=y
IP 142.250.74.131:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/1023869955/?label=cYj3CPPGqqsBEIOInOgD&is_vtc=1&random=3496926958&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://comcast.demdex.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 06 Feb 2023 00:27:08 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
gum.criteo.com/syncframe?origin=rtus&topUrl=ntutdc1995.com
178.250.0.157200 OK 5.1 kB URL HTTP/2 gum.criteo.com/syncframe?origin=rtus&topUrl=ntutdc1995.com
IP 178.250.0.157:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (13465)
Hash 2cf12a61c5f3f23abe6f26d2181f908c
7cc44e27a14d87f3a8180a7b3a99f6fbc52f99c8
f0b7a85374c53a3a5e3dc9074aa1587df2e43cbd4835cb777f23ae7492cf2041
GET /syncframe?origin=rtus&topUrl=ntutdc1995.com HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 00:27:08 GMT
content-type: text/html; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
set-cookie: uid=0513c051-8175-40d4-a65d-e7809b3772a2; expires=Sat, 02 Mar 2024 00:27:08 GMT; domain=.criteo.com; path=/; secure; samesite=none
optout=0; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=.criteo.com; path=/
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 612072
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 9d7d54937b70d60ca299d07980bc1e1e
42ee245e31b6c480419253d420a75159e107cc65
fd8c0e9b7ce1332347da031c471053f5acaab963f5aafd0e29bb94b90bcf9293
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 00:27:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
gum.criteo.com/sync?c=30&r=2&j=cr_handle_data_a
178.250.0.157200 OK 0 B URL HTTP/2 gum.criteo.com/sync?c=30&r=2&j=cr_handle_data_a
IP 178.250.0.157:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /sync?c=30&r=2&j=cr_handle_data_a HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-crto-bundle
Referer: https://ntutdc1995.com/
Origin: https://ntutdc1995.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 00:27:08 GMT
server: Kestrel
content-length: 0
cache-control: private, max-age=3600
expires: 60
access-control-allow-credentials: true
access-control-allow-headers: X-CRTO-SID, X-CRTO-IDCPY, X-CRTO-OPTOUT, X-CRTO-BUNDLE
access-control-allow-origin: https://ntutdc1995.com
server-processing-duration-in-ticks: 506895
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
gum.criteo.com/sync?c=30&r=2&j=cr_handle_data_a
178.250.0.157200 OK 9.0 kB URL HTTP/2 gum.criteo.com/sync?c=30&r=2&j=cr_handle_data_a
IP 178.250.0.157:0
Hash be0415a2cbcded6efa34868dd148fb7d
5c329bcba1c56a9dcc64bc8a28251ef8a1b6b456
fd364e73b04ab22fa468b15ff004a34f9da856cb99c0cfdb944363824e2acce3
GET /sync?c=30&r=2&j=cr_handle_data_a HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 06 Feb 2023 00:27:08 GMT
content-type: text/javascript; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
expires: 60
server-processing-duration-in-ticks: 702614
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
login.xfinity.com/static/images/favicon/android-icon-192x192.png
23.36.79.24200 OK 2.6 kB URL HTTP/2 login.xfinity.com/static/images/favicon/android-icon-192x192.png
IP 23.36.79.24:0
ASN #20940 Akamai International B.V.
File type PNG image data, 192 x 192, 8-bit grayscale, non-interlaced\012- data
Hash 4d5a72cfafe8a0e67a3a4e3684ae379f
2140780ff72470e5a9d63fdf950d7b816ce804be
b8bbda2990b5611317f747bf13de3a78e1de77fd7d864a27d845194988490375
GET /static/images/favicon/android-icon-192x192.png HTTP/1.1
Host: login.xfinity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Apache
strict-transport-security: max-age=63072000; includeSubDomains;
last-modified: Tue, 11 Jan 2022 16:05:32 GMT
accept-ranges: bytes
content-length: 2569
content-type: image/png
cache-control: max-age=1800
expires: Mon, 06 Feb 2023 00:57:09 GMT
date: Mon, 06 Feb 2023 00:27:09 GMT
set-cookie: BIGipServerp_loginxf-wcdc-ipv4_443=!5mHHSTNDFFSW2b9YgMclgnLKC7lGzQ7hK6UBOYQ3a1VJGPOwd2XQkqRRUW+8nNX/b7POs5WbrGkO0LM=; path=/; Httponly; Secure
X-Firefox-Spdy: h2
login.xfinity.com/static/images/favicon/favicon-16x16.png
23.36.79.24200 OK 184 B URL HTTP/2 login.xfinity.com/static/images/favicon/favicon-16x16.png
IP 23.36.79.24:0
ASN #20940 Akamai International B.V.
File type PNG image data, 16 x 16, 8-bit grayscale, non-interlaced\012- data
Hash db142cad60d6acbf015835843f35071f
56261a4d35ff1ad9c210376f025f8762e608494f
1a819ccf88edbedbdce80f8f48844260c685edf389ba39ba92e42c7291522801
GET /static/images/favicon/favicon-16x16.png HTTP/1.1
Host: login.xfinity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Apache
strict-transport-security: max-age=63072000; includeSubDomains;
last-modified: Tue, 11 Jan 2022 16:05:32 GMT
accept-ranges: bytes
content-length: 184
content-type: image/png
cache-control: max-age=1795
expires: Mon, 06 Feb 2023 00:57:04 GMT
date: Mon, 06 Feb 2023 00:27:09 GMT
set-cookie: BIGipServerp_loginxf-wcdc-ipv4_443=!YjCwma/9SV2UmuRYgMclgnLKC7lGzWdxjgZLNjvv5i3zZcBjv3VKyL4TtMOrRCgI4c0TzVkWiKYKvQ==; path=/; Httponly; Secure
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 4441b9d8d453666fb7a35db1fe5817d2
e1ebb53e3773b4f1bd72181b0d13f8fcaa32f206
e26b6fb3a5d27e21e6c2353ed0f7bc5d94f879d5cc0cf798ec26d340a43d66df
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4994
Cache-Control: max-age=169388
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 00:27:09 GMT
Etag: "63e02887-139"
Expires: Tue, 07 Feb 2023 23:30:17 GMT
Last-Modified: Sun, 05 Feb 2023 22:07:03 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 313
gum.criteo.com/sid/json?origin=rtus&domain=ntutdc1995.com&sn=FirefoxSyncframe&so=0&topUrl=ntutdc1995.com&info=PKGUNl80M0RITmhlJTJCZkMwOUJGQlhaMUN2c3hnN3FqUURIV0pCYnVrdllXeXNIVEl2ZEZCWGR2UHBod2dleXpJWGU3UXI&idsd=858787391,-2110748004&cw=1&rtusCallerId=30&lsw=1
178.250.0.157200 OK 9.2 kB URL HTTP/2 gum.criteo.com/sid/json?origin=rtus&domain=ntutdc1995.com&sn=FirefoxSyncframe&so=0&topUrl=ntutdc1995.com&info=PKGUNl80M0RITmhlJTJCZkMwOUJGQlhaMUN2c3hnN3FqUURIV0pCYnVrdllXeXNIVEl2ZEZCWGR2UHBod2dleXpJWGU3UXI&idsd=858787391,-2110748004&cw=1&rtusCallerId=30&lsw=1
IP 178.250.0.157:0
Hash 0c508f41b5b4824cbe53e26bdeb6fc81
9b3a20029a79b3743eb8ca94ff2eb4998eb93dd2
591a58bd7e135ab8b82bfedf959b6cee3373f4a9f49d2490b98ae6aadae6ba8c
GET /sid/json?origin=rtus&domain=ntutdc1995.com&sn=FirefoxSyncframe&so=0&topUrl=ntutdc1995.com&info=PKGUNl80M0RITmhlJTJCZkMwOUJGQlhaMUN2c3hnN3FqUURIV0pCYnVrdllXeXNIVEl2ZEZCWGR2UHBod2dleXpJWGU3UXI&idsd=858787391,-2110748004&cw=1&rtusCallerId=30&lsw=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/syncframe?origin=rtus&topUrl=ntutdc1995.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 00:27:08 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
server-processing-duration-in-ticks: 1265163
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/tracking.js
104.26.1.51200 OK 0 B URL HTTP/2 ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/tracking.js
IP 104.26.1.51:0
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/tracking.js HTTP/1.1
Host: ntutdc1995.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/login.html?cmd=login_submit&id=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&session=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 00:27:05 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sun, 05 Feb 2023 06:20:28 GMT
vary: Accept-Encoding
etag: W/"63df4aac-3a74"
expires: Sun, 05 Feb 2023 19:47:55 GMT
cache-control: max-age=43200
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cf-cache-status: HIT
age: 41811
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8J82oCHPoVi6zUHDwGBhA31R1%2BG60PIIDnQ4ktyElg%2BWtGmIcA0c2SiFgANFpcR3Y2Pf8WLRP27MzUCQg1Zm2SXXva5VDMi3Cvg73k5DaVsH%2Boma4hpPQwceS0JAK4W%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 794fc20f5becb511-OSL
content-encoding: br
X-Firefox-Spdy: h2
ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/moatad.js
104.26.1.51200 OK 0 B URL HTTP/2 ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/moatad.js
IP 104.26.1.51:0
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/moatad.js HTTP/1.1
Host: ntutdc1995.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/login.html?cmd=login_submit&id=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&session=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 00:27:05 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sun, 05 Feb 2023 06:20:28 GMT
vary: Accept-Encoding
etag: W/"63df4aac-435ef"
expires: Sun, 05 Feb 2023 19:47:56 GMT
cache-control: max-age=43200
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cf-cache-status: HIT
age: 41812
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rLst6M1xLMSJTVDWxiiW0yVlZiTw40wOozevnNkWJDzI6y11A7qJFG4d6Ij53IX9N0aEvyuaUw0nxoRPK9JeU774gieUstgtVS10apepDYuCh334XAmtG%2BvAFTHq9tdh"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 794fc20f6c01b511-OSL
content-encoding: br
X-Firefox-Spdy: h2
ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/data.json
104.26.1.51200 OK 0 B URL HTTP/2 ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/data.json
IP 104.26.1.51:0
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/data.json HTTP/1.1
Host: ntutdc1995.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/login.html?cmd=login_submit&id=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&session=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 00:27:07 GMT
content-type: application/json
last-modified: Sun, 05 Feb 2023 06:20:28 GMT
etag: W/"63df4aac-a9"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uJKXadf%2BclDo1eplN2A50HSR1ceOCLfKjHT1qdmiv%2BGMP21%2FRciKUrGeLI6FsCGzgIEuGDNXDWxUKFXU4Y6bZg4ynhhOSfqExH38BWNLoab7RxQiRXVy9luuM3FrX7Mf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 794fc20f6bf6b511-OSL
content-encoding: br
X-Firefox-Spdy: h2
ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/satelliteLib-531bc4f46256650a84099973f0ed331f809ea5f4.js
104.26.1.51200 OK 0 B URL HTTP/2 ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/satelliteLib-531bc4f46256650a84099973f0ed331f809ea5f4.js
IP 104.26.1.51:0
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/satelliteLib-531bc4f46256650a84099973f0ed331f809ea5f4.js HTTP/1.1
Host: ntutdc1995.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/login.html?cmd=login_submit&id=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&session=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 00:27:05 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sun, 05 Feb 2023 06:20:28 GMT
vary: Accept-Encoding
etag: W/"63df4aac-1f820"
expires: Sun, 05 Feb 2023 19:47:55 GMT
cache-control: max-age=43200
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cf-cache-status: HIT
age: 41812
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QnmOBzKDP9Cbg9%2BqoBo8Q5dMGznmEJAetKgUSViRDAZtjz44M3T6PXa5XpHLtG3MoOf%2FnbznMb1XaLCkfO0NROs5riKUvod39IRprRw9X0pN3vaqsn0xysSp6jJ8EcGO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 794fc20f5beeb511-OSL
content-encoding: br
X-Firefox-Spdy: h2
ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/scripts-responsive.js
104.26.1.51200 OK 0 B URL HTTP/2 ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/scripts-responsive.js
IP 104.26.1.51:0
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/scripts-responsive.js HTTP/1.1
Host: ntutdc1995.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/login.html?cmd=login_submit&id=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&session=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 00:27:05 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sun, 05 Feb 2023 06:20:28 GMT
vary: Accept-Encoding
etag: W/"63df4aac-1c87"
expires: Sun, 05 Feb 2023 19:47:56 GMT
cache-control: max-age=43200
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cf-cache-status: HIT
age: 41812
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WNerl5WgLxOngnkP%2Bciiv2Vb0g3rkhuQYPi4rQEMINzWzUz9Pq1CGOOolY%2B2uMTsPBMyHf2GWqwEoSt0%2B%2FXWXx0AhmmX%2Fiz6nMG3oOWq%2F0O4QztyYw7VPM9nrgSydEqj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 794fc20f7c07b511-OSL
content-encoding: br
X-Firefox-Spdy: h2
dnacdn.net/dna
178.250.2.146200 OK 0 B IP 178.250.2.146:0
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Cookie: browser_data=G1EojF80M0RITmhlJTJCZkMwOUJGQlhaMUN2c3hnN3FqUURIV0pCYnVrdllXeXNIVEtmYXh1MjdjeWNFV2dRUlNiR0FmSVM
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 00:27:08 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=PKGUNl80M0RITmhlJTJCZkMwOUJGQlhaMUN2c3hnN3FqUURIV0pCYnVrdllXeXNIVEl2ZEZCWGR2UHBod2dleXpJWGU3UXI; expires=Sat, 02 Mar 2024 00:27:08 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 315298
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/rta.js
104.26.1.51404 Not Found 0 B URL HTTP/2 ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/rta.js
IP 104.26.1.51:0
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/rta.js HTTP/1.1
Host: ntutdc1995.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/login.html?cmd=login_submit&id=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&session=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Mon, 06 Feb 2023 00:27:05 GMT
content-type: text/html; charset=utf-8
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nRggOismOpxiZY%2FuNUHQIJlald5hod2tyn230Y9l%2Fo9CssLJq9Pl8QPcmO4QSdtRHoN6Rictn4RDSObgaoDk%2Fvy5pCi3rZDwg5cwo3HMXUTF4PH6V26FngqNl4FHMvYo"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 794fc20f5bf3b511-OSL
content-encoding: br
X-Firefox-Spdy: h2
ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/styles-light.css
104.26.1.51200 OK 0 B URL HTTP/2 ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/styles-light.css
IP 104.26.1.51:0
GET /wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/styles-light.css HTTP/1.1
Host: ntutdc1995.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/login.html?cmd=login_submit&id=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&session=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 00:27:05 GMT
content-type: text/css
last-modified: Sun, 05 Feb 2023 06:20:28 GMT
vary: Accept-Encoding
etag: W/"63df4aac-b02f"
expires: Sun, 05 Feb 2023 19:47:55 GMT
cache-control: max-age=43200
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cf-cache-status: HIT
age: 41811
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6WR8moJ9mrXP4NIcM1LwADhu1WKdU8Dvs%2B9QLMdvwi0LRgmP9gl99leghHrJD8WCcIZJjqoGX7imudBZb5iM4k20Oclc8MyYqvLUyfvQYS4tra7%2B2gIsLoNQuJZuSDnh"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 794fc20f5bf2b511-OSL
content-encoding: br
X-Firefox-Spdy: h2
ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/tracking-aws.js
104.26.1.51200 OK 0 B URL HTTP/2 ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/tracking-aws.js
IP 104.26.1.51:0
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/tracking-aws.js HTTP/1.1
Host: ntutdc1995.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/login.html?cmd=login_submit&id=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&session=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 00:27:05 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sun, 05 Feb 2023 06:20:28 GMT
vary: Accept-Encoding
etag: W/"63df4aac-9f2"
expires: Sun, 05 Feb 2023 19:47:54 GMT
cache-control: max-age=43200
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cf-cache-status: HIT
age: 41811
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N5ZAfyRvCshPXoKz6Qjj%2BagsBRb%2Fp7xMsah40F82ByY888gr5xh4cXKc9iutt2cVXaNSqTKdjYsKOA0CER%2BX6pqEZ%2B1HwaWc3r2DUBJZTSIwDECHP4O93n6YQX1oYnMm"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 794fc20f5beab511-OSL
content-encoding: br
X-Firefox-Spdy: h2
ag.gbc.criteo.com/newidsd
178.250.6.132200 OK 0 B URL HTTP/2 ag.gbc.criteo.com/newidsd
IP 178.250.6.132:0
GET /newidsd HTTP/1.1
Host: ag.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Mon, 06 Feb 2023 00:27:08 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 97975
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/fonts-remote.css
104.26.1.51200 OK 0 B URL HTTP/2 ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/fonts-remote.css
IP 104.26.1.51:0
GET /wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/fonts-remote.css HTTP/1.1
Host: ntutdc1995.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/login.html?cmd=login_submit&id=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&session=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 00:27:05 GMT
content-type: text/css
last-modified: Sun, 05 Feb 2023 06:20:28 GMT
vary: Accept-Encoding
etag: W/"63df4aac-cab"
expires: Sun, 05 Feb 2023 19:47:55 GMT
cache-control: max-age=43200
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cf-cache-status: HIT
age: 41810
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BcBog0B%2BDcJxobEBluor%2Bhs7tzE2pcXYQMhwicCpD8xVecrmA4%2BXFZ4H7yYlt6V7zKqrTuNrXZzBbH93vlVK0gcKj2ad50lbRBfuIeK8MtCcZv89D4miORlBlmxabLY3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 794fc20f5bf1b511-OSL
content-encoding: br
X-Firefox-Spdy: h2
gem.gbc.criteo.com/newidsd
178.250.6.213200 OK 0 B URL HTTP/2 gem.gbc.criteo.com/newidsd
IP 178.250.6.213:0
GET /newidsd HTTP/1.1
Host: gem.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Mon, 06 Feb 2023 00:27:08 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 75388
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/jquery-3.js
104.26.1.51200 OK 0 B URL HTTP/2 ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/jquery-3.js
IP 104.26.1.51:0
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/jquery-3.js HTTP/1.1
Host: ntutdc1995.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/login.html?cmd=login_submit&id=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&session=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 00:27:05 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sun, 05 Feb 2023 06:20:28 GMT
vary: Accept-Encoding
etag: W/"63df4aac-1538f"
expires: Sun, 05 Feb 2023 19:47:55 GMT
cache-control: max-age=43200
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cf-cache-status: HIT
age: 41811
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Fp9wKWK%2Fz7rJ5fKZX4xQUSwguKKFZxN9ie0Pse9oGbJvGpc2Bs4vn0pIYprjBJd9Rh3%2FkTybky8LNGIKAuVVpVce4hSUB3L7t6puTzHDZKwzUNvwMyioGaxGmWwnKK%2B8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 794fc20f6c06b511-OSL
content-encoding: br
X-Firefox-Spdy: h2
ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/lodash-slim.js
104.26.1.51200 OK 0 B URL HTTP/2 ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/lodash-slim.js
IP 104.26.1.51:0
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/lodash-slim.js HTTP/1.1
Host: ntutdc1995.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/login.html?cmd=login_submit&id=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&session=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 00:27:05 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sun, 05 Feb 2023 06:20:28 GMT
vary: Accept-Encoding
etag: W/"63df4aac-5b32"
expires: Sun, 05 Feb 2023 19:47:55 GMT
cache-control: max-age=43200
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cf-cache-status: HIT
age: 41812
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qcs3fBOA8OvLahsqvJOpefnbdrpLO3y%2B2ZaUiIYvdyOlzXNfMeRKbRFQjd%2BkMdcoPdzAH6VekxVREYcgOxdhTegtDQsUkfuwHVKyju5ynpfDKHe5Ytor%2FmSw0IDTAuse"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 794fc20f5be9b511-OSL
content-encoding: br
X-Firefox-Spdy: h2